Search Protect wurde bei Softwareinstallation mitinstalliert

franzkans1 · 17.04.2014, 23:10

Nachdem ich ein Audio-Codec Pack installiert habe bemerkte ich, dass Search Protect auch auf dem Rechner installiert wurde. Ich habe mit adwcleaner den Störenfried zu entfernen versucht, doch leider wurde wohl nicht alles entfern, da ich in der "Systemsteuerung" - "infobereichsymbole" immer noch die Einträge "cltmngui.exe" und evt. auch dml.exe habe. Unter "cltmngui.exe" im Infobereichsymbol steht Search Protect.

schrauber · 18.04.2014, 09:19

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

franzkans1 · 18.04.2014, 09:54

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2014 01
Ran by Gregor-Boss at 2014-04-17 22:28:03
Running from C:\Users\Gregor\Downloads\trojaner-board hilfe
Boot Mode: Normal
============================================================================== Security Center ========================

AV: Bitdefender Virenschutz (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
FW: Bitdefender Firewall (Enabled) {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}

==================== Installed Programs ======================

4500_G510nz_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510nz (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510nz_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
4K Video Downloader 3.1 (HKLM-x32\...\4K Video Downloader_is1) (Version: 3.1.2.1275 - Open Media LLC)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

ALDI Bestellsoftware 4.12.2 (HKLM-x32\...\ALDI Bestellsoftware) (Version: 4.12.2 - ORWO Net)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Audials (HKLM-x32\...\{B3E99777-3515-4B50-B9FB-EB5E8E750F92}) (Version: 11.0.51800.0 - Audials AG)
Bitdefender Total Security 2013 (HKLM\...\Bitdefender) (Version: 16.20.0.1483 - Bitdefender)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
BurnRecovery (HKLM-x32\...\{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}) (Version: 3.0.1012.2001 - Micro-Star International Co., Ltd.)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.3868 - CDBurnerXP)
CdCoverCreator 2.5.3 (HKLM-x32\...\CdCoverCreator) (Version: 2.5.3 - thyanté Software)
Cinema ProII Setup (HKLM-x32\...\{C13926BE-159B-4494-BEEC-AB6E207F70AD}) (Version: 1.0.0.10 - Micro-Star International Co., Ltd.)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
CPUID CPU-Z 1.68 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
DarthMod Ultimate Commander Edition  (HKCU\...\DarthMod Ultimate Commander Edition ) (Version:  - )
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
Die Siedler 7 (HKLM-x32\...\{63860309-DA8A-4BAE-9EAE-CE1D6D79340C}) (Version: 1.12.1396 - Ubisoft)
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
DocMgr (x32 Version: 130.0.000.000 - Ihr Firmenname) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
EasyFace2 (HKLM-x32\...\{94DE7548-E449-4F7D-804F-0C5CDC3A1E6A}) (Version: 2.0.0.25 - Micro-Star International CO.,Ltd.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 14.3.20130522 - Landesfinanzdirektion Thüringen)
Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: 6.0.2620 - The Eraser Project)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
FIFA 11 (HKLM-x32\...\{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}) (Version: 1.0.0.0 - Electronic Arts)
Finger Sensing Pad Driver (HKLM\...\{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}) (Version: 8.8.8.6 - Sentelic)
Football Manager 2012 (HKLM-x32\...\Steam App 71270) (Version:  - SI Games)
Football Manager 2012 Editor (HKLM-x32\...\Steam App 71400) (Version:  - )
Football Manager 2012 Resource Archiver (HKLM-x32\...\Steam App 71410) (Version:  - )
Football Manager 2014 (HKLM-x32\...\Steam App 231670) (Version:  - Sports Interactive)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
GRID (HKLM-x32\...\{5A0B7BA5-4682-4273-81C2-69B17E649103}) (Version: 1.30.0000 - Codemasters)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 4500 G510n-z (HKLM\...\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}) (Version: 13.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
i-Charger (HKLM-x32\...\i-Charger_is1) (Version:  - msi, Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.52.1176 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
K-Lite Codec Pack 9.9.9 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.9.9 - )
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
ManyCam 4.0.77 (HKLM-x32\...\ManyCam) (Version: 4.0.77 - Visicom Media Inc.)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE  (HKLM-x32\...\{4D243BA7-9AC4-46D1-90E5-EEB88974F501}) (Version: 2.0.687.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}) (Version: 2.0.687.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Motorola Bluetooth (HKLM\...\Motorola Bluetooth_is1) (Version: 3.0.02.272 - Motorola, Inc.)
MSI Afterburner 2.2.4 (HKLM-x32\...\Afterburner) (Version: 2.2.4 - MSI Co., LTD)
MSI HOUSE (HKLM-x32\...\{DA5597C9-9216-44FF-9670-D1E48817B998}) (Version: 10.07.1601 - MSI)
MSI Kombustor 2.4.2 (HKLM-x32\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version:  - MSI Co., LTD)
msi LED Manager (HKLM-x32\...\{34B61214-F4D3-4449-A918-F52A36FB2F71}) (Version: 1.0.1011.2501 - msi)
msi Software Install (HKLM-x32\...\{A840FFFB-3A80-4C24-AB34-BE9F56BEB4CE}) (Version: 3.1000.1005.1101 - Micro-Star International Co., Ltd.)
MSI VGA Overclock Tool (HKLM-x32\...\{26C18D1A-CA42-4682-8CBA-98929848278A}) (Version: 12.06.0601 - MSI)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NAVIGON Fresh 3.4.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.4.1 - NAVIGON)
Need for Speed(TM) Hot Pursuit (HKLM-x32\...\{83A606F5-BF6F-42ED-9F33-B9F74297CDED}) (Version: 1.0.0.0 - Electronic Arts)
Network64 (Version: 130.0.550.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
No23 Recorder (HKLM-x32\...\{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}) (Version: 2.1.0.3 - No23)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5995 - NVIDIA Corporation)
NVIDIA Grafiktreiber 285.80 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 285.80 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.2.24.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.24.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Systemsteuerung 285.80 (Version: 285.80 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.207.0 - Tracker Software Products Ltd)
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10001 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.47 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SL-6555-SBK (HKLM-x32\...\{7AB86D35-DF3B-407F-B43E-468345DABF29}) (Version: 1.00.0000 - GASIA)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spyware Terminator 2012 (HKLM-x32\...\{56736259-613E-4A3B-B428-6235F2E76F44}_is1) (Version: 3.0.0.82 - Crawler.com)
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)
Stone Giant 1.0 (HKLM-x32\...\{1FC46D21-F4A4-42DF-B9A4-27F8A702EBC5}_is1) (Version:  - BitSquid & Fatshark)
STREET FIGHTER IV (HKLM-x32\...\{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}) (Version: 1.00.3013 - CAPCOM U.S.A., INC.)
System Control Manager (HKLM-x32\...\{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}) (Version: 2.211.0217.007.04 - Micro-Star International Co., Ltd.)
TextMaker Viewer (HKLM-x32\...\TextMaker Viewer) (Version:  - SoftMaker Software GmbH)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The KMPlayer (HKLM-x32\...\The KMPlayer) (Version: 3.4.0.59 - KMP Media co., Ltd)
THX TruStudio Pro (HKLM-x32\...\{4FA6CB9A-2972-4AAF-A36E-3C40FCC22395}) (Version: 1.0 - Creative Technology Limited)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
VLC media player 2.0.1 (HKLM\...\VLC media player) (Version: 2.0.1 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Restore Points  =========================

08-04-2014 16:20:10 Geplanter Prüfpunkt
09-04-2014 06:41:00 DirectX wurde installiert
09-04-2014 22:24:22 Gerätetreiber-Paketinstallation: Visicom Media Inc. Audio-, Video- und Gamecontroller
09-04-2014 22:24:54 Gerätetreiber-Paketinstallation: Visicom Media Inc. Audio-, Video- und Gamecontroller
12-04-2014 06:51:52 Windows Update
12-04-2014 20:20:47 Revo Uninstaller's restore point - ffdshow v1.2.4422 [2012-04-09]
12-04-2014 20:35:51 Windows Update
12-04-2014 22:50:11 Revo Uninstaller's restore point - Search Protect
12-04-2014 23:27:59 Revo Uninstaller's restore point - Windows 7 Codec Pack 4.0.8
12-04-2014 23:37:03 Revo Uninstaller's restore point - Haali Media Splitter
12-04-2014 23:43:57 Revo Uninstaller's restore point - LAME v3.99.3 (for Windows)
12-04-2014 23:45:13 Revo Uninstaller's restore point - AC3Filter 2.5b

==================== Hosts content: ==========================

2009-07-14 04:34 - 2012-04-18 23:25 - 00442752 ____R C:\windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	www.100888290cs.com
127.0.0.1	100888290cs.com
127.0.0.1	100sexlinks.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	www.10sek.com
127.0.0.1	10sek.com
127.0.0.1	1-2005-search.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	www.123fporn.info
127.0.0.1	123fporn.info
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {1B70ACB9-C038-49AF-90DE-98BD3588316C} - System32\Tasks\{5614EEE3-10F7-4225-ACE3-1FBF735B5683} => F:\Downloads\Steganos_Safe_v.7.1.6_(dt.)\safe7int.exe
Task: {34275DAE-50EE-4CF5-BE0F-2B4F31982DC5} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-13] (Adobe Systems Incorporated)
Task: {36252500-263F-400D-952D-BD8D3B9374F6} - System32\Tasks\{734E157C-9B33-4774-857E-3BC21D8A6C2C} => C:\Program Files (x86)\Steganos Safe 7\SAFE7.exe
Task: {372E8628-482B-466C-9DFC-006A0D4F2229} - System32\Tasks\{0ABF7F0F-C476-43CA-8717-2666927B472D} => C:\Program Files (x86)\Steganos Safe 7\SAFE7.exe
Task: {49C5B452-D17D-4A9A-BE15-911F0A01D03C} - System32\Tasks\{44840241-552E-4BC9-93A3-9A16B2BE51CD} => C:\Program Files (x86)\Steganos Safe 7\SAFE7.exe
Task: {72D1F220-C18C-408B-A8AC-8C929098DAC9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-513543937-287335986-3713968974-1001UA => C:\Users\Gregor\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-17] (Google Inc.)
Task: {A292DEFB-B89F-4D3D-BC23-FBDFF4308F7E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-513543937-287335986-3713968974-1002UA => C:\Users\Sandra\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-24] (Google Inc.)
Task: {A7E1DD6C-7289-4FD4-A060-8BE93D0C4454} - System32\Tasks\Games\UpdateCheck_S-1-5-21-513543937-287335986-3713968974-1001
Task: {C56A880C-EEB2-4515-8FEC-70ADCD1BC482} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI\MSI Afterburner\MSIAfterburner.exe [2012-09-17] ()
Task: {D3BA54DF-5B8C-4585-8240-36476DDC986E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-513543937-287335986-3713968974-1002Core => C:\Users\Sandra\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-24] (Google Inc.)
Task: {EB3D44F8-6596-4E7E-A083-BE752430180E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-513543937-287335986-3713968974-1001Core => C:\Users\Gregor\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-17] (Google Inc.)
Task: {ECAF6CF8-BBE6-4627-8344-DF3789EA3357} - System32\Tasks\{4715049C-D4AA-47CB-8798-10F16CD05CB2} => C:\Program Files (x86)\Steganos Safe 7\SAFE7.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-513543937-287335986-3713968974-1001Core.job => C:\Users\Gregor\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-513543937-287335986-3713968974-1001UA.job => C:\Users\Gregor\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-513543937-287335986-3713968974-1002Core.job => C:\Users\Sandra\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-513543937-287335986-3713968974-1002UA.job => C:\Users\Sandra\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-03-29 17:36 - 2013-10-24 18:42 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\txmlutil.dll
2013-03-29 23:59 - 2013-10-24 18:40 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\UI\accessl.ui
2012-12-13 20:19 - 2011-11-14 20:17 - 00153680 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\bdfwcore.dll
2013-03-29 18:07 - 2013-10-24 18:41 - 00005120 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\UI\IMSecurityAL.ui
2014-03-28 14:01 - 2014-03-28 14:01 - 00771328 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00038_023\ashttpbr.mdl
2014-03-28 14:01 - 2014-03-28 14:01 - 00568400 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00038_023\ashttpdsp.mdl
2014-03-28 14:01 - 2014-03-28 14:01 - 02593416 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00038_023\ashttpph.mdl
2014-03-28 14:01 - 2014-03-28 14:01 - 01317216 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00038_023\ashttprbl.mdl
2012-12-13 20:19 - 2012-06-21 14:01 - 01117480 _____ () C:\Program Files\Bitdefender\Bitdefender SafeBox\System.Data.SQLite.dll
2011-03-05 09:13 - 2010-08-25 05:33 - 16557832 _____ () C:\Program Files\Motorola\Bluetooth\btmshell.dll
2012-12-18 12:02 - 2012-09-07 05:39 - 00067072 _____ () C:\Program Files\FSP\FspLib.dll
2012-12-18 12:02 - 2012-09-07 05:43 - 00040448 _____ () C:\Program Files\FSP\KbdHook.dll
2012-06-06 16:18 - 2012-06-06 16:18 - 00089088 _____ () C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe
2014-03-20 00:05 - 2014-03-20 00:05 - 00172032 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\00a0b4a9df6e4abf30ae2af3624a77ce\IsdiInterop.ni.dll
2011-03-05 09:15 - 2012-02-01 17:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2011-03-05 09:21 - 2010-06-01 19:11 - 00155648 _____ () C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\de-DE\THXAudio.resources.dll
2011-03-05 09:21 - 2010-05-04 20:59 - 00182272 _____ () C:\windows\SysWOW64\APOMngr.DLL
2014-04-10 18:39 - 2014-04-02 03:57 - 00065352 _____ () C:\Users\Gregor\AppData\Local\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
2014-04-10 18:40 - 2014-04-02 03:57 - 00674632 _____ () C:\Users\Gregor\AppData\Local\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
2014-04-10 18:40 - 2014-04-02 03:57 - 00093000 _____ () C:\Users\Gregor\AppData\Local\Google\Chrome\Application\34.0.1847.116\libegl.dll
2014-04-10 18:40 - 2014-04-02 03:57 - 04081480 _____ () C:\Users\Gregor\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll
2014-04-10 18:40 - 2014-04-02 03:58 - 00390472 _____ () C:\Users\Gregor\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
2014-04-10 18:40 - 2014-04-02 03:57 - 01647432 _____ () C:\Users\Gregor\AppData\Local\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
2014-04-10 18:40 - 2014-04-02 03:58 - 13691720 _____ () C:\Users\Gregor\AppData\Local\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Gregor\Desktop\adwcleaner3023.exe:BDU
AlternateDataStreams: C:\Users\Gregor\Downloads\335.23-notebook-win8-win7-64bit-international-whql.exe:BDU
AlternateDataStreams: C:\Users\Gregor\Downloads\4kvideodownloader_3.1.2.1275.exe:BDU
AlternateDataStreams: C:\Users\Gregor\Downloads\ac3filter_2_5b.exe:BDU
AlternateDataStreams: C:\Users\Gregor\Downloads\ALDI Bestellsoftware Setup.exe:BDU
AlternateDataStreams: C:\Users\Gregor\Downloads\AmazonCloudPlayerInstaller_381.exe:BDU
AlternateDataStreams: C:\Users\Gregor\Downloads\audacity-win-2.0.3.exe:BDU
AlternateDataStreams: C:\Users\Gregor\Downloads\Audials_Moviebox-Setup.exe:BDU
AlternateDataStreams: C:\Users\Gregor\Downloads\CCleaner Portable - CHIP-Downloader.exe:BDU
AlternateDataStreams: C:\Users\Gregor\Downloads\ccsetup402_slim.exe:BDU
AlternateDataStreams: C:\Users\Gregor\Downloads\ccsetup408.exe:BDU
AlternateDataStreams: C:\Users\Gregor\Downloads\ccsetup409pro (1).exe:BDU
AlternateDataStreams: C:\Users\Gregor\Downloads\ccsetup409pro.exe:BDU
AlternateDataStreams: C:\Users\Gregor\Downloads\chromeinstall-7u25.exe:BDU
AlternateDataStreams: C:\Users\Gregor\Downloads\ElsterFormular-14.3.20130522k.exe:BDU
AlternateDataStreams: C:\Users\Gregor\Downloads\ffdshow_rev4422_20120409.exe:BDU
AlternateDataStreams: C:\Users\Gregor\Downloads\K-Lite_Codec_Pack_999_x64.exe:BDU
AlternateDataStreams: C:\Users\Gregor\Downloads\KiesSetup13052.exe:BDU
AlternateDataStreams: C:\Users\Gregor\Downloads\KMPlayer_3.4.0.59.exe:BDU
AlternateDataStreams: C:\Users\Gregor\Downloads\Lame_v3.99.3_for_Windows.exe:BDU
AlternateDataStreams: C:\Users\Gregor\Downloads\ManyCam77StandaloneSetup.exe:BDU
AlternateDataStreams: C:\Users\Gregor\Downloads\MatroskaSplitter.exe:BDU
AlternateDataStreams: C:\Users\Gregor\Downloads\mkvtoolnix-unicode-5.9.0-setup.exe:BDU
AlternateDataStreams: C:\Users\Gregor\Downloads\mp3DC218.exe:BDU
AlternateDataStreams: C:\Users\Gregor\Downloads\NAVIGON341_Fresh_setup.exe:BDU
AlternateDataStreams: C:\Users\Gregor\Downloads\OriginThinSetup.exe:BDU
AlternateDataStreams: C:\Users\Gregor\Downloads\PDFXVwer207.exe:BDU
AlternateDataStreams: C:\Users\Gregor\Downloads\rcsetup147.exe:BDU
AlternateDataStreams: C:\Users\Gregor\Downloads\revosetup194.exe:BDU
AlternateDataStreams: C:\Users\Gregor\Downloads\Setup_MakeMKV_v1.7.10.exe:BDU
AlternateDataStreams: C:\Users\Gregor\Downloads\Setup_MakeMKV_v1.7.9.exe:BDU
AlternateDataStreams: C:\Users\Gregor\Downloads\Shockwave_Installer_Slim.exe:BDU
AlternateDataStreams: C:\Users\Gregor\Downloads\Silverlight (1).exe:BDU
AlternateDataStreams: C:\Users\Gregor\Downloads\Silverlight (2).exe:BDU
AlternateDataStreams: C:\Users\Gregor\Downloads\SpywareTerminatorSetup_3.0.0.82.exe:BDU
AlternateDataStreams: C:\Users\Gregor\Downloads\TFC.exe:BDU
AlternateDataStreams: C:\Users\Gregor\Downloads\TMViewerSetup585.exe:BDU
AlternateDataStreams: C:\Users\Gregor-Boss\Downloads\cpu-z_1.68-setup-en.exe:BDU
AlternateDataStreams: C:\Users\Gregor-Boss\Downloads\HPPSdr.exe:BDU
AlternateDataStreams: C:\Users\Gregor-Boss\Downloads\mbam-setup-1.75.0.1300.exe:BDU
AlternateDataStreams: C:\Users\Gregor-Boss\Downloads\ZipExtractorSetup.exe:BDU
AlternateDataStreams: C:\Users\Gregor-Boss\Documents\bitdefender_tsecurity.exe:BDU

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp
MSCONFIG\startupreg: Cinema ProII AP => C:\Program Files (x86)\MSI\Cinema ProII\CinemaProII.exe
MSCONFIG\startupreg: Cinema ProII Controler => C:\Program Files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe
MSCONFIG\startupreg: EADM => "D:\Spiele\Neuer Ordner\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: Eraser => "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Live Update 5 => C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe /reminder
MSCONFIG\startupreg: LiveUpdate 5 => C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe /reminder
MSCONFIG\startupreg: ManyCam => "C:\Program Files (x86)\ManyCam\ManyCam.exe" --silent
MSCONFIG\startupreg: msi LED Manager => C:\Program Files (x86)\msi\msi LED Manager\SLM.exe
MSCONFIG\startupreg: Nuance PDF Reader-reminder => 
MSCONFIG\startupreg: SpybotSD TeaTimer => 
MSCONFIG\startupreg: SpywareTerminatorShield => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
MSCONFIG\startupreg: SpywareTerminatorUpdater => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
MSCONFIG\startupreg: Steam => 
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============

Name: hp business inkjet 2600
Description: hp business inkjet 2600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/17/2014 08:49:48 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/17/2014 08:49:24 AM) (Source: MSI Foundation Service) (User: )
Description: Der Dienst kann nicht gestartet werden. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei MSI_Fire.MSIFireService.EnumRegistryValue()
   bei MSI_Fire.MSIFireService.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (04/16/2014 05:18:36 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/16/2014 01:19:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/16/2014 01:19:13 PM) (Source: MSI Foundation Service) (User: )
Description: Der Dienst kann nicht gestartet werden. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei MSI_Fire.MSIFireService.EnumRegistryValue()
   bei MSI_Fire.MSIFireService.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (04/15/2014 10:26:51 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/15/2014 11:24:56 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/15/2014 11:24:40 AM) (Source: MSI Foundation Service) (User: )
Description: Der Dienst kann nicht gestartet werden. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei MSI_Fire.MSIFireService.EnumRegistryValue()
   bei MSI_Fire.MSIFireService.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (04/14/2014 11:39:10 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: fm.exe, Version: 12.2.2.62775, Zeitstempel: 0x4f67d832
Name des fehlerhaften Moduls: fm.exe, Version: 12.2.2.62775, Zeitstempel: 0x4f67d832
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00cba5ad
ID des fehlerhaften Prozesses: 0xd18
Startzeit der fehlerhaften Anwendung: 0xfm.exe0
Pfad der fehlerhaften Anwendung: fm.exe1
Pfad des fehlerhaften Moduls: fm.exe2
Berichtskennung: fm.exe3

Error: (04/14/2014 10:28:33 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall


System errors:
=============
Error: (04/14/2014 10:16:45 PM) (Source: BugCheck) (User: )
Description: 0x0000004a (0x000000007786132a, 0x0000000000000002, 0x0000000000000000, 0xfffff880088d9b60)C:\windows\MEMORY.DMP041414-16598-01

Error: (04/14/2014 10:16:44 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎14.‎04.‎2014 um 22:14:35 unerwartet heruntergefahren.

Error: (04/13/2014 09:59:46 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎13.‎04.‎2014 um 09:56:00 unerwartet heruntergefahren.

Error: (04/13/2014 01:29:19 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (04/12/2014 08:41:40 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎12.‎04.‎2014 um 08:39:13 unerwartet heruntergefahren.

Error: (04/11/2014 00:32:37 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (03/19/2014 11:36:31 PM) (Source: DCOM) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (03/19/2014 11:35:15 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (03/19/2014 11:35:15 PM) (Source: DCOM) (User: )
Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (03/19/2014 11:35:05 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


Microsoft Office Sessions:
=========================
Error: (04/17/2014 08:49:48 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/17/2014 08:49:24 AM) (Source: MSI Foundation Service)(User: )
Description: Der Dienst kann nicht gestartet werden. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei MSI_Fire.MSIFireService.EnumRegistryValue()
   bei MSI_Fire.MSIFireService.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (04/16/2014 05:18:36 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/16/2014 01:19:27 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/16/2014 01:19:13 PM) (Source: MSI Foundation Service)(User: )
Description: Der Dienst kann nicht gestartet werden. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei MSI_Fire.MSIFireService.EnumRegistryValue()
   bei MSI_Fire.MSIFireService.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (04/15/2014 10:26:51 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/15/2014 11:24:56 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/15/2014 11:24:40 AM) (Source: MSI Foundation Service)(User: )
Description: Der Dienst kann nicht gestartet werden. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei MSI_Fire.MSIFireService.EnumRegistryValue()
   bei MSI_Fire.MSIFireService.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (04/14/2014 11:39:10 PM) (Source: Application Error)(User: )
Description: fm.exe12.2.2.627754f67d832fm.exe12.2.2.627754f67d832c000000500cba5add1801cf5825574e8c21d:\spiele\steam\steamapps\common\football manager 2012\fm.exed:\spiele\steam\steamapps\common\football manager 2012\fm.exe363a074a-c41d-11e3-809b-6c626d2bb998

Error: (04/14/2014 10:28:33 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall


CodeIntegrity Errors:
===================================
  Date: 2013-06-01 23:17:59.877
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-01 23:17:59.823
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-01 23:17:59.761
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\gpapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-01 23:17:59.693
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\gpapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-02 22:11:32.463
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00176_008\avcuf64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-02 21:30:43.990
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00176_008\avcuf64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-01 18:37:06.474
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00176_008\avcuf64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-01 17:58:12.728
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00175_007\avcuf64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-01-31 15:48:57.496
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00175_007\avcuf64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-01-31 07:25:46.018
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00175_007\avcuf64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 36%
Total physical RAM: 6121.43 MB
Available physical RAM: 3887.8 MB
Total Pagefile: 12241.03 MB
Available Pagefile: 9123.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (OS_Install) (Fixed) (Total:349.85 GB) (Free:30.14 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:233.23 GB) (Free:72.18 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 486F8C49)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=27)
Partition 3: (Not Active) - (Size=350 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Code:

ATTFilter

# AdwCleaner v3.023 - Bericht erstellt am 13/04/2014 um 00:56:20
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Gregor-Boss - GREGOR-BOSS-MSI
# Gestartet von : C:\Users\Gregor\Downloads\adwcleaner3023.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : \END
Ordner Gefunden C:\Users\Gregor\AppData\Local\CrashRpt
Ordner Gefunden C:\Users\Gregor-Boss\AppData\Local\CrashRpt
Ordner Gefunden C:\Users\Gregor-Boss\AppData\Roaming\OpenCandy

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Google Chrome v

[ Datei : C:\Users\Gregor-Boss\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Datei : C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Datei : C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4323 octets] - [20/03/2014 00:51:05]
AdwCleaner[R1].txt - [1117 octets] - [13/04/2014 00:56:20]
AdwCleaner[S0].txt - [4092 octets] - [20/03/2014 00:53:11]

########## EOF - \AdwCleaner\AdwCleaner[R1].txt - [1237 octets] ##########

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014 01
Ran by Gregor-Boss (administrator) on GREGOR-BOSS-MSI on 17-04-2014 22:27:21
Running from C:\Users\Gregor\Downloads\trojaner-board hilfe
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\windows\SysWOW64\svchost.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\System Control Manager\MSIService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
(Sentelic Corporation) C:\Program Files\FSP\FspUip.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Users\Gregor\AppData\Local\Google\Update\GoogleUpdate.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
() C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Users\Gregor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Gregor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Gregor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Gregor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Gregor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Gregor\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\windows\system32\taskmgr.exe
(Google Inc.) C:\Users\Gregor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Gregor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Gregor\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [THXCfg64] => C:\windows\system32\THXCfg64.dll [17920 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe [1575192 2013-10-24] (Bitdefender)
HKLM\...\Run: [fspuip] => C:\Program Files\FSP\fspuip.exe [5803520 2012-09-07] (Sentelic Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11465832 2010-09-07] (Realtek Semiconductor)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1351680 2010-11-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [MGSysCtrl] => C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe [2482176 2011-02-17] (Micro-Star International Co., Ltd.)
HKLM-x32\...\Run: [VGAOCAP] => C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe [89088 2012-06-06] ()
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-14] (Microsoft Corporation)
HKLM-x32\...\Runonce: [SpUninstallCleanUp] - REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f [X]
HKU\S-1-5-21-513543937-287335986-3713968974-1000\...\RunOnce: [Report] - \AdwCleaner\AdwCleaner[S1].txt [1382 2014-04-13] ()
HKU\S-1-5-21-513543937-287335986-3713968974-1001\...\Run: [Google Update] => C:\Users\Gregor\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-17] (Google Inc.)
HKU\S-1-5-21-513543937-287335986-3713968974-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-11-06] (Samsung)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://msi.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://msi.msn.com
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {AAFE5B87-4741-4036-9983-FC3D779A1B6C} URL = 
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} -  No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: HKLM-x32 {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{D09902FE-23AA-47E6-8471-1A2816D1A60E}: [NameServer]10.19.1.153

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll No File
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2012-12-13]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-04-26]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2012-12-13]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-04-26]

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Users\Gregor\AppData\Local\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Gregor\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Gregor\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No File
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\Gregor-Boss\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-06]
CHR Extension: (YouTube) - C:\Users\Gregor-Boss\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-06]
CHR Extension: (Google-Suche) - C:\Users\Gregor-Boss\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-06]
CHR Extension: (Google Wallet) - C:\Users\Gregor-Boss\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-16]
CHR Extension: (Google Mail) - C:\Users\Gregor-Boss\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-06]
CHR StartMenuInternet: Google Chrome - C:\Users\Gregor\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [69392 2013-10-24] (Bitdefender)
S2 MSI Foundation Service; C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [12800 2010-07-17] (MSI)
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [95184 2012-06-25] (Bitdefender)
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1149104 2013-04-03] (Crawler.com)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [67320 2013-10-24] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe [1645256 2013-10-24] (Bitdefender)

==================== Drivers (Whitelisted) ====================

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2013-10-24] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2012-12-21] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2013-10-24] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-05-03] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
S3 BDSandBox; C:\windows\system32\drivers\bdsandbox.sys [82824 2013-10-24] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
S3 BTMNET; C:\Windows\System32\DRIVERS\btmnet.sys [30208 2010-07-17] (Motorola, Inc.)
R3 fspad_win764; C:\Windows\System32\DRIVERS\fspad_win764.sys [67584 2012-09-07] (Sentelic Corporation)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-10-24] (BitDefender LLC)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [42016 2013-11-27] (Visicom Media Inc.)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [24744 2014-02-18] (Audials AG)
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2013-11-20] (Windows (R) Win 7 DDK provider)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-10-24] (BitDefender S.R.L.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 MBfilt; system32\drivers\MBfilt64.sys [X]
S3 MGHwCtrl; \??\C:\Program Files\msi\msi Software Install\MGHwCtrl.sys [X]
S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-17 22:27 - 2014-04-17 22:27 - 00000000 ____D () C:\FRST
2014-04-17 22:24 - 2014-04-17 22:24 - 00000000 _____ () C:\Users\Gregor-Boss\defogger_reenable
2014-04-17 22:23 - 2014-04-17 22:27 - 00000000 ____D () C:\Users\Gregor\Downloads\trojaner-board hilfe
2014-04-14 22:16 - 2014-04-14 22:16 - 542923835 _____ () C:\windows\MEMORY.DMP
2014-04-14 22:16 - 2014-04-14 22:16 - 00297920 _____ () C:\windows\Minidump\041414-16598-01.dmp
2014-04-13 08:52 - 2014-04-13 08:52 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\QuickScan
2014-04-13 08:51 - 2014-04-13 08:51 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Malwarebytes
2014-04-13 01:57 - 2014-04-13 01:57 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack x64
2014-04-13 01:57 - 2013-06-21 20:00 - 00127488 _____ () C:\windows\system32\ff_vfw.dll
2014-04-13 01:57 - 2012-06-09 19:21 - 00206336 _____ () C:\windows\system32\unrar64.dll
2014-04-13 01:57 - 2011-12-07 19:37 - 00148992 _____ ( ) C:\windows\system32\lagarith.dll
2014-04-13 01:43 - 2014-04-13 01:43 - 12414036 _____ ( ) C:\Users\Gregor\Downloads\K-Lite_Codec_Pack_999_x64.exe
2014-04-13 00:55 - 2014-04-13 00:55 - 01426178 _____ () C:\Users\Gregor\Desktop\adwcleaner3023.exe
2014-04-12 22:35 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-04-12 22:35 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-04-12 08:55 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-04-12 08:55 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-04-12 08:55 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-04-12 08:55 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-04-12 08:55 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-04-12 08:55 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-04-12 08:55 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-04-12 08:55 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2014-04-12 08:55 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2014-04-12 08:55 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2014-04-12 08:55 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2014-04-12 08:55 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-04-12 08:55 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-04-12 08:55 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-04-12 08:55 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2014-04-12 08:55 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-04-12 08:54 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-04-12 08:54 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-04-12 08:54 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-04-12 08:54 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-04-12 08:54 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-04-12 08:54 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-04-12 08:54 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-04-12 08:54 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-04-12 08:54 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-04-12 08:54 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-04-12 08:54 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-04-12 08:54 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-04-12 08:54 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-04-12 08:54 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-04-12 08:54 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-04-12 08:54 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-04-12 08:54 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-04-12 08:54 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-04-12 08:54 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-04-12 08:54 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-04-12 08:54 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-04-12 08:54 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-04-12 08:54 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-04-12 08:54 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-04-12 08:54 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-04-12 08:54 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-04-12 08:54 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-04-12 08:54 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-04-12 08:54 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-04-12 08:54 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-04-12 08:54 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-04-12 08:54 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-04-12 08:54 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-04-12 08:54 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-04-12 08:54 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-12 08:54 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-04-12 08:54 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-04-12 08:54 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-04-12 08:54 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-04-12 08:54 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-04-12 08:54 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-04-12 08:54 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-04-12 08:54 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-04-12 08:54 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-04-12 08:54 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-04-12 08:54 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-04-12 08:54 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-04-12 08:54 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-04-12 08:48 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-04-12 08:48 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2014-04-12 08:48 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2014-04-12 08:48 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2014-04-12 08:48 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2014-04-12 08:48 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2014-04-12 08:48 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-04-12 08:48 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2014-04-12 08:48 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2014-04-12 08:48 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2014-04-12 08:48 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2014-04-12 08:48 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-04-12 08:48 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-04-12 08:48 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys
2014-04-12 08:48 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll
2014-04-12 08:48 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iologmsg.dll
2014-04-12 08:48 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-04-12 08:48 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-04-12 08:48 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-04-10 00:25 - 2014-04-10 14:49 - 00000000 ____D () C:\Users\Gregor\AppData\Local\ManyCam
2014-04-10 00:25 - 2014-04-10 00:25 - 00001037 _____ () C:\Users\Public\Desktop\ManyCam.lnk
2014-04-10 00:24 - 2014-04-10 00:25 - 00000000 ____D () C:\Program Files (x86)\ManyCam
2014-04-10 00:24 - 2014-04-10 00:24 - 00000000 ____D () C:\Users\Gregor\AppData\Roaming\ManyCam
2014-04-10 00:19 - 2014-04-10 00:23 - 37889656 _____ (Visicom Media Inc.) C:\Users\Gregor\Downloads\ManyCam77StandaloneSetup.exe
2014-04-09 23:52 - 2014-04-09 23:52 - 00000000 ____D () C:\Users\Public\msi
2014-03-24 01:35 - 2014-03-24 01:35 - 00000000 ____D () C:\Users\Gregor\AppData\Roaming\Malwarebytes
2014-03-22 14:47 - 2014-03-22 14:47 - 00000000 ____D () C:\Users\Gregor-Boss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SoftMaker Viewer
2014-03-22 14:47 - 2014-03-22 14:47 - 00000000 ____D () C:\Users\Gregor\Documents\SoftMaker
2014-03-22 14:47 - 2014-03-22 14:47 - 00000000 ____D () C:\Program Files (x86)\SoftMaker Viewer
2014-03-22 14:47 - 2010-02-09 15:49 - 00779593 _____ () C:\Users\Gregor-Boss\Documents\TextMaker Viewer.tmd
2014-03-22 14:47 - 2010-02-03 18:27 - 00068640 _____ () C:\windows\unTMV.exe
2014-03-22 14:47 - 2010-02-03 18:01 - 00002885 _____ () C:\Users\Gregor-Boss\Documents\Viewer-Liesmich.txt
2014-03-22 14:45 - 2014-03-22 14:45 - 05483416 _____ (Igor Pavlov) C:\Users\Gregor\Downloads\TMViewerSetup585.exe
2014-03-22 14:22 - 2014-03-22 15:03 - 00000000 ____D () C:\Users\Gregor\Downloads\Emily Schule
2014-03-20 02:15 - 2014-04-09 08:42 - 00037174 _____ () C:\windows\DirectX.log
2014-03-20 01:20 - 2014-03-20 01:20 - 00000000 ____D () C:\windows\SysWOW64\RTCOM
2014-03-20 01:18 - 2010-09-07 20:27 - 02620008 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkAPO64.dll
2014-03-20 01:18 - 2010-09-07 20:27 - 02484072 _____ (Realtek Semiconductor Corp.) C:\windows\system32\Drivers\RTKVHD64.sys
2014-03-20 01:18 - 2010-09-07 20:27 - 02045032 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtPgEx64.dll
2014-03-20 01:18 - 2010-09-07 20:27 - 01215592 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RTCOM64.dll
2014-03-20 01:18 - 2010-09-07 20:27 - 01146984 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RTSnMg64.cpl
2014-03-20 01:18 - 2010-09-07 20:27 - 00540264 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkApi64.dll
2014-03-20 01:18 - 2010-09-07 20:27 - 00403048 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RCoRes64.dat
2014-03-20 01:18 - 2010-09-07 20:27 - 00332392 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtlCPAPI64.dll
2014-03-20 01:18 - 2010-09-07 20:27 - 00149608 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkCfg64.dll
2014-03-20 01:18 - 2010-09-07 20:27 - 00081000 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RCoInst64.dll
2014-03-20 01:18 - 2010-09-03 08:47 - 00338336 _____ (Fortemedia Corporation) C:\windows\system32\FMAPO64.dll
2014-03-20 01:18 - 2010-08-09 12:22 - 00098704 _____ (Sony Corporation) C:\windows\system32\SFSS_APO.dll
2014-03-20 01:18 - 2010-07-22 17:48 - 00220496 _____ (Virage Logic Corporation / Sonic Focus) C:\windows\system32\SFNHK64.dll
2014-03-20 01:18 - 2010-07-22 17:48 - 00081232 _____ (Virage Logic Corporation / Sonic Focus) C:\windows\system32\SFCOM64.dll
2014-03-20 01:18 - 2010-07-22 17:48 - 00078160 _____ (Virage Logic Corporation / Sonic Focus) C:\windows\system32\SFAPO64.dll
2014-03-20 01:18 - 2010-07-22 17:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\windows\SysWOW64\SFCOM.dll
2014-03-20 01:18 - 2010-07-22 17:37 - 00200800 _____ (Andrea Electronics Corporation) C:\windows\system32\AERTAC64.dll
2014-03-20 01:18 - 2010-07-06 12:48 - 01756160 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioRealtek.dll
2014-03-20 01:18 - 2010-07-01 14:44 - 00124128 _____ (DTS) C:\windows\system32\DTSLFXAPO64.dll
2014-03-20 01:18 - 2010-07-01 14:44 - 00124128 _____ (DTS) C:\windows\system32\DTSGFXAPO64.dll
2014-03-20 01:18 - 2010-07-01 14:44 - 00123104 _____ (DTS) C:\windows\system32\DTSGFXAPONS64.dll
2014-03-20 01:18 - 2010-06-27 18:14 - 00334848 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioAPO30.dll
2014-03-20 01:18 - 2010-05-06 18:34 - 00334680 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxVolumeSDAPO.dll
2014-03-20 01:18 - 2010-05-06 17:43 - 02601816 _____ (Waves Audio Ltd.) C:\windows\system32\WavesGUILib.dll
2014-03-20 01:18 - 2010-04-14 18:56 - 00318808 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioAPO20.dll
2014-03-20 01:18 - 2010-01-05 14:41 - 01325328 _____ (DTS) C:\windows\system32\DTSS2SpeakerDLL64.dll
2014-03-20 01:18 - 2010-01-05 14:41 - 00489744 _____ (DTS) C:\windows\system32\DTSSymmetryDLL64.dll
2014-03-20 01:18 - 2010-01-05 14:41 - 00474896 _____ (DTS) C:\windows\system32\DTSVoiceClarityDLL64.dll
2014-03-20 01:18 - 2010-01-05 14:40 - 01178384 _____ (DTS) C:\windows\system32\DTSS2HeadphoneDLL64.dll
2014-03-20 01:18 - 2010-01-05 14:40 - 01110800 _____ (DTS) C:\windows\system32\DTSBoostDLL64.dll
2014-03-20 01:18 - 2010-01-05 14:40 - 00504592 _____ (DTS) C:\windows\system32\DTSBassEnhancementDLL64.dll
2014-03-20 01:18 - 2010-01-05 14:40 - 00315152 _____ (DTS) C:\windows\system32\DTSNeoPCDLL64.dll
2014-03-20 01:18 - 2010-01-05 14:40 - 00268560 _____ (DTS) C:\windows\system32\DTSLimiterDLL64.dll
2014-03-20 01:18 - 2010-01-05 14:40 - 00265488 _____ (DTS) C:\windows\system32\DTSGainCompensatorDLL64.dll
2014-03-20 01:18 - 2009-12-15 19:26 - 00372936 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEP64A.dll
2014-03-20 01:18 - 2009-12-15 19:26 - 00201928 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEED64A.dll
2014-03-20 01:18 - 2009-12-15 19:26 - 00099016 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEL64A.dll
2014-03-20 01:18 - 2009-12-15 19:26 - 00076488 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEG64A.dll
2014-03-20 01:18 - 2009-12-11 10:55 - 00307920 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RP3DHT64.dll
2014-03-20 01:18 - 2009-12-11 10:55 - 00307920 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RP3DAA64.dll
2014-03-20 01:18 - 2009-11-24 10:55 - 00518896 _____ (SRS Labs, Inc.) C:\windows\system32\SRSTSX64.dll
2014-03-20 01:18 - 2009-11-24 10:55 - 00211184 _____ (SRS Labs, Inc.) C:\windows\system32\SRSTSH64.dll
2014-03-20 01:18 - 2009-11-24 10:55 - 00198896 _____ (SRS Labs, Inc.) C:\windows\system32\SRSHP64.dll
2014-03-20 01:18 - 2009-11-24 10:55 - 00155888 _____ (SRS Labs, Inc.) C:\windows\system32\SRSWOW64.dll
2014-03-20 01:18 - 2009-11-18 19:42 - 02197264 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioEQ.dll
2014-03-20 01:18 - 2009-11-17 19:12 - 00108960 _____ (Andrea Electronics Corporation) C:\windows\system32\AERTAR64.dll
2014-03-20 01:07 - 2010-09-07 14:28 - 00309336 _____ (Creative Technology Ltd.) C:\windows\SysWOW64\MBTHX32.dll
2014-03-20 00:56 - 2014-03-20 00:56 - 00001279 _____ () C:\Users\Gregor-Boss\Desktop\adwcleaner_3.022.lnk
2014-03-20 00:50 - 2014-04-13 23:14 - 00000000 ____D () C:\AdwCleaner
2014-03-20 00:40 - 2014-03-20 00:40 - 00001119 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-20 00:40 - 2014-03-20 00:40 - 00000000 ____D () C:\Users\Gregor-Boss\AppData\Roaming\Malwarebytes
2014-03-20 00:40 - 2014-03-20 00:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-20 00:40 - 2014-03-20 00:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-20 00:40 - 2013-04-04 15:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-03-20 00:38 - 2014-03-20 00:39 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Gregor-Boss\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-20 00:38 - 2014-03-20 00:38 - 00686168 _____ () C:\Users\Gregor-Boss\Downloads\ZipExtractorSetup.exe
2014-03-20 00:27 - 2014-03-20 01:22 - 00000000 ____D () C:\Users\Gregor-Boss\AppData\Roaming\vlc
2014-03-20 00:05 - 2012-02-01 17:16 - 00568600 _____ (Intel Corporation) C:\windows\system32\Drivers\iaStor.sys
2014-03-19 23:42 - 2011-11-08 23:24 - 24796992 _____ (NVIDIA Corporation) C:\windows\system32\nvcompiler.dll
2014-03-19 23:42 - 2011-11-08 23:24 - 24748864 _____ (NVIDIA Corporation) C:\windows\system32\nvoglv64.dll
2014-03-19 23:42 - 2011-11-08 23:24 - 18876736 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglv32.dll
2014-03-19 23:42 - 2011-11-08 23:24 - 17248576 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcompiler.dll
2014-03-19 23:42 - 2011-11-08 23:24 - 15696192 _____ (NVIDIA Corporation) C:\windows\system32\nvd3dumx.dll
2014-03-19 23:42 - 2011-11-08 23:24 - 13208384 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvd3dum.dll
2014-03-19 23:42 - 2011-11-08 23:24 - 13011264 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvlddmkm.sys
2014-03-19 23:42 - 2011-11-08 23:24 - 08798016 _____ (NVIDIA Corporation) C:\windows\system32\nvwgf2umx.dll
2014-03-19 23:42 - 2011-11-08 23:24 - 07583040 _____ (NVIDIA Corporation) C:\windows\system32\nvcuda.dll
2014-03-19 23:42 - 2011-11-08 23:24 - 07049536 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvwgf2um.dll
2014-03-19 23:42 - 2011-11-08 23:24 - 05580096 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuda.dll
2014-03-19 23:42 - 2011-11-08 23:24 - 02824000 _____ (NVIDIA Corporation) C:\windows\system32\nvapi64.dll
2014-03-19 23:42 - 2011-11-08 23:24 - 02544960 _____ (NVIDIA Corporation) C:\windows\system32\nvcuvid.dll
2014-03-19 23:42 - 2011-11-08 23:24 - 02472768 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvapi.dll
2014-03-19 23:42 - 2011-11-08 23:24 - 02403136 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuvid.dll
2014-03-19 23:42 - 2011-11-08 23:24 - 02233664 _____ (NVIDIA Corporation) C:\windows\system32\nvcuvenc.dll
2014-03-19 23:42 - 2011-11-08 23:24 - 02100544 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuvenc.dll
2014-03-19 23:42 - 2011-11-08 23:24 - 01543488 _____ (NVIDIA Corporation) C:\windows\system32\nvdispco64.dll
2014-03-19 23:42 - 2011-11-08 23:24 - 01454912 _____ (NVIDIA Corporation) C:\windows\system32\nvgenco64.dll
2014-03-19 23:42 - 2011-11-08 23:24 - 00837952 _____ (NVIDIA Corporation) C:\windows\system32\easyupdatusapiu64.dll
2014-03-19 23:42 - 2011-11-08 23:24 - 00540992 _____ (NVIDIA Corporation) C:\windows\system32\nvhotkey.dll
2014-03-19 23:42 - 2011-11-08 23:24 - 00068928 _____ (Khronos Group) C:\windows\system32\OpenCL.dll
2014-03-19 23:42 - 2011-11-08 23:24 - 00061248 _____ (Khronos Group) C:\windows\SysWOW64\OpenCL.dll
2014-03-19 23:42 - 2011-07-08 05:51 - 01452648 _____ (NVIDIA Corporation) C:\windows\system32\nvhdagenco6420102.dll
2014-03-19 22:42 - 2014-03-19 22:42 - 00000000 ____D () C:\Program Files\FSP
2014-03-19 22:41 - 2014-03-19 22:42 - 00004698 _____ () C:\windows\DPINST.LOG
2014-03-19 20:16 - 2014-03-20 00:34 - 00000000 ____D () C:\Users\Gregor-Boss\Downloads\MSi GT680R Treiber
2014-03-19 14:42 - 2014-03-19 14:42 - 00000000 ____D () C:\Program Files (x86)\System Control Manager
2014-03-19 14:42 - 2009-12-18 12:54 - 00003584 _____ (Windows (R) Win 7 DDK provider) C:\windows\SysWOW64\msiapcfg.dll
2014-03-19 14:42 - 2008-05-23 18:02 - 00012288 _____ () C:\windows\MSIECO
2014-03-19 14:06 - 2014-03-19 14:06 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-03-19 13:51 - 2014-03-04 16:35 - 01885472 _____ (NVIDIA Corporation) C:\windows\system32\nvdispco6433523.dll
2014-03-19 13:51 - 2014-03-04 16:35 - 01516488 _____ (NVIDIA Corporation) C:\windows\system32\nvdispgenco6433523.dll
2014-03-19 13:50 - 2014-03-04 16:35 - 11589272 _____ (NVIDIA Corporation) C:\windows\system32\nvopencl.dll
2014-03-19 13:50 - 2014-03-04 16:35 - 09690424 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvopencl.dll
2014-03-19 13:50 - 2014-03-04 16:35 - 00892704 _____ (NVIDIA Corporation) C:\windows\system32\NvIFR64.dll
2014-03-19 13:50 - 2014-03-04 16:35 - 00877856 _____ (NVIDIA Corporation) C:\windows\system32\NvFBC64.dll
2014-03-19 13:50 - 2014-03-04 16:35 - 00863064 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvIFR.dll
2014-03-19 13:50 - 2014-03-04 16:35 - 00846168 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvFBC.dll
2014-03-19 03:52 - 2014-03-19 03:52 - 05750532 _____ () C:\Users\Gregor\Downloads\gt680_scm_nb.zip
2014-03-19 03:37 - 2014-03-19 03:37 - 00000000 ____D () C:\Users\Gregor\AppData\Roaming\Macrovision Corporation
2014-03-19 03:37 - 2014-03-19 03:37 - 00000000 ____D () C:\Users\Gregor\AppData\Roaming\InstallShield
2014-03-19 03:28 - 2014-03-19 03:47 - 276762432 _____ (NVIDIA Corporation) C:\Users\Gregor\Downloads\335.23-notebook-win8-win7-64bit-international-whql.exe
2014-03-19 03:07 - 2014-03-19 03:30 - 00000032 _____ () C:\windows\Model.txt
2014-03-19 03:07 - 2014-03-19 03:30 - 00000000 _____ () C:\windows\Model.log
2014-03-19 02:14 - 2014-03-19 02:14 - 00000006 _____ () C:\windows\silentOnce.tmp
2014-03-19 01:43 - 2014-03-19 01:43 - 00003062 _____ () C:\windows\System32\Tasks\{36A544E3-53B0-497C-9506-AA258DB6A125}
2014-03-19 01:35 - 2014-03-19 01:35 - 00001334 _____ () C:\Users\Gregor-Boss\Documents\Sicherung atapi.reg
2014-03-18 23:36 - 2014-03-20 01:39 - 00000000 ____D () C:\Users\Gregor-Boss\AppData\Roaming\Origin
2014-03-18 23:36 - 2014-03-20 01:39 - 00000000 ____D () C:\Users\Gregor-Boss\AppData\Local\Origin
2014-03-18 19:58 - 2014-03-18 19:58 - 00000000 ____D () C:\Users\Gregor\Documents\Criterion Games
2014-03-18 18:16 - 2014-03-18 18:16 - 00000000 ____D () C:\ProgramData\EA Core
2014-03-18 02:53 - 2014-03-18 13:22 - 00000000 ____D () C:\ProgramData\Solidshield

==================== One Month Modified Files and Folders =======

2014-04-17 22:27 - 2014-04-17 22:27 - 00000000 ____D () C:\FRST
2014-04-17 22:27 - 2014-04-17 22:23 - 00000000 ____D () C:\Users\Gregor\Downloads\trojaner-board hilfe
2014-04-17 22:24 - 2014-04-17 22:24 - 00000000 _____ () C:\Users\Gregor-Boss\defogger_reenable
2014-04-17 22:24 - 2012-04-17 17:58 - 00000000 ____D () C:\Users\Gregor-Boss
2014-04-17 22:19 - 2012-04-17 17:57 - 01093975 _____ () C:\windows\WindowsUpdate.log
2014-04-17 22:17 - 2012-04-19 13:41 - 00000000 ____D () C:\windows\System32\Tasks\Games
2014-04-17 22:14 - 2013-05-07 19:04 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-04-17 22:03 - 2013-01-05 23:55 - 00000000 ____D () C:\Users\Gregor\Downloads\HjThis
2014-04-17 21:59 - 2012-04-17 22:49 - 00001124 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-513543937-287335986-3713968974-1001UA.job
2014-04-17 21:54 - 2012-04-24 16:33 - 00001124 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-513543937-287335986-3713968974-1002UA.job
2014-04-17 21:49 - 2011-03-04 17:06 - 00699682 _____ () C:\windows\system32\perfh007.dat
2014-04-17 21:49 - 2011-03-04 17:06 - 00149790 _____ () C:\windows\system32\perfc007.dat
2014-04-17 21:49 - 2009-07-14 07:13 - 01620684 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-17 21:46 - 2012-04-24 16:33 - 00001072 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-513543937-287335986-3713968974-1002Core.job
2014-04-17 21:46 - 2012-04-17 22:49 - 00001072 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-513543937-287335986-3713968974-1001Core.job
2014-04-17 08:56 - 2009-07-14 06:45 - 00024432 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-17 08:56 - 2009-07-14 06:45 - 00024432 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-17 08:49 - 2014-01-20 15:15 - 00018238 _____ () C:\windows\setupact.log
2014-04-17 08:49 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-16 01:05 - 2012-04-19 22:45 - 00000000 ____D () C:\Users\Gregor\AppData\Roaming\vlc
2014-04-14 22:16 - 2014-04-14 22:16 - 542923835 _____ () C:\windows\MEMORY.DMP
2014-04-14 22:16 - 2014-04-14 22:16 - 00297920 _____ () C:\windows\Minidump\041414-16598-01.dmp
2014-04-14 22:16 - 2013-12-22 22:55 - 00000000 ____D () C:\windows\Minidump
2014-04-13 23:14 - 2014-03-20 00:50 - 00000000 ____D () C:\AdwCleaner
2014-04-13 13:15 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-04-13 09:59 - 2014-02-05 01:31 - 00002932 _____ () C:\windows\PFRO.log
2014-04-13 08:52 - 2014-04-13 08:52 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\QuickScan
2014-04-13 08:51 - 2014-04-13 08:51 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Malwarebytes
2014-04-13 08:06 - 2012-04-24 16:35 - 00002380 _____ () C:\Users\Sandra\Desktop\Google Chrome.lnk
2014-04-13 01:57 - 2014-04-13 01:57 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack x64
2014-04-13 01:43 - 2014-04-13 01:43 - 12414036 _____ ( ) C:\Users\Gregor\Downloads\K-Lite_Codec_Pack_999_x64.exe
2014-04-13 00:55 - 2014-04-13 00:55 - 01426178 _____ () C:\Users\Gregor\Desktop\adwcleaner3023.exe
2014-04-12 20:06 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-04-12 08:54 - 2013-07-15 16:38 - 00000000 ____D () C:\windows\system32\MRT
2014-04-12 08:52 - 2012-04-17 21:30 - 90655440 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-04-10 18:40 - 2012-04-17 22:51 - 00002380 _____ () C:\Users\Gregor\Desktop\Google Chrome.lnk
2014-04-10 14:49 - 2014-04-10 00:25 - 00000000 ____D () C:\Users\Gregor\AppData\Local\ManyCam
2014-04-10 12:42 - 2012-04-17 18:38 - 00000000 ____D () C:\Users\Gregor\AppData\Local\FSP
2014-04-10 01:01 - 2012-12-01 20:24 - 00000000 ____D () C:\Users\Gregor\AppData\Roaming\Sports Interactive
2014-04-10 00:25 - 2014-04-10 00:25 - 00001037 _____ () C:\Users\Public\Desktop\ManyCam.lnk
2014-04-10 00:25 - 2014-04-10 00:24 - 00000000 ____D () C:\Program Files (x86)\ManyCam
2014-04-10 00:24 - 2014-04-10 00:24 - 00000000 ____D () C:\Users\Gregor\AppData\Roaming\ManyCam
2014-04-10 00:23 - 2014-04-10 00:19 - 37889656 _____ (Visicom Media Inc.) C:\Users\Gregor\Downloads\ManyCam77StandaloneSetup.exe
2014-04-10 00:03 - 2014-03-17 16:57 - 00000000 ____D () C:\ProgramData\Origin
2014-04-09 23:52 - 2014-04-09 23:52 - 00000000 ____D () C:\Users\Public\msi
2014-04-09 23:52 - 2012-04-17 18:39 - 00000000 ____D () C:\Users\Gregor\AppData\Local\msi
2014-04-09 08:42 - 2014-03-20 02:15 - 00037174 _____ () C:\windows\DirectX.log
2014-04-09 08:42 - 2012-12-01 23:14 - 00000000 ____D () C:\Users\Gregor\Documents\Sports Interactive
2014-04-09 08:42 - 2012-12-01 20:24 - 00000000 ____D () C:\Users\Public\Documents\Sports Interactive
2014-04-09 08:42 - 2012-12-01 20:24 - 00000000 ____D () C:\Users\Gregor\AppData\Local\Sports Interactive
2014-04-03 17:54 - 2012-04-17 22:49 - 00004096 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-513543937-287335986-3713968974-1001UA
2014-04-03 17:54 - 2012-04-17 22:49 - 00003700 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-513543937-287335986-3713968974-1001Core
2014-03-26 14:49 - 2012-04-24 16:33 - 00004096 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-513543937-287335986-3713968974-1002UA
2014-03-26 14:49 - 2012-04-24 16:33 - 00003700 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-513543937-287335986-3713968974-1002Core
2014-03-24 01:35 - 2014-03-24 01:35 - 00000000 ____D () C:\Users\Gregor\AppData\Roaming\Malwarebytes
2014-03-22 15:03 - 2014-03-22 14:22 - 00000000 ____D () C:\Users\Gregor\Downloads\Emily Schule
2014-03-22 14:47 - 2014-03-22 14:47 - 00000000 ____D () C:\Users\Gregor-Boss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SoftMaker Viewer
2014-03-22 14:47 - 2014-03-22 14:47 - 00000000 ____D () C:\Users\Gregor\Documents\SoftMaker
2014-03-22 14:47 - 2014-03-22 14:47 - 00000000 ____D () C:\Program Files (x86)\SoftMaker Viewer
2014-03-22 14:45 - 2014-03-22 14:45 - 05483416 _____ (Igor Pavlov) C:\Users\Gregor\Downloads\TMViewerSetup585.exe
2014-03-21 14:25 - 2012-04-24 16:03 - 00058400 _____ () C:\Users\Sandra\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-21 14:24 - 2012-04-24 16:03 - 00000000 ____D () C:\Users\Sandra\AppData\Local\FSP
2014-03-20 01:39 - 2014-03-18 23:36 - 00000000 ____D () C:\Users\Gregor-Boss\AppData\Roaming\Origin
2014-03-20 01:39 - 2014-03-18 23:36 - 00000000 ____D () C:\Users\Gregor-Boss\AppData\Local\Origin
2014-03-20 01:22 - 2014-03-20 00:27 - 00000000 ____D () C:\Users\Gregor-Boss\AppData\Roaming\vlc
2014-03-20 01:20 - 2014-03-20 01:20 - 00000000 ____D () C:\windows\SysWOW64\RTCOM
2014-03-20 01:20 - 2012-12-16 00:20 - 00003056 _____ () C:\windows\System32\Tasks\MSIAfterburner
2014-03-20 01:18 - 2011-03-05 09:09 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-20 01:18 - 2011-03-05 09:09 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-03-20 01:04 - 2012-04-17 18:38 - 00058400 _____ () C:\Users\Gregor\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-20 00:56 - 2014-03-20 00:56 - 00001279 _____ () C:\Users\Gregor-Boss\Desktop\adwcleaner_3.022.lnk
2014-03-20 00:40 - 2014-03-20 00:40 - 00001119 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-20 00:40 - 2014-03-20 00:40 - 00000000 ____D () C:\Users\Gregor-Boss\AppData\Roaming\Malwarebytes
2014-03-20 00:40 - 2014-03-20 00:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-20 00:40 - 2014-03-20 00:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-20 00:39 - 2014-03-20 00:38 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Gregor-Boss\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-20 00:38 - 2014-03-20 00:38 - 00686168 _____ () C:\Users\Gregor-Boss\Downloads\ZipExtractorSetup.exe
2014-03-20 00:34 - 2014-03-19 20:16 - 00000000 ____D () C:\Users\Gregor-Boss\Downloads\MSi GT680R Treiber
2014-03-20 00:05 - 2011-03-05 09:04 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-03-19 23:45 - 2011-03-05 09:06 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-19 23:42 - 2011-03-05 09:06 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-03-19 22:50 - 2012-04-17 18:04 - 00000000 ____D () C:\Users\Gregor-Boss\AppData\Local\FSP
2014-03-19 22:42 - 2014-03-19 22:42 - 00000000 ____D () C:\Program Files\FSP
2014-03-19 22:42 - 2014-03-19 22:41 - 00004698 _____ () C:\windows\DPINST.LOG
2014-03-19 22:20 - 2011-03-05 09:19 - 00000000 ____D () C:\Program Files (x86)\MSI
2014-03-19 15:36 - 2012-04-17 17:58 - 00058400 _____ () C:\Users\Gregor-Boss\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-19 15:35 - 2009-07-14 06:45 - 02198096 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-19 14:42 - 2014-03-19 14:42 - 00000000 ____D () C:\Program Files (x86)\System Control Manager
2014-03-19 14:06 - 2014-03-19 14:06 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-03-19 14:06 - 2011-03-05 09:06 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-03-19 13:42 - 2013-07-15 11:38 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-19 13:42 - 2013-07-15 11:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-19 13:42 - 2013-05-07 19:04 - 00000000 ____D () C:\windows\system32\Macromed
2014-03-19 13:42 - 2012-04-24 16:35 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-03-19 13:42 - 2012-04-24 16:02 - 00000000 ____D () C:\Users\Sandra
2014-03-19 13:42 - 2012-04-17 22:51 - 00000000 ____D () C:\Users\Gregor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-03-19 13:42 - 2012-04-17 18:38 - 00000000 ____D () C:\Users\Gregor
2014-03-19 13:42 - 2011-03-05 09:14 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-03-19 13:42 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\security
2014-03-19 13:42 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\registration
2014-03-19 13:42 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\AppCompat
2014-03-19 09:06 - 2011-03-04 16:55 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-03-19 03:52 - 2014-03-19 03:52 - 05750532 _____ () C:\Users\Gregor\Downloads\gt680_scm_nb.zip
2014-03-19 03:47 - 2014-03-19 03:28 - 276762432 _____ (NVIDIA Corporation) C:\Users\Gregor\Downloads\335.23-notebook-win8-win7-64bit-international-whql.exe
2014-03-19 03:37 - 2014-03-19 03:37 - 00000000 ____D () C:\Users\Gregor\AppData\Roaming\Macrovision Corporation
2014-03-19 03:37 - 2014-03-19 03:37 - 00000000 ____D () C:\Users\Gregor\AppData\Roaming\InstallShield
2014-03-19 03:30 - 2014-03-19 03:07 - 00000032 _____ () C:\windows\Model.txt
2014-03-19 03:30 - 2014-03-19 03:07 - 00000000 _____ () C:\windows\Model.log
2014-03-19 03:20 - 2014-03-17 17:10 - 00000000 ____D () C:\Users\Gregor\AppData\Roaming\Origin
2014-03-19 02:14 - 2014-03-19 02:14 - 00000006 _____ () C:\windows\silentOnce.tmp
2014-03-19 01:43 - 2014-03-19 01:43 - 00003062 _____ () C:\windows\System32\Tasks\{36A544E3-53B0-497C-9506-AA258DB6A125}
2014-03-19 01:35 - 2014-03-19 01:35 - 00001334 _____ () C:\Users\Gregor-Boss\Documents\Sicherung atapi.reg
2014-03-18 19:58 - 2014-03-18 19:58 - 00000000 ____D () C:\Users\Gregor\Documents\Criterion Games
2014-03-18 18:16 - 2014-03-18 18:16 - 00000000 ____D () C:\ProgramData\EA Core
2014-03-18 13:22 - 2014-03-18 02:53 - 00000000 ____D () C:\ProgramData\Solidshield

Some content of TEMP:
====================
C:\Users\Gregor-Boss\AppData\Local\Temp\activation.x86.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-09 01:45

==================== End Of Log ============================

--- --- ---

--- --- ---

franzkans1 · 18.04.2014, 16:26

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-17 22:56:54
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Intel___ rev.1.0. 596,18GB
Running: Gmer-19357.exe; Driver: C:\Users\GREGOR~1\AppData\Local\Temp\kgnirfod.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                                     fffff80003805000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG  C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                                                                     fffff8000380502f 18 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                             00000000774792d1 5 bytes [B8, 39, 69, 06, 6C]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                             00000000774792d7 5 bytes [00, 00, 00, 50, C3]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtWriteFile                                                                                  0000000077491330 6 bytes [48, B8, B9, F1, 06, 6C]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtWriteFile + 8                                                                              0000000077491338 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtClose                                                                                      00000000774913a0 6 bytes [48, B8, B9, D5, 06, 6C]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                  00000000774913a8 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                      0000000077491470 6 bytes [48, B8, 79, C2, 06, 6C]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                  0000000077491478 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                0000000077491510 6 bytes [48, B8, F9, 32, 06, 6C]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                            0000000077491518 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                           0000000077491530 6 bytes [48, B8, 39, 1C, 06, 6C]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                       0000000077491538 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                         0000000077491550 6 bytes [48, B8, F9, 1D, 06, 6C]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                     0000000077491558 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                           0000000077491570 6 bytes [48, B8, B9, C0, 06, 6C]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                       0000000077491578 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                0000000077491620 6 bytes [48, B8, 39, EE, 06, 6C]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                            0000000077491628 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                         0000000077491650 6 bytes [48, B8, 79, 2F, 06, 6C]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                     0000000077491658 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                            0000000077491670 6 bytes [48, B8, 79, 36, 06, 6C]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                        0000000077491678 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                             0000000077491700 6 bytes [48, B8, B9, 34, 06, 6C]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                         0000000077491708 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                              0000000077491750 6 bytes [48, B8, 79, F3, 06, 6C]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                          0000000077491758 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                            0000000077491780 6 bytes [48, B8, 39, 2A, 06, 6C]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                        0000000077491788 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                               0000000077491790 6 bytes [48, B8, B9, 26, 06, 6C]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                           0000000077491798 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                 0000000077491800 6 bytes [48, B8, F9, EF, 06, 6C]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile + 8                                                                             0000000077491808 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                00000000774918b0 6 bytes [48, B8, F9, F6, 06, 6C]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                            00000000774918b8 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                               0000000077491c80 6 bytes [48, B8, 79, EC, 06, 6C]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                           0000000077491c88 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                              0000000077491cd0 6 bytes [48, B8, 79, 28, 06, 6C]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                          0000000077491cd8 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                             0000000077491d30 6 bytes [48, B8, F9, 24, 06, 6C]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                         0000000077491d38 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                 00000000774920a0 6 bytes [48, B8, 79, D7, 06, 6C]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                             00000000774920a8 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                             00000000774925e0 6 bytes [48, B8, 79, 83, 06, 6C]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                         00000000774925e8 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                           00000000774927e0 6 bytes [48, B8, 39, 31, 06, 6C]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                       00000000774927e8 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                       00000000774929a0 6 bytes [48, B8, 39, D9, 06, 6C]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                   00000000774929a8 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                             0000000077492a80 6 bytes [48, B8, 79, 3D, 06, 6C]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                         0000000077492a88 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                              0000000077492a90 6 bytes [48, B8, B9, 3B, 06, 6C]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                          0000000077492a98 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                         0000000077492aa0 6 bytes [48, B8, 39, F5, 06, 6C]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                                     0000000077492aa8 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                 0000000077492b80 6 bytes [48, B8, 39, E7, 06, 6C]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl + 8                                                                             0000000077492b88 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                       0000000077503201 11 bytes [B8, 39, 85, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                         000007fefd421861 11 bytes [B8, 79, 52, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                         000007fefd422db1 11 bytes [B8, B9, C7, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                      000007fefd423461 11 bytes [B8, 79, C9, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                          000007fefd428ef0 12 bytes [48, B8, F9, C5, 06, 6C, 00, ...]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\system32\KERNELBASE.dll!CreateMutexW                                                                            000007fefd4294c0 12 bytes [48, B8, B9, 50, 06, 6C, 00, ...]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                      000007fefd42bfd1 11 bytes [B8, 39, C4, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                          000007fefd432af1 11 bytes [B8, F9, 4E, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                      000007fefd454350 12 bytes [48, B8, B9, 42, 06, 6C, 00, ...]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                  000007fefd462871 8 bytes [B8, 39, 23, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                 000007fefd46287a 2 bytes [50, C3]
.text     C:\windows\system32\SearchIndexer.exe[3932] C:\windows\system32\KERNELBASE.dll!CreateThread + 1                                                                        000007fefd4628b1 11 bytes [B8, F9, 40, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\wbem\wmiprvse.exe[4576] C:\windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                         000007fefd421861 11 bytes [B8, 79, 52, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\wbem\wmiprvse.exe[4576] C:\windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                         000007fefd422db1 11 bytes [B8, B9, C7, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\wbem\wmiprvse.exe[4576] C:\windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                      000007fefd423461 11 bytes [B8, 79, C9, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\wbem\wmiprvse.exe[4576] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                          000007fefd428ef0 12 bytes [48, B8, F9, C5, 06, 6C, 00, ...]
.text     C:\windows\system32\wbem\wmiprvse.exe[4576] C:\windows\system32\KERNELBASE.dll!CreateMutexW                                                                            000007fefd4294c0 12 bytes [48, B8, B9, 50, 06, 6C, 00, ...]
.text     C:\windows\system32\wbem\wmiprvse.exe[4576] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                      000007fefd42bfd1 11 bytes [B8, 39, C4, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\wbem\wmiprvse.exe[4576] C:\windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                          000007fefd432af1 11 bytes [B8, F9, 4E, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\wbem\wmiprvse.exe[4576] C:\windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                      000007fefd454350 12 bytes [48, B8, B9, 42, 06, 6C, 00, ...]
.text     C:\windows\system32\wbem\wmiprvse.exe[4576] C:\windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                  000007fefd462871 8 bytes [B8, 39, 23, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\wbem\wmiprvse.exe[4576] C:\windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                 000007fefd46287a 2 bytes [50, C3]
.text     C:\windows\system32\wbem\wmiprvse.exe[4576] C:\windows\system32\KERNELBASE.dll!CreateThread + 1                                                                        000007fefd4628b1 11 bytes [B8, F9, 40, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\wbem\wmiprvse.exe[4576] C:\windows\SYSTEM32\sechost.dll!ControlService + 1                                                                         000007fefe95642d 11 bytes [B8, 39, 5B, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\wbem\wmiprvse.exe[4576] C:\windows\SYSTEM32\sechost.dll!OpenServiceW                                                                               000007fefe956484 12 bytes [48, B8, F9, 55, 06, 6C, 00, ...]
.text     C:\windows\system32\wbem\wmiprvse.exe[4576] C:\windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                     000007fefe956519 11 bytes [B8, 39, 62, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\wbem\wmiprvse.exe[4576] C:\windows\SYSTEM32\sechost.dll!OpenServiceA                                                                               000007fefe956c34 12 bytes [48, B8, 39, 54, 06, 6C, 00, ...]
.text     C:\windows\system32\wbem\wmiprvse.exe[4576] C:\windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                          000007fefe957ab5 11 bytes [B8, F9, 5C, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\wbem\wmiprvse.exe[4576] C:\windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                      000007fefe958b01 11 bytes [B8, B9, 57, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\wbem\wmiprvse.exe[4576] C:\windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                      000007fefe958c39 11 bytes [B8, 79, 59, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\wbem\wmiprvse.exe[4576] C:\windows\system32\WS2_32.dll!WSASend + 1                                                                                 000007fefe9013b1 11 bytes [B8, F9, BE, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\wbem\wmiprvse.exe[4576] C:\windows\system32\WS2_32.dll!closesocket                                                                                 000007fefe9018e0 12 bytes [48, B8, 39, BD, 06, 6C, 00, ...]
.text     C:\windows\system32\wbem\wmiprvse.exe[4576] C:\windows\system32\WS2_32.dll!WSASocketW + 1                                                                              000007fefe901bd1 11 bytes [B8, 79, BB, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\wbem\wmiprvse.exe[4576] C:\windows\system32\WS2_32.dll!WSARecv + 1                                                                                 000007fefe902201 11 bytes [B8, F9, E1, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\wbem\wmiprvse.exe[4576] C:\windows\system32\WS2_32.dll!GetAddrInfoW                                                                                000007fefe9023c0 12 bytes [48, B8, 79, A6, 06, 6C, 00, ...]
.text     C:\windows\system32\wbem\wmiprvse.exe[4576] C:\windows\system32\WS2_32.dll!connect                                                                                     000007fefe9045c0 12 bytes [48, B8, 79, 67, 06, 6C, 00, ...]
.text     C:\windows\system32\wbem\wmiprvse.exe[4576] C:\windows\system32\WS2_32.dll!send + 1                                                                                    000007fefe908001 11 bytes [B8, B9, B9, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\wbem\wmiprvse.exe[4576] C:\windows\system32\WS2_32.dll!gethostbyname                                                                               000007fefe908df0 7 bytes [48, B8, 39, A8, 06, 6C, 00]
.text     C:\windows\system32\wbem\wmiprvse.exe[4576] C:\windows\system32\WS2_32.dll!gethostbyname + 9                                                                           000007fefe908df9 3 bytes [00, 50, C3]
.text     C:\windows\system32\wbem\wmiprvse.exe[4576] C:\windows\system32\WS2_32.dll!socket + 1                                                                                  000007fefe90de91 11 bytes [B8, F9, DA, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\wbem\wmiprvse.exe[4576] C:\windows\system32\WS2_32.dll!recv + 1                                                                                    000007fefe90df41 11 bytes [B8, 39, E0, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\wbem\wmiprvse.exe[4576] C:\windows\system32\WS2_32.dll!WSAConnect + 1                                                                              000007fefe92e0f1 11 bytes [B8, 79, DE, 06, 6C, 00, 00, ...]
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4700] C:\windows\SysWOW64\ntdll.dll!NtWriteFile                                    000000007763f928 5 bytes JMP 0000000174776811
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4700] C:\windows\SysWOW64\ntdll.dll!NtClose                                        000000007763f9e0 5 bytes JMP 00000001747760c1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4700] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess                        000000007763fb28 5 bytes JMP 0000000174775b21
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4700] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess                                  000000007763fc20 5 bytes JMP 0000000174773061
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4700] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection                             000000007763fc50 5 bytes JMP 00000001747715f1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4700] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection                           000000007763fc80 5 bytes JMP 0000000174771681
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4700] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess                             000000007763fcb0 5 bytes JMP 0000000174775a91
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4700] C:\windows\SysWOW64\ntdll.dll!NtOpenSection                                  000000007763fdc8 5 bytes JMP 0000000174776781
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4700] C:\windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                           000000007763fe14 5 bytes JMP 0000000174772f41
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4700] C:\windows\SysWOW64\ntdll.dll!NtDuplicateObject                              000000007763fe44 5 bytes JMP 0000000174773181
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4700] C:\windows\SysWOW64\ntdll.dll!NtQueueApcThread                               000000007763ff24 5 bytes JMP 00000001747730f1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4700] C:\windows\SysWOW64\ntdll.dll!NtCreateSection                                000000007763ffa4 5 bytes JMP 00000001747768a1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4700] C:\windows\SysWOW64\ntdll.dll!NtCreateProcessEx                              000000007763ffec 5 bytes JMP 0000000174772d91
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4700] C:\windows\SysWOW64\ntdll.dll!NtCreateThread                                 0000000077640004 5 bytes JMP 0000000174772c71
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4700] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                                   00000000776400b4 5 bytes JMP 0000000174771e61
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4700] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey                                  00000000776401c4 5 bytes JMP 0000000174772251
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4700] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant                                 000000007764079c 5 bytes JMP 00000001747766f1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4700] C:\windows\SysWOW64\ntdll.dll!NtCreateProcess                                0000000077640814 5 bytes JMP 0000000174772d01
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4700] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx                               00000000776408a4 5 bytes JMP 0000000174772be1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4700] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver                                   0000000077640df4 5 bytes JMP 0000000174776151
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4700] C:\windows\SysWOW64\ntdll.dll!NtRaiseHardError                               0000000077641604 5 bytes JMP 0000000174774801
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4700] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread                             0000000077641920 5 bytes JMP 0000000174772fd1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4700] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation                         0000000077641be4 5 bytes JMP 00000001747761e1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4700] C:\windows\SysWOW64\ntdll.dll!NtSuspendProcess                               0000000077641d54 5 bytes JMP 00000001747732a1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4700] C:\windows\SysWOW64\ntdll.dll!NtSuspendThread                                0000000077641d70 5 bytes JMP 0000000174773211
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4700] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl                           0000000077641d8c 5 bytes JMP 0000000174776931
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4700] C:\windows\SysWOW64\ntdll.dll!NtVdmControl                                   0000000077641ee8 5 bytes JMP 0000000174776541
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4700] C:\windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter                     00000000776588c4 5 bytes JMP 0000000174771a71
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4700] C:\windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx                   0000000077680d3b 5 bytes JMP 0000000174771f81
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4700] C:\windows\SysWOW64\ntdll.dll!RtlReportException                             00000000776c860f 5 bytes JMP 0000000174774891
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4700] C:\windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters                     00000000776ce8ab 5 bytes JMP 0000000174771ef1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4700] C:\windows\syswow64\KERNEL32.dll!GetStartupInfoA                             0000000076e20e00 5 bytes JMP 0000000174771d41
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4700] C:\windows\syswow64\KERNEL32.dll!CreateProcessA                              0000000076e21072 5 bytes JMP 0000000174772911
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4700] C:\windows\syswow64\KERNEL32.dll!LoadLibraryA                                0000000076e2499f 5 bytes JMP 0000000174772521
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4700] C:\windows\syswow64\KERNEL32.dll!CreateProcessInternalW                      0000000076e33bbb 5 bytes JMP 0000000174772eb1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4700] C:\windows\syswow64\KERNEL32.dll!CreateToolhelp32Snapshot                    0000000076e47327 5 bytes JMP 0000000174772641
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4700] C:\windows\syswow64\KERNEL32.dll!Process32NextW                              0000000076e488da 5 bytes JMP 0000000174776031
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4700] C:\windows\syswow64\KERNEL32.dll!WinExec                                     0000000076ea2ff1 5 bytes JMP 00000001747727f1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4700] C:\windows\syswow64\KERNEL32.dll!ReadConsoleInputA                           0000000076ec748b 5 bytes JMP 0000000174774411
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4700] C:\windows\syswow64\KERNEL32.dll!ReadConsoleInputW                           0000000076ec74ae 5 bytes JMP 0000000174774531
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4700] C:\windows\syswow64\KERNEL32.dll!ReadConsoleA                                0000000076ec7859 5 bytes JMP 0000000174774651
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4700] C:\windows\syswow64\KERNEL32.dll!ReadConsoleW                                0000000076ec78d2 5 bytes JMP 0000000174774771
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\SysWOW64\ntdll.dll!NtWriteFile                                                000000007763f928 5 bytes JMP 0000000174776811
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\SysWOW64\ntdll.dll!NtClose                                                    000000007763f9e0 5 bytes JMP 00000001747760c1
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess                                    000000007763fb28 5 bytes JMP 0000000174775b21
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess                                              000000007763fc20 5 bytes JMP 0000000174773061
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection                                         000000007763fc50 5 bytes JMP 00000001747715f1
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection                                       000000007763fc80 5 bytes JMP 0000000174771681
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess                                         000000007763fcb0 5 bytes JMP 0000000174775a91
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\SysWOW64\ntdll.dll!NtOpenSection                                              000000007763fdc8 5 bytes JMP 0000000174776781
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                       000000007763fe14 5 bytes JMP 0000000174772f41
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\SysWOW64\ntdll.dll!NtDuplicateObject                                          000000007763fe44 5 bytes JMP 0000000174773181
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\SysWOW64\ntdll.dll!NtQueueApcThread                                           000000007763ff24 5 bytes JMP 00000001747730f1
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\SysWOW64\ntdll.dll!NtCreateSection                                            000000007763ffa4 5 bytes JMP 00000001747768a1
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\SysWOW64\ntdll.dll!NtCreateProcessEx                                          000000007763ffec 5 bytes JMP 0000000174772d91
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\SysWOW64\ntdll.dll!NtCreateThread                                             0000000077640004 5 bytes JMP 0000000174772c71
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                                               00000000776400b4 5 bytes JMP 0000000174771e61
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey                                              00000000776401c4 5 bytes JMP 0000000174772251
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant                                             000000007764079c 5 bytes JMP 00000001747766f1
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\SysWOW64\ntdll.dll!NtCreateProcess                                            0000000077640814 5 bytes JMP 0000000174772d01
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                           00000000776408a4 5 bytes JMP 0000000174772be1
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver                                               0000000077640df4 5 bytes JMP 0000000174776151
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\SysWOW64\ntdll.dll!NtRaiseHardError                                           0000000077641604 5 bytes JMP 0000000174774801
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread                                         0000000077641920 5 bytes JMP 0000000174772fd1
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                     0000000077641be4 5 bytes JMP 00000001747761e1
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\SysWOW64\ntdll.dll!NtSuspendProcess                                           0000000077641d54 5 bytes JMP 00000001747732a1
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\SysWOW64\ntdll.dll!NtSuspendThread                                            0000000077641d70 5 bytes JMP 0000000174773211
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                       0000000077641d8c 5 bytes JMP 0000000174776931
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\SysWOW64\ntdll.dll!NtVdmControl                                               0000000077641ee8 5 bytes JMP 0000000174776541
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter                                 00000000776588c4 5 bytes JMP 0000000174771a71
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx                               0000000077680d3b 5 bytes JMP 0000000174771f81
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\SysWOW64\ntdll.dll!RtlReportException                                         00000000776c860f 5 bytes JMP 0000000174774891
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters                                 00000000776ce8ab 5 bytes JMP 0000000174771ef1
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime                               0000000075f68f7d 5 bytes JMP 00000001747719e1
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\syswow64\KERNELBASE.dll!CloseHandle                                           0000000075f6c428 5 bytes JMP 0000000174773961
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\syswow64\KERNELBASE.dll!WriteProcessMemory                                    0000000075f6ec98 5 bytes JMP 0000000174773451
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\syswow64\KERNELBASE.dll!ExitProcess                                           0000000075f6f1f8 5 bytes JMP 00000001747722e1
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\syswow64\KERNELBASE.dll!GetStartupInfoW                                       0000000075f6fa7b 5 bytes JMP 0000000174771dd1
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\syswow64\KERNELBASE.dll!CreateMutexW                                          0000000075f7134a 5 bytes JMP 00000001747738d1
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\syswow64\KERNELBASE.dll!OpenMutexW                                            0000000075f71371 5 bytes JMP 0000000174773841
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                      0000000075f71d1b 5 bytes JMP 0000000174771951
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\syswow64\KERNELBASE.dll!GetProcAddress                                        0000000075f71e07 5 bytes JMP 0000000174772401
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                        0000000075f72aa4 5 bytes JMP 0000000174775c41
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExA                                        0000000075f72ccc 5 bytes JMP 0000000174775bb1
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary                                           0000000075f72d0a 5 bytes JMP 0000000174775cd1
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleA                                      0000000075f72e6d 5 bytes JMP 00000001747718c1
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\syswow64\KERNELBASE.dll!SleepEx                                               0000000075f73b63 5 bytes JMP 00000001747721c1
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\syswow64\KERNELBASE.dll!Sleep                                                 0000000075f74489 5 bytes JMP 0000000174772371
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\syswow64\KERNELBASE.dll!CreateThread                                          0000000075f745fb 5 bytes JMP 00000001747733c1
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\syswow64\KERNELBASE.dll!CreateRemoteThread                                    0000000075f74624 5 bytes JMP 0000000174772b51
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[344] C:\windows\syswow64\KERNELBASE.dll!CreateFileA                                           0000000075f7c72c 5 bytes JMP 00000001747726d1
.text     C:\Program Files\Windows Media Player\wmpnetwk.exe[5344] C:\windows\system32\WS2_32.dll!WSASend + 1                                                                    000007fefe9013b1 11 bytes [B8, F9, BE, 06, 6C, 00, 00, ...]
.text     C:\Program Files\Windows Media Player\wmpnetwk.exe[5344] C:\windows\system32\WS2_32.dll!closesocket                                                                    000007fefe9018e0 12 bytes [48, B8, 39, BD, 06, 6C, 00, ...]
.text     C:\Program Files\Windows Media Player\wmpnetwk.exe[5344] C:\windows\system32\WS2_32.dll!WSASocketW + 1                                                                 000007fefe901bd1 11 bytes [B8, 79, BB, 06, 6C, 00, 00, ...]
.text     C:\Program Files\Windows Media Player\wmpnetwk.exe[5344] C:\windows\system32\WS2_32.dll!WSARecv + 1                                                                    000007fefe902201 11 bytes [B8, F9, E1, 06, 6C, 00, 00, ...]
.text     C:\Program Files\Windows Media Player\wmpnetwk.exe[5344] C:\windows\system32\WS2_32.dll!GetAddrInfoW                                                                   000007fefe9023c0 12 bytes [48, B8, 79, A6, 06, 6C, 00, ...]
.text     C:\Program Files\Windows Media Player\wmpnetwk.exe[5344] C:\windows\system32\WS2_32.dll!connect                                                                        000007fefe9045c0 12 bytes [48, B8, 79, 67, 06, 6C, 00, ...]
.text     C:\Program Files\Windows Media Player\wmpnetwk.exe[5344] C:\windows\system32\WS2_32.dll!send + 1                                                                       000007fefe908001 11 bytes [B8, B9, B9, 06, 6C, 00, 00, ...]
.text     C:\Program Files\Windows Media Player\wmpnetwk.exe[5344] C:\windows\system32\WS2_32.dll!gethostbyname                                                                  000007fefe908df0 7 bytes [48, B8, 39, A8, 06, 6C, 00]
.text     C:\Program Files\Windows Media Player\wmpnetwk.exe[5344] C:\windows\system32\WS2_32.dll!gethostbyname + 9                                                              000007fefe908df9 3 bytes [00, 50, C3]
.text     C:\Program Files\Windows Media Player\wmpnetwk.exe[5344] C:\windows\system32\WS2_32.dll!socket + 1                                                                     000007fefe90de91 11 bytes [B8, F9, DA, 06, 6C, 00, 00, ...]
.text     C:\Program Files\Windows Media Player\wmpnetwk.exe[5344] C:\windows\system32\WS2_32.dll!recv + 1                                                                       000007fefe90df41 11 bytes [B8, 39, E0, 06, 6C, 00, 00, ...]
.text     C:\Program Files\Windows Media Player\wmpnetwk.exe[5344] C:\windows\system32\WS2_32.dll!WSAConnect + 1                                                                 000007fefe92e0f1 11 bytes [B8, 79, DE, 06, 6C, 00, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                          00000000774792d1 5 bytes [B8, 39, 69, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                          00000000774792d7 5 bytes [00, 00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtWriteFile                                                               0000000077491330 6 bytes [48, B8, B9, F1, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtWriteFile + 8                                                           0000000077491338 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtClose                                                                   00000000774913a0 6 bytes [48, B8, B9, D5, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtClose + 8                                                               00000000774913a8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                   0000000077491470 6 bytes [48, B8, 79, C2, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                               0000000077491478 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                             0000000077491510 6 bytes [48, B8, F9, 32, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                         0000000077491518 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                        0000000077491530 6 bytes [48, B8, 39, 1C, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                    0000000077491538 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                      0000000077491550 6 bytes [48, B8, F9, 1D, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                  0000000077491558 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                        0000000077491570 6 bytes [48, B8, B9, C0, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                    0000000077491578 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                             0000000077491620 6 bytes [48, B8, 39, EE, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                         0000000077491628 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                      0000000077491650 6 bytes [48, B8, 79, 2F, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                  0000000077491658 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                         0000000077491670 6 bytes [48, B8, 79, 36, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                     0000000077491678 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                          0000000077491700 6 bytes [48, B8, B9, 34, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                      0000000077491708 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection                                                           0000000077491750 6 bytes [48, B8, 79, F3, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                       0000000077491758 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                         0000000077491780 6 bytes [48, B8, 39, 2A, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                     0000000077491788 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread                                                            0000000077491790 6 bytes [48, B8, B9, 26, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                        0000000077491798 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile                                                              0000000077491800 6 bytes [48, B8, F9, EF, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile + 8                                                          0000000077491808 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                             00000000774918b0 6 bytes [48, B8, F9, F6, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                         00000000774918b8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                            0000000077491c80 6 bytes [48, B8, 79, EC, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                        0000000077491c88 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                           0000000077491cd0 6 bytes [48, B8, 79, 28, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                       0000000077491cd8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                          0000000077491d30 6 bytes [48, B8, F9, 24, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                      0000000077491d38 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                              00000000774920a0 6 bytes [48, B8, 79, D7, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                          00000000774920a8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                          00000000774925e0 6 bytes [48, B8, 79, 83, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                      00000000774925e8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                        00000000774927e0 6 bytes [48, B8, 39, 31, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                    00000000774927e8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                    00000000774929a0 6 bytes [48, B8, 39, D9, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                00000000774929a8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                          0000000077492a80 6 bytes [48, B8, 79, 3D, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                      0000000077492a88 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                           0000000077492a90 6 bytes [48, B8, B9, 3B, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                       0000000077492a98 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                      0000000077492aa0 6 bytes [48, B8, 39, F5, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                  0000000077492aa8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl                                                              0000000077492b80 6 bytes [48, B8, 39, E7, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl + 8                                                          0000000077492b88 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                    0000000077503201 11 bytes [B8, 39, 85, 06, 6C, 00, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\system32\kernel32.dll!Process32NextW + 1                                                     0000000077321b21 11 bytes [B8, F9, D3, 06, 6C, 00, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                               0000000077321c10 12 bytes [48, B8, F9, 39, 06, 6C, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\system32\kernel32.dll!CreateProcessInternalW                                                 000000007733db80 12 bytes [48, B8, B9, 2D, 06, 6C, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\system32\kernel32.dll!GetStartupInfoA + 1                                                    0000000077340931 11 bytes [B8, 79, E5, 06, 6C, 00, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                  00000000773752f1 11 bytes [B8, B9, 7A, 06, 6C, 00, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                  0000000077375311 11 bytes [B8, 39, 77, 06, 6C, 00, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\system32\kernel32.dll!ReadConsoleW                                                           000000007738a5e0 12 bytes [48, B8, B9, 81, 06, 6C, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\system32\kernel32.dll!ReadConsoleA                                                           000000007738a6f0 12 bytes [48, B8, 39, 7E, 06, 6C, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\system32\KERNELBASE.dll!CloseHandle + 1                                                      000007fefd421861 11 bytes [B8, 79, 52, 06, 6C, 00, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                      000007fefd422db1 11 bytes [B8, B9, C7, 06, 6C, 00, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                   000007fefd423461 11 bytes [B8, 79, C9, 06, 6C, 00, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW                                                       000007fefd428ef0 12 bytes [48, B8, F9, C5, 06, 6C, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\system32\KERNELBASE.dll!CreateMutexW                                                         000007fefd4294c0 12 bytes [48, B8, B9, 50, 06, 6C, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                   000007fefd42bfd1 11 bytes [B8, 39, C4, 06, 6C, 00, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                       000007fefd432af1 11 bytes [B8, F9, 4E, 06, 6C, 00, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\system32\KERNELBASE.dll!WriteProcessMemory                                                   000007fefd454350 12 bytes [48, B8, B9, 42, 06, 6C, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                               000007fefd462871 8 bytes [B8, 39, 23, 06, 6C, 00, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                              000007fefd46287a 2 bytes [50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\system32\KERNELBASE.dll!CreateThread + 1                                                     000007fefd4628b1 11 bytes [B8, F9, 40, 06, 6C, 00, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\sechost.dll!ControlService + 1                                                      000007fefe95642d 11 bytes [B8, 39, 5B, 06, 6C, 00, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\sechost.dll!OpenServiceW                                                            000007fefe956484 12 bytes [48, B8, F9, 55, 06, 6C, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                  000007fefe956519 11 bytes [B8, 39, 62, 06, 6C, 00, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\sechost.dll!OpenServiceA                                                            000007fefe956c34 12 bytes [48, B8, 39, 54, 06, 6C, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\sechost.dll!DeleteService + 1                                                       000007fefe957ab5 11 bytes [B8, F9, 5C, 06, 6C, 00, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                   000007fefe958b01 11 bytes [B8, B9, 57, 06, 6C, 00, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5604] C:\windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                   000007fefe958c39 11 bytes [B8, 79, 59, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                    00000000774792d1 5 bytes [B8, 39, 69, 06, 6C]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                                    00000000774792d7 5 bytes [00, 00, 00, 50, C3]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtWriteFile                                                                                         0000000077491330 6 bytes [48, B8, B9, F1, 06, 6C]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtWriteFile + 8                                                                                     0000000077491338 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtClose                                                                                             00000000774913a0 6 bytes [48, B8, B9, D5, 06, 6C]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                         00000000774913a8 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                             0000000077491470 6 bytes [48, B8, 79, C2, 06, 6C]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                         0000000077491478 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                       0000000077491510 6 bytes [48, B8, F9, 32, 06, 6C]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                   0000000077491518 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                  0000000077491530 6 bytes [48, B8, 39, 1C, 06, 6C]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                              0000000077491538 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                0000000077491550 6 bytes [48, B8, F9, 1D, 06, 6C]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                            0000000077491558 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                  0000000077491570 6 bytes [48, B8, B9, C0, 06, 6C]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                              0000000077491578 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                       0000000077491620 6 bytes [48, B8, 39, EE, 06, 6C]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                                   0000000077491628 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                0000000077491650 6 bytes [48, B8, 79, 2F, 06, 6C]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                            0000000077491658 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                   0000000077491670 6 bytes [48, B8, 79, 36, 06, 6C]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                               0000000077491678 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                    0000000077491700 6 bytes [48, B8, B9, 34, 06, 6C]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                0000000077491708 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                     0000000077491750 6 bytes [48, B8, 79, F3, 06, 6C]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                                 0000000077491758 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                   0000000077491780 6 bytes [48, B8, 39, 2A, 06, 6C]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                               0000000077491788 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                      0000000077491790 6 bytes [48, B8, B9, 26, 06, 6C]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                  0000000077491798 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                        0000000077491800 6 bytes [48, B8, F9, EF, 06, 6C]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile + 8                                                                                    0000000077491808 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                       00000000774918b0 6 bytes [48, B8, F9, F6, 06, 6C]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                   00000000774918b8 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                      0000000077491c80 6 bytes [48, B8, 79, EC, 06, 6C]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                                  0000000077491c88 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                     0000000077491cd0 6 bytes [48, B8, 79, 28, 06, 6C]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                 0000000077491cd8 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                    0000000077491d30 6 bytes [48, B8, F9, 24, 06, 6C]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                0000000077491d38 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                        00000000774920a0 6 bytes [48, B8, 79, D7, 06, 6C]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                    00000000774920a8 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                    00000000774925e0 6 bytes [48, B8, 79, 83, 06, 6C]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                                00000000774925e8 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                  00000000774927e0 6 bytes [48, B8, 39, 31, 06, 6C]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                              00000000774927e8 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                              00000000774929a0 6 bytes [48, B8, 39, D9, 06, 6C]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                          00000000774929a8 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                    0000000077492a80 6 bytes [48, B8, 79, 3D, 06, 6C]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                0000000077492a88 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                     0000000077492a90 6 bytes [48, B8, B9, 3B, 06, 6C]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                 0000000077492a98 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                0000000077492aa0 6 bytes [48, B8, 39, F5, 06, 6C]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                                            0000000077492aa8 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                        0000000077492b80 6 bytes [48, B8, 39, E7, 06, 6C]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl + 8                                                                                    0000000077492b88 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                              0000000077503201 11 bytes [B8, 39, 85, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\system32\kernel32.dll!Process32NextW + 1                                                                               0000000077321b21 11 bytes [B8, F9, D3, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                         0000000077321c10 12 bytes [48, B8, F9, 39, 06, 6C, 00, ...]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\system32\kernel32.dll!CreateProcessInternalW                                                                           000000007733db80 12 bytes [48, B8, B9, 2D, 06, 6C, 00, ...]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                              0000000077340931 11 bytes [B8, 79, E5, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                            00000000773752f1 11 bytes [B8, B9, 7A, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                            0000000077375311 11 bytes [B8, 39, 77, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\system32\kernel32.dll!ReadConsoleW                                                                                     000000007738a5e0 12 bytes [48, B8, B9, 81, 06, 6C, 00, ...]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\system32\kernel32.dll!ReadConsoleA                                                                                     000000007738a6f0 12 bytes [48, B8, 39, 7E, 06, 6C, 00, ...]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                000007fefd421861 11 bytes [B8, 79, 52, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                000007fefd422db1 11 bytes [B8, B9, C7, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                             000007fefd423461 11 bytes [B8, 79, C9, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                 000007fefd428ef0 12 bytes [48, B8, F9, C5, 06, 6C, 00, ...]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\system32\KERNELBASE.dll!CreateMutexW                                                                                   000007fefd4294c0 12 bytes [48, B8, B9, 50, 06, 6C, 00, ...]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                             000007fefd42bfd1 11 bytes [B8, 39, C4, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                 000007fefd432af1 11 bytes [B8, F9, 4E, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                             000007fefd454350 12 bytes [48, B8, B9, 42, 06, 6C, 00, ...]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                         000007fefd462871 8 bytes [B8, 39, 23, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                        000007fefd46287a 2 bytes [50, C3]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\system32\KERNELBASE.dll!CreateThread + 1                                                                               000007fefd4628b1 11 bytes [B8, F9, 40, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                000007fefe95642d 11 bytes [B8, 39, 5B, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                      000007fefe956484 12 bytes [48, B8, F9, 55, 06, 6C, 00, ...]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                            000007fefe956519 11 bytes [B8, 39, 62, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                      000007fefe956c34 12 bytes [48, B8, 39, 54, 06, 6C, 00, ...]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                 000007fefe957ab5 11 bytes [B8, F9, 5C, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                             000007fefe958b01 11 bytes [B8, B9, 57, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\nvvsvc.exe[5600] C:\windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                             000007fefe958c39 11 bytes [B8, 79, 59, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                  00000000774792d1 5 bytes [B8, 39, 69, 06, 6C]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                                  00000000774792d7 5 bytes [00, 00, 00, 50, C3]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtWriteFile                                                                                       0000000077491330 6 bytes [48, B8, B9, F1, 06, 6C]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtWriteFile + 8                                                                                   0000000077491338 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtClose                                                                                           00000000774913a0 6 bytes [48, B8, B9, D5, 06, 6C]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                       00000000774913a8 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                           0000000077491470 6 bytes [48, B8, 79, C2, 06, 6C]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                       0000000077491478 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                     0000000077491510 6 bytes [48, B8, F9, 32, 06, 6C]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                 0000000077491518 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                0000000077491530 6 bytes [48, B8, 39, 1C, 06, 6C]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                            0000000077491538 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                              0000000077491550 6 bytes [48, B8, F9, 1D, 06, 6C]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                          0000000077491558 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                0000000077491570 6 bytes [48, B8, B9, C0, 06, 6C]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                            0000000077491578 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                     0000000077491620 6 bytes [48, B8, 39, EE, 06, 6C]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                                 0000000077491628 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                              0000000077491650 6 bytes [48, B8, 79, 2F, 06, 6C]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                          0000000077491658 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                 0000000077491670 6 bytes [48, B8, 79, 36, 06, 6C]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                             0000000077491678 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                  0000000077491700 6 bytes [48, B8, B9, 34, 06, 6C]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                              0000000077491708 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                   0000000077491750 6 bytes [48, B8, 79, F3, 06, 6C]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                               0000000077491758 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                 0000000077491780 6 bytes [48, B8, 39, 2A, 06, 6C]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                             0000000077491788 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                    0000000077491790 6 bytes [48, B8, B9, 26, 06, 6C]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                0000000077491798 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                      0000000077491800 6 bytes [48, B8, F9, EF, 06, 6C]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile + 8                                                                                  0000000077491808 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                     00000000774918b0 6 bytes [48, B8, F9, F6, 06, 6C]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                 00000000774918b8 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                    0000000077491c80 6 bytes [48, B8, 79, EC, 06, 6C]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                                0000000077491c88 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                   0000000077491cd0 6 bytes [48, B8, 79, 28, 06, 6C]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                               0000000077491cd8 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                  0000000077491d30 6 bytes [48, B8, F9, 24, 06, 6C]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                              0000000077491d38 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                      00000000774920a0 6 bytes [48, B8, 79, D7, 06, 6C]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                  00000000774920a8 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                  00000000774925e0 6 bytes [48, B8, 79, 83, 06, 6C]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                              00000000774925e8 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                00000000774927e0 6 bytes [48, B8, 39, 31, 06, 6C]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                            00000000774927e8 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                            00000000774929a0 6 bytes [48, B8, 39, D9, 06, 6C]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                        00000000774929a8 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                  0000000077492a80 6 bytes [48, B8, 79, 3D, 06, 6C]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                              0000000077492a88 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                   0000000077492a90 6 bytes [48, B8, B9, 3B, 06, 6C]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                               0000000077492a98 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                              0000000077492aa0 6 bytes [48, B8, 39, F5, 06, 6C]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                                          0000000077492aa8 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                      0000000077492b80 6 bytes [48, B8, 39, E7, 06, 6C]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl + 8                                                                                  0000000077492b88 4 bytes [00, 00, 50, C3]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                            0000000077503201 11 bytes [B8, 39, 85, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\system32\kernel32.dll!Process32NextW + 1                                                                             0000000077321b21 11 bytes [B8, F9, D3, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                       0000000077321c10 12 bytes [48, B8, F9, 39, 06, 6C, 00, ...]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\system32\kernel32.dll!CreateProcessInternalW                                                                         000000007733db80 12 bytes [48, B8, B9, 2D, 06, 6C, 00, ...]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                            0000000077340931 11 bytes [B8, 79, E5, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                          00000000773752f1 11 bytes [B8, B9, 7A, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                          0000000077375311 11 bytes [B8, 39, 77, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\system32\kernel32.dll!ReadConsoleW                                                                                   000000007738a5e0 12 bytes [48, B8, B9, 81, 06, 6C, 00, ...]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\system32\kernel32.dll!ReadConsoleA                                                                                   000000007738a6f0 12 bytes [48, B8, 39, 7E, 06, 6C, 00, ...]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                              000007fefd421861 11 bytes [B8, 79, 52, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                              000007fefd422db1 11 bytes [B8, B9, C7, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                           000007fefd423461 11 bytes [B8, 79, C9, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                               000007fefd428ef0 12 bytes [48, B8, F9, C5, 06, 6C, 00, ...]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\system32\KERNELBASE.dll!CreateMutexW                                                                                 000007fefd4294c0 12 bytes [48, B8, B9, 50, 06, 6C, 00, ...]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                           000007fefd42bfd1 11 bytes [B8, 39, C4, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                               000007fefd432af1 11 bytes [B8, F9, 4E, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                           000007fefd454350 12 bytes [48, B8, B9, 42, 06, 6C, 00, ...]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                       000007fefd462871 8 bytes [B8, 39, 23, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                      000007fefd46287a 2 bytes [50, C3]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\system32\KERNELBASE.dll!CreateThread + 1                                                                             000007fefd4628b1 11 bytes [B8, F9, 40, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\sechost.dll!ControlService + 1                                                                              000007fefe95642d 11 bytes [B8, 39, 5B, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                    000007fefe956484 12 bytes [48, B8, F9, 55, 06, 6C, 00, ...]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                          000007fefe956519 11 bytes [B8, 39, 62, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                    000007fefe956c34 12 bytes [48, B8, 39, 54, 06, 6C, 00, ...]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                               000007fefe957ab5 11 bytes [B8, F9, 5C, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                           000007fefe958b01 11 bytes [B8, B9, 57, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                           000007fefe958c39 11 bytes [B8, 79, 59, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\system32\ADVAPI32.dll!IsTextUnicode + 49                                                                             000007feff114ea1 11 bytes [B8, 79, FA, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\system32\ADVAPI32.dll!CreateServiceW                                                                                 000007feff1155c8 12 bytes [48, B8, B9, 6C, 06, 6C, 00, ...]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\system32\ADVAPI32.dll!CreateServiceA                                                                                 000007feff12b85c 12 bytes [48, B8, F9, 6A, 06, 6C, 00, ...]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\system32\ADVAPI32.dll!ChangeServiceConfigW                                                                           000007feff12b9d0 12 bytes [48, B8, 79, 60, 06, 6C, 00, ...]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\system32\ADVAPI32.dll!ChangeServiceConfigA                                                                           000007feff12ba3c 12 bytes [48, B8, B9, 5E, 06, 6C, 00, ...]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\system32\Dxva2.dll!DXVA2CreateVideoService + 1                                                                       000007fef99e3b21 11 bytes [B8, 39, 9A, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\taskhost.exe[4600] C:\windows\system32\Dxva2.dll!DXVAHD_CreateDevice + 1                                                                           000007fef99efbd1 11 bytes [B8, F9, 94, 06, 6C, 00, 00, ...]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                           00000000774792d1 5 bytes [B8, F9, 55, 06, 6C]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                                           00000000774792d7 5 bytes [00, 00, 00, 50, C3]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                    0000000077491470 6 bytes [48, B8, F9, 5C, 06, 6C]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                0000000077491478 4 bytes [00, 00, 50, C3]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                              0000000077491510 6 bytes [48, B8, F9, 32, 06, 6C]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                          0000000077491518 4 bytes [00, 00, 50, C3]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                         0000000077491530 6 bytes [48, B8, 39, 1C, 06, 6C]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                     0000000077491538 4 bytes [00, 00, 50, C3]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                       0000000077491550 6 bytes [48, B8, F9, 1D, 06, 6C]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                   0000000077491558 4 bytes [00, 00, 50, C3]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                         0000000077491570 6 bytes [48, B8, 39, 5B, 06, 6C]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                     0000000077491578 4 bytes [00, 00, 50, C3]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                              0000000077491620 6 bytes [48, B8, 39, 70, 06, 6C]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                                          0000000077491628 4 bytes [00, 00, 50, C3]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                       0000000077491650 6 bytes [48, B8, 79, 2F, 06, 6C]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                   0000000077491658 4 bytes [00, 00, 50, C3]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                          0000000077491670 6 bytes [48, B8, 79, 36, 06, 6C]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                      0000000077491678 4 bytes [00, 00, 50, C3]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                           0000000077491700 6 bytes [48, B8, B9, 34, 06, 6C]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                       0000000077491708 4 bytes [00, 00, 50, C3]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                            0000000077491750 6 bytes [48, B8, F9, 71, 06, 6C]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                                        0000000077491758 4 bytes [00, 00, 50, C3]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                          0000000077491780 6 bytes [48, B8, 39, 2A, 06, 6C]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                      0000000077491788 4 bytes [00, 00, 50, C3]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                             0000000077491790 6 bytes [48, B8, B9, 26, 06, 6C]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                         0000000077491798 4 bytes [00, 00, 50, C3]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                              00000000774918b0 6 bytes [48, B8, 79, 75, 06, 6C]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                          00000000774918b8 4 bytes [00, 00, 50, C3]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                             0000000077491c80 6 bytes [48, B8, 79, 6E, 06, 6C]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                                         0000000077491c88 4 bytes [00, 00, 50, C3]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                            0000000077491cd0 6 bytes [48, B8, 79, 28, 06, 6C]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                        0000000077491cd8 4 bytes [00, 00, 50, C3]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                           0000000077491d30 6 bytes [48, B8, F9, 24, 06, 6C]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                       0000000077491d38 4 bytes [00, 00, 50, C3]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                               00000000774920a0 6 bytes [48, B8, B9, 5E, 06, 6C]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                           00000000774920a8 4 bytes [00, 00, 50, C3]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                         00000000774927e0 6 bytes [48, B8, 39, 31, 06, 6C]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                     00000000774927e8 4 bytes [00, 00, 50, C3]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                     00000000774929a0 6 bytes [48, B8, 79, 60, 06, 6C]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                 00000000774929a8 4 bytes [00, 00, 50, C3]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                           0000000077492a80 6 bytes [48, B8, 79, 3D, 06, 6C]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                       0000000077492a88 4 bytes [00, 00, 50, C3]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                            0000000077492a90 6 bytes [48, B8, B9, 3B, 06, 6C]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                        0000000077492a98 4 bytes [00, 00, 50, C3]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                       0000000077492aa0 6 bytes [48, B8, B9, 73, 06, 6C]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                                                   0000000077492aa8 4 bytes [00, 00, 50, C3]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                               0000000077492b80 6 bytes [48, B8, B9, 65, 06, 6C]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl + 8                                                                                           0000000077492b88 4 bytes [00, 00, 50, C3]
.text     C:\windows\Explorer.EXE[5548] C:\windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                0000000077321c10 12 bytes [48, B8, F9, 39, 06, 6C, 00, ...]
.text     C:\windows\Explorer.EXE[5548] C:\windows\system32\kernel32.dll!CreateProcessInternalW                                                                                  000000007733db80 12 bytes [48, B8, B9, 2D, 06, 6C, 00, ...]
.text     C:\windows\Explorer.EXE[5548] C:\windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                     0000000077340931 11 bytes [B8, F9, 63, 06, 6C, 00, 00, ...]
.text     C:\windows\Explorer.EXE[5548] C:\windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                    000007fefd454350 12 bytes [48, B8, B9, 42, 06, 6C, 00, ...]
.text     C:\windows\Explorer.EXE[5548] C:\windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                000007fefd462871 8 bytes [B8, 39, 23, 06, 6C, 00, 00, ...]
.text     C:\windows\Explorer.EXE[5548] C:\windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                               000007fefd46287a 2 bytes [50, C3]
.text     C:\windows\Explorer.EXE[5548] C:\windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                      000007fefd4628b1 11 bytes [B8, F9, 40, 06, 6C, 00, 00, ...]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                       000007fefe95642d 11 bytes [B8, 79, 4B, 06, 6C, 00, 00, ...]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                             000007fefe956484 12 bytes [48, B8, 39, 46, 06, 6C, 00, ...]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                   000007fefe956519 11 bytes [B8, 79, 52, 06, 6C, 00, 00, ...]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                             000007fefe956c34 12 bytes [48, B8, 79, 44, 06, 6C, 00, ...]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                        000007fefe957ab5 11 bytes [B8, 39, 4D, 06, 6C, 00, 00, ...]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                    000007fefe958b01 11 bytes [B8, F9, 47, 06, 6C, 00, 00, ...]
.text     C:\windows\Explorer.EXE[5548] C:\windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                    000007fefe958c39 11 bytes [B8, B9, 49, 06, 6C, 00, 00, ...]
.text     C:\windows\Explorer.EXE[5548] C:\windows\system32\WS2_32.dll!connect                                                                                                   000007fefe9045c0 12 bytes [48, B8, 39, 54, 06, 6C, 00, ...]

franzkans1 · 18.04.2014, 16:32

Code:

ATTFilter

.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                  00000000774792d1 5 bytes [B8, F9, 6A, 06, 6C]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                                  00000000774792d7 5 bytes [00, 00, 00, 50, C3]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtWriteFile                                                                                       0000000077491330 6 bytes [48, B8, B9, F1, 06, 6C]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtWriteFile + 8                                                                                   0000000077491338 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtClose                                                                                           00000000774913a0 6 bytes [48, B8, B9, D5, 06, 6C]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                       00000000774913a8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                           0000000077491470 6 bytes [48, B8, 39, C4, 06, 6C]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                       0000000077491478 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                     0000000077491510 6 bytes [48, B8, B9, 34, 06, 6C]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                 0000000077491518 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                0000000077491530 6 bytes [48, B8, 39, 1C, 06, 6C]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                            0000000077491538 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                              0000000077491550 6 bytes [48, B8, F9, 1D, 06, 6C]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                          0000000077491558 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                0000000077491570 6 bytes [48, B8, 79, C2, 06, 6C]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                            0000000077491578 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                     0000000077491620 6 bytes [48, B8, 39, EE, 06, 6C]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                                 0000000077491628 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                              0000000077491650 6 bytes [48, B8, 39, 31, 06, 6C]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                          0000000077491658 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                 0000000077491670 6 bytes [48, B8, 39, 38, 06, 6C]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                             0000000077491678 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                  0000000077491700 6 bytes [48, B8, 79, 36, 06, 6C]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                              0000000077491708 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                   0000000077491750 6 bytes [48, B8, 79, F3, 06, 6C]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                               0000000077491758 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                 0000000077491780 6 bytes [48, B8, F9, 2B, 06, 6C]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                             0000000077491788 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                    0000000077491790 6 bytes [48, B8, 79, 28, 06, 6C]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                0000000077491798 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                      0000000077491800 6 bytes [48, B8, F9, EF, 06, 6C]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile + 8                                                                                  0000000077491808 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                     00000000774918b0 6 bytes [48, B8, F9, F6, 06, 6C]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                 00000000774918b8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                    0000000077491c80 6 bytes [48, B8, 79, EC, 06, 6C]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                                0000000077491c88 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                   0000000077491cd0 6 bytes [48, B8, 39, 2A, 06, 6C]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                               0000000077491cd8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                  0000000077491d30 6 bytes [48, B8, B9, 26, 06, 6C]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                              0000000077491d38 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                      00000000774920a0 6 bytes [48, B8, 79, D7, 06, 6C]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                  00000000774920a8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                  00000000774925e0 6 bytes [48, B8, 39, 85, 06, 6C]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                              00000000774925e8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                00000000774927e0 6 bytes [48, B8, F9, 32, 06, 6C]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                            00000000774927e8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                            00000000774929a0 6 bytes [48, B8, 39, D9, 06, 6C]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                        00000000774929a8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                  0000000077492a80 6 bytes [48, B8, 39, 3F, 06, 6C]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                              0000000077492a88 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                   0000000077492a90 6 bytes [48, B8, 79, 3D, 06, 6C]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                               0000000077492a98 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                              0000000077492aa0 6 bytes [48, B8, 39, F5, 06, 6C]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                                          0000000077492aa8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                      0000000077492b80 6 bytes [48, B8, 39, E7, 06, 6C]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl + 8                                                                                  0000000077492b88 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                            0000000077503201 11 bytes [B8, F9, 86, 06, 6C, 00, 00, ...]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\system32\kernel32.dll!Process32NextW + 1                                                                             0000000077321b21 11 bytes [B8, F9, D3, 06, 6C, 00, 00, ...]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                       0000000077321c10 12 bytes [48, B8, B9, 3B, 06, 6C, 00, ...]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\system32\kernel32.dll!CreateProcessInternalW                                                                         000000007733db80 12 bytes [48, B8, 79, 2F, 06, 6C, 00, ...]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                            0000000077340931 11 bytes [B8, 79, E5, 06, 6C, 00, 00, ...]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                          00000000773752f1 11 bytes [B8, 79, 7C, 06, 6C, 00, 00, ...]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                          0000000077375311 11 bytes [B8, F9, 78, 06, 6C, 00, 00, ...]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\system32\kernel32.dll!ReadConsoleW                                                                                   000000007738a5e0 12 bytes [48, B8, 79, 83, 06, 6C, 00, ...]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\system32\kernel32.dll!ReadConsoleA                                                                                   000000007738a6f0 12 bytes [48, B8, F9, 7F, 06, 6C, 00, ...]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                              000007fefd421861 11 bytes [B8, 39, 54, 06, 6C, 00, 00, ...]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                              000007fefd422db1 11 bytes [B8, B9, C7, 06, 6C, 00, 00, ...]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                           000007fefd423461 11 bytes [B8, 79, C9, 06, 6C, 00, 00, ...]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                               000007fefd428ef0 12 bytes [48, B8, B9, 1F, 06, 6C, 00, ...]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\system32\KERNELBASE.dll!CreateMutexW                                                                                 000007fefd4294c0 12 bytes [48, B8, 79, 52, 06, 6C, 00, ...]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                           000007fefd42bfd1 11 bytes [B8, F9, C5, 06, 6C, 00, 00, ...]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                               000007fefd432af1 11 bytes [B8, B9, 50, 06, 6C, 00, 00, ...]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                           000007fefd454350 12 bytes [48, B8, 79, 44, 06, 6C, 00, ...]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                       000007fefd462871 8 bytes [B8, F9, 24, 06, 6C, 00, 00, ...]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                      000007fefd46287a 2 bytes [50, C3]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\system32\KERNELBASE.dll!CreateThread + 1                                                                             000007fefd4628b1 11 bytes [B8, B9, 42, 06, 6C, 00, 00, ...]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\sechost.dll!ControlService + 1                                                                              000007fefe95642d 11 bytes [B8, F9, 5C, 06, 6C, 00, 00, ...]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                    000007fefe956484 12 bytes [48, B8, B9, 57, 06, 6C, 00, ...]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                          000007fefe956519 11 bytes [B8, F9, 63, 06, 6C, 00, 00, ...]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                    000007fefe956c34 12 bytes [48, B8, F9, 55, 06, 6C, 00, ...]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                               000007fefe957ab5 11 bytes [B8, B9, 5E, 06, 6C, 00, 00, ...]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                           000007fefe958b01 11 bytes [B8, 79, 59, 06, 6C, 00, 00, ...]
.text     C:\Windows\System32\rundll32.exe[3436] C:\windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                           000007fefe958c39 11 bytes [B8, 39, 5B, 06, 6C, 00, 00, ...]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                   00000000774792d1 5 bytes [B8, 39, 69, 06, 6C]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                                   00000000774792d7 5 bytes [00, 00, 00, 50, C3]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtWriteFile                                                                                        0000000077491330 6 bytes [48, B8, B9, F1, 06, 6C]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtWriteFile + 8                                                                                    0000000077491338 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtClose                                                                                            00000000774913a0 6 bytes [48, B8, B9, D5, 06, 6C]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                        00000000774913a8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                            0000000077491470 6 bytes [48, B8, 79, C2, 06, 6C]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                        0000000077491478 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                      0000000077491510 6 bytes [48, B8, F9, 32, 06, 6C]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                  0000000077491518 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                 0000000077491530 6 bytes [48, B8, 39, 1C, 06, 6C]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                             0000000077491538 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                               0000000077491550 6 bytes [48, B8, F9, 1D, 06, 6C]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                           0000000077491558 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                 0000000077491570 6 bytes [48, B8, B9, C0, 06, 6C]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                             0000000077491578 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                      0000000077491620 6 bytes [48, B8, 39, EE, 06, 6C]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                                  0000000077491628 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                               0000000077491650 6 bytes [48, B8, 79, 2F, 06, 6C]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                           0000000077491658 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                  0000000077491670 6 bytes [48, B8, 79, 36, 06, 6C]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                              0000000077491678 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                   0000000077491700 6 bytes [48, B8, B9, 34, 06, 6C]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                               0000000077491708 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                    0000000077491750 6 bytes [48, B8, 79, F3, 06, 6C]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                                0000000077491758 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                  0000000077491780 6 bytes [48, B8, 39, 2A, 06, 6C]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                              0000000077491788 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                     0000000077491790 6 bytes [48, B8, B9, 26, 06, 6C]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                 0000000077491798 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                       0000000077491800 6 bytes [48, B8, F9, EF, 06, 6C]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile + 8                                                                                   0000000077491808 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                      00000000774918b0 6 bytes [48, B8, F9, F6, 06, 6C]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                  00000000774918b8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                     0000000077491c80 6 bytes [48, B8, 79, EC, 06, 6C]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                                 0000000077491c88 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                    0000000077491cd0 6 bytes [48, B8, 79, 28, 06, 6C]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                0000000077491cd8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                   0000000077491d30 6 bytes [48, B8, F9, 24, 06, 6C]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                               0000000077491d38 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                       00000000774920a0 6 bytes [48, B8, 79, D7, 06, 6C]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                   00000000774920a8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                   00000000774925e0 6 bytes [48, B8, 79, 83, 06, 6C]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                               00000000774925e8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                 00000000774927e0 6 bytes [48, B8, 39, 31, 06, 6C]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                             00000000774927e8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                             00000000774929a0 6 bytes [48, B8, 39, D9, 06, 6C]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                         00000000774929a8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                   0000000077492a80 6 bytes [48, B8, 79, 3D, 06, 6C]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                               0000000077492a88 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                    0000000077492a90 6 bytes [48, B8, B9, 3B, 06, 6C]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                0000000077492a98 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                               0000000077492aa0 6 bytes [48, B8, 39, F5, 06, 6C]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                                           0000000077492aa8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                       0000000077492b80 6 bytes [48, B8, 39, E7, 06, 6C]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl + 8                                                                                   0000000077492b88 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                             0000000077503201 11 bytes [B8, 39, 85, 06, 6C, 00, 00, ...]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\system32\kernel32.dll!Process32NextW + 1                                                                              0000000077321b21 11 bytes [B8, F9, D3, 06, 6C, 00, 00, ...]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                        0000000077321c10 12 bytes [48, B8, F9, 39, 06, 6C, 00, ...]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\system32\kernel32.dll!CreateProcessInternalW                                                                          000000007733db80 12 bytes [48, B8, B9, 2D, 06, 6C, 00, ...]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                             0000000077340931 11 bytes [B8, 79, E5, 06, 6C, 00, 00, ...]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                           00000000773752f1 11 bytes [B8, B9, 7A, 06, 6C, 00, 00, ...]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                           0000000077375311 11 bytes [B8, 39, 77, 06, 6C, 00, 00, ...]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\system32\kernel32.dll!ReadConsoleW                                                                                    000000007738a5e0 12 bytes [48, B8, B9, 81, 06, 6C, 00, ...]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\system32\kernel32.dll!ReadConsoleA                                                                                    000000007738a6f0 12 bytes [48, B8, 39, 7E, 06, 6C, 00, ...]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                               000007fefd421861 11 bytes [B8, 79, 52, 06, 6C, 00, 00, ...]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                               000007fefd422db1 11 bytes [B8, B9, C7, 06, 6C, 00, 00, ...]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                            000007fefd423461 11 bytes [B8, 79, C9, 06, 6C, 00, 00, ...]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                000007fefd428ef0 12 bytes [48, B8, F9, C5, 06, 6C, 00, ...]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\system32\KERNELBASE.dll!CreateMutexW                                                                                  000007fefd4294c0 12 bytes [48, B8, B9, 50, 06, 6C, 00, ...]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                            000007fefd42bfd1 11 bytes [B8, 39, C4, 06, 6C, 00, 00, ...]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                000007fefd432af1 11 bytes [B8, F9, 4E, 06, 6C, 00, 00, ...]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                            000007fefd454350 12 bytes [48, B8, B9, 42, 06, 6C, 00, ...]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                        000007fefd462871 8 bytes [B8, 39, 23, 06, 6C, 00, 00, ...]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                       000007fefd46287a 2 bytes [50, C3]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\system32\KERNELBASE.dll!CreateThread + 1                                                                              000007fefd4628b1 11 bytes [B8, F9, 40, 06, 6C, 00, 00, ...]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\sechost.dll!ControlService + 1                                                                               000007fefe95642d 11 bytes [B8, 39, 5B, 06, 6C, 00, 00, ...]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                     000007fefe956484 12 bytes [48, B8, F9, 55, 06, 6C, 00, ...]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                           000007fefe956519 11 bytes [B8, 39, 62, 06, 6C, 00, 00, ...]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                     000007fefe956c34 12 bytes [48, B8, 39, 54, 06, 6C, 00, ...]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                000007fefe957ab5 11 bytes [B8, F9, 5C, 06, 6C, 00, 00, ...]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                            000007fefe958b01 11 bytes [B8, B9, 57, 06, 6C, 00, 00, ...]
.text     C:\Program Files\FSP\FspUip.exe[4152] C:\windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                            000007fefe958c39 11 bytes [B8, 79, 59, 06, 6C, 00, 00, ...]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                   00000000774792d1 5 bytes [B8, 39, 69, 06, 6C]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                   00000000774792d7 5 bytes [00, 00, 00, 50, C3]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtWriteFile                                                                        0000000077491330 6 bytes [48, B8, B9, F1, 06, 6C]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtWriteFile + 8                                                                    0000000077491338 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtClose                                                                            00000000774913a0 6 bytes [48, B8, B9, D5, 06, 6C]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                        00000000774913a8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                            0000000077491470 6 bytes [48, B8, 79, C2, 06, 6C]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                        0000000077491478 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                      0000000077491510 6 bytes [48, B8, F9, 32, 06, 6C]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                  0000000077491518 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                 0000000077491530 6 bytes [48, B8, 39, 1C, 06, 6C]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                             0000000077491538 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                               0000000077491550 6 bytes [48, B8, F9, 1D, 06, 6C]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                           0000000077491558 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                 0000000077491570 6 bytes [48, B8, B9, C0, 06, 6C]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                             0000000077491578 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                      0000000077491620 6 bytes [48, B8, 39, EE, 06, 6C]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                  0000000077491628 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                               0000000077491650 6 bytes [48, B8, 79, 2F, 06, 6C]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                           0000000077491658 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                  0000000077491670 6 bytes [48, B8, 79, 36, 06, 6C]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                              0000000077491678 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                   0000000077491700 6 bytes [48, B8, B9, 34, 06, 6C]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                               0000000077491708 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                    0000000077491750 6 bytes [48, B8, 79, F3, 06, 6C]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                0000000077491758 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                  0000000077491780 6 bytes [48, B8, 39, 2A, 06, 6C]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                              0000000077491788 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                     0000000077491790 6 bytes [48, B8, B9, 26, 06, 6C]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                 0000000077491798 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                       0000000077491800 6 bytes [48, B8, F9, EF, 06, 6C]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile + 8                                                                   0000000077491808 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                      00000000774918b0 6 bytes [48, B8, F9, F6, 06, 6C]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                  00000000774918b8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                     0000000077491c80 6 bytes [48, B8, 79, EC, 06, 6C]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                 0000000077491c88 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                    0000000077491cd0 6 bytes [48, B8, 79, 28, 06, 6C]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                0000000077491cd8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                   0000000077491d30 6 bytes [48, B8, F9, 24, 06, 6C]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                               0000000077491d38 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                       00000000774920a0 6 bytes [48, B8, 79, D7, 06, 6C]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                   00000000774920a8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                   00000000774925e0 6 bytes [48, B8, 79, 83, 06, 6C]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                               00000000774925e8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                 00000000774927e0 6 bytes [48, B8, 39, 31, 06, 6C]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                             00000000774927e8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                             00000000774929a0 6 bytes [48, B8, 39, D9, 06, 6C]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                         00000000774929a8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                   0000000077492a80 6 bytes [48, B8, 79, 3D, 06, 6C]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                               0000000077492a88 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                    0000000077492a90 6 bytes [48, B8, B9, 3B, 06, 6C]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                0000000077492a98 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                               0000000077492aa0 6 bytes [48, B8, 39, F5, 06, 6C]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                           0000000077492aa8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                       0000000077492b80 6 bytes [48, B8, 39, E7, 06, 6C]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl + 8                                                                   0000000077492b88 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                             0000000077503201 11 bytes [B8, 39, 85, 06, 6C, 00, 00, ...]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\system32\kernel32.dll!Process32NextW + 1                                                              0000000077321b21 11 bytes [B8, F9, D3, 06, 6C, 00, 00, ...]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                        0000000077321c10 12 bytes [48, B8, F9, 39, 06, 6C, 00, ...]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\system32\kernel32.dll!CreateProcessInternalW                                                          000000007733db80 12 bytes [48, B8, B9, 2D, 06, 6C, 00, ...]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\system32\kernel32.dll!GetStartupInfoA + 1                                                             0000000077340931 11 bytes [B8, 79, E5, 06, 6C, 00, 00, ...]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                           00000000773752f1 11 bytes [B8, B9, 7A, 06, 6C, 00, 00, ...]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                           0000000077375311 11 bytes [B8, 39, 77, 06, 6C, 00, 00, ...]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\system32\kernel32.dll!ReadConsoleW                                                                    000000007738a5e0 12 bytes [48, B8, B9, 81, 06, 6C, 00, ...]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\system32\kernel32.dll!ReadConsoleA                                                                    000000007738a6f0 12 bytes [48, B8, 39, 7E, 06, 6C, 00, ...]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\system32\KERNELBASE.dll!CloseHandle + 1                                                               000007fefd421861 11 bytes [B8, 79, 52, 06, 6C, 00, 00, ...]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                               000007fefd422db1 11 bytes [B8, B9, C7, 06, 6C, 00, 00, ...]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                            000007fefd423461 11 bytes [B8, 79, C9, 06, 6C, 00, 00, ...]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                000007fefd428ef0 12 bytes [48, B8, F9, C5, 06, 6C, 00, ...]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\system32\KERNELBASE.dll!CreateMutexW                                                                  000007fefd4294c0 12 bytes [48, B8, B9, 50, 06, 6C, 00, ...]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                            000007fefd42bfd1 11 bytes [B8, 39, C4, 06, 6C, 00, 00, ...]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                000007fefd432af1 11 bytes [B8, F9, 4E, 06, 6C, 00, 00, ...]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\system32\KERNELBASE.dll!WriteProcessMemory                                                            000007fefd454350 12 bytes [48, B8, B9, 42, 06, 6C, 00, ...]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                        000007fefd462871 8 bytes [B8, 39, 23, 06, 6C, 00, 00, ...]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                       000007fefd46287a 2 bytes [50, C3]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\system32\KERNELBASE.dll!CreateThread + 1                                                              000007fefd4628b1 11 bytes [B8, F9, 40, 06, 6C, 00, 00, ...]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\sechost.dll!ControlService + 1                                                               000007fefe95642d 11 bytes [B8, 39, 5B, 06, 6C, 00, 00, ...]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\sechost.dll!OpenServiceW                                                                     000007fefe956484 12 bytes [48, B8, F9, 55, 06, 6C, 00, ...]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                           000007fefe956519 11 bytes [B8, 39, 62, 06, 6C, 00, 00, ...]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\sechost.dll!OpenServiceA                                                                     000007fefe956c34 12 bytes [48, B8, 39, 54, 06, 6C, 00, ...]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                000007fefe957ab5 11 bytes [B8, F9, 5C, 06, 6C, 00, 00, ...]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                            000007fefe958b01 11 bytes [B8, B9, 57, 06, 6C, 00, 00, ...]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                            000007fefe958c39 11 bytes [B8, 79, 59, 06, 6C, 00, 00, ...]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4412] C:\windows\system32\OPENGL32.dll!wglMakeCurrent                                                                  000007fef12554b0 12 bytes [48, B8, F9, 9B, 06, 6C, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                            00000000774792d1 5 bytes [B8, 39, 69, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                            00000000774792d7 5 bytes [00, 00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtWriteFile                                                                 0000000077491330 6 bytes [48, B8, B9, F1, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtWriteFile + 8                                                             0000000077491338 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtClose                                                                     00000000774913a0 6 bytes [48, B8, B9, D5, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                 00000000774913a8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                     0000000077491470 6 bytes [48, B8, 79, C2, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                 0000000077491478 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                               0000000077491510 6 bytes [48, B8, F9, 32, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                           0000000077491518 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                          0000000077491530 6 bytes [48, B8, 39, 1C, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                      0000000077491538 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                        0000000077491550 6 bytes [48, B8, F9, 1D, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                    0000000077491558 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                          0000000077491570 6 bytes [48, B8, B9, C0, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                      0000000077491578 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection                                                               0000000077491620 6 bytes [48, B8, 39, EE, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                           0000000077491628 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                        0000000077491650 6 bytes [48, B8, 79, 2F, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                    0000000077491658 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                           0000000077491670 6 bytes [48, B8, 79, 36, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                       0000000077491678 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                            0000000077491700 6 bytes [48, B8, B9, 34, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                        0000000077491708 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection                                                             0000000077491750 6 bytes [48, B8, 79, F3, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                         0000000077491758 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                           0000000077491780 6 bytes [48, B8, 39, 2A, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                       0000000077491788 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread                                                              0000000077491790 6 bytes [48, B8, B9, 26, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                          0000000077491798 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                0000000077491800 6 bytes [48, B8, F9, EF, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtCreateFile + 8                                                            0000000077491808 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                               00000000774918b0 6 bytes [48, B8, F9, F6, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                           00000000774918b8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                              0000000077491c80 6 bytes [48, B8, 79, EC, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                          0000000077491c88 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                             0000000077491cd0 6 bytes [48, B8, 79, 28, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                         0000000077491cd8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                            0000000077491d30 6 bytes [48, B8, F9, 24, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                        0000000077491d38 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                00000000774920a0 6 bytes [48, B8, 79, D7, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                            00000000774920a8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                            00000000774925e0 6 bytes [48, B8, 79, 83, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                        00000000774925e8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                          00000000774927e0 6 bytes [48, B8, 39, 31, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                      00000000774927e8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                      00000000774929a0 6 bytes [48, B8, 39, D9, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                  00000000774929a8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                            0000000077492a80 6 bytes [48, B8, 79, 3D, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                        0000000077492a88 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                             0000000077492a90 6 bytes [48, B8, B9, 3B, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                         0000000077492a98 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                        0000000077492aa0 6 bytes [48, B8, 39, F5, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                    0000000077492aa8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                0000000077492b80 6 bytes [48, B8, 39, E7, 06, 6C]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!NtVdmControl + 8                                                            0000000077492b88 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                      0000000077503201 11 bytes [B8, 39, 85, 06, 6C, 00, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\system32\kernel32.dll!Process32NextW + 1                                                       0000000077321b21 11 bytes [B8, F9, D3, 06, 6C, 00, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                 0000000077321c10 12 bytes [48, B8, F9, 39, 06, 6C, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\system32\kernel32.dll!CreateProcessInternalW                                                   000000007733db80 12 bytes [48, B8, B9, 2D, 06, 6C, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\system32\kernel32.dll!GetStartupInfoA + 1                                                      0000000077340931 11 bytes [B8, 79, E5, 06, 6C, 00, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                    00000000773752f1 11 bytes [B8, B9, 7A, 06, 6C, 00, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                    0000000077375311 11 bytes [B8, 39, 77, 06, 6C, 00, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\system32\kernel32.dll!ReadConsoleW                                                             000000007738a5e0 12 bytes [48, B8, B9, 81, 06, 6C, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\system32\kernel32.dll!ReadConsoleA                                                             000000007738a6f0 12 bytes [48, B8, 39, 7E, 06, 6C, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\system32\KERNELBASE.dll!CloseHandle + 1                                                        000007fefd421861 11 bytes [B8, 79, 52, 06, 6C, 00, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                        000007fefd422db1 11 bytes [B8, B9, C7, 06, 6C, 00, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                     000007fefd423461 11 bytes [B8, 79, C9, 06, 6C, 00, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW                                                         000007fefd428ef0 12 bytes [48, B8, F9, C5, 06, 6C, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\system32\KERNELBASE.dll!CreateMutexW                                                           000007fefd4294c0 12 bytes [48, B8, B9, 50, 06, 6C, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                     000007fefd42bfd1 11 bytes [B8, 39, C4, 06, 6C, 00, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                         000007fefd432af1 11 bytes [B8, F9, 4E, 06, 6C, 00, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\system32\KERNELBASE.dll!WriteProcessMemory                                                     000007fefd454350 12 bytes [48, B8, B9, 42, 06, 6C, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                 000007fefd462871 8 bytes [B8, 39, 23, 06, 6C, 00, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                000007fefd46287a 2 bytes [50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\system32\KERNELBASE.dll!CreateThread + 1                                                       000007fefd4628b1 11 bytes [B8, F9, 40, 06, 6C, 00, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\sechost.dll!ControlService + 1                                                        000007fefe95642d 11 bytes [B8, 39, 5B, 06, 6C, 00, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\sechost.dll!OpenServiceW                                                              000007fefe956484 12 bytes [48, B8, F9, 55, 06, 6C, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                    000007fefe956519 11 bytes [B8, 39, 62, 06, 6C, 00, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\sechost.dll!OpenServiceA                                                              000007fefe956c34 12 bytes [48, B8, 39, 54, 06, 6C, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\sechost.dll!DeleteService + 1                                                         000007fefe957ab5 11 bytes [B8, F9, 5C, 06, 6C, 00, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                     000007fefe958b01 11 bytes [B8, B9, 57, 06, 6C, 00, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                     000007fefe958c39 11 bytes [B8, 79, 59, 06, 6C, 00, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\system32\WS2_32.dll!WSASend + 1                                                                000007fefe9013b1 11 bytes [B8, F9, BE, 06, 6C, 00, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\system32\WS2_32.dll!closesocket                                                                000007fefe9018e0 12 bytes [48, B8, 39, BD, 06, 6C, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\system32\WS2_32.dll!WSASocketW + 1                                                             000007fefe901bd1 11 bytes [B8, 79, BB, 06, 6C, 00, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\system32\WS2_32.dll!WSARecv + 1                                                                000007fefe902201 11 bytes [B8, F9, E1, 06, 6C, 00, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\system32\WS2_32.dll!GetAddrInfoW                                                               000007fefe9023c0 12 bytes [48, B8, 79, A6, 06, 6C, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\system32\WS2_32.dll!connect                                                                    000007fefe9045c0 12 bytes [48, B8, 79, 67, 06, 6C, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\system32\WS2_32.dll!send + 1                                                                   000007fefe908001 11 bytes [B8, B9, B9, 06, 6C, 00, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\system32\WS2_32.dll!gethostbyname                                                              000007fefe908df0 7 bytes [48, B8, 39, A8, 06, 6C, 00]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\system32\WS2_32.dll!gethostbyname + 9                                                          000007fefe908df9 3 bytes [00, 50, C3]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\system32\WS2_32.dll!socket + 1                                                                 000007fefe90de91 11 bytes [B8, F9, DA, 06, 6C, 00, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\system32\WS2_32.dll!recv + 1                                                                   000007fefe90df41 11 bytes [B8, 39, E0, 06, 6C, 00, 00, ...]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3416] C:\windows\system32\WS2_32.dll!WSAConnect + 1                                                             000007fefe92e0f1 11 bytes [B8, 79, DE, 06, 6C, 00, 00, ...]
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\SysWOW64\ntdll.dll!NtWriteFile                     000000007763f928 5 bytes JMP 0000000174776811
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\SysWOW64\ntdll.dll!NtClose                         000000007763f9e0 5 bytes JMP 00000001747760c1
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess         000000007763fb28 5 bytes JMP 0000000174775b21
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess                   000000007763fc20 5 bytes JMP 0000000174773061
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection              000000007763fc50 5 bytes JMP 00000001747715f1
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection            000000007763fc80 5 bytes JMP 0000000174771681
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess              000000007763fcb0 5 bytes JMP 0000000174775a91
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\SysWOW64\ntdll.dll!NtOpenSection                   000000007763fdc8 5 bytes JMP 0000000174776781
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory            000000007763fe14 5 bytes JMP 0000000174772f41
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\SysWOW64\ntdll.dll!NtDuplicateObject               000000007763fe44 5 bytes JMP 0000000174773181
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\SysWOW64\ntdll.dll!NtQueueApcThread                000000007763ff24 5 bytes JMP 00000001747730f1
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\SysWOW64\ntdll.dll!NtCreateSection                 000000007763ffa4 5 bytes JMP 00000001747768a1
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\SysWOW64\ntdll.dll!NtCreateProcessEx               000000007763ffec 5 bytes JMP 0000000174772d91
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\SysWOW64\ntdll.dll!NtCreateThread                  0000000077640004 5 bytes JMP 0000000174772c71
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                    00000000776400b4 5 bytes JMP 0000000174771e61
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey                   00000000776401c4 5 bytes JMP 0000000174772251
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant                  000000007764079c 5 bytes JMP 00000001747766f1
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\SysWOW64\ntdll.dll!NtCreateProcess                 0000000077640814 5 bytes JMP 0000000174772d01
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx                00000000776408a4 5 bytes JMP 0000000174772be1
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver                    0000000077640df4 5 bytes JMP 0000000174776151
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\SysWOW64\ntdll.dll!NtRaiseHardError                0000000077641604 5 bytes JMP 0000000174774801
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread              0000000077641920 5 bytes JMP 0000000174772fd1
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation          0000000077641be4 5 bytes JMP 00000001747761e1
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\SysWOW64\ntdll.dll!NtSuspendProcess                0000000077641d54 5 bytes JMP 00000001747732a1
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\SysWOW64\ntdll.dll!NtSuspendThread                 0000000077641d70 5 bytes JMP 0000000174773211
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl            0000000077641d8c 5 bytes JMP 0000000174776931
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\SysWOW64\ntdll.dll!NtVdmControl                    0000000077641ee8 5 bytes JMP 0000000174776541
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter      00000000776588c4 5 bytes JMP 0000000174771a71
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx    0000000077680d3b 5 bytes JMP 0000000174771f81
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\SysWOW64\ntdll.dll!RtlReportException              00000000776c860f 5 bytes JMP 0000000174774891
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters      00000000776ce8ab 5 bytes JMP 0000000174771ef1
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\kernel32.dll!GetStartupInfoA              0000000076e20e00 5 bytes JMP 0000000174771d41
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\kernel32.dll!CreateProcessA               0000000076e21072 5 bytes JMP 0000000174772911
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\kernel32.dll!LoadLibraryA                 0000000076e2499f 5 bytes JMP 0000000174772521
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW       0000000076e33bbb 5 bytes JMP 0000000174772eb1
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot     0000000076e47327 5 bytes JMP 0000000174772641
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\kernel32.dll!Process32NextW               0000000076e488da 5 bytes JMP 0000000174776031
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\kernel32.dll!WinExec                      0000000076ea2ff1 5 bytes JMP 00000001747727f1
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\kernel32.dll!ReadConsoleInputA            0000000076ec748b 5 bytes JMP 0000000174774411
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\kernel32.dll!ReadConsoleInputW            0000000076ec74ae 5 bytes JMP 0000000174774531
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\kernel32.dll!ReadConsoleA                 0000000076ec7859 5 bytes JMP 0000000174774651
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\kernel32.dll!ReadConsoleW                 0000000076ec78d2 5 bytes JMP 0000000174774771
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime    0000000075f68f7d 5 bytes JMP 00000001747719e1
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\KERNELBASE.dll!CloseHandle                0000000075f6c428 5 bytes JMP 0000000174773961
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\KERNELBASE.dll!WriteProcessMemory         0000000075f6ec98 5 bytes JMP 0000000174773451
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\KERNELBASE.dll!ExitProcess                0000000075f6f1f8 5 bytes JMP 00000001747722e1
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\KERNELBASE.dll!GetStartupInfoW            0000000075f6fa7b 5 bytes JMP 0000000174771dd1
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\KERNELBASE.dll!CreateMutexW               0000000075f7134a 5 bytes JMP 00000001747738d1
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\KERNELBASE.dll!OpenMutexW                 0000000075f71371 5 bytes JMP 0000000174773841
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW           0000000075f71d1b 5 bytes JMP 0000000174771951
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\KERNELBASE.dll!GetProcAddress             0000000075f71e07 5 bytes JMP 0000000174772401
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW             0000000075f72aa4 5 bytes JMP 0000000174775c41
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExA             0000000075f72ccc 5 bytes JMP 0000000174775bb1
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary                0000000075f72d0a 5 bytes JMP 0000000174775cd1
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleA           0000000075f72e6d 5 bytes JMP 00000001747718c1
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\KERNELBASE.dll!SleepEx                    0000000075f73b63 5 bytes JMP 00000001747721c1
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\KERNELBASE.dll!Sleep                      0000000075f74489 5 bytes JMP 0000000174772371
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\KERNELBASE.dll!CreateThread               0000000075f745fb 5 bytes JMP 00000001747733c1
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\KERNELBASE.dll!CreateRemoteThread         0000000075f74624 5 bytes JMP 0000000174772b51
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\KERNELBASE.dll!CreateFileA                0000000075f7c72c 5 bytes JMP 00000001747726d1
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\msvcrt.dll!_lock + 41                     000000007524a472 5 bytes JMP 00000001747769c1
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\msvcrt.dll!__p__fmode                     00000000752527ce 5 bytes JMP 0000000174771b91
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\msvcrt.dll!__p__environ                   000000007525e6cf 5 bytes JMP 0000000174771b01
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\USER32.dll!GetMessageW                    0000000075e678e2 5 bytes JMP 00000001747741d1
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\USER32.dll!GetMessageA                    0000000075e67bd3 5 bytes JMP 0000000174774141

franzkans1 · 18.04.2014, 16:33

Code:

ATTFilter

.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\USER32.dll!CreateWindowExW                0000000075e68a29 5 bytes JMP 0000000174775461
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\USER32.dll!FindWindowW                    0000000075e698fd 5 bytes JMP 0000000174775e81
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\USER32.dll!UserClientDllInitialize        0000000075e6b6ed 5 bytes JMP 0000000174776a51
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\USER32.dll!CreateWindowExA                0000000075e6d22e 5 bytes JMP 00000001747754f1
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\USER32.dll!SetWinEventHook                0000000075e6ee09 5 bytes JMP 0000000174773331
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\USER32.dll!FindWindowA                    0000000075e6ffe6 5 bytes JMP 0000000174775d61
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\USER32.dll!FindWindowExA                  0000000075e700d9 5 bytes JMP 0000000174775df1
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\USER32.dll!PeekMessageW                   0000000075e705ba 5 bytes JMP 00000001747742f1
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\USER32.dll!ShowWindow                     0000000075e70dfb 5 bytes JMP 0000000174775581
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\USER32.dll!PostMessageW                   0000000075e712a5 5 bytes JMP 0000000174776661
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\USER32.dll!SetWindowTextW                 0000000075e720ec 5 bytes JMP 00000001747758e1
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\USER32.dll!PostMessageA                   0000000075e73baa 5 bytes JMP 00000001747765d1
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\USER32.dll!PeekMessageA                   0000000075e75f74 5 bytes JMP 0000000174774261
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\USER32.dll!CallNextHookEx                 0000000075e76285 5 bytes JMP 0000000174774921
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\USER32.dll!SetWindowsHookExW              0000000075e77603 5 bytes JMP 0000000174772ac1
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\USER32.dll!SetWindowTextA                 0000000075e77aee 5 bytes JMP 0000000174775851
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\USER32.dll!SetWindowsHookExA              0000000075e7835c 5 bytes JMP 0000000174772a31
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW     0000000075e8ce54 5 bytes JMP 00000001747756a1
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx            0000000075e8f52b 5 bytes JMP 00000001747749b1
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\USER32.dll!FindWindowExW                  0000000075e8f588 5 bytes JMP 0000000174775f11
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW  0000000075e910a0 5 bytes JMP 0000000174775611
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\USER32.dll!MessageBoxExA                  0000000075ebfcd6 3 bytes JMP 0000000174775731
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\USER32.dll!MessageBoxExA + 4              0000000075ebfcda 1 byte [FE]
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\USER32.dll!MessageBoxExW                  0000000075ebfcfa 3 bytes JMP 00000001747757c1
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\USER32.dll!MessageBoxExW + 4              0000000075ebfcfe 1 byte [FE]
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\ADVAPI32.dll!OpenServiceW                 000000007569c9ec 5 bytes JMP 0000000174773a81
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\ADVAPI32.dll!OpenServiceA                 00000000756a2b70 5 bytes JMP 00000001747739f1
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\ADVAPI32.dll!CloseServiceHandle           00000000756a361c 5 bytes JMP 0000000174773e71
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222          00000000756a4965 5 bytes JMP 0000000174776ae1
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\ADVAPI32.dll!CreateServiceW               00000000756b70c4 5 bytes JMP 00000001747740b1
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\ADVAPI32.dll!ControlService               00000000756b70dc 5 bytes JMP 0000000174773c31
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\ADVAPI32.dll!DeleteService                00000000756b70f4 5 bytes JMP 0000000174773cc1
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA         00000000756d31f4 5 bytes JMP 0000000174773d51
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW         00000000756d3204 5 bytes JMP 0000000174773de1
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\ADVAPI32.dll!ControlServiceExA            00000000756d3214 5 bytes JMP 0000000174773b11
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\ADVAPI32.dll!ControlServiceExW            00000000756d3224 5 bytes JMP 0000000174773ba1
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\ADVAPI32.dll!CreateServiceA               00000000756d3264 5 bytes JMP 0000000174774021
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1900] C:\windows\syswow64\SHELL32.dll!Shell_NotifyIconW             00000000761b0171 5 bytes JMP 0000000174774a41
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\SysWOW64\ntdll.dll!NtWriteFile                                              000000007763f928 5 bytes JMP 0000000174776811
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\SysWOW64\ntdll.dll!NtClose                                                  000000007763f9e0 5 bytes JMP 00000001747760c1
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess                                  000000007763fb28 5 bytes JMP 0000000174775b21
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess                                            000000007763fc20 5 bytes JMP 0000000174773061
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection                                       000000007763fc50 5 bytes JMP 00000001747715f1
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection                                     000000007763fc80 5 bytes JMP 0000000174771681
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess                                       000000007763fcb0 5 bytes JMP 0000000174775a91
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\SysWOW64\ntdll.dll!NtOpenSection                                            000000007763fdc8 5 bytes JMP 0000000174776781
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                     000000007763fe14 5 bytes JMP 0000000174772f41
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\SysWOW64\ntdll.dll!NtDuplicateObject                                        000000007763fe44 5 bytes JMP 0000000174773181
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\SysWOW64\ntdll.dll!NtQueueApcThread                                         000000007763ff24 5 bytes JMP 00000001747730f1
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\SysWOW64\ntdll.dll!NtCreateSection                                          000000007763ffa4 5 bytes JMP 00000001747768a1
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\SysWOW64\ntdll.dll!NtCreateProcessEx                                        000000007763ffec 5 bytes JMP 0000000174772d91
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\SysWOW64\ntdll.dll!NtCreateThread                                           0000000077640004 5 bytes JMP 0000000174772c71
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                                             00000000776400b4 5 bytes JMP 0000000174771e61
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey                                            00000000776401c4 5 bytes JMP 0000000174772251
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant                                           000000007764079c 5 bytes JMP 00000001747766f1
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\SysWOW64\ntdll.dll!NtCreateProcess                                          0000000077640814 5 bytes JMP 0000000174772d01
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                         00000000776408a4 5 bytes JMP 0000000174772be1
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver                                             0000000077640df4 5 bytes JMP 0000000174776151
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\SysWOW64\ntdll.dll!NtRaiseHardError                                         0000000077641604 5 bytes JMP 0000000174774801
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread                                       0000000077641920 5 bytes JMP 0000000174772fd1
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                   0000000077641be4 5 bytes JMP 00000001747761e1
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\SysWOW64\ntdll.dll!NtSuspendProcess                                         0000000077641d54 5 bytes JMP 00000001747732a1
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\SysWOW64\ntdll.dll!NtSuspendThread                                          0000000077641d70 5 bytes JMP 0000000174773211
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                     0000000077641d8c 5 bytes JMP 0000000174776931
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\SysWOW64\ntdll.dll!NtVdmControl                                             0000000077641ee8 5 bytes JMP 0000000174776541
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter                               00000000776588c4 5 bytes JMP 0000000174771a71
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx                             0000000077680d3b 5 bytes JMP 0000000174771f81
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\SysWOW64\ntdll.dll!RtlReportException                                       00000000776c860f 5 bytes JMP 0000000174774891
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters                               00000000776ce8ab 5 bytes JMP 0000000174771ef1
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\KERNEL32.dll!GetStartupInfoA                                       0000000076e20e00 5 bytes JMP 0000000174771d41
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\KERNEL32.dll!CreateProcessA                                        0000000076e21072 5 bytes JMP 0000000174772911
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\KERNEL32.dll!LoadLibraryA                                          0000000076e2499f 5 bytes JMP 0000000174772521
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\KERNEL32.dll!CreateProcessInternalW                                0000000076e33bbb 5 bytes JMP 0000000174772eb1
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\KERNEL32.dll!CreateToolhelp32Snapshot                              0000000076e47327 5 bytes JMP 0000000174772641
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\KERNEL32.dll!Process32NextW                                        0000000076e488da 5 bytes JMP 0000000174776031
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\KERNEL32.dll!WinExec                                               0000000076ea2ff1 5 bytes JMP 00000001747727f1
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\KERNEL32.dll!ReadConsoleInputA                                     0000000076ec748b 5 bytes JMP 0000000174774411
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\KERNEL32.dll!ReadConsoleInputW                                     0000000076ec74ae 5 bytes JMP 0000000174774531
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\KERNEL32.dll!ReadConsoleA                                          0000000076ec7859 5 bytes JMP 0000000174774651
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\KERNEL32.dll!ReadConsoleW                                          0000000076ec78d2 5 bytes JMP 0000000174774771
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime                             0000000075f68f7d 5 bytes JMP 00000001747719e1
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\KERNELBASE.dll!CloseHandle                                         0000000075f6c428 5 bytes JMP 0000000174773961
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\KERNELBASE.dll!WriteProcessMemory                                  0000000075f6ec98 5 bytes JMP 0000000174773451
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\KERNELBASE.dll!ExitProcess                                         0000000075f6f1f8 5 bytes JMP 00000001747722e1
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\KERNELBASE.dll!GetStartupInfoW                                     0000000075f6fa7b 5 bytes JMP 0000000174771dd1
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\KERNELBASE.dll!CreateMutexW                                        0000000075f7134a 5 bytes JMP 00000001747738d1
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\KERNELBASE.dll!OpenMutexW                                          0000000075f71371 5 bytes JMP 0000000174773841
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                    0000000075f71d1b 5 bytes JMP 0000000174771951
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\KERNELBASE.dll!GetProcAddress                                      0000000075f71e07 5 bytes JMP 0000000174772401
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                      0000000075f72aa4 5 bytes JMP 0000000174775c41
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExA                                      0000000075f72ccc 5 bytes JMP 0000000174775bb1
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary                                         0000000075f72d0a 5 bytes JMP 0000000174775cd1
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleA                                    0000000075f72e6d 5 bytes JMP 00000001747718c1
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\KERNELBASE.dll!SleepEx                                             0000000075f73b63 5 bytes JMP 00000001747721c1
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\KERNELBASE.dll!Sleep                                               0000000075f74489 5 bytes JMP 0000000174772371
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\KERNELBASE.dll!CreateThread                                        0000000075f745fb 5 bytes JMP 00000001747733c1
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\KERNELBASE.dll!CreateRemoteThread                                  0000000075f74624 5 bytes JMP 0000000174772b51
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\KERNELBASE.dll!CreateFileA                                         0000000075f7c72c 5 bytes JMP 00000001747726d1
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\ADVAPI32.dll!OpenServiceW                                          000000007569c9ec 5 bytes JMP 0000000174773a81
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\ADVAPI32.dll!OpenServiceA                                          00000000756a2b70 5 bytes JMP 00000001747739f1
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\ADVAPI32.dll!CloseServiceHandle                                    00000000756a361c 5 bytes JMP 0000000174773e71
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222                                   00000000756a4965 5 bytes JMP 00000001747769c1
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\ADVAPI32.dll!CreateServiceW                                        00000000756b70c4 5 bytes JMP 00000001747740b1
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\ADVAPI32.dll!ControlService                                        00000000756b70dc 5 bytes JMP 0000000174773c31
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\ADVAPI32.dll!DeleteService                                         00000000756b70f4 5 bytes JMP 0000000174773cc1
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA                                  00000000756d31f4 5 bytes JMP 0000000174773d51
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW                                  00000000756d3204 5 bytes JMP 0000000174773de1
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\ADVAPI32.dll!ControlServiceExA                                     00000000756d3214 5 bytes JMP 0000000174773b11
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\ADVAPI32.dll!ControlServiceExW                                     00000000756d3224 5 bytes JMP 0000000174773ba1
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\ADVAPI32.dll!CreateServiceA                                        00000000756d3264 5 bytes JMP 0000000174774021
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\msvcrt.dll!_lock + 41                                              000000007524a472 5 bytes JMP 0000000174776a51
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\msvcrt.dll!__p__fmode                                              00000000752527ce 5 bytes JMP 0000000174771b91
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\msvcrt.dll!__p__environ                                            000000007525e6cf 5 bytes JMP 0000000174771b01
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\USER32.dll!GetMessageW                                             0000000075e678e2 5 bytes JMP 00000001747741d1
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\USER32.dll!GetMessageA                                             0000000075e67bd3 5 bytes JMP 0000000174774141
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\USER32.dll!CreateWindowExW                                         0000000075e68a29 5 bytes JMP 0000000174775461
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\USER32.dll!FindWindowW                                             0000000075e698fd 5 bytes JMP 0000000174775e81
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\USER32.dll!UserClientDllInitialize                                 0000000075e6b6ed 5 bytes JMP 0000000174776ae1
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\USER32.dll!CreateWindowExA                                         0000000075e6d22e 5 bytes JMP 00000001747754f1
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\USER32.dll!SetWinEventHook                                         0000000075e6ee09 5 bytes JMP 0000000174773331
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\USER32.dll!FindWindowA                                             0000000075e6ffe6 5 bytes JMP 0000000174775d61
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\USER32.dll!FindWindowExA                                           0000000075e700d9 5 bytes JMP 0000000174775df1
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\USER32.dll!PeekMessageW                                            0000000075e705ba 5 bytes JMP 00000001747742f1
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\USER32.dll!ShowWindow                                              0000000075e70dfb 5 bytes JMP 0000000174775581
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\USER32.dll!PostMessageW                                            0000000075e712a5 5 bytes JMP 0000000174776661
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\USER32.dll!SetWindowTextW                                          0000000075e720ec 5 bytes JMP 00000001747758e1
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\USER32.dll!PostMessageA                                            0000000075e73baa 5 bytes JMP 00000001747765d1
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\USER32.dll!PeekMessageA                                            0000000075e75f74 5 bytes JMP 0000000174774261
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\USER32.dll!CallNextHookEx                                          0000000075e76285 5 bytes JMP 0000000174774921
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\USER32.dll!SetWindowsHookExW                                       0000000075e77603 5 bytes JMP 0000000174772ac1
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\USER32.dll!SetWindowTextA                                          0000000075e77aee 5 bytes JMP 0000000174775851
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\USER32.dll!SetWindowsHookExA                                       0000000075e7835c 5 bytes JMP 0000000174772a31
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW                              0000000075e8ce54 5 bytes JMP 00000001747756a1
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx                                     0000000075e8f52b 5 bytes JMP 00000001747749b1
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\USER32.dll!FindWindowExW                                           0000000075e8f588 5 bytes JMP 0000000174775f11
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW                           0000000075e910a0 5 bytes JMP 0000000174775611
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\USER32.dll!MessageBoxExA                                           0000000075ebfcd6 3 bytes JMP 0000000174775731
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\USER32.dll!MessageBoxExA + 4                                       0000000075ebfcda 1 byte [FE]
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\USER32.dll!MessageBoxExW                                           0000000075ebfcfa 3 bytes JMP 00000001747757c1
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\USER32.dll!MessageBoxExW + 4                                       0000000075ebfcfe 1 byte [FE]
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\shell32.dll!Shell_NotifyIconW                                      00000000761b0171 5 bytes JMP 0000000174774a41
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\ws2_32.dll!closesocket                                             0000000075173918 5 bytes JMP 0000000174775a01
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\ws2_32.dll!WSASocketW                                              0000000075173cd3 5 bytes JMP 0000000174775971
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\ws2_32.dll!socket                                                  0000000075173eb8 5 bytes JMP 0000000174776271
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\ws2_32.dll!WSASend                                                 0000000075174406 5 bytes JMP 00000001747720a1
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\ws2_32.dll!GetAddrInfoW                                            0000000075174889 5 bytes JMP 0000000174775341
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\ws2_32.dll!recv                                                    0000000075176b0e 5 bytes JMP 0000000174776421
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\ws2_32.dll!connect                                                 0000000075176bdd 5 bytes JMP 0000000174773f91
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\ws2_32.dll!send                                                    0000000075176f01 5 bytes JMP 0000000174772011
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\ws2_32.dll!WSARecv                                                 0000000075177089 5 bytes JMP 00000001747764b1
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\ws2_32.dll!WSAConnect                                              000000007517cc3f 5 bytes JMP 0000000174776391
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\ws2_32.dll!gethostbyname                                           0000000075187673 5 bytes JMP 00000001747753d1
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\urlmon.dll!URLDownloadToCacheFileW                                 00000000755871d7 5 bytes JMP 0000000174773f01
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\urlmon.dll!URLDownloadToFileW                                      000000007558c316 5 bytes JMP 0000000174772131
.text     C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe[1292] C:\windows\syswow64\urlmon.dll!URLDownloadToFileA                                      00000000755fe4e4 5 bytes JMP 00000001747729a1
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\SysWOW64\ntdll.dll!NtWriteFile                                                       000000007763f928 5 bytes JMP 0000000174776811
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\SysWOW64\ntdll.dll!NtClose                                                           000000007763f9e0 5 bytes JMP 00000001747760c1
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess                                           000000007763fb28 5 bytes JMP 0000000174775b21
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess                                                     000000007763fc20 5 bytes JMP 0000000174773061
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection                                                000000007763fc50 5 bytes JMP 00000001747715f1
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection                                              000000007763fc80 5 bytes JMP 0000000174771681
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                000000007763fcb0 5 bytes JMP 0000000174775a91
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\SysWOW64\ntdll.dll!NtOpenSection                                                     000000007763fdc8 5 bytes JMP 0000000174776781
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                              000000007763fe14 5 bytes JMP 0000000174772f41
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\SysWOW64\ntdll.dll!NtDuplicateObject                                                 000000007763fe44 5 bytes JMP 0000000174773181
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\SysWOW64\ntdll.dll!NtQueueApcThread                                                  000000007763ff24 5 bytes JMP 00000001747730f1
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\SysWOW64\ntdll.dll!NtCreateSection                                                   000000007763ffa4 5 bytes JMP 00000001747768a1
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\SysWOW64\ntdll.dll!NtCreateProcessEx                                                 000000007763ffec 5 bytes JMP 0000000174772d91
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\SysWOW64\ntdll.dll!NtCreateThread                                                    0000000077640004 5 bytes JMP 0000000174772c71
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                                                      00000000776400b4 5 bytes JMP 0000000174771e61
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey                                                     00000000776401c4 5 bytes JMP 0000000174772251
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant                                                    000000007764079c 5 bytes JMP 00000001747766f1
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\SysWOW64\ntdll.dll!NtCreateProcess                                                   0000000077640814 5 bytes JMP 0000000174772d01
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                  00000000776408a4 5 bytes JMP 0000000174772be1
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver                                                      0000000077640df4 5 bytes JMP 0000000174776151
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\SysWOW64\ntdll.dll!NtRaiseHardError                                                  0000000077641604 5 bytes JMP 0000000174774801
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread                                                0000000077641920 5 bytes JMP 0000000174772fd1
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                            0000000077641be4 5 bytes JMP 00000001747761e1
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\SysWOW64\ntdll.dll!NtSuspendProcess                                                  0000000077641d54 5 bytes JMP 00000001747732a1
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\SysWOW64\ntdll.dll!NtSuspendThread                                                   0000000077641d70 5 bytes JMP 0000000174773211
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                              0000000077641d8c 5 bytes JMP 0000000174776931
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\SysWOW64\ntdll.dll!NtVdmControl                                                      0000000077641ee8 5 bytes JMP 0000000174776541
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter                                        00000000776588c4 5 bytes JMP 0000000174771a71
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx                                      0000000077680d3b 5 bytes JMP 0000000174771f81
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\SysWOW64\ntdll.dll!RtlReportException                                                00000000776c860f 5 bytes JMP 0000000174774891
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters                                        00000000776ce8ab 5 bytes JMP 0000000174771ef1
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\kernel32.dll!GetStartupInfoA                                                0000000076e20e00 5 bytes JMP 0000000174771d41
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\kernel32.dll!CreateProcessA                                                 0000000076e21072 5 bytes JMP 0000000174772911
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\kernel32.dll!LoadLibraryA                                                   0000000076e2499f 5 bytes JMP 0000000174772521
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW                                         0000000076e33bbb 5 bytes JMP 0000000174772eb1
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot                                       0000000076e47327 5 bytes JMP 0000000174772641
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\kernel32.dll!Process32NextW                                                 0000000076e488da 5 bytes JMP 0000000174776031
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\kernel32.dll!WinExec                                                        0000000076ea2ff1 5 bytes JMP 00000001747727f1
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\kernel32.dll!ReadConsoleInputA                                              0000000076ec748b 5 bytes JMP 0000000174774411
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\kernel32.dll!ReadConsoleInputW                                              0000000076ec74ae 5 bytes JMP 0000000174774531
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\kernel32.dll!ReadConsoleA                                                   0000000076ec7859 5 bytes JMP 0000000174774651
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\kernel32.dll!ReadConsoleW                                                   0000000076ec78d2 5 bytes JMP 0000000174774771
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime                                      0000000075f68f7d 5 bytes JMP 00000001747719e1
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\KERNELBASE.dll!CloseHandle                                                  0000000075f6c428 5 bytes JMP 0000000174773961
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\KERNELBASE.dll!WriteProcessMemory                                           0000000075f6ec98 5 bytes JMP 0000000174773451
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\KERNELBASE.dll!ExitProcess                                                  0000000075f6f1f8 5 bytes JMP 00000001747722e1
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\KERNELBASE.dll!GetStartupInfoW                                              0000000075f6fa7b 5 bytes JMP 0000000174771dd1
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\KERNELBASE.dll!CreateMutexW                                                 0000000075f7134a 5 bytes JMP 00000001747738d1
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\KERNELBASE.dll!OpenMutexW                                                   0000000075f71371 5 bytes JMP 0000000174773841
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                             0000000075f71d1b 5 bytes JMP 0000000174771951
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\KERNELBASE.dll!GetProcAddress                                               0000000075f71e07 5 bytes JMP 0000000174772401
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                               0000000075f72aa4 5 bytes JMP 0000000174775c41
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExA                                               0000000075f72ccc 5 bytes JMP 0000000174775bb1
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary                                                  0000000075f72d0a 5 bytes JMP 0000000174775cd1
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleA                                             0000000075f72e6d 5 bytes JMP 00000001747718c1
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\KERNELBASE.dll!SleepEx                                                      0000000075f73b63 5 bytes JMP 00000001747721c1
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\KERNELBASE.dll!Sleep                                                        0000000075f74489 5 bytes JMP 0000000174772371
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\KERNELBASE.dll!CreateThread                                                 0000000075f745fb 5 bytes JMP 00000001747733c1
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\KERNELBASE.dll!CreateRemoteThread                                           0000000075f74624 5 bytes JMP 0000000174772b51
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\KERNELBASE.dll!CreateFileA                                                  0000000075f7c72c 5 bytes JMP 00000001747726d1
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\ADVAPI32.dll!OpenServiceW                                                   000000007569c9ec 5 bytes JMP 0000000174773a81
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\ADVAPI32.dll!OpenServiceA                                                   00000000756a2b70 5 bytes JMP 00000001747739f1
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\ADVAPI32.dll!CloseServiceHandle                                             00000000756a361c 5 bytes JMP 0000000174773e71
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222                                            00000000756a4965 5 bytes JMP 00000001747769c1
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\ADVAPI32.dll!CreateServiceW                                                 00000000756b70c4 5 bytes JMP 00000001747740b1
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\ADVAPI32.dll!ControlService                                                 00000000756b70dc 5 bytes JMP 0000000174773c31
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\ADVAPI32.dll!DeleteService                                                  00000000756b70f4 5 bytes JMP 0000000174773cc1
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA                                           00000000756d31f4 5 bytes JMP 0000000174773d51
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW                                           00000000756d3204 5 bytes JMP 0000000174773de1
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\ADVAPI32.dll!ControlServiceExA                                              00000000756d3214 5 bytes JMP 0000000174773b11
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\ADVAPI32.dll!ControlServiceExW                                              00000000756d3224 5 bytes JMP 0000000174773ba1
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\ADVAPI32.dll!CreateServiceA                                                 00000000756d3264 5 bytes JMP 0000000174774021
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\msvcrt.dll!_lock + 41                                                       000000007524a472 5 bytes JMP 0000000174776a51
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\msvcrt.dll!__p__fmode                                                       00000000752527ce 5 bytes JMP 0000000174771b91
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\msvcrt.dll!__p__environ                                                     000000007525e6cf 5 bytes JMP 0000000174771b01
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\USER32.dll!GetMessageW                                                      0000000075e678e2 5 bytes JMP 00000001747741d1
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\USER32.dll!GetMessageA                                                      0000000075e67bd3 5 bytes JMP 0000000174774141
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\USER32.dll!CreateWindowExW                                                  0000000075e68a29 5 bytes JMP 0000000174775461
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\USER32.dll!FindWindowW                                                      0000000075e698fd 5 bytes JMP 0000000174775e81
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\USER32.dll!UserClientDllInitialize                                          0000000075e6b6ed 5 bytes JMP 0000000174776ae1
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\USER32.dll!CreateWindowExA                                                  0000000075e6d22e 5 bytes JMP 00000001747754f1
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\USER32.dll!SetWinEventHook                                                  0000000075e6ee09 5 bytes JMP 0000000174773331
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\USER32.dll!FindWindowA                                                      0000000075e6ffe6 5 bytes JMP 0000000174775d61
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\USER32.dll!FindWindowExA                                                    0000000075e700d9 5 bytes JMP 0000000174775df1
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\USER32.dll!PeekMessageW                                                     0000000075e705ba 5 bytes JMP 00000001747742f1
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\USER32.dll!ShowWindow                                                       0000000075e70dfb 5 bytes JMP 0000000174775581
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\USER32.dll!PostMessageW                                                     0000000075e712a5 5 bytes JMP 0000000174776661
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\USER32.dll!SetWindowTextW                                                   0000000075e720ec 5 bytes JMP 00000001747758e1
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\USER32.dll!PostMessageA                                                     0000000075e73baa 5 bytes JMP 00000001747765d1
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\USER32.dll!PeekMessageA                                                     0000000075e75f74 5 bytes JMP 0000000174774261
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\USER32.dll!CallNextHookEx                                                   0000000075e76285 5 bytes JMP 0000000174774921
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\USER32.dll!SetWindowsHookExW                                                0000000075e77603 5 bytes JMP 0000000174772ac1
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\USER32.dll!SetWindowTextA                                                   0000000075e77aee 5 bytes JMP 0000000174775851
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\USER32.dll!SetWindowsHookExA                                                0000000075e7835c 5 bytes JMP 0000000174772a31
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW                                       0000000075e8ce54 5 bytes JMP 00000001747756a1
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx                                              0000000075e8f52b 5 bytes JMP 00000001747749b1
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\USER32.dll!FindWindowExW                                                    0000000075e8f588 5 bytes JMP 0000000174775f11
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW                                    0000000075e910a0 5 bytes JMP 0000000174775611
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\USER32.dll!MessageBoxExA                                                    0000000075ebfcd6 3 bytes JMP 0000000174775731
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\USER32.dll!MessageBoxExA + 4                                                0000000075ebfcda 1 byte [FE]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\USER32.dll!MessageBoxExW                                                    0000000075ebfcfa 3 bytes JMP 00000001747757c1
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\USER32.dll!MessageBoxExW + 4                                                0000000075ebfcfe 1 byte [FE]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\windows\syswow64\SHELL32.dll!Shell_NotifyIconW                                               00000000761b0171 5 bytes JMP 0000000174774a41
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\SysWOW64\ntdll.dll!NtWriteFile                                                            000000007763f928 5 bytes JMP 0000000174776811
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\SysWOW64\ntdll.dll!NtClose                                                                000000007763f9e0 5 bytes JMP 00000001747760c1
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess                                                000000007763fb28 5 bytes JMP 0000000174775b21
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess                                                          000000007763fc20 5 bytes JMP 0000000174773061
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection                                                     000000007763fc50 5 bytes JMP 00000001747715f1
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection                                                   000000007763fc80 5 bytes JMP 0000000174771681
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                     000000007763fcb0 5 bytes JMP 0000000174775a91
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\SysWOW64\ntdll.dll!NtOpenSection                                                          000000007763fdc8 5 bytes JMP 0000000174776781
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                   000000007763fe14 5 bytes JMP 0000000174772f41
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\SysWOW64\ntdll.dll!NtDuplicateObject                                                      000000007763fe44 5 bytes JMP 0000000174773181
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\SysWOW64\ntdll.dll!NtQueueApcThread                                                       000000007763ff24 5 bytes JMP 00000001747730f1
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\SysWOW64\ntdll.dll!NtCreateSection                                                        000000007763ffa4 5 bytes JMP 00000001747768a1
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\SysWOW64\ntdll.dll!NtCreateProcessEx                                                      000000007763ffec 5 bytes JMP 0000000174772d91
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\SysWOW64\ntdll.dll!NtCreateThread                                                         0000000077640004 5 bytes JMP 0000000174772c71
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                                                           00000000776400b4 5 bytes JMP 0000000174771e61
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey                                                          00000000776401c4 5 bytes JMP 0000000174772251
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant                                                         000000007764079c 5 bytes JMP 00000001747766f1
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\SysWOW64\ntdll.dll!NtCreateProcess                                                        0000000077640814 5 bytes JMP 0000000174772d01
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                       00000000776408a4 5 bytes JMP 0000000174772be1
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver                                                           0000000077640df4 5 bytes JMP 0000000174776151
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\SysWOW64\ntdll.dll!NtRaiseHardError                                                       0000000077641604 5 bytes JMP 0000000174774801
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread                                                     0000000077641920 5 bytes JMP 0000000174772fd1
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                 0000000077641be4 5 bytes JMP 00000001747761e1
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\SysWOW64\ntdll.dll!NtSuspendProcess                                                       0000000077641d54 5 bytes JMP 00000001747732a1
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\SysWOW64\ntdll.dll!NtSuspendThread                                                        0000000077641d70 5 bytes JMP 0000000174773211
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                   0000000077641d8c 5 bytes JMP 0000000174776931
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\SysWOW64\ntdll.dll!NtVdmControl                                                           0000000077641ee8 5 bytes JMP 0000000174776541
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter                                             00000000776588c4 5 bytes JMP 0000000174771a71
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx                                           0000000077680d3b 5 bytes JMP 0000000174771f81
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\SysWOW64\ntdll.dll!RtlReportException                                                     00000000776c860f 5 bytes JMP 0000000174774891
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters                                             00000000776ce8ab 5 bytes JMP 0000000174771ef1
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\kernel32.dll!GetStartupInfoA                                                     0000000076e20e00 5 bytes JMP 0000000174771d41
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\kernel32.dll!CreateProcessA                                                      0000000076e21072 5 bytes JMP 0000000174772911
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\kernel32.dll!LoadLibraryA                                                        0000000076e2499f 5 bytes JMP 0000000174772521
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW                                              0000000076e33bbb 5 bytes JMP 0000000174772eb1
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot                                            0000000076e47327 5 bytes JMP 0000000174772641
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\kernel32.dll!Process32NextW                                                      0000000076e488da 5 bytes JMP 0000000174776031
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\kernel32.dll!WinExec                                                             0000000076ea2ff1 5 bytes JMP 00000001747727f1
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\kernel32.dll!ReadConsoleInputA                                                   0000000076ec748b 5 bytes JMP 0000000174774411
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\kernel32.dll!ReadConsoleInputW                                                   0000000076ec74ae 5 bytes JMP 0000000174774531
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\kernel32.dll!ReadConsoleA                                                        0000000076ec7859 5 bytes JMP 0000000174774651
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\kernel32.dll!ReadConsoleW                                                        0000000076ec78d2 5 bytes JMP 0000000174774771
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime                                           0000000075f68f7d 5 bytes JMP 00000001747719e1
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\KERNELBASE.dll!CloseHandle                                                       0000000075f6c428 5 bytes JMP 0000000174773961
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\KERNELBASE.dll!WriteProcessMemory                                                0000000075f6ec98 5 bytes JMP 0000000174773451
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\KERNELBASE.dll!ExitProcess                                                       0000000075f6f1f8 5 bytes JMP 00000001747722e1
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\KERNELBASE.dll!GetStartupInfoW                                                   0000000075f6fa7b 5 bytes JMP 0000000174771dd1
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\KERNELBASE.dll!CreateMutexW                                                      0000000075f7134a 5 bytes JMP 00000001747738d1
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\KERNELBASE.dll!OpenMutexW                                                        0000000075f71371 5 bytes JMP 0000000174773841
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                  0000000075f71d1b 5 bytes JMP 0000000174771951
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\KERNELBASE.dll!GetProcAddress                                                    0000000075f71e07 5 bytes JMP 0000000174772401
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                    0000000075f72aa4 5 bytes JMP 0000000174775c41
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExA                                                    0000000075f72ccc 5 bytes JMP 0000000174775bb1
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary                                                       0000000075f72d0a 5 bytes JMP 0000000174775cd1
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleA                                                  0000000075f72e6d 5 bytes JMP 00000001747718c1
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\KERNELBASE.dll!SleepEx                                                           0000000075f73b63 5 bytes JMP 00000001747721c1
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\KERNELBASE.dll!Sleep                                                             0000000075f74489 5 bytes JMP 0000000174772371
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\KERNELBASE.dll!CreateThread                                                      0000000075f745fb 5 bytes JMP 00000001747733c1
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\KERNELBASE.dll!CreateRemoteThread                                                0000000075f74624 5 bytes JMP 0000000174772b51
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\KERNELBASE.dll!CreateFileA                                                       0000000075f7c72c 5 bytes JMP 00000001747726d1
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\msvcrt.dll!_lock + 41                                                            000000007524a472 5 bytes JMP 00000001747769c1
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\msvcrt.dll!__p__fmode                                                            00000000752527ce 5 bytes JMP 0000000174771b91
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\msvcrt.dll!__p__environ                                                          000000007525e6cf 5 bytes JMP 0000000174771b01
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\USER32.dll!GetMessageW                                                           0000000075e678e2 5 bytes JMP 00000001747741d1
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\USER32.dll!GetMessageA                                                           0000000075e67bd3 5 bytes JMP 0000000174774141
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\USER32.dll!CreateWindowExW                                                       0000000075e68a29 5 bytes JMP 0000000174775461
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\USER32.dll!FindWindowW                                                           0000000075e698fd 5 bytes JMP 0000000174775e81
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\USER32.dll!UserClientDllInitialize                                               0000000075e6b6ed 5 bytes JMP 0000000174776a51
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\USER32.dll!CreateWindowExA                                                       0000000075e6d22e 5 bytes JMP 00000001747754f1
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\USER32.dll!SetWinEventHook                                                       0000000075e6ee09 5 bytes JMP 0000000174773331
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\USER32.dll!FindWindowA                                                           0000000075e6ffe6 5 bytes JMP 0000000174775d61
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\USER32.dll!FindWindowExA                                                         0000000075e700d9 5 bytes JMP 0000000174775df1
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\USER32.dll!PeekMessageW                                                          0000000075e705ba 5 bytes JMP 00000001747742f1
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\USER32.dll!ShowWindow                                                            0000000075e70dfb 5 bytes JMP 0000000174775581
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\USER32.dll!PostMessageW                                                          0000000075e712a5 5 bytes JMP 0000000174776661
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\USER32.dll!SetWindowTextW                                                        0000000075e720ec 5 bytes JMP 00000001747758e1
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\USER32.dll!PostMessageA                                                          0000000075e73baa 5 bytes JMP 00000001747765d1
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\USER32.dll!PeekMessageA                                                          0000000075e75f74 5 bytes JMP 0000000174774261
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\USER32.dll!CallNextHookEx                                                        0000000075e76285 5 bytes JMP 0000000174774921
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\USER32.dll!SetWindowsHookExW                                                     0000000075e77603 5 bytes JMP 0000000174772ac1
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\USER32.dll!SetWindowTextA                                                        0000000075e77aee 5 bytes JMP 0000000174775851
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\USER32.dll!SetWindowsHookExA                                                     0000000075e7835c 5 bytes JMP 0000000174772a31
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW                                            0000000075e8ce54 5 bytes JMP 00000001747756a1
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                   0000000075e8f52b 5 bytes JMP 00000001747749b1
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\USER32.dll!FindWindowExW                                                         0000000075e8f588 5 bytes JMP 0000000174775f11
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW                                         0000000075e910a0 5 bytes JMP 0000000174775611
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\USER32.dll!MessageBoxExA                                                         0000000075ebfcd6 3 bytes JMP 0000000174775731
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\USER32.dll!MessageBoxExA + 4                                                     0000000075ebfcda 1 byte [FE]
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\USER32.dll!MessageBoxExW                                                         0000000075ebfcfa 3 bytes JMP 00000001747757c1
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\USER32.dll!MessageBoxExW + 4                                                     0000000075ebfcfe 1 byte [FE]
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\ADVAPI32.dll!OpenServiceW                                                        000000007569c9ec 5 bytes JMP 0000000174773a81
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\ADVAPI32.dll!OpenServiceA                                                        00000000756a2b70 5 bytes JMP 00000001747739f1
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\ADVAPI32.dll!CloseServiceHandle                                                  00000000756a361c 5 bytes JMP 0000000174773e71
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222                                                 00000000756a4965 5 bytes JMP 0000000174776ae1
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\ADVAPI32.dll!CreateServiceW                                                      00000000756b70c4 5 bytes JMP 00000001747740b1
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\ADVAPI32.dll!ControlService                                                      00000000756b70dc 5 bytes JMP 0000000174773c31
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\ADVAPI32.dll!DeleteService                                                       00000000756b70f4 5 bytes JMP 0000000174773cc1
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA                                                00000000756d31f4 5 bytes JMP 0000000174773d51
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW                                                00000000756d3204 5 bytes JMP 0000000174773de1
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\ADVAPI32.dll!ControlServiceExA                                                   00000000756d3214 5 bytes JMP 0000000174773b11
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\ADVAPI32.dll!ControlServiceExW                                                   00000000756d3224 5 bytes JMP 0000000174773ba1
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\ADVAPI32.dll!CreateServiceA                                                      00000000756d3264 5 bytes JMP 0000000174774021
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\SHELL32.dll!Shell_NotifyIconW                                                    00000000761b0171 5 bytes JMP 0000000174774a41
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\WS2_32.dll!closesocket                                                           0000000075173918 5 bytes JMP 0000000174775a01
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\WS2_32.dll!WSASocketW                                                            0000000075173cd3 5 bytes JMP 0000000174775971
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\WS2_32.dll!socket                                                                0000000075173eb8 5 bytes JMP 0000000174776271
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\WS2_32.dll!WSASend                                                               0000000075174406 5 bytes JMP 00000001747720a1
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\WS2_32.dll!GetAddrInfoW                                                          0000000075174889 5 bytes JMP 0000000174775341
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\WS2_32.dll!recv                                                                  0000000075176b0e 5 bytes JMP 0000000174776421
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\WS2_32.dll!connect                                                               0000000075176bdd 5 bytes JMP 0000000174773f91
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\WS2_32.dll!send                                                                  0000000075176f01 5 bytes JMP 0000000174772011
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\WS2_32.dll!WSARecv                                                               0000000075177089 5 bytes JMP 00000001747764b1
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\WS2_32.dll!WSAConnect                                                            000000007517cc3f 5 bytes JMP 0000000174776391
.text     C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe[5852] C:\windows\syswow64\WS2_32.dll!gethostbyname                                                         0000000075187673 5 bytes JMP 00000001747753d1
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\SysWOW64\ntdll.dll!NtWriteFile                                                          000000007763f928 5 bytes JMP 0000000174776811
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\SysWOW64\ntdll.dll!NtClose                                                              000000007763f9e0 5 bytes JMP 00000001747760c1
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess                                              000000007763fb28 5 bytes JMP 0000000174775b21
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess                                                        000000007763fc20 5 bytes JMP 0000000174773061
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection                                                   000000007763fc50 5 bytes JMP 00000001747715f1
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection                                                 000000007763fc80 5 bytes JMP 0000000174771681
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                   000000007763fcb0 5 bytes JMP 0000000174775a91
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\SysWOW64\ntdll.dll!NtOpenSection                                                        000000007763fdc8 5 bytes JMP 0000000174776781
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                 000000007763fe14 5 bytes JMP 0000000174772f41
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\SysWOW64\ntdll.dll!NtDuplicateObject                                                    000000007763fe44 5 bytes JMP 0000000174773181
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\SysWOW64\ntdll.dll!NtQueueApcThread                                                     000000007763ff24 5 bytes JMP 00000001747730f1
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\SysWOW64\ntdll.dll!NtCreateSection                                                      000000007763ffa4 5 bytes JMP 00000001747768a1
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\SysWOW64\ntdll.dll!NtCreateProcessEx                                                    000000007763ffec 5 bytes JMP 0000000174772d91
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\SysWOW64\ntdll.dll!NtCreateThread                                                       0000000077640004 5 bytes JMP 0000000174772c71
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                                                         00000000776400b4 5 bytes JMP 0000000174771e61
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey                                                        00000000776401c4 5 bytes JMP 0000000174772251
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant                                                       000000007764079c 5 bytes JMP 00000001747766f1
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\SysWOW64\ntdll.dll!NtCreateProcess                                                      0000000077640814 5 bytes JMP 0000000174772d01
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                     00000000776408a4 5 bytes JMP 0000000174772be1
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver                                                         0000000077640df4 5 bytes JMP 0000000174776151
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\SysWOW64\ntdll.dll!NtRaiseHardError                                                     0000000077641604 5 bytes JMP 0000000174774801
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread                                                   0000000077641920 5 bytes JMP 0000000174772fd1
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                               0000000077641be4 5 bytes JMP 00000001747761e1
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\SysWOW64\ntdll.dll!NtSuspendProcess                                                     0000000077641d54 5 bytes JMP 00000001747732a1
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\SysWOW64\ntdll.dll!NtSuspendThread                                                      0000000077641d70 5 bytes JMP 0000000174773211
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                 0000000077641d8c 5 bytes JMP 0000000174776931
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\SysWOW64\ntdll.dll!NtVdmControl                                                         0000000077641ee8 5 bytes JMP 0000000174776541
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter                                           00000000776588c4 5 bytes JMP 0000000174771a71
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx                                         0000000077680d3b 5 bytes JMP 0000000174771f81
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\SysWOW64\ntdll.dll!RtlReportException                                                   00000000776c860f 5 bytes JMP 0000000174774891
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters                                           00000000776ce8ab 5 bytes JMP 0000000174771ef1
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\kernel32.dll!GetStartupInfoA                                                   0000000076e20e00 5 bytes JMP 0000000174771d41
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\kernel32.dll!CreateProcessA                                                    0000000076e21072 5 bytes JMP 0000000174772911
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\kernel32.dll!LoadLibraryA                                                      0000000076e2499f 5 bytes JMP 0000000174772521

franzkans1 · 19.04.2014, 07:13

Code:

ATTFilter

.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\kernel32.dll!CreateProcessInternalW                                            0000000076e33bbb 5 bytes JMP 0000000174772eb1
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot                                          0000000076e47327 5 bytes JMP 0000000174772641
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\kernel32.dll!Process32NextW                                                    0000000076e488da 5 bytes JMP 0000000174776031
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\kernel32.dll!WinExec                                                           0000000076ea2ff1 5 bytes JMP 00000001747727f1
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\kernel32.dll!ReadConsoleInputA                                                 0000000076ec748b 5 bytes JMP 0000000174774411
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\kernel32.dll!ReadConsoleInputW                                                 0000000076ec74ae 5 bytes JMP 0000000174774531
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\kernel32.dll!ReadConsoleA                                                      0000000076ec7859 5 bytes JMP 0000000174774651
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\kernel32.dll!ReadConsoleW                                                      0000000076ec78d2 5 bytes JMP 0000000174774771
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime                                         0000000075f68f7d 5 bytes JMP 00000001747719e1
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\KERNELBASE.dll!CloseHandle                                                     0000000075f6c428 5 bytes JMP 0000000174773961
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\KERNELBASE.dll!WriteProcessMemory                                              0000000075f6ec98 5 bytes JMP 0000000174773451
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\KERNELBASE.dll!ExitProcess                                                     0000000075f6f1f8 5 bytes JMP 00000001747722e1
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\KERNELBASE.dll!GetStartupInfoW                                                 0000000075f6fa7b 5 bytes JMP 0000000174771dd1
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\KERNELBASE.dll!CreateMutexW                                                    0000000075f7134a 5 bytes JMP 00000001747738d1
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\KERNELBASE.dll!OpenMutexW                                                      0000000075f71371 5 bytes JMP 0000000174773841
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                0000000075f71d1b 5 bytes JMP 0000000174771951
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\KERNELBASE.dll!GetProcAddress                                                  0000000075f71e07 5 bytes JMP 0000000174772401
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                  0000000075f72aa4 5 bytes JMP 0000000174775c41
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExA                                                  0000000075f72ccc 5 bytes JMP 0000000174775bb1
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary                                                     0000000075f72d0a 5 bytes JMP 0000000174775cd1
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleA                                                0000000075f72e6d 5 bytes JMP 00000001747718c1
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\KERNELBASE.dll!SleepEx                                                         0000000075f73b63 5 bytes JMP 00000001747721c1
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\KERNELBASE.dll!Sleep                                                           0000000075f74489 5 bytes JMP 0000000174772371
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\KERNELBASE.dll!CreateThread                                                    0000000075f745fb 5 bytes JMP 00000001747733c1
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\KERNELBASE.dll!CreateRemoteThread                                              0000000075f74624 5 bytes JMP 0000000174772b51
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\KERNELBASE.dll!CreateFileA                                                     0000000075f7c72c 5 bytes JMP 00000001747726d1
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\USER32.dll!GetMessageW                                                         0000000075e678e2 5 bytes JMP 00000001747741d1
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\USER32.dll!GetMessageA                                                         0000000075e67bd3 5 bytes JMP 0000000174774141
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\USER32.dll!CreateWindowExW                                                     0000000075e68a29 5 bytes JMP 0000000174775461
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\USER32.dll!FindWindowW                                                         0000000075e698fd 5 bytes JMP 0000000174775e81
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\USER32.dll!UserClientDllInitialize                                             0000000075e6b6ed 5 bytes JMP 00000001747769c1
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\USER32.dll!CreateWindowExA                                                     0000000075e6d22e 5 bytes JMP 00000001747754f1
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\USER32.dll!SetWinEventHook                                                     0000000075e6ee09 5 bytes JMP 0000000174773331
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\USER32.dll!FindWindowA                                                         0000000075e6ffe6 5 bytes JMP 0000000174775d61
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\USER32.dll!FindWindowExA                                                       0000000075e700d9 5 bytes JMP 0000000174775df1
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\USER32.dll!PeekMessageW                                                        0000000075e705ba 5 bytes JMP 00000001747742f1
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\USER32.dll!ShowWindow                                                          0000000075e70dfb 5 bytes JMP 0000000174775581
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\USER32.dll!PostMessageW                                                        0000000075e712a5 5 bytes JMP 0000000174776661
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\USER32.dll!SetWindowTextW                                                      0000000075e720ec 5 bytes JMP 00000001747758e1
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\USER32.dll!PostMessageA                                                        0000000075e73baa 5 bytes JMP 00000001747765d1
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\USER32.dll!PeekMessageA                                                        0000000075e75f74 5 bytes JMP 0000000174774261
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\USER32.dll!CallNextHookEx                                                      0000000075e76285 5 bytes JMP 0000000174774921
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\USER32.dll!SetWindowsHookExW                                                   0000000075e77603 5 bytes JMP 0000000174772ac1
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\USER32.dll!SetWindowTextA                                                      0000000075e77aee 5 bytes JMP 0000000174775851
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\USER32.dll!SetWindowsHookExA                                                   0000000075e7835c 5 bytes JMP 0000000174772a31
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW                                          0000000075e8ce54 5 bytes JMP 00000001747756a1
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                 0000000075e8f52b 5 bytes JMP 00000001747749b1
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\USER32.dll!FindWindowExW                                                       0000000075e8f588 5 bytes JMP 0000000174775f11
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW                                       0000000075e910a0 5 bytes JMP 0000000174775611
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\USER32.dll!MessageBoxExA                                                       0000000075ebfcd6 3 bytes JMP 0000000174775731
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\USER32.dll!MessageBoxExA + 4                                                   0000000075ebfcda 1 byte [FE]
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\USER32.dll!MessageBoxExW                                                       0000000075ebfcfa 3 bytes JMP 00000001747757c1
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\USER32.dll!MessageBoxExW + 4                                                   0000000075ebfcfe 1 byte [FE]
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\msvcrt.dll!_lock + 41                                                          000000007524a472 5 bytes JMP 0000000174776a51
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\msvcrt.dll!__p__fmode                                                          00000000752527ce 5 bytes JMP 0000000174771b91
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\msvcrt.dll!__p__environ                                                        000000007525e6cf 5 bytes JMP 0000000174771b01
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\ADVAPI32.dll!OpenServiceW                                                      000000007569c9ec 5 bytes JMP 0000000174773a81
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\ADVAPI32.dll!OpenServiceA                                                      00000000756a2b70 5 bytes JMP 00000001747739f1
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\ADVAPI32.dll!CloseServiceHandle                                                00000000756a361c 5 bytes JMP 0000000174773e71
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222                                               00000000756a4965 5 bytes JMP 0000000174776ae1
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\ADVAPI32.dll!CreateServiceW                                                    00000000756b70c4 5 bytes JMP 00000001747740b1
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\ADVAPI32.dll!ControlService                                                    00000000756b70dc 5 bytes JMP 0000000174773c31
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\ADVAPI32.dll!DeleteService                                                     00000000756b70f4 5 bytes JMP 0000000174773cc1
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA                                              00000000756d31f4 5 bytes JMP 0000000174773d51
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW                                              00000000756d3204 5 bytes JMP 0000000174773de1
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\ADVAPI32.dll!ControlServiceExA                                                 00000000756d3214 5 bytes JMP 0000000174773b11
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\ADVAPI32.dll!ControlServiceExW                                                 00000000756d3224 5 bytes JMP 0000000174773ba1
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\ADVAPI32.dll!CreateServiceA                                                    00000000756d3264 5 bytes JMP 0000000174774021
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\SHELL32.dll!Shell_NotifyIconW                                                  00000000761b0171 5 bytes JMP 0000000174774a41
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\WS2_32.dll!closesocket                                                         0000000075173918 5 bytes JMP 0000000174775a01
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\WS2_32.dll!WSASocketW                                                          0000000075173cd3 5 bytes JMP 0000000174775971
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\WS2_32.dll!socket                                                              0000000075173eb8 5 bytes JMP 0000000174776271
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\WS2_32.dll!WSASend                                                             0000000075174406 5 bytes JMP 00000001747720a1
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\WS2_32.dll!GetAddrInfoW                                                        0000000075174889 5 bytes JMP 0000000174775341
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\WS2_32.dll!recv                                                                0000000075176b0e 5 bytes JMP 0000000174776421
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\WS2_32.dll!connect                                                             0000000075176bdd 5 bytes JMP 0000000174773f91
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\WS2_32.dll!send                                                                0000000075176f01 5 bytes JMP 0000000174772011
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\WS2_32.dll!WSARecv                                                             0000000075177089 5 bytes JMP 00000001747764b1
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\WS2_32.dll!WSAConnect                                                          000000007517cc3f 5 bytes JMP 0000000174776391
.text     C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe[3728] C:\windows\syswow64\WS2_32.dll!gethostbyname                                                       0000000075187673 5 bytes JMP 00000001747753d1
.text     C:\windows\system32\wbem\unsecapp.exe[4392] C:\windows\system32\kernel32.dll!Process32NextW + 1                                                                        0000000077321b21 11 bytes [B8, F9, D3, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\wbem\unsecapp.exe[4392] C:\windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                  0000000077321c10 12 bytes [48, B8, F9, 39, 06, 6C, 00, ...]
.text     C:\windows\system32\wbem\unsecapp.exe[4392] C:\windows\system32\kernel32.dll!CreateProcessInternalW                                                                    000000007733db80 12 bytes [48, B8, B9, 2D, 06, 6C, 00, ...]
.text     C:\windows\system32\wbem\unsecapp.exe[4392] C:\windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                       0000000077340931 11 bytes [B8, 79, E5, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\wbem\unsecapp.exe[4392] C:\windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                     00000000773752f1 11 bytes [B8, B9, 7A, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\wbem\unsecapp.exe[4392] C:\windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                     0000000077375311 11 bytes [B8, 39, 77, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\wbem\unsecapp.exe[4392] C:\windows\system32\kernel32.dll!ReadConsoleW                                                                              000000007738a5e0 12 bytes [48, B8, B9, 81, 06, 6C, 00, ...]
.text     C:\windows\system32\wbem\unsecapp.exe[4392] C:\windows\system32\kernel32.dll!ReadConsoleA                                                                              000000007738a6f0 12 bytes [48, B8, 39, 7E, 06, 6C, 00, ...]
.text     C:\windows\system32\wbem\unsecapp.exe[4392] C:\windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                         000007fefd421861 11 bytes [B8, 79, 52, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\wbem\unsecapp.exe[4392] C:\windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                         000007fefd422db1 11 bytes [B8, B9, C7, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\wbem\unsecapp.exe[4392] C:\windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                      000007fefd423461 11 bytes [B8, 79, C9, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\wbem\unsecapp.exe[4392] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                          000007fefd428ef0 12 bytes [48, B8, F9, C5, 06, 6C, 00, ...]
.text     C:\windows\system32\wbem\unsecapp.exe[4392] C:\windows\system32\KERNELBASE.dll!CreateMutexW                                                                            000007fefd4294c0 12 bytes [48, B8, B9, 50, 06, 6C, 00, ...]
.text     C:\windows\system32\wbem\unsecapp.exe[4392] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                      000007fefd42bfd1 11 bytes [B8, 39, C4, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\wbem\unsecapp.exe[4392] C:\windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                          000007fefd432af1 11 bytes [B8, F9, 4E, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\wbem\unsecapp.exe[4392] C:\windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                      000007fefd454350 12 bytes [48, B8, B9, 42, 06, 6C, 00, ...]
.text     C:\windows\system32\wbem\unsecapp.exe[4392] C:\windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                  000007fefd462871 8 bytes [B8, 39, 23, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\wbem\unsecapp.exe[4392] C:\windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                 000007fefd46287a 2 bytes [50, C3]
.text     C:\windows\system32\wbem\unsecapp.exe[4392] C:\windows\system32\KERNELBASE.dll!CreateThread + 1                                                                        000007fefd4628b1 11 bytes [B8, F9, 40, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\wbem\unsecapp.exe[4392] C:\windows\system32\WS2_32.dll!WSASend + 1                                                                                 000007fefe9013b1 11 bytes [B8, F9, BE, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\wbem\unsecapp.exe[4392] C:\windows\system32\WS2_32.dll!closesocket                                                                                 000007fefe9018e0 12 bytes [48, B8, 39, BD, 06, 6C, 00, ...]
.text     C:\windows\system32\wbem\unsecapp.exe[4392] C:\windows\system32\WS2_32.dll!WSASocketW + 1                                                                              000007fefe901bd1 11 bytes [B8, 79, BB, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\wbem\unsecapp.exe[4392] C:\windows\system32\WS2_32.dll!WSARecv + 1                                                                                 000007fefe902201 11 bytes [B8, F9, E1, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\wbem\unsecapp.exe[4392] C:\windows\system32\WS2_32.dll!GetAddrInfoW                                                                                000007fefe9023c0 12 bytes [48, B8, 79, A6, 06, 6C, 00, ...]
.text     C:\windows\system32\wbem\unsecapp.exe[4392] C:\windows\system32\WS2_32.dll!connect                                                                                     000007fefe9045c0 12 bytes [48, B8, 79, 67, 06, 6C, 00, ...]
.text     C:\windows\system32\wbem\unsecapp.exe[4392] C:\windows\system32\WS2_32.dll!send + 1                                                                                    000007fefe908001 11 bytes [B8, B9, B9, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\wbem\unsecapp.exe[4392] C:\windows\system32\WS2_32.dll!gethostbyname                                                                               000007fefe908df0 7 bytes [48, B8, 39, A8, 06, 6C, 00]
.text     C:\windows\system32\wbem\unsecapp.exe[4392] C:\windows\system32\WS2_32.dll!gethostbyname + 9                                                                           000007fefe908df9 3 bytes [00, 50, C3]
.text     C:\windows\system32\wbem\unsecapp.exe[4392] C:\windows\system32\WS2_32.dll!socket + 1                                                                                  000007fefe90de91 11 bytes [B8, F9, DA, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\wbem\unsecapp.exe[4392] C:\windows\system32\WS2_32.dll!recv + 1                                                                                    000007fefe90df41 11 bytes [B8, 39, E0, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\wbem\unsecapp.exe[4392] C:\windows\system32\WS2_32.dll!WSAConnect + 1                                                                              000007fefe92e0f1 11 bytes [B8, 79, DE, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\wbem\unsecapp.exe[4392] C:\windows\SYSTEM32\sechost.dll!ControlService + 1                                                                         000007fefe95642d 11 bytes [B8, 39, 5B, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\wbem\unsecapp.exe[4392] C:\windows\SYSTEM32\sechost.dll!OpenServiceW                                                                               000007fefe956484 12 bytes [48, B8, F9, 55, 06, 6C, 00, ...]
.text     C:\windows\system32\wbem\unsecapp.exe[4392] C:\windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                     000007fefe956519 11 bytes [B8, 39, 62, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\wbem\unsecapp.exe[4392] C:\windows\SYSTEM32\sechost.dll!OpenServiceA                                                                               000007fefe956c34 12 bytes [48, B8, 39, 54, 06, 6C, 00, ...]
.text     C:\windows\system32\wbem\unsecapp.exe[4392] C:\windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                          000007fefe957ab5 11 bytes [B8, F9, 5C, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\wbem\unsecapp.exe[4392] C:\windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                      000007fefe958b01 11 bytes [B8, B9, 57, 06, 6C, 00, 00, ...]
.text     C:\windows\system32\wbem\unsecapp.exe[4392] C:\windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                      000007fefe958c39 11 bytes [B8, 79, 59, 06, 6C, 00, 00, ...]
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\SysWOW64\ntdll.dll!NtWriteFile                                          000000007763f928 5 bytes JMP 0000000174776811
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\SysWOW64\ntdll.dll!NtClose                                              000000007763f9e0 5 bytes JMP 00000001747760c1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess                              000000007763fb28 5 bytes JMP 0000000174775b21
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\SysWOW64\ntdll.dll!NtOpenProcess                                        000000007763fc20 5 bytes JMP 0000000174773061
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\SysWOW64\ntdll.dll!NtMapViewOfSection                                   000000007763fc50 5 bytes JMP 00000001747715f1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection                                 000000007763fc80 5 bytes JMP 0000000174771681
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess                                   000000007763fcb0 5 bytes JMP 0000000174775a91
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\SysWOW64\ntdll.dll!NtOpenSection                                        000000007763fdc8 5 bytes JMP 0000000174776781
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                 000000007763fe14 5 bytes JMP 0000000174772f41
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\SysWOW64\ntdll.dll!NtDuplicateObject                                    000000007763fe44 5 bytes JMP 0000000174773181
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\SysWOW64\ntdll.dll!NtQueueApcThread                                     000000007763ff24 5 bytes JMP 00000001747730f1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\SysWOW64\ntdll.dll!NtCreateSection                                      000000007763ffa4 5 bytes JMP 00000001747768a1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\SysWOW64\ntdll.dll!NtCreateProcessEx                                    000000007763ffec 5 bytes JMP 0000000174772d91
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\SysWOW64\ntdll.dll!NtCreateThread                                       0000000077640004 5 bytes JMP 0000000174772c71
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\SysWOW64\ntdll.dll!NtCreateFile                                         00000000776400b4 5 bytes JMP 0000000174771e61
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\SysWOW64\ntdll.dll!NtSetValueKey                                        00000000776401c4 5 bytes JMP 0000000174772251
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\SysWOW64\ntdll.dll!NtCreateMutant                                       000000007764079c 5 bytes JMP 00000001747766f1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\SysWOW64\ntdll.dll!NtCreateProcess                                      0000000077640814 5 bytes JMP 0000000174772d01
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                     00000000776408a4 5 bytes JMP 0000000174772be1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\SysWOW64\ntdll.dll!NtLoadDriver                                         0000000077640df4 5 bytes JMP 0000000174776151
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\SysWOW64\ntdll.dll!NtRaiseHardError                                     0000000077641604 5 bytes JMP 0000000174774801
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\SysWOW64\ntdll.dll!NtSetContextThread                                   0000000077641920 5 bytes JMP 0000000174772fd1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\SysWOW64\ntdll.dll!NtSetSystemInformation                               0000000077641be4 5 bytes JMP 00000001747761e1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\SysWOW64\ntdll.dll!NtSuspendProcess                                     0000000077641d54 5 bytes JMP 00000001747732a1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\SysWOW64\ntdll.dll!NtSuspendThread                                      0000000077641d70 5 bytes JMP 0000000174773211
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                 0000000077641d8c 5 bytes JMP 0000000174776931
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\SysWOW64\ntdll.dll!NtVdmControl                                         0000000077641ee8 5 bytes JMP 0000000174776541
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter                           00000000776588c4 5 bytes JMP 0000000174771a71
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx                         0000000077680d3b 5 bytes JMP 0000000174771f81
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\SysWOW64\ntdll.dll!RtlReportException                                   00000000776c860f 5 bytes JMP 0000000174774891
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters                           00000000776ce8ab 5 bytes JMP 0000000174771ef1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\KERNEL32.dll!GetStartupInfoA                                   0000000076e20e00 5 bytes JMP 0000000174771d41
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\KERNEL32.dll!CreateProcessA                                    0000000076e21072 5 bytes JMP 0000000174772911
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\KERNEL32.dll!LoadLibraryA                                      0000000076e2499f 5 bytes JMP 0000000174772521
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\KERNEL32.dll!CreateProcessInternalW                            0000000076e33bbb 5 bytes JMP 0000000174772eb1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\KERNEL32.dll!CreateToolhelp32Snapshot                          0000000076e47327 5 bytes JMP 0000000174772641
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\KERNEL32.dll!Process32NextW                                    0000000076e488da 5 bytes JMP 0000000174776031
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\KERNEL32.dll!WinExec                                           0000000076ea2ff1 5 bytes JMP 00000001747727f1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\KERNEL32.dll!ReadConsoleInputA                                 0000000076ec748b 5 bytes JMP 0000000174774411
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\KERNEL32.dll!ReadConsoleInputW                                 0000000076ec74ae 5 bytes JMP 0000000174774531
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\KERNEL32.dll!ReadConsoleA                                      0000000076ec7859 5 bytes JMP 0000000174774651
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\KERNEL32.dll!ReadConsoleW                                      0000000076ec78d2 5 bytes JMP 0000000174774771
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime                         0000000075f68f7d 5 bytes JMP 00000001747719e1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\KERNELBASE.dll!CloseHandle                                     0000000075f6c428 5 bytes JMP 0000000174773961
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\KERNELBASE.dll!WriteProcessMemory                              0000000075f6ec98 5 bytes JMP 0000000174773451
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\KERNELBASE.dll!ExitProcess                                     0000000075f6f1f8 5 bytes JMP 00000001747722e1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\KERNELBASE.dll!GetStartupInfoW                                 0000000075f6fa7b 5 bytes JMP 0000000174771dd1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\KERNELBASE.dll!CreateMutexW                                    0000000075f7134a 5 bytes JMP 00000001747738d1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\KERNELBASE.dll!OpenMutexW                                      0000000075f71371 5 bytes JMP 0000000174773841
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                0000000075f71d1b 5 bytes JMP 0000000174771951
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\KERNELBASE.dll!GetProcAddress                                  0000000075f71e07 5 bytes JMP 0000000174772401
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                  0000000075f72aa4 5 bytes JMP 0000000174775c41
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExA                                  0000000075f72ccc 5 bytes JMP 0000000174775bb1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary                                     0000000075f72d0a 5 bytes JMP 0000000174775cd1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleA                                0000000075f72e6d 5 bytes JMP 00000001747718c1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\KERNELBASE.dll!SleepEx                                         0000000075f73b63 5 bytes JMP 00000001747721c1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\KERNELBASE.dll!Sleep                                           0000000075f74489 5 bytes JMP 0000000174772371
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\KERNELBASE.dll!CreateThread                                    0000000075f745fb 5 bytes JMP 00000001747733c1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\KERNELBASE.dll!CreateRemoteThread                              0000000075f74624 5 bytes JMP 0000000174772b51
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\KERNELBASE.dll!CreateFileA                                     0000000075f7c72c 5 bytes JMP 00000001747726d1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\msvcrt.dll!_lock + 41                                          000000007524a472 5 bytes JMP 00000001747769c1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\msvcrt.dll!__p__fmode                                          00000000752527ce 5 bytes JMP 0000000174771b91
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\msvcrt.dll!__p__environ                                        000000007525e6cf 5 bytes JMP 0000000174771b01
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\USER32.dll!GetMessageW                                         0000000075e678e2 5 bytes JMP 00000001747741d1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\USER32.dll!GetMessageA                                         0000000075e67bd3 5 bytes JMP 0000000174774141
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\USER32.dll!CreateWindowExW                                     0000000075e68a29 5 bytes JMP 0000000174775461
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\USER32.dll!FindWindowW                                         0000000075e698fd 5 bytes JMP 0000000174775e81
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\USER32.dll!UserClientDllInitialize                             0000000075e6b6ed 5 bytes JMP 0000000174776a51
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\USER32.dll!CreateWindowExA                                     0000000075e6d22e 5 bytes JMP 00000001747754f1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\USER32.dll!SetWinEventHook                                     0000000075e6ee09 5 bytes JMP 0000000174773331
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\USER32.dll!FindWindowA                                         0000000075e6ffe6 5 bytes JMP 0000000174775d61
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\USER32.dll!FindWindowExA                                       0000000075e700d9 5 bytes JMP 0000000174775df1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\USER32.dll!PeekMessageW                                        0000000075e705ba 5 bytes JMP 00000001747742f1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\USER32.dll!ShowWindow                                          0000000075e70dfb 5 bytes JMP 0000000174775581
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\USER32.dll!PostMessageW                                        0000000075e712a5 5 bytes JMP 0000000174776661
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\USER32.dll!SetWindowTextW                                      0000000075e720ec 5 bytes JMP 00000001747758e1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\USER32.dll!PostMessageA                                        0000000075e73baa 5 bytes JMP 00000001747765d1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\USER32.dll!PeekMessageA                                        0000000075e75f74 5 bytes JMP 0000000174774261
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\USER32.dll!CallNextHookEx                                      0000000075e76285 5 bytes JMP 0000000174774921
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\USER32.dll!SetWindowsHookExW                                   0000000075e77603 5 bytes JMP 0000000174772ac1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\USER32.dll!SetWindowTextA                                      0000000075e77aee 5 bytes JMP 0000000174775851
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\USER32.dll!SetWindowsHookExA                                   0000000075e7835c 5 bytes JMP 0000000174772a31
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW                          0000000075e8ce54 5 bytes JMP 00000001747756a1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\USER32.dll!UnhookWindowsHookEx                                 0000000075e8f52b 5 bytes JMP 00000001747749b1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\USER32.dll!FindWindowExW                                       0000000075e8f588 5 bytes JMP 0000000174775f11
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW                       0000000075e910a0 5 bytes JMP 0000000174775611
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\USER32.dll!MessageBoxExA                                       0000000075ebfcd6 3 bytes JMP 0000000174775731
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\USER32.dll!MessageBoxExA + 4                                   0000000075ebfcda 1 byte [FE]
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\USER32.dll!MessageBoxExW                                       0000000075ebfcfa 3 bytes JMP 00000001747757c1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\USER32.dll!MessageBoxExW + 4                                   0000000075ebfcfe 1 byte [FE]
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\ADVAPI32.dll!OpenServiceW                                      000000007569c9ec 5 bytes JMP 0000000174773a81
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\ADVAPI32.dll!OpenServiceA                                      00000000756a2b70 5 bytes JMP 00000001747739f1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\ADVAPI32.dll!CloseServiceHandle                                00000000756a361c 5 bytes JMP 0000000174773e71
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222                               00000000756a4965 5 bytes JMP 0000000174776ae1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\ADVAPI32.dll!CreateServiceW                                    00000000756b70c4 5 bytes JMP 00000001747740b1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\ADVAPI32.dll!ControlService                                    00000000756b70dc 5 bytes JMP 0000000174773c31
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\ADVAPI32.dll!DeleteService                                     00000000756b70f4 5 bytes JMP 0000000174773cc1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA                              00000000756d31f4 5 bytes JMP 0000000174773d51
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW                              00000000756d3204 5 bytes JMP 0000000174773de1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\ADVAPI32.dll!ControlServiceExA                                 00000000756d3214 5 bytes JMP 0000000174773b11
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\ADVAPI32.dll!ControlServiceExW                                 00000000756d3224 5 bytes JMP 0000000174773ba1
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\ADVAPI32.dll!CreateServiceA                                    00000000756d3264 5 bytes JMP 0000000174774021
.text     C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3100] C:\windows\syswow64\SHELL32.dll!Shell_NotifyIconW                                  00000000761b0171 5 bytes JMP 0000000174774a41

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\406186a01915                                                                                            
Reg       HKLM\SYSTEM\ControlSet002\Control@PreshutdownOrder                                                                                                                     wuauserv?gpsvc?trustedinstaller?
Reg       HKLM\SYSTEM\ControlSet002\Control@WaitToKillServiceTimeout                                                                                                             12000
Reg       HKLM\SYSTEM\ControlSet002\Control@CurrentUser                                                                                                                          USERNAME
Reg       HKLM\SYSTEM\ControlSet002\Control@BootDriverFlags                                                                                                                      0
Reg       HKLM\SYSTEM\ControlSet002\Control@ServiceControlManagerExtension                                                                                                       %systemroot%\system32\scext.dll
Reg       HKLM\SYSTEM\ControlSet002\Control@SystemStartOptions                                                                                                                    NOEXECUTE=OPTIN
Reg       HKLM\SYSTEM\ControlSet002\Control@SystemBootDevice                                                                                                                     multi(0)disk(0)rdisk(0)partition(3)
Reg       HKLM\SYSTEM\ControlSet002\Control@FirmwareBootDevice                                                                                                                   multi(0)disk(0)rdisk(0)partition(2)
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\406186a01915 (not active ControlSet)                                                                        

---- EOF - GMER 2.1 ----

Gerade habe ich eine Merkwürdigkeit festgestellt. Gestern hatte ich noch 30 GB freien Speicher auf C. Heute nur noch 26,6. Ich hab doch nur die von euch benötigten Programme inststalliert. Seltsam!

Warum ist meine Log File von GMER eigentlich so lang?

schrauber · 19.04.2014, 19:29

Das kommt schon mal vor.

AdwCleaner auch löschen lassen.

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

franzkans1 · 19.04.2014, 22:07

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 19.04.2014
Suchlauf-Zeit: 22:25:13
Logdatei: mbam-log.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.19.09
Rootkit Datenbank: v2014.03.27.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Gregor-Boss

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 348274
Verstrichene Zeit: 15 Min, 4 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 1
PUP.Optional.Softonic.A, HKU\S-1-5-21-513543937-287335986-3713968974-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [0df3817f7a86867af6721a5301019070], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Gregor-Boss on 19.04.2014 at 22:30:26,54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.04.2014 at 22:38:17,73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-04-2014
Ran by Gregor-Boss (administrator) on GREGOR-BOSS-MSI on 19-04-2014 22:58:52
Running from C:\Users\Gregor\Downloads\trojaner-board hilfe
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\System Control Manager\MSIService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
(Sentelic Corporation) C:\Program Files\FSP\FspUip.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
() C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe
(msi) C:\Program Files (x86)\MSI\msi LED Manager\SLM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Microsoft Corporation) C:\windows\System32\alg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [THXCfg64] => C:\windows\system32\THXCfg64.dll [17920 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe [1575192 2013-10-24] (Bitdefender)
HKLM\...\Run: [fspuip] => C:\Program Files\FSP\fspuip.exe [5803520 2012-09-07] (Sentelic Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11465832 2010-09-07] (Realtek Semiconductor)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1351680 2010-11-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [MGSysCtrl] => C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe [2482176 2011-02-17] (Micro-Star International Co., Ltd.)
HKLM-x32\...\Run: [VGAOCAP] => C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe [89088 2012-06-06] ()
HKLM-x32\...\Run: [msi LED Manager] => C:\Program Files (x86)\msi\msi LED Manager\SLM.exe [2795008 2010-07-29] (msi)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://msi.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://msi.msn.com
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {AAFE5B87-4741-4036-9983-FC3D779A1B6C} URL = 
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} -  No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: HKLM-x32 {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{D09902FE-23AA-47E6-8471-1A2816D1A60E}: [NameServer]10.19.1.153

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll No File
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2012-12-13]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-04-26]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2012-12-13]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-04-26]

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Users\Gregor\AppData\Local\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Gregor\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Gregor\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No File
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\Gregor-Boss\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-06]
CHR Extension: (YouTube) - C:\Users\Gregor-Boss\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-06]
CHR Extension: (Google-Suche) - C:\Users\Gregor-Boss\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-06]
CHR Extension: (Google Wallet) - C:\Users\Gregor-Boss\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-16]
CHR Extension: (Google Mail) - C:\Users\Gregor-Boss\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-06]
CHR StartMenuInternet: Google Chrome - C:\Users\Gregor\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [69392 2013-10-24] (Bitdefender)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S2 MSI Foundation Service; C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [12800 2010-07-17] (MSI)
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [95184 2012-06-25] (Bitdefender)
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1149104 2013-04-03] (Crawler.com)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [67320 2013-10-24] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe [1645256 2013-10-24] (Bitdefender)

==================== Drivers (Whitelisted) ====================

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2013-10-24] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2012-12-21] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2013-10-24] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-05-03] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
S3 BDSandBox; C:\windows\system32\drivers\bdsandbox.sys [82824 2013-10-24] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
S3 BTMNET; C:\Windows\System32\DRIVERS\btmnet.sys [30208 2010-07-17] (Motorola, Inc.)
R3 fspad_win764; C:\Windows\System32\DRIVERS\fspad_win764.sys [67584 2012-09-07] (Sentelic Corporation)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-10-24] (BitDefender LLC)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [42016 2013-11-27] (Visicom Media Inc.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [119512 2014-04-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [24744 2014-02-18] (Audials AG)
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2013-11-20] (Windows (R) Win 7 DDK provider)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-10-24] (BitDefender S.R.L.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 MBfilt; system32\drivers\MBfilt64.sys [X]
S3 MGHwCtrl; \??\C:\Program Files\msi\msi Software Install\MGHwCtrl.sys [X]
S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-19 22:49 - 2014-04-19 22:49 - 01258805 _____ () C:\Users\Gregor-Boss\Desktop\adwcleaner.exe
2014-04-19 22:38 - 2014-04-19 22:38 - 00000794 _____ () C:\Users\Gregor-Boss\Desktop\JRT.txt
2014-04-19 22:30 - 2014-04-19 22:30 - 00000000 ____D () C:\windows\ERUNT
2014-04-19 22:04 - 2014-04-19 22:54 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-19 22:04 - 2014-04-19 22:04 - 00001112 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-19 22:04 - 2014-04-19 22:04 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-19 22:04 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-19 22:04 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-19 22:04 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-04-19 21:57 - 2014-04-19 21:59 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Gregor\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-19 21:56 - 2014-04-19 21:56 - 01016261 _____ (Thisisu) C:\Users\Gregor\Downloads\JRT.exe
2014-04-19 10:08 - 2014-04-19 10:08 - 00000374 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2014-04-19 09:23 - 2014-04-19 09:23 - 00001232 _____ () C:\Users\Gregor\Desktop\Amazon Cloud Player.lnk
2014-04-19 09:23 - 2014-04-19 09:23 - 00000000 ____D () C:\Users\Gregor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2014-04-19 09:22 - 2014-04-19 09:23 - 00000000 ____D () C:\Users\Gregor\AppData\Local\Amazon Cloud Player
2014-04-19 09:16 - 2014-04-19 09:22 - 36335656 _____ (Amazon) C:\Users\Gregor\Downloads\AmazonCloudPlayerInstaller_r26.exe
2014-04-18 23:06 - 2014-04-18 23:06 - 00000000 __SHD () C:\Users\Gregor-Boss\AppData\Local\EmieUserList
2014-04-18 23:06 - 2014-04-18 23:06 - 00000000 __SHD () C:\Users\Gregor-Boss\AppData\Local\EmieSiteList
2014-04-18 01:01 - 2014-04-18 01:02 - 00000000 ____D () C:\Users\Gregor\Downloads\LED Manager
2014-04-18 00:46 - 2014-04-18 00:52 - 48479630 _____ () C:\Users\Gregor\Downloads\led_manager_7_nb.zip
2014-04-17 22:27 - 2014-04-19 22:58 - 00000000 ____D () C:\FRST
2014-04-17 22:23 - 2014-04-19 22:58 - 00000000 ____D () C:\Users\Gregor\Downloads\trojaner-board hilfe
2014-04-14 22:16 - 2014-04-14 22:16 - 542923835 _____ () C:\windows\MEMORY.DMP
2014-04-14 22:16 - 2014-04-14 22:16 - 00297920 _____ () C:\windows\Minidump\041414-16598-01.dmp
2014-04-13 08:52 - 2014-04-13 08:52 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\QuickScan
2014-04-13 08:51 - 2014-04-13 08:51 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Malwarebytes
2014-04-13 01:57 - 2014-04-13 01:57 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack x64
2014-04-13 01:57 - 2013-06-21 20:00 - 00127488 _____ () C:\windows\system32\ff_vfw.dll
2014-04-13 01:57 - 2012-06-09 19:21 - 00206336 _____ () C:\windows\system32\unrar64.dll
2014-04-13 01:57 - 2011-12-07 19:37 - 00148992 _____ ( ) C:\windows\system32\lagarith.dll
2014-04-13 01:43 - 2014-04-13 01:43 - 12414036 _____ ( ) C:\Users\Gregor\Downloads\K-Lite_Codec_Pack_999_x64.exe
2014-04-13 00:55 - 2014-04-13 00:55 - 01426178 _____ () C:\Users\Gregor\Desktop\adwcleaner3023.exe
2014-04-12 22:35 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-04-12 22:35 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-04-12 08:55 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-04-12 08:55 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-04-12 08:55 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-04-12 08:55 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-04-12 08:55 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-04-12 08:55 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-04-12 08:55 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-04-12 08:55 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2014-04-12 08:55 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2014-04-12 08:55 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2014-04-12 08:55 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2014-04-12 08:55 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-04-12 08:55 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-04-12 08:55 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-04-12 08:55 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2014-04-12 08:55 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-04-12 08:54 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-04-12 08:54 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-04-12 08:54 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-04-12 08:54 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-04-12 08:54 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-04-12 08:54 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-04-12 08:54 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-04-12 08:54 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-04-12 08:54 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-04-12 08:54 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-04-12 08:54 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-04-12 08:54 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-04-12 08:54 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-04-12 08:54 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-04-12 08:54 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-04-12 08:54 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-04-12 08:54 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-04-12 08:54 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-04-12 08:54 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-04-12 08:54 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-04-12 08:54 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-04-12 08:54 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-04-12 08:54 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-04-12 08:54 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-04-12 08:54 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-04-12 08:54 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-04-12 08:54 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-04-12 08:54 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-04-12 08:54 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-04-12 08:54 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-04-12 08:54 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-04-12 08:54 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-04-12 08:54 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-04-12 08:54 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-04-12 08:54 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-12 08:54 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-04-12 08:54 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-04-12 08:54 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-04-12 08:54 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-04-12 08:54 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-04-12 08:54 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-04-12 08:54 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-04-12 08:54 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-04-12 08:54 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-04-12 08:54 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-04-12 08:54 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-04-12 08:54 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-04-12 08:54 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-04-12 08:48 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-04-12 08:48 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2014-04-12 08:48 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2014-04-12 08:48 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2014-04-12 08:48 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2014-04-12 08:48 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2014-04-12 08:48 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-04-12 08:48 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2014-04-12 08:48 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2014-04-12 08:48 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2014-04-12 08:48 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2014-04-12 08:48 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-04-12 08:48 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-04-12 08:48 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys
2014-04-12 08:48 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll
2014-04-12 08:48 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iologmsg.dll
2014-04-12 08:48 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-04-12 08:48 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-04-12 08:48 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-04-10 00:25 - 2014-04-10 14:49 - 00000000 ____D () C:\Users\Gregor\AppData\Local\ManyCam
2014-04-10 00:25 - 2014-04-10 00:25 - 00001037 _____ () C:\Users\Public\Desktop\ManyCam.lnk
2014-04-10 00:24 - 2014-04-10 00:25 - 00000000 ____D () C:\Program Files (x86)\ManyCam
2014-04-10 00:24 - 2014-04-10 00:24 - 00000000 ____D () C:\Users\Gregor\AppData\Roaming\ManyCam
2014-04-10 00:19 - 2014-04-10 00:23 - 37889656 _____ (Visicom Media Inc.) C:\Users\Gregor\Downloads\ManyCam77StandaloneSetup.exe
2014-04-09 23:52 - 2014-04-09 23:52 - 00000000 ____D () C:\Users\Public\msi
2014-03-24 01:35 - 2014-03-24 01:35 - 00000000 ____D () C:\Users\Gregor\AppData\Roaming\Malwarebytes
2014-03-22 14:47 - 2014-03-22 14:47 - 00000000 ____D () C:\Users\Gregor-Boss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SoftMaker Viewer
2014-03-22 14:47 - 2014-03-22 14:47 - 00000000 ____D () C:\Users\Gregor\Documents\SoftMaker
2014-03-22 14:47 - 2014-03-22 14:47 - 00000000 ____D () C:\Program Files (x86)\SoftMaker Viewer
2014-03-22 14:47 - 2010-02-09 15:49 - 00779593 _____ () C:\Users\Gregor-Boss\Documents\TextMaker Viewer.tmd
2014-03-22 14:47 - 2010-02-03 18:27 - 00068640 _____ () C:\windows\unTMV.exe
2014-03-22 14:47 - 2010-02-03 18:01 - 00002885 _____ () C:\Users\Gregor-Boss\Documents\Viewer-Liesmich.txt
2014-03-22 14:45 - 2014-03-22 14:45 - 05483416 _____ (Igor Pavlov) C:\Users\Gregor\Downloads\TMViewerSetup585.exe
2014-03-22 14:22 - 2014-03-22 15:03 - 00000000 ____D () C:\Users\Gregor\Downloads\Emily Schule
2014-03-20 02:15 - 2014-04-09 08:42 - 00037174 _____ () C:\windows\DirectX.log
2014-03-20 01:20 - 2014-03-20 01:20 - 00000000 ____D () C:\windows\SysWOW64\RTCOM
2014-03-20 01:18 - 2010-09-07 20:27 - 02620008 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkAPO64.dll
2014-03-20 01:18 - 2010-09-07 20:27 - 02484072 _____ (Realtek Semiconductor Corp.) C:\windows\system32\Drivers\RTKVHD64.sys
2014-03-20 01:18 - 2010-09-07 20:27 - 02045032 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtPgEx64.dll
2014-03-20 01:18 - 2010-09-07 20:27 - 01215592 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RTCOM64.dll
2014-03-20 01:18 - 2010-09-07 20:27 - 01146984 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RTSnMg64.cpl
2014-03-20 01:18 - 2010-09-07 20:27 - 00540264 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkApi64.dll
2014-03-20 01:18 - 2010-09-07 20:27 - 00403048 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RCoRes64.dat
2014-03-20 01:18 - 2010-09-07 20:27 - 00332392 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtlCPAPI64.dll
2014-03-20 01:18 - 2010-09-07 20:27 - 00149608 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkCfg64.dll
2014-03-20 01:18 - 2010-09-07 20:27 - 00081000 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RCoInst64.dll
2014-03-20 01:18 - 2010-09-03 08:47 - 00338336 _____ (Fortemedia Corporation) C:\windows\system32\FMAPO64.dll
2014-03-20 01:18 - 2010-08-09 12:22 - 00098704 _____ (Sony Corporation) C:\windows\system32\SFSS_APO.dll
2014-03-20 01:18 - 2010-07-22 17:48 - 00220496 _____ (Virage Logic Corporation / Sonic Focus) C:\windows\system32\SFNHK64.dll
2014-03-20 01:18 - 2010-07-22 17:48 - 00081232 _____ (Virage Logic Corporation / Sonic Focus) C:\windows\system32\SFCOM64.dll
2014-03-20 01:18 - 2010-07-22 17:48 - 00078160 _____ (Virage Logic Corporation / Sonic Focus) C:\windows\system32\SFAPO64.dll
2014-03-20 01:18 - 2010-07-22 17:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\windows\SysWOW64\SFCOM.dll
2014-03-20 01:18 - 2010-07-22 17:37 - 00200800 _____ (Andrea Electronics Corporation) C:\windows\system32\AERTAC64.dll
2014-03-20 01:18 - 2010-07-06 12:48 - 01756160 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioRealtek.dll
2014-03-20 01:18 - 2010-07-01 14:44 - 00124128 _____ (DTS) C:\windows\system32\DTSLFXAPO64.dll
2014-03-20 01:18 - 2010-07-01 14:44 - 00124128 _____ (DTS) C:\windows\system32\DTSGFXAPO64.dll
2014-03-20 01:18 - 2010-07-01 14:44 - 00123104 _____ (DTS) C:\windows\system32\DTSGFXAPONS64.dll
2014-03-20 01:18 - 2010-06-27 18:14 - 00334848 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioAPO30.dll
2014-03-20 01:18 - 2010-05-06 18:34 - 00334680 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxVolumeSDAPO.dll
2014-03-20 01:18 - 2010-05-06 17:43 - 02601816 _____ (Waves Audio Ltd.) C:\windows\system32\WavesGUILib.dll
2014-03-20 01:18 - 2010-04-14 18:56 - 00318808 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioAPO20.dll
2014-03-20 01:18 - 2010-01-05 14:41 - 01325328 _____ (DTS) C:\windows\system32\DTSS2SpeakerDLL64.dll
2014-03-20 01:18 - 2010-01-05 14:41 - 00489744 _____ (DTS) C:\windows\system32\DTSSymmetryDLL64.dll
2014-03-20 01:18 - 2010-01-05 14:41 - 00474896 _____ (DTS) C:\windows\system32\DTSVoiceClarityDLL64.dll
2014-03-20 01:18 - 2010-01-05 14:40 - 01178384 _____ (DTS) C:\windows\system32\DTSS2HeadphoneDLL64.dll
2014-03-20 01:18 - 2010-01-05 14:40 - 01110800 _____ (DTS) C:\windows\system32\DTSBoostDLL64.dll
2014-03-20 01:18 - 2010-01-05 14:40 - 00504592 _____ (DTS) C:\windows\system32\DTSBassEnhancementDLL64.dll
2014-03-20 01:18 - 2010-01-05 14:40 - 00315152 _____ (DTS) C:\windows\system32\DTSNeoPCDLL64.dll
2014-03-20 01:18 - 2010-01-05 14:40 - 00268560 _____ (DTS) C:\windows\system32\DTSLimiterDLL64.dll
2014-03-20 01:18 - 2010-01-05 14:40 - 00265488 _____ (DTS) C:\windows\system32\DTSGainCompensatorDLL64.dll
2014-03-20 01:18 - 2009-12-15 19:26 - 00372936 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEP64A.dll
2014-03-20 01:18 - 2009-12-15 19:26 - 00201928 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEED64A.dll
2014-03-20 01:18 - 2009-12-15 19:26 - 00099016 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEL64A.dll
2014-03-20 01:18 - 2009-12-15 19:26 - 00076488 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEG64A.dll
2014-03-20 01:18 - 2009-12-11 10:55 - 00307920 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RP3DHT64.dll
2014-03-20 01:18 - 2009-12-11 10:55 - 00307920 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RP3DAA64.dll
2014-03-20 01:18 - 2009-11-24 10:55 - 00518896 _____ (SRS Labs, Inc.) C:\windows\system32\SRSTSX64.dll
2014-03-20 01:18 - 2009-11-24 10:55 - 00211184 _____ (SRS Labs, Inc.) C:\windows\system32\SRSTSH64.dll
2014-03-20 01:18 - 2009-11-24 10:55 - 00198896 _____ (SRS Labs, Inc.) C:\windows\system32\SRSHP64.dll
2014-03-20 01:18 - 2009-11-24 10:55 - 00155888 _____ (SRS Labs, Inc.) C:\windows\system32\SRSWOW64.dll
2014-03-20 01:18 - 2009-11-18 19:42 - 02197264 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioEQ.dll
2014-03-20 01:18 - 2009-11-17 19:12 - 00108960 _____ (Andrea Electronics Corporation) C:\windows\system32\AERTAR64.dll
2014-03-20 01:07 - 2010-09-07 14:28 - 00309336 _____ (Creative Technology Ltd.) C:\windows\SysWOW64\MBTHX32.dll
2014-03-20 00:50 - 2014-04-19 22:51 - 00000000 ____D () C:\AdwCleaner
2014-03-20 00:40 - 2014-04-19 22:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-20 00:40 - 2014-03-20 00:40 - 00000000 ____D () C:\Users\Gregor-Boss\AppData\Roaming\Malwarebytes
2014-03-20 00:38 - 2014-03-20 00:38 - 00686168 _____ () C:\Users\Gregor-Boss\Downloads\ZipExtractorSetup.exe
2014-03-20 00:27 - 2014-03-20 01:22 - 00000000 ____D () C:\Users\Gregor-Boss\AppData\Roaming\vlc
2014-03-20 00:05 - 2012-02-01 17:16 - 00568600 _____ (Intel Corporation) C:\windows\system32\Drivers\iaStor.sys

==================== One Month Modified Files and Folders =======

2014-04-19 22:59 - 2012-04-17 22:49 - 00001124 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-513543937-287335986-3713968974-1001UA.job
2014-04-19 22:58 - 2014-04-17 22:27 - 00000000 ____D () C:\FRST
2014-04-19 22:58 - 2014-04-17 22:23 - 00000000 ____D () C:\Users\Gregor\Downloads\trojaner-board hilfe
2014-04-19 22:57 - 2012-12-16 00:20 - 00003056 _____ () C:\windows\System32\Tasks\MSIAfterburner
2014-04-19 22:54 - 2014-04-19 22:04 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-19 22:54 - 2012-04-24 16:33 - 00001124 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-513543937-287335986-3713968974-1002UA.job
2014-04-19 22:53 - 2014-01-20 15:15 - 00018462 _____ () C:\windows\setupact.log
2014-04-19 22:53 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-19 22:52 - 2012-04-17 17:57 - 01193319 _____ () C:\windows\WindowsUpdate.log
2014-04-19 22:51 - 2014-03-20 00:50 - 00000000 ____D () C:\AdwCleaner
2014-04-19 22:49 - 2014-04-19 22:49 - 01258805 _____ () C:\Users\Gregor-Boss\Desktop\adwcleaner.exe
2014-04-19 22:38 - 2014-04-19 22:38 - 00000794 _____ () C:\Users\Gregor-Boss\Desktop\JRT.txt
2014-04-19 22:30 - 2014-04-19 22:30 - 00000000 ____D () C:\windows\ERUNT
2014-04-19 22:14 - 2013-05-07 19:04 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-04-19 22:08 - 2009-07-14 06:45 - 00024432 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-19 22:08 - 2009-07-14 06:45 - 00024432 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-19 22:04 - 2014-04-19 22:04 - 00001112 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-19 22:04 - 2014-04-19 22:04 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-19 22:04 - 2014-03-20 00:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-19 22:01 - 2012-04-17 17:58 - 00000000 ____D () C:\Users\Gregor-Boss
2014-04-19 22:00 - 2014-02-05 01:31 - 00005318 _____ () C:\windows\PFRO.log
2014-04-19 21:59 - 2014-04-19 21:57 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Gregor\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-19 21:56 - 2014-04-19 21:56 - 01016261 _____ (Thisisu) C:\Users\Gregor\Downloads\JRT.exe
2014-04-19 17:59 - 2012-04-17 22:49 - 00001072 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-513543937-287335986-3713968974-1001Core.job
2014-04-19 13:54 - 2012-04-24 16:33 - 00001072 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-513543937-287335986-3713968974-1002Core.job
2014-04-19 10:20 - 2011-03-04 17:06 - 00699682 _____ () C:\windows\system32\perfh007.dat
2014-04-19 10:20 - 2011-03-04 17:06 - 00149790 _____ () C:\windows\system32\perfc007.dat
2014-04-19 10:20 - 2009-07-14 07:13 - 01620684 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-19 10:12 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2014-04-19 10:08 - 2014-04-19 10:08 - 00000374 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2014-04-19 09:23 - 2014-04-19 09:23 - 00001232 _____ () C:\Users\Gregor\Desktop\Amazon Cloud Player.lnk
2014-04-19 09:23 - 2014-04-19 09:23 - 00000000 ____D () C:\Users\Gregor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2014-04-19 09:23 - 2014-04-19 09:22 - 00000000 ____D () C:\Users\Gregor\AppData\Local\Amazon Cloud Player
2014-04-19 09:22 - 2014-04-19 09:16 - 36335656 _____ (Amazon) C:\Users\Gregor\Downloads\AmazonCloudPlayerInstaller_r26.exe
2014-04-19 09:09 - 2013-10-29 19:51 - 00002014 _____ () C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2014-04-19 00:36 - 2012-06-03 00:51 - 00000000 ____D () C:\ProgramData\Codemasters
2014-04-19 00:36 - 2011-03-05 09:09 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-18 23:06 - 2014-04-18 23:06 - 00000000 __SHD () C:\Users\Gregor-Boss\AppData\Local\EmieUserList
2014-04-18 23:06 - 2014-04-18 23:06 - 00000000 __SHD () C:\Users\Gregor-Boss\AppData\Local\EmieSiteList
2014-04-18 01:02 - 2014-04-18 01:01 - 00000000 ____D () C:\Users\Gregor\Downloads\LED Manager
2014-04-18 00:52 - 2014-04-18 00:46 - 48479630 _____ () C:\Users\Gregor\Downloads\led_manager_7_nb.zip
2014-04-17 22:17 - 2012-04-19 13:41 - 00000000 ____D () C:\windows\System32\Tasks\Games
2014-04-17 22:03 - 2013-01-05 23:55 - 00000000 ____D () C:\Users\Gregor\Downloads\HjThis
2014-04-16 01:05 - 2012-04-19 22:45 - 00000000 ____D () C:\Users\Gregor\AppData\Roaming\vlc
2014-04-14 22:16 - 2014-04-14 22:16 - 542923835 _____ () C:\windows\MEMORY.DMP
2014-04-14 22:16 - 2014-04-14 22:16 - 00297920 _____ () C:\windows\Minidump\041414-16598-01.dmp
2014-04-14 22:16 - 2013-12-22 22:55 - 00000000 ____D () C:\windows\Minidump
2014-04-13 13:15 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-04-13 08:52 - 2014-04-13 08:52 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\QuickScan
2014-04-13 08:51 - 2014-04-13 08:51 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Malwarebytes
2014-04-13 08:06 - 2012-04-24 16:35 - 00002380 _____ () C:\Users\Sandra\Desktop\Google Chrome.lnk
2014-04-13 01:57 - 2014-04-13 01:57 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack x64
2014-04-13 01:43 - 2014-04-13 01:43 - 12414036 _____ ( ) C:\Users\Gregor\Downloads\K-Lite_Codec_Pack_999_x64.exe
2014-04-13 00:55 - 2014-04-13 00:55 - 01426178 _____ () C:\Users\Gregor\Desktop\adwcleaner3023.exe
2014-04-12 20:06 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-04-12 08:54 - 2013-07-15 16:38 - 00000000 ____D () C:\windows\system32\MRT
2014-04-12 08:52 - 2012-04-17 21:30 - 90655440 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-04-10 18:40 - 2012-04-17 22:51 - 00002380 _____ () C:\Users\Gregor\Desktop\Google Chrome.lnk
2014-04-10 14:49 - 2014-04-10 00:25 - 00000000 ____D () C:\Users\Gregor\AppData\Local\ManyCam
2014-04-10 12:42 - 2012-04-17 18:38 - 00000000 ____D () C:\Users\Gregor\AppData\Local\FSP
2014-04-10 01:01 - 2012-12-01 20:24 - 00000000 ____D () C:\Users\Gregor\AppData\Roaming\Sports Interactive
2014-04-10 00:25 - 2014-04-10 00:25 - 00001037 _____ () C:\Users\Public\Desktop\ManyCam.lnk
2014-04-10 00:25 - 2014-04-10 00:24 - 00000000 ____D () C:\Program Files (x86)\ManyCam
2014-04-10 00:24 - 2014-04-10 00:24 - 00000000 ____D () C:\Users\Gregor\AppData\Roaming\ManyCam
2014-04-10 00:23 - 2014-04-10 00:19 - 37889656 _____ (Visicom Media Inc.) C:\Users\Gregor\Downloads\ManyCam77StandaloneSetup.exe
2014-04-10 00:03 - 2014-03-17 16:57 - 00000000 ____D () C:\ProgramData\Origin
2014-04-09 23:52 - 2014-04-09 23:52 - 00000000 ____D () C:\Users\Public\msi
2014-04-09 23:52 - 2012-04-17 18:39 - 00000000 ____D () C:\Users\Gregor\AppData\Local\msi
2014-04-09 08:42 - 2014-03-20 02:15 - 00037174 _____ () C:\windows\DirectX.log
2014-04-09 08:42 - 2012-12-01 23:14 - 00000000 ____D () C:\Users\Gregor\Documents\Sports Interactive
2014-04-09 08:42 - 2012-12-01 20:24 - 00000000 ____D () C:\Users\Public\Documents\Sports Interactive
2014-04-09 08:42 - 2012-12-01 20:24 - 00000000 ____D () C:\Users\Gregor\AppData\Local\Sports Interactive
2014-04-03 17:54 - 2012-04-17 22:49 - 00004096 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-513543937-287335986-3713968974-1001UA
2014-04-03 17:54 - 2012-04-17 22:49 - 00003700 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-513543937-287335986-3713968974-1001Core
2014-04-03 09:51 - 2014-04-19 22:04 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-19 22:04 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-19 22:04 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-03-26 14:49 - 2012-04-24 16:33 - 00004096 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-513543937-287335986-3713968974-1002UA
2014-03-26 14:49 - 2012-04-24 16:33 - 00003700 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-513543937-287335986-3713968974-1002Core
2014-03-24 01:35 - 2014-03-24 01:35 - 00000000 ____D () C:\Users\Gregor\AppData\Roaming\Malwarebytes
2014-03-22 15:03 - 2014-03-22 14:22 - 00000000 ____D () C:\Users\Gregor\Downloads\Emily Schule
2014-03-22 14:47 - 2014-03-22 14:47 - 00000000 ____D () C:\Users\Gregor-Boss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SoftMaker Viewer
2014-03-22 14:47 - 2014-03-22 14:47 - 00000000 ____D () C:\Users\Gregor\Documents\SoftMaker
2014-03-22 14:47 - 2014-03-22 14:47 - 00000000 ____D () C:\Program Files (x86)\SoftMaker Viewer
2014-03-22 14:45 - 2014-03-22 14:45 - 05483416 _____ (Igor Pavlov) C:\Users\Gregor\Downloads\TMViewerSetup585.exe
2014-03-21 14:25 - 2012-04-24 16:03 - 00058400 _____ () C:\Users\Sandra\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-21 14:24 - 2012-04-24 16:03 - 00000000 ____D () C:\Users\Sandra\AppData\Local\FSP
2014-03-20 01:39 - 2014-03-18 23:36 - 00000000 ____D () C:\Users\Gregor-Boss\AppData\Roaming\Origin
2014-03-20 01:39 - 2014-03-18 23:36 - 00000000 ____D () C:\Users\Gregor-Boss\AppData\Local\Origin
2014-03-20 01:22 - 2014-03-20 00:27 - 00000000 ____D () C:\Users\Gregor-Boss\AppData\Roaming\vlc
2014-03-20 01:20 - 2014-03-20 01:20 - 00000000 ____D () C:\windows\SysWOW64\RTCOM
2014-03-20 01:18 - 2011-03-05 09:09 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-03-20 01:04 - 2012-04-17 18:38 - 00058400 _____ () C:\Users\Gregor\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-20 00:40 - 2014-03-20 00:40 - 00000000 ____D () C:\Users\Gregor-Boss\AppData\Roaming\Malwarebytes
2014-03-20 00:38 - 2014-03-20 00:38 - 00686168 _____ () C:\Users\Gregor-Boss\Downloads\ZipExtractorSetup.exe
2014-03-20 00:34 - 2014-03-19 20:16 - 00000000 ____D () C:\Users\Gregor-Boss\Downloads\MSi GT680R Treiber
2014-03-20 00:05 - 2011-03-05 09:04 - 00000000 ____D () C:\Program Files (x86)\Intel

Some content of TEMP:
====================
C:\Users\Gregor-Boss\AppData\Local\Temp\activation.x86.dll
C:\Users\Gregor-Boss\AppData\Local\Temp\HPInstaller.exe
C:\Users\Gregor-Boss\AppData\Local\Temp\HPPSdr.exe
C:\Users\Gregor-Boss\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-19 11:22

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

schrauber · 20.04.2014, 18:10

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

franzkans1 · 21.04.2014, 11:30

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.81  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Bitdefender Virenschutz   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 Java 7 Update 51  
 Adobe Flash Player 12.0.0.77  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Bitdefender Bitdefender 2013 bdagent.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b92e7b85bc480348843f0e3d3a7551ea
# engine=17961
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-20 11:19:24
# local_time=2014-04-21 01:19:24 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 24150949 149665814 0 0
# scanned=1176728
# found=0
# cleaned=0
# scan_time=12846

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-04-2014
Ran by Gregor-Boss (administrator) on GREGOR-BOSS-MSI on 21-04-2014 08:41:42
Running from C:\Users\Gregor\Downloads\trojaner-board hilfe
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\System Control Manager\MSIService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Microsoft Corporation) C:\windows\System32\alg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
(Sentelic Corporation) C:\Program Files\FSP\FspUip.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Users\Gregor\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
() C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe
(Valve Corporation) D:\Spiele\Steam\steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
(Sentelic Corporation) C:\Program Files\FSP\FspUip.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
() C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe
(msi) C:\Program Files (x86)\MSI\msi LED Manager\SLM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Users\Gregor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Gregor\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Gregor\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [THXCfg64] => C:\windows\system32\THXCfg64.dll [17920 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe [1575192 2013-10-24] (Bitdefender)
HKLM\...\Run: [fspuip] => C:\Program Files\FSP\fspuip.exe [5803520 2012-09-07] (Sentelic Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11465832 2010-09-07] (Realtek Semiconductor)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1351680 2010-11-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [MGSysCtrl] => C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe [2482176 2011-02-17] (Micro-Star International Co., Ltd.)
HKLM-x32\...\Run: [VGAOCAP] => C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe [89088 2012-06-06] ()
HKLM-x32\...\Run: [msi LED Manager] => C:\Program Files (x86)\msi\msi LED Manager\SLM.exe [2795008 2010-07-29] (msi)
HKU\S-1-5-21-513543937-287335986-3713968974-1001\...\Run: [Google Update] => C:\Users\Gregor\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-17] (Google Inc.)
HKU\S-1-5-21-513543937-287335986-3713968974-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-11-06] (Samsung)
HKU\S-1-5-21-513543937-287335986-3713968974-1001\...\Run: [Amazon Cloud Player] => C:\Users\Gregor\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()
HKU\S-1-5-21-513543937-287335986-3713968974-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Gregor\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-17] (Google Inc.)
HKU\S-1-5-21-513543937-287335986-3713968974-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-11-06] (Samsung)
HKU\S-1-5-21-513543937-287335986-3713968974-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Amazon Cloud Player] => C:\Users\Gregor\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()
HKU\S-1-5-21-513543937-287335986-3713968974-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Sandra\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-24] (Google Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://msi.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://msi.msn.com
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {AAFE5B87-4741-4036-9983-FC3D779A1B6C} URL = 
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} -  No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: HKLM-x32 {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{D09902FE-23AA-47E6-8471-1A2816D1A60E}: [NameServer]10.19.1.153

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll No File
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2012-12-13]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-04-26]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2012-12-13]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-04-26]

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Users\Gregor\AppData\Local\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Gregor\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Gregor\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No File
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\Gregor-Boss\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-06]
CHR Extension: (YouTube) - C:\Users\Gregor-Boss\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-06]
CHR Extension: (Google-Suche) - C:\Users\Gregor-Boss\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-06]
CHR Extension: (Google Wallet) - C:\Users\Gregor-Boss\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-16]
CHR Extension: (Google Mail) - C:\Users\Gregor-Boss\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-06]
CHR StartMenuInternet: Google Chrome - C:\Users\Gregor\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [69392 2013-10-24] (Bitdefender)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S2 MSI Foundation Service; C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [12800 2010-07-17] (MSI)
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [95184 2012-06-25] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [67320 2013-10-24] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe [1645256 2013-10-24] (Bitdefender)

==================== Drivers (Whitelisted) ====================

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2013-10-24] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2012-12-21] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2013-10-24] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-05-03] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
S3 BDSandBox; C:\windows\system32\drivers\bdsandbox.sys [82824 2013-10-24] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
S3 BTMNET; C:\Windows\System32\DRIVERS\btmnet.sys [30208 2010-07-17] (Motorola, Inc.)
R3 fspad_win764; C:\Windows\System32\DRIVERS\fspad_win764.sys [67584 2012-09-07] (Sentelic Corporation)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-10-24] (BitDefender LLC)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [42016 2013-11-27] (Visicom Media Inc.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [24744 2014-02-18] (Audials AG)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-10-24] (BitDefender S.R.L.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 MBfilt; system32\drivers\MBfilt64.sys [X]
S3 MGHwCtrl; \??\C:\Program Files\msi\msi Software Install\MGHwCtrl.sys [X]
S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-21 06:54 - 2014-04-21 06:54 - 00987448 _____ () C:\Users\Gregor-Boss\Desktop\SecurityCheck.exe
2014-04-20 01:44 - 2014-04-20 01:44 - 01066536 _____ (BillP Studios) C:\Users\Gregor\Downloads\wpsetup.exe
2014-04-19 23:54 - 2014-04-19 22:49 - 01258805 _____ () C:\Users\Gregor\Desktop\adwcleaner.exe
2014-04-19 22:49 - 2014-04-19 22:49 - 01258805 _____ () C:\Users\Gregor-Boss\Desktop\adwcleaner.exe
2014-04-19 22:38 - 2014-04-19 22:38 - 00000794 _____ () C:\Users\Gregor-Boss\Desktop\JRT.txt
2014-04-19 22:30 - 2014-04-19 22:30 - 00000000 ____D () C:\windows\ERUNT
2014-04-19 22:04 - 2014-04-21 08:37 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-19 22:04 - 2014-04-19 22:04 - 00001112 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-19 22:04 - 2014-04-19 22:04 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-19 22:04 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-19 22:04 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-19 22:04 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-04-19 21:57 - 2014-04-19 21:59 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Gregor\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-19 21:56 - 2014-04-19 21:56 - 01016261 _____ (Thisisu) C:\Users\Gregor\Downloads\JRT.exe
2014-04-19 10:08 - 2014-04-19 10:08 - 00000374 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2014-04-19 09:23 - 2014-04-19 09:23 - 00001232 _____ () C:\Users\Gregor\Desktop\Amazon Cloud Player.lnk
2014-04-19 09:23 - 2014-04-19 09:23 - 00000000 ____D () C:\Users\Gregor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2014-04-19 09:22 - 2014-04-19 09:23 - 00000000 ____D () C:\Users\Gregor\AppData\Local\Amazon Cloud Player
2014-04-19 09:16 - 2014-04-19 09:22 - 36335656 _____ (Amazon) C:\Users\Gregor\Downloads\AmazonCloudPlayerInstaller_r26.exe
2014-04-18 23:06 - 2014-04-18 23:06 - 00000000 __SHD () C:\Users\Gregor-Boss\AppData\Local\EmieUserList
2014-04-18 23:06 - 2014-04-18 23:06 - 00000000 __SHD () C:\Users\Gregor-Boss\AppData\Local\EmieSiteList
2014-04-18 01:01 - 2014-04-18 01:02 - 00000000 ____D () C:\Users\Gregor\Downloads\LED Manager
2014-04-18 00:46 - 2014-04-18 00:52 - 48479630 _____ () C:\Users\Gregor\Downloads\led_manager_7_nb.zip
2014-04-17 22:27 - 2014-04-21 08:41 - 00000000 ____D () C:\FRST
2014-04-17 22:23 - 2014-04-21 08:41 - 00000000 ____D () C:\Users\Gregor\Downloads\trojaner-board hilfe
2014-04-14 22:16 - 2014-04-14 22:16 - 542923835 _____ () C:\windows\MEMORY.DMP
2014-04-14 22:16 - 2014-04-14 22:16 - 00297920 _____ () C:\windows\Minidump\041414-16598-01.dmp
2014-04-13 08:52 - 2014-04-13 08:52 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\QuickScan
2014-04-13 08:51 - 2014-04-13 08:51 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Malwarebytes
2014-04-13 01:57 - 2014-04-13 01:57 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack x64
2014-04-13 01:57 - 2013-06-21 20:00 - 00127488 _____ () C:\windows\system32\ff_vfw.dll
2014-04-13 01:57 - 2012-06-09 19:21 - 00206336 _____ () C:\windows\system32\unrar64.dll
2014-04-13 01:57 - 2011-12-07 19:37 - 00148992 _____ ( ) C:\windows\system32\lagarith.dll
2014-04-13 01:43 - 2014-04-13 01:43 - 12414036 _____ ( ) C:\Users\Gregor\Downloads\K-Lite_Codec_Pack_999_x64.exe
2014-04-12 22:35 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-04-12 22:35 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-04-12 08:55 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-04-12 08:55 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-04-12 08:55 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-04-12 08:55 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-04-12 08:55 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-04-12 08:55 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-04-12 08:55 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-04-12 08:55 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2014-04-12 08:55 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2014-04-12 08:55 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2014-04-12 08:55 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2014-04-12 08:55 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-04-12 08:55 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-04-12 08:55 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-04-12 08:55 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2014-04-12 08:55 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-04-12 08:54 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-04-12 08:54 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-04-12 08:54 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-04-12 08:54 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-04-12 08:54 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-04-12 08:54 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-04-12 08:54 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-04-12 08:54 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-04-12 08:54 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-04-12 08:54 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-04-12 08:54 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-04-12 08:54 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-04-12 08:54 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-04-12 08:54 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-04-12 08:54 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-04-12 08:54 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-04-12 08:54 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-04-12 08:54 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-04-12 08:54 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-04-12 08:54 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-04-12 08:54 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-04-12 08:54 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-04-12 08:54 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-04-12 08:54 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-04-12 08:54 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-04-12 08:54 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-04-12 08:54 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-04-12 08:54 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-04-12 08:54 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-04-12 08:54 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-04-12 08:54 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-04-12 08:54 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-04-12 08:54 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-04-12 08:54 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-04-12 08:54 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-12 08:54 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-04-12 08:54 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-04-12 08:54 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-04-12 08:54 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-04-12 08:54 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-04-12 08:54 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-04-12 08:54 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-04-12 08:54 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-04-12 08:54 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-04-12 08:54 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-04-12 08:54 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-04-12 08:54 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-04-12 08:54 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-04-12 08:48 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-04-12 08:48 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2014-04-12 08:48 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2014-04-12 08:48 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2014-04-12 08:48 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2014-04-12 08:48 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2014-04-12 08:48 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-04-12 08:48 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2014-04-12 08:48 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2014-04-12 08:48 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2014-04-12 08:48 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2014-04-12 08:48 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-04-12 08:48 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-04-12 08:48 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys
2014-04-12 08:48 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll
2014-04-12 08:48 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iologmsg.dll
2014-04-12 08:48 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-04-12 08:48 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-04-12 08:48 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-04-10 00:25 - 2014-04-10 14:49 - 00000000 ____D () C:\Users\Gregor\AppData\Local\ManyCam
2014-04-10 00:25 - 2014-04-10 00:25 - 00001037 _____ () C:\Users\Public\Desktop\ManyCam.lnk
2014-04-10 00:24 - 2014-04-10 00:25 - 00000000 ____D () C:\Program Files (x86)\ManyCam
2014-04-10 00:24 - 2014-04-10 00:24 - 00000000 ____D () C:\Users\Gregor\AppData\Roaming\ManyCam
2014-04-10 00:19 - 2014-04-10 00:23 - 37889656 _____ (Visicom Media Inc.) C:\Users\Gregor\Downloads\ManyCam77StandaloneSetup.exe
2014-04-09 23:52 - 2014-04-09 23:52 - 00000000 ____D () C:\Users\Public\msi
2014-03-24 01:35 - 2014-03-24 01:35 - 00000000 ____D () C:\Users\Gregor\AppData\Roaming\Malwarebytes
2014-03-22 14:47 - 2014-03-22 14:47 - 00000000 ____D () C:\Users\Gregor-Boss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SoftMaker Viewer
2014-03-22 14:47 - 2014-03-22 14:47 - 00000000 ____D () C:\Users\Gregor\Documents\SoftMaker
2014-03-22 14:47 - 2014-03-22 14:47 - 00000000 ____D () C:\Program Files (x86)\SoftMaker Viewer
2014-03-22 14:47 - 2010-02-09 15:49 - 00779593 _____ () C:\Users\Gregor-Boss\Documents\TextMaker Viewer.tmd
2014-03-22 14:47 - 2010-02-03 18:27 - 00068640 _____ () C:\windows\unTMV.exe
2014-03-22 14:47 - 2010-02-03 18:01 - 00002885 _____ () C:\Users\Gregor-Boss\Documents\Viewer-Liesmich.txt
2014-03-22 14:45 - 2014-03-22 14:45 - 05483416 _____ (Igor Pavlov) C:\Users\Gregor\Downloads\TMViewerSetup585.exe
2014-03-22 14:22 - 2014-03-22 15:03 - 00000000 ____D () C:\Users\Gregor\Downloads\Emily Schule

==================== One Month Modified Files and Folders =======

2014-04-21 08:41 - 2014-04-17 22:27 - 00000000 ____D () C:\FRST
2014-04-21 08:41 - 2014-04-17 22:23 - 00000000 ____D () C:\Users\Gregor\Downloads\trojaner-board hilfe
2014-04-21 08:37 - 2014-04-19 22:04 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-21 08:14 - 2013-05-07 19:04 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-04-21 07:59 - 2012-04-17 22:49 - 00001124 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-513543937-287335986-3713968974-1001UA.job
2014-04-21 07:54 - 2012-04-24 16:33 - 00001124 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-513543937-287335986-3713968974-1002UA.job
2014-04-21 06:54 - 2014-04-21 06:54 - 00987448 _____ () C:\Users\Gregor-Boss\Desktop\SecurityCheck.exe
2014-04-20 23:30 - 2012-04-17 17:57 - 01220795 _____ () C:\windows\WindowsUpdate.log
2014-04-20 21:25 - 2011-03-04 17:06 - 00699682 _____ () C:\windows\system32\perfh007.dat
2014-04-20 21:25 - 2011-03-04 17:06 - 00149790 _____ () C:\windows\system32\perfc007.dat
2014-04-20 21:25 - 2009-07-14 07:13 - 01620684 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-20 21:21 - 2012-12-16 00:20 - 00003056 _____ () C:\windows\System32\Tasks\MSIAfterburner
2014-04-20 21:17 - 2012-04-17 22:49 - 00001072 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-513543937-287335986-3713968974-1001Core.job
2014-04-20 18:19 - 2012-04-24 16:33 - 00001072 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-513543937-287335986-3713968974-1002Core.job
2014-04-20 01:44 - 2014-04-20 01:44 - 01066536 _____ (BillP Studios) C:\Users\Gregor\Downloads\wpsetup.exe
2014-04-19 23:02 - 2009-07-14 06:45 - 00024432 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-19 23:02 - 2009-07-14 06:45 - 00024432 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-19 22:53 - 2014-01-20 15:15 - 00018462 _____ () C:\windows\setupact.log
2014-04-19 22:53 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-19 22:49 - 2014-04-19 23:54 - 01258805 _____ () C:\Users\Gregor\Desktop\adwcleaner.exe
2014-04-19 22:49 - 2014-04-19 22:49 - 01258805 _____ () C:\Users\Gregor-Boss\Desktop\adwcleaner.exe
2014-04-19 22:38 - 2014-04-19 22:38 - 00000794 _____ () C:\Users\Gregor-Boss\Desktop\JRT.txt
2014-04-19 22:30 - 2014-04-19 22:30 - 00000000 ____D () C:\windows\ERUNT
2014-04-19 22:04 - 2014-04-19 22:04 - 00001112 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-19 22:04 - 2014-04-19 22:04 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-19 22:04 - 2014-03-20 00:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-19 22:01 - 2012-04-17 17:58 - 00000000 ____D () C:\Users\Gregor-Boss
2014-04-19 22:00 - 2014-02-05 01:31 - 00005318 _____ () C:\windows\PFRO.log
2014-04-19 21:59 - 2014-04-19 21:57 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Gregor\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-19 21:56 - 2014-04-19 21:56 - 01016261 _____ (Thisisu) C:\Users\Gregor\Downloads\JRT.exe
2014-04-19 10:12 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2014-04-19 10:08 - 2014-04-19 10:08 - 00000374 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2014-04-19 09:23 - 2014-04-19 09:23 - 00001232 _____ () C:\Users\Gregor\Desktop\Amazon Cloud Player.lnk
2014-04-19 09:23 - 2014-04-19 09:23 - 00000000 ____D () C:\Users\Gregor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2014-04-19 09:23 - 2014-04-19 09:22 - 00000000 ____D () C:\Users\Gregor\AppData\Local\Amazon Cloud Player
2014-04-19 09:22 - 2014-04-19 09:16 - 36335656 _____ (Amazon) C:\Users\Gregor\Downloads\AmazonCloudPlayerInstaller_r26.exe
2014-04-19 09:09 - 2013-10-29 19:51 - 00002014 _____ () C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2014-04-19 00:36 - 2012-06-03 00:51 - 00000000 ____D () C:\ProgramData\Codemasters
2014-04-19 00:36 - 2011-03-05 09:09 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-18 23:06 - 2014-04-18 23:06 - 00000000 __SHD () C:\Users\Gregor-Boss\AppData\Local\EmieUserList
2014-04-18 23:06 - 2014-04-18 23:06 - 00000000 __SHD () C:\Users\Gregor-Boss\AppData\Local\EmieSiteList
2014-04-18 01:02 - 2014-04-18 01:01 - 00000000 ____D () C:\Users\Gregor\Downloads\LED Manager
2014-04-18 00:52 - 2014-04-18 00:46 - 48479630 _____ () C:\Users\Gregor\Downloads\led_manager_7_nb.zip
2014-04-17 22:17 - 2012-04-19 13:41 - 00000000 ____D () C:\windows\System32\Tasks\Games
2014-04-17 22:03 - 2013-01-05 23:55 - 00000000 ____D () C:\Users\Gregor\Downloads\HjThis
2014-04-16 01:05 - 2012-04-19 22:45 - 00000000 ____D () C:\Users\Gregor\AppData\Roaming\vlc
2014-04-14 22:16 - 2014-04-14 22:16 - 542923835 _____ () C:\windows\MEMORY.DMP
2014-04-14 22:16 - 2014-04-14 22:16 - 00297920 _____ () C:\windows\Minidump\041414-16598-01.dmp
2014-04-14 22:16 - 2013-12-22 22:55 - 00000000 ____D () C:\windows\Minidump
2014-04-13 13:15 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-04-13 08:52 - 2014-04-13 08:52 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\QuickScan
2014-04-13 08:51 - 2014-04-13 08:51 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Malwarebytes
2014-04-13 08:06 - 2012-04-24 16:35 - 00002380 _____ () C:\Users\Sandra\Desktop\Google Chrome.lnk
2014-04-13 01:57 - 2014-04-13 01:57 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack x64
2014-04-13 01:43 - 2014-04-13 01:43 - 12414036 _____ ( ) C:\Users\Gregor\Downloads\K-Lite_Codec_Pack_999_x64.exe
2014-04-12 20:06 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-04-12 08:54 - 2013-07-15 16:38 - 00000000 ____D () C:\windows\system32\MRT
2014-04-12 08:52 - 2012-04-17 21:30 - 90655440 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-04-10 18:40 - 2012-04-17 22:51 - 00002380 _____ () C:\Users\Gregor\Desktop\Google Chrome.lnk
2014-04-10 14:49 - 2014-04-10 00:25 - 00000000 ____D () C:\Users\Gregor\AppData\Local\ManyCam
2014-04-10 12:42 - 2012-04-17 18:38 - 00000000 ____D () C:\Users\Gregor\AppData\Local\FSP
2014-04-10 01:01 - 2012-12-01 20:24 - 00000000 ____D () C:\Users\Gregor\AppData\Roaming\Sports Interactive
2014-04-10 00:25 - 2014-04-10 00:25 - 00001037 _____ () C:\Users\Public\Desktop\ManyCam.lnk
2014-04-10 00:25 - 2014-04-10 00:24 - 00000000 ____D () C:\Program Files (x86)\ManyCam
2014-04-10 00:24 - 2014-04-10 00:24 - 00000000 ____D () C:\Users\Gregor\AppData\Roaming\ManyCam
2014-04-10 00:23 - 2014-04-10 00:19 - 37889656 _____ (Visicom Media Inc.) C:\Users\Gregor\Downloads\ManyCam77StandaloneSetup.exe
2014-04-10 00:03 - 2014-03-17 16:57 - 00000000 ____D () C:\ProgramData\Origin
2014-04-09 23:52 - 2014-04-09 23:52 - 00000000 ____D () C:\Users\Public\msi
2014-04-09 23:52 - 2012-04-17 18:39 - 00000000 ____D () C:\Users\Gregor\AppData\Local\msi
2014-04-09 08:42 - 2014-03-20 02:15 - 00037174 _____ () C:\windows\DirectX.log
2014-04-09 08:42 - 2012-12-01 23:14 - 00000000 ____D () C:\Users\Gregor\Documents\Sports Interactive
2014-04-09 08:42 - 2012-12-01 20:24 - 00000000 ____D () C:\Users\Public\Documents\Sports Interactive
2014-04-09 08:42 - 2012-12-01 20:24 - 00000000 ____D () C:\Users\Gregor\AppData\Local\Sports Interactive
2014-04-03 17:54 - 2012-04-17 22:49 - 00004096 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-513543937-287335986-3713968974-1001UA
2014-04-03 17:54 - 2012-04-17 22:49 - 00003700 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-513543937-287335986-3713968974-1001Core
2014-04-03 09:51 - 2014-04-19 22:04 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-19 22:04 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-19 22:04 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-03-26 14:49 - 2012-04-24 16:33 - 00004096 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-513543937-287335986-3713968974-1002UA
2014-03-26 14:49 - 2012-04-24 16:33 - 00003700 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-513543937-287335986-3713968974-1002Core
2014-03-24 01:35 - 2014-03-24 01:35 - 00000000 ____D () C:\Users\Gregor\AppData\Roaming\Malwarebytes
2014-03-22 15:03 - 2014-03-22 14:22 - 00000000 ____D () C:\Users\Gregor\Downloads\Emily Schule
2014-03-22 14:47 - 2014-03-22 14:47 - 00000000 ____D () C:\Users\Gregor-Boss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SoftMaker Viewer
2014-03-22 14:47 - 2014-03-22 14:47 - 00000000 ____D () C:\Users\Gregor\Documents\SoftMaker
2014-03-22 14:47 - 2014-03-22 14:47 - 00000000 ____D () C:\Program Files (x86)\SoftMaker Viewer
2014-03-22 14:45 - 2014-03-22 14:45 - 05483416 _____ (Igor Pavlov) C:\Users\Gregor\Downloads\TMViewerSetup585.exe

Some content of TEMP:
====================
C:\Users\Gregor-Boss\AppData\Local\Temp\activation.x86.dll
C:\Users\Gregor-Boss\AppData\Local\Temp\HPInstaller.exe
C:\Users\Gregor-Boss\AppData\Local\Temp\HPPSdr.exe
C:\Users\Gregor-Boss\AppData\Local\Temp\_TinDel.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-19 11:22

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Nein, momentan keine Probleme

Wie hast du das gemeint, Adwcleaner auch löschen lassen? Hast du sonst noch Tipps, dass mein Notebook nicht zugemüllt wird?

Ich benutze zum Deinstallieren den Revounistaller. Richtig oder falsch? Was meinst du?

schrauber · 22.04.2014, 12:09

Du hast von AdwCleaner nur das Such-Logfile gepostet.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Search Protect wurde bei Softwareinstallation mitinstalliert

Log-Analyse und Auswertung: Search Protect wurde bei Softwareinstallation mitinstalliert