Hardcore Trojaner oder dauer Pwn? :pukeface:

slow · 11.01.2015, 18:30

Schönen guten Abend zusammen,
Also ich hab hier n echt komisches Ding am laufen.
Ich versuche seit Tagen meinen PC und meine Laptop zum laufen zu bekommen.
Aber seit Taaaagen jetzt nur Kacke hier..

Ich habe alles versucht glaubt es mir. Ich habe vor kurzem angefangen mich ein wenig für Hintergrund Wissen in Sachen Netzwerk Sicherheit zu interessieren und da ich n Laptop habe hab ich mir dann mal ein paar Sachen bei YouTube angeschaut wie die da hacken und ich dachte so lerne ich doch bestimmt schnell gutes wissen.
Ja hin gesetzt und einfach mal nach arp spoofing ip hacking und sowas gesucht weil halt in der Vergangenheit oft komische Sachen am PC damals noch ESET gemeldet wurden, unteranderem halt auch ARP Poisoning z.B. Ich danach gesucht mir das angesehen und dadurch dann auf ein tut gestoßen um sein Netz aktiv und Live angezeigt über die Bash zu überwachen. Irgendwann wahr es auch so weit, es meldete sich jemand über gwlogin ein, und ab da gings dann los und ich habe das Live in der Bash und mit meinen Augen verfolgen können.
Ich habe nach und nach ständig immer mehr Rechte verloren.
Konnte nicht mehr in bestimmte Ordner. In die die vorher nicht da waren konnte ich auch nicht rein... Kahm direkt Freude auf, dachte ja nicht das es so abgehen wird.
Laptop völlig überladen und krüppelte nur noch so da rum.

Najaa ich bin ehrlich, ich habe früher auch mal was runtergeladen undso aber ich habe mir jetzt vor nem guten Jahr auch Windows 7 Prof x64 gekauft und zwar als OEM Version.
Jetzt ist aber bis gestern niemals der Fall gewesen das ich Daten und Memory Analyse gemacht habe (was übrigens auch dann gerade mit mehrmaligen formatieren dazwischen verbunden war).
Habe erst die Kali, dann Kubuntu ISO wie halt früher auch bootbar auf meinen stick geschrieben (was komischer weise dann zum Schluss nurnoch über Linux Mint möglich war einen Bootbaren Stick zu erstellen. Den eine davon habe ich jetzt 2 Jahre.

Also zurück...
Habe dann auch wirklich mehrere User gefunden in meinem System. Habe die Netzlaufwerke dann auch mal entdeckt und gemerkt wie schnell das dieses mal jetzt ging. Da habe ich angefangen genauer zu suchen.
Ja mit Anleitungen für Bash Commandos, habe ich auch noch mehr beweise gefunden auch in dem BashShadow.. Reverse gesucht z.B.
Nun wollte ich ja umsteigen auf Linux und dachte mir Whatsuuup... ist das jetzt Zufall hier??
Noch n paar mal probiert aber immer fast im selben Zeitraum die gleichen Faxxen und ich dann mal wirklich wie ich es auch sonst mit meinen Sticks mache bei einer Neuinstallation. Den Boottable dann MBR genullt mit mbrtools von der "UBCD". Spur Null natürlich auch. Mbrtool... Top Ding..

Ja also da konnte ja nichts mehr sein da ich das vom PC über die "UBCD" gemacht habe.
Ist Standard da bin ich eigen und sehr genau.

Habe dann Windows 7 Prof x64 OEM auf dem PC und auf dem Laptop Linux Mint wegen der Fähigkeit eine bootbaren Stick zu erstellen, da muss man nicht erst ins Netz downloaden, ist direkt dabei und funktioniert auch, installiert...
Ich hatte natürlich keinen LAN Stecker drin. Bluetooth und WLAN nicht Onboard und keinen WLAN oder BT Adapter...
Nach dem Neustart des PC's nach Neuinstallation...
Ihr glaubt es nicht.
Ich habe schon wieder verdächtig Aktionen gefunden. Direkt nach dem aufsetzten, aber wie bloß? Komischerweise ohne irgendeine Verbindung... Sofort kritische System Meldungen in der Verwaltung.
Habe gebootet und habe mir vor dem reboot das Dateisystem von Windows mal, das allererste mal leider n paar Stunden lang gaaanz genau angeschaut auch von den rechten her.
Da war alles gut. Überflüssige User gelöscht und dienste beendet und all das. Aber nachdem Boot nicht mehr!!

Sofort neue Ordner die ich nicht öffnen kann. Neue Gruppe "Administratoren". Hatte ich aber gelöscht. Ich bin Admin von meinem PC habe das auch so eingestellt, und will auch ma wieder weiter Administrieren können. Dachte ich....
Und da war mir alles klar was ablief...

Und es sind Ordner im System die von 2009 sind.. neben denen die ganz normal auf Installationstag gestampt wurden.
Und jetzt platzt mir hier echt gleich was... Ich will wissen was ihr dazu sagt das auf der OEM DVD unterschiedliche Timestamps verzeichnet sind. Wie kann das sein?
Kann da einer mir vllt. Die DVD kopiert haben mit Virus drin (seit kurzem muss ich den Key telefonisch aktivieren, scheint ohl eine der gefälschten Windows 7 Versionen zu sein) und mein Netz hier seit geraumer zeit korrumpiert?
Weil:

Erster Ereignisseintrag für das System ist folgender:
Information, heutiges Datum 13uhr, Eventlog, ID 6011, der NerBIOS Name (hatte meine Onboard LAN Adapter mal aus gestellt -.-) und der DNS-Hostname dieses Computers wurde von... in WIN-HQR4VDblabla geändert. (Ganz anderer Name) Danach noch zwei Eventlog Einträge von dem vor meinen eigenen und plötzlich eine ganze Reihe von Service Control Meldungen... Interessant fand ich das jetzt der Eventlog für Software Shadow auf stop steht. Und da steht auch das wäre am 11.2010 gewesen...
Ehh Halloo was geht denn da?!? Und es befinden sich haufenweise Änderungen von nem: userpnp dazwischen auch ein http event 10 minuten später über IPv6 die ich ja nichtmals einrichten konnte da LAN aus gewesen ist im BIOS!!!!!!!!!!!!

Naja bei der Ühungsrubrick vom Eventlog sind ca. 50 Events von nem anderen user eingetragen bevor dann erst meine kommen die eig.als erstes da zu stehen haben,verdächtigem verhalten..
Wlche ZBlauten es wurde ein Konto angemeldet, ID NULL SID anmelde ID 0x0 system nt-autorität usw.

Ich habe jetzt das Problem das da was ist. Aber ich brauche da spezielle Hilfe fürchte ich. Ich habe den Rechner zwar grad aus gemacht als ich Kippen holen wahr aber das zerstört keine Logs und wenn da was ist bleibt es auch da weil ich sehe keine steckendes LAN Kabel undso wie gesagt.. also wie kann ich das jetzt ganz genau herausfinden was da wann wie womit wodurch passiert ist. All zu viel ja nooch nicht zum Glück. aber genug um was dran zu machen und zu erfahren was oder wer das auslöst. Formatieren hilft ja nichts.
Habt ihr ein paar seiten wo ich mich informieren kann.
Ich kenne google aber hoffe einfach das ihr mir direkter helfen könnt mit ein paar links zu brauchbaren Windowscmd forensik tuts. Cain war am Laptop mit 150.000er Leitung in ca 30min fertig und dann war die ISO nicht mountbar... Schei*** rechte wieser. Jetzt stehen beide Rechner hier offline rum aber mein Handy geht ja ... noch ... das ist auch das einzigste was noch halbwegs Eigenleben besitzt.. Hatte gestern aber auch schon so komische zeitreisen in die Vergangenheit!!
Whatsapp hat mir das verklickert. Wollte nicht verbinden ständig... und akku derbe warm vom rumliefen lol..
Seither auch besser kein WLAN mehr am Handy. Werde sonst entweder bebombt weil einer das so macht oder weil mein Rechner das so anfordert. Ich will einfach Hilfe dabei das geht ja nun jetzt wirklich Jahre schon so sporadisch mal weniger mal öfters musste ich formatieren. Kommt mir manchmal vor alsob jemand das macht so ausgerechnet so mega oft... ca 30mal Formatiert. Paar mal levelNull.. -.- Das dauuert und nervt! Ach und Neulich war auch schon meine horizonbox kaputt. Komischerweise ne...
achjaaa und ich habe mit ein paar linuxtools vor 2-3Tagen ne Zeitlang meinem Router irgendwie mit nem befehlskombo überwacht wer sich mit welcjem protokoll an welchen port einloggt wie gesagt.. zwar abgeschrieben aber egal hats gebracht und es hat sich in der zeit jemand angemeldet über das web Interface. Hatte es geloggt.. Hatte..
Naja der hat das dann wohl auch recht flott mitbekommen... halbe Stund oderso später ging nichts mer. Alle beweise davon leiiider weg. Ip war auch dabei. Dachte merkt der nicht und ich kann an seinem Verhalten was lernen. Ja scheisse auch!
Ja und da bin ich jetzt zur zeit mehr dabei als ich eig. wollte.
Wollte ursprünglich nur n bischen bash lernen eben wegen den ständigen vorkommen und den Möglichkeiten von Linux. Und jetzt muss ich hier richtig mich mit Sachen beschädtigen die ich so tiefgründig noch nicht kenne. Alles zu viel neues aber ich merke es geht voran aber dafür reichts halt nicht. Habe von der windowsshell nicht viel ahnung. Früher bischen DOS das sind meine Kenntnisse.. leider..
aber ich hab keinen plan mehr.
Gibts nicht ne gute Anleitung oder kann mich nicht jemand hier von euch sozusagen fern administrieren hier über das forum???
Ich wäre über Hilfe wirklich dankbar und hoffe mal das hier jemand helfen kann..
Kann man eig. auch Viren in den GraKa RAM, Netzwerk Cntroller oder in den SSD Cortex schreiben? Gibt ja mittlerweile schon sicher besseres als n BIOS Virus oder BootSector Virus. Das is ja nichts mer heute oder sehe ich das falsch?

Ich hab mein Frontpanelkabel vorhin schon durch geschnitten in nem Minimierungsflash so zur Fehlerminimierung..!
Könnte echt ausrasten so langsam...

Hilfe.. Bitte...
Grüße slow

So das wahr der damalige Stand der Sache, mittlerweile haben sich neue Dinge ergeben.
Windows 7 ist wieder drauf, nur zu Info aber schonwieder halbwegs unbrauchbar geworden..
Das gleiche spiel..
Habe auch mehrere andere Sachen gefunden: Virtual Mashine als nicht aktivem user im gmail Konto verzeichnet, also hat sich ohl mal angemeldet, und noch ein Handy das ich
nicht kenne, mit IMEI dabei

))

VM:
Modellname: virtual machine
Hersteller: GreatFruitOmsk
Mobilfunkanbieter: No carrier
Letzte Aktivität am: 17.08.2014

Habe mit nem BIOS Editor mal mein BIOS angesehen, es sieht sehr komisch aus, kenne mich damit aber nicht gut aus.
BIOS downgrade nicht möglich da höchste Version -.-

Mitbekommen man MUSS SSD's bei virenbefall jeglicher Art dem Sicherheitslöschbefehl des ATA Controllers benutzen, hatte ich nie gemacht zuvor, naja so lernt man...
Aber trotzdem ist es noch sooo! Ich habe jetzt sogar noch alles was RAM besitzt mehrere Stunden vom Mainboard entfernt zur Löschung der Speichers, falls da noch was drin wahr...

Hat auch gut funktioniert, 3 Stunden dann ging die Scheisse wieder von vorne los..
Mag wohl auch an den sicherheitseinstellungen in den Gruppenrichtlinien zu liegen das irgendwelche Ports oder hintertüren angesprochen werden können, oder aber es sitzt wirklich irgendwo in irgendeiner Firmware von LAN Controller oder halt im BIOS oder alles zusammen (badBIOS) <--- Was ist damit? Wurde der eig. bestätigt... Habe erst vorgestern die Artikel von 2013 vo Drago oder Dragan gelesen... is ja heftig!!!
Gestern nacht, ich gehe pennen springt meine Horizon Box, also der Kühler was hies sie war aktiv die Nacht, war sie auch, steht im Log, aber ko0mischerweise soll ich das gewesen sein, mein PC wahr aber mit dem netzschalter aus, mache ich halt so! Kann also garnicht sein, IP's habe ich getraced, aber meine hat gestern wohl wer anders benutzt, und jetzt reicht mir ich hab die Fresse voll.

Ichlass jetzt nochmal alles durchlaufen, und dann lade ich die Logs hoch.
Ich hoffe ihr findet etwas, also Bitdefender hat tgerade schon ein paar Infizierte Cookies rausgehämmert...

Es wird Interessant

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:23 on 11/01/2015 (Administrator)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

schrauber · 11.01.2015, 18:32

Sorry, viel zu viel unübersichtlicher Text.

Was ich bis jezt rauslesen und verstehen konnte:

Du hast formatiert und neuaufgesetzt. Daraus ergibt soch folgende Schlussfolgerung: Dein System ist sauber. Formatieren überlebt nix. BIOS Viren gibt es in the wild nicht.

slow · 11.01.2015, 18:33

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-01-2015
Ran by Administrator (administrator) on DANIEL-PC on 11-01-2015 18:31:33
Running from C:\Users\Daniel\Downloads
Loaded Profiles: Zer0.Byt3 & Administrator (Available profiles: Zer0.Byt3 & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwtxapps.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Users\Daniel\Downloads\Defogger.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1626752 2014-11-14] (Bitdefender)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2042451591-645076460-3267669818-1000\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790344 2014-11-14] (Bitdefender)
HKU\S-1-5-21-2042451591-645076460-3267669818-500\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790344 2014-11-14] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2042451591-645076460-3267669818-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.bing.com/
HKU\S-1-5-21-2042451591-645076460-3267669818-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
HKU\S-1-5-21-2042451591-645076460-3267669818-500\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.bing.com/
HKU\S-1-5-21-2042451591-645076460-3267669818-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
BHO: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)
BHO-x32: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll (Bitdefender)
Toolbar: HKLM - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll (Bitdefender)
Toolbar: HKU\S-1-5-21-2042451591-645076460-3267669818-1000 -> Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)
Toolbar: HKU\S-1-5-21-2042451591-645076460-3267669818-500 -> Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)
Tcpip\Parameters: [DhcpNameServer] 192.168.200.122 8.8.8.8
Tcpip\..\Interfaces\{8E589EEE-7618-4753-BEE4-94A99D892BEC}: [NameServer] 192.168.***.***,8.8.8.8 <- HABE ICH GEÄNDERT!

FireFox:
========
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2015-01-11]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2015-01-11]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [203264 2009-08-18] (AMD) [File not signed]
S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2014-10-07] (Bitdefender)
S4 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-10-27] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1527360 2014-11-14] (Bitdefender)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 ACPI; C:\Windows\System32\drivers\ACPI.sys [334208 2010-11-21] () [File not signed]
R0 atapi; C:\Windows\System32\drivers\atapi.sys [24128 2009-07-14] () [File not signed]
S3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [6037504 2009-08-18] (ATI Technologies Inc.) [File not signed]
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1288472 2014-09-25] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [263032 2014-10-03] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-05-16] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-11-13] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [147456 2010-11-21] () [File not signed]
R3 CompositeBus; C:\Windows\System32\DRIVERS\CompositeBus.sys [38912 2010-11-21] () [File not signed]
R0 Disk; C:\Windows\System32\drivers\disk.sys [73280 2009-07-14] () [File not signed]
S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [5632 2009-07-14] () [File not signed]
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
R3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [350208 2010-11-21] () [File not signed]
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [122368 2010-11-21] () [File not signed]
R3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2010-11-21] () [File not signed]
S3 i8042prt; C:\Windows\system32\drivers\i8042prt.sys [105472 2009-07-14] () [File not signed]
R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [62464 2009-07-14] () [File not signed]
S3 iScsiPrt; C:\Windows\system32\drivers\msiscsi.sys [274880 2014-02-04] () [File not signed]
R3 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [50768 2009-07-14] () [File not signed]
R3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [33280 2010-11-21] () [File not signed]
S3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-14] () [File not signed]
R3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [49216 2009-07-14] () [File not signed]
R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-14] () [File not signed]
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-14] () [File not signed]
R1 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [32320 2009-07-14] () [File not signed]
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R2 npf; C:\Windows\System32\drivers\npf.sys [47632 2010-01-15] (CACE Technologies, Inc.)
R3 Parport; C:\Windows\System32\DRIVERS\parport.sys [97280 2009-07-14] () [File not signed]
R0 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-21] () [File not signed]
S3 pciide; C:\Windows\system32\drivers\pciide.sys [12352 2009-07-14] () [File not signed]
R3 rdpbus; C:\Windows\System32\DRIVERS\rdpbus.sys [24064 2009-07-14] () [File not signed]
R3 Serenum; C:\Windows\System32\DRIVERS\serenum.sys [23552 2009-07-14] () [File not signed]
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] () [File not signed]
S3 sermouse; C:\Windows\system32\drivers\sermouse.sys [26624 2009-07-14] () [File not signed]
R1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [63360 2010-11-21] () [File not signed]
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-10-15] (BitDefender S.R.L.)
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2010-11-21] () [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99840 2013-11-27] () [File not signed]
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [53248 2013-11-27] () [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2013-11-27] () [File not signed]
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2011-03-11] () [File not signed]
R3 usbuhci; C:\Windows\System32\DRIVERS\usbuhci.sys [30720 2013-11-27] () [File not signed]
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-14] () [File not signed]
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-21] () [File not signed]
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [295808 2010-11-21] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-12 03:33 - 2015-01-12 03:33 - 00000000 ____D () C:\Hotfix
2015-01-12 03:33 - 2015-01-11 18:42 - 00000000 ____D () C:\Windows\Panther
2015-01-12 03:33 - 2011-02-16 03:16 - 00000029 ___RH () C:\Windows\version
2015-01-12 03:33 - 2011-02-16 03:16 - 00000013 ____R () C:\Windows\csup.txt
2015-01-12 03:32 - 2015-01-12 03:32 - 00295922 _____ () C:\Windows\system32\perfi007.dat
2015-01-12 03:32 - 2015-01-12 03:32 - 00038104 _____ () C:\Windows\system32\perfd007.dat
2015-01-12 03:32 - 2015-01-12 03:32 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2015-01-12 03:32 - 2015-01-12 03:32 - 00000000 ____D () C:\Windows\SysWOW64\de
2015-01-12 03:32 - 2015-01-12 03:32 - 00000000 ____D () C:\Windows\SysWOW64\0407
2015-01-12 03:32 - 2015-01-12 03:32 - 00000000 ____D () C:\Windows\system32\de
2015-01-12 03:32 - 2015-01-12 03:32 - 00000000 ____D () C:\Windows\system32\0407
2015-01-12 03:32 - 2015-01-11 17:22 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2015-01-12 03:32 - 2015-01-11 17:22 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2015-01-11 21:23 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2015-01-11 21:16 - 2015-01-11 21:16 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-01-11 21:16 - 2015-01-11 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-01-11 21:16 - 2015-01-11 21:16 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-01-11 21:16 - 2015-01-11 21:16 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-01-11 21:16 - 2015-01-11 21:16 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-01-11 21:16 - 2015-01-11 21:16 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2015-01-11 21:16 - 2015-01-11 21:16 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2015-01-11 21:16 - 2015-01-11 21:16 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-01-11 21:16 - 2015-01-11 21:16 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-01-11 21:16 - 2015-01-11 21:16 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-01-11 21:16 - 2015-01-11 21:16 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2015-01-11 21:16 - 2015-01-11 21:16 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-01-11 21:16 - 2015-01-11 21:16 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-01-11 21:16 - 2015-01-11 21:16 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2015-01-11 21:16 - 2015-01-11 21:16 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-01-11 21:16 - 2015-01-11 21:16 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-01-11 21:16 - 2015-01-11 21:16 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-01-11 21:16 - 2015-01-11 21:16 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-01-11 21:16 - 2015-01-11 21:16 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-01-11 21:16 - 2015-01-11 21:16 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2015-01-11 21:16 - 2015-01-11 21:16 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-01-11 21:16 - 2015-01-11 21:16 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-01-11 21:16 - 2015-01-11 21:16 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2015-01-11 21:16 - 2015-01-11 21:16 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-01-11 21:16 - 2015-01-11 21:16 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-01-11 21:16 - 2015-01-11 21:16 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-01-11 21:16 - 2015-01-11 21:16 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-01-11 21:16 - 2015-01-11 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-01-11 21:15 - 2015-01-11 21:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-01-11 21:15 - 2015-01-11 21:15 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-01-11 21:15 - 2015-01-11 21:15 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-01-11 21:15 - 2015-01-11 21:15 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-01-11 21:15 - 2015-01-11 21:15 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-01-11 21:15 - 2015-01-11 21:15 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-01-11 21:14 - 2015-01-11 21:14 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2015-01-11 21:14 - 2015-01-11 21:14 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2015-01-11 21:09 - 2015-01-11 21:09 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2015-01-11 21:09 - 2015-01-11 21:09 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-01-11 21:09 - 2015-01-11 21:09 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-01-11 21:09 - 2015-01-11 21:09 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-01-11 21:09 - 2015-01-11 21:09 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-01-11 21:09 - 2015-01-11 21:09 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2015-01-11 21:09 - 2015-01-11 21:09 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2015-01-11 21:09 - 2015-01-11 21:09 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-01-11 21:09 - 2015-01-11 21:09 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2015-01-11 21:09 - 2015-01-11 21:09 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2015-01-11 21:09 - 2015-01-11 21:09 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2015-01-11 21:09 - 2015-01-11 21:09 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2015-01-11 21:09 - 2015-01-11 21:09 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-01-11 21:09 - 2015-01-11 21:09 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-01-11 21:09 - 2015-01-11 21:09 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2015-01-11 21:09 - 2015-01-11 21:09 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2015-01-11 21:09 - 2015-01-11 21:09 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2015-01-11 21:09 - 2015-01-11 21:09 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2015-01-11 21:09 - 2015-01-11 21:09 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2015-01-11 21:09 - 2015-01-11 21:09 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2015-01-11 21:09 - 2015-01-11 21:09 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-01-11 21:09 - 2015-01-11 21:09 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2015-01-11 21:09 - 2015-01-11 21:09 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2015-01-11 21:09 - 2015-01-11 21:09 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-01-11 21:09 - 2015-01-11 21:09 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-01-11 21:09 - 2015-01-11 21:09 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-01-11 21:09 - 2015-01-11 21:09 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-01-11 21:09 - 2015-01-11 21:09 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-01-11 21:09 - 2015-01-11 21:09 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-01-11 21:09 - 2015-01-11 21:09 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-01-11 21:09 - 2015-01-11 21:09 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-01-11 21:09 - 2015-01-11 21:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2015-01-11 21:09 - 2015-01-11 21:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2015-01-11 21:09 - 2015-01-11 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-01-11 21:09 - 2015-01-11 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-01-11 21:09 - 2015-01-11 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2015-01-11 21:09 - 2015-01-11 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-01-11 21:09 - 2015-01-11 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2015-01-11 21:09 - 2015-01-11 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-01-11 21:09 - 2015-01-11 21:09 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-01-11 21:09 - 2015-01-11 21:09 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-01-11 21:08 - 2015-01-11 21:23 - 00015897 _____ () C:\Windows\IE11_main.log
2015-01-11 21:08 - 2015-01-11 21:08 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2015-01-11 21:08 - 2015-01-11 21:08 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2015-01-11 20:57 - 2015-01-11 20:58 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-11 20:57 - 2014-11-27 16:40 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-11 20:39 - 2012-03-01 07:46 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2015-01-11 20:39 - 2012-03-01 07:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2015-01-11 20:39 - 2012-03-01 06:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2015-01-11 20:38 - 2015-01-10 22:57 - 00058016 _____ () C:\Users\Daniel\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-11 20:36 - 2014-06-30 23:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-01-11 20:36 - 2014-06-30 23:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2015-01-11 20:36 - 2014-06-06 07:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-01-11 20:36 - 2014-06-06 07:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-01-11 20:36 - 2014-03-09 22:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-01-11 20:36 - 2014-03-09 22:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-01-11 20:36 - 2014-03-09 22:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2015-01-11 20:36 - 2014-03-09 22:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2015-01-11 20:35 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-01-11 20:35 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-01-11 20:35 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-01-11 20:35 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-01-11 20:35 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-01-11 20:35 - 2014-03-04 10:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-11 20:35 - 2014-03-04 10:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2015-01-11 20:35 - 2014-03-04 10:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-01-11 20:35 - 2014-03-04 10:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2015-01-11 20:35 - 2014-03-04 10:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2015-01-11 20:35 - 2014-03-04 10:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2015-01-11 20:35 - 2014-03-04 10:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2015-01-11 20:35 - 2014-03-04 10:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2015-01-11 20:35 - 2014-03-04 10:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2015-01-11 20:35 - 2014-03-04 10:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-11 20:35 - 2014-03-04 10:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-11 20:35 - 2014-03-04 10:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2015-01-11 20:35 - 2014-03-04 10:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2015-01-11 20:35 - 2014-03-04 10:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2015-01-11 20:35 - 2014-03-04 10:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2015-01-11 20:35 - 2014-03-04 10:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2015-01-11 20:35 - 2014-03-04 10:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2015-01-11 20:35 - 2014-03-04 10:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2015-01-11 20:35 - 2014-03-04 10:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-01-11 20:35 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-01-11 20:35 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-01-11 20:35 - 2013-08-02 03:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-01-11 20:35 - 2013-08-02 03:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-01-11 20:35 - 2013-08-02 02:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-01-11 20:35 - 2013-08-02 01:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-01-11 20:35 - 2013-07-09 06:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-01-11 20:35 - 2013-07-09 06:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-01-11 20:35 - 2013-07-09 06:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-01-11 20:35 - 2013-07-09 05:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-01-11 20:35 - 2013-07-09 05:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-01-11 20:35 - 2013-07-09 05:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-01-11 20:34 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-01-11 20:34 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-01-11 20:34 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-01-11 20:34 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-01-11 20:34 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-01-11 20:34 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-01-11 20:34 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-01-11 20:34 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-01-11 20:34 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-11 20:34 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-11 20:34 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-11 20:34 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-11 20:34 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-11 20:34 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-11 20:34 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-11 20:34 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-11 20:34 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-01-11 20:34 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-01-11 20:34 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-01-11 20:34 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-01-11 20:34 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-01-11 20:34 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-01-11 20:34 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-01-11 20:34 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-01-11 20:34 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-01-11 20:34 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-01-11 20:34 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-01-11 20:34 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-01-11 20:34 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-01-11 20:34 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2015-01-11 20:34 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-01-11 20:34 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-01-11 20:34 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-01-11 20:34 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-01-11 20:34 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-01-11 20:34 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-01-11 20:34 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-01-11 20:34 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-01-11 20:34 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2015-01-11 20:34 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-01-11 20:34 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2015-01-11 20:34 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-01-11 20:34 - 2014-06-18 03:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2015-01-11 20:34 - 2014-06-18 02:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2015-01-11 20:34 - 2014-06-16 03:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-01-11 20:34 - 2014-06-06 11:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-01-11 20:34 - 2014-06-06 10:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2015-01-11 20:34 - 2014-06-03 11:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-01-11 20:34 - 2014-06-03 11:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-01-11 20:34 - 2014-06-03 11:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-01-11 20:34 - 2014-06-03 10:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-01-11 20:34 - 2014-06-03 10:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-01-11 20:34 - 2014-05-30 07:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-01-11 20:34 - 2014-04-25 03:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-01-11 20:34 - 2014-04-25 03:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-01-11 20:34 - 2014-04-12 03:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-01-11 20:34 - 2014-04-12 03:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-01-11 20:34 - 2014-04-12 03:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-01-11 20:34 - 2014-04-12 03:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-01-11 20:34 - 2014-04-12 03:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-01-11 20:34 - 2014-04-05 03:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-01-11 20:34 - 2014-04-05 03:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-01-11 20:34 - 2014-03-26 15:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-01-11 20:34 - 2014-03-26 15:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-01-11 20:34 - 2014-03-26 15:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-01-11 20:34 - 2014-03-26 15:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-01-11 20:34 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-11 20:34 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-11 20:34 - 2013-11-27 02:41 - 00343040 _____ () C:\Windows\system32\Drivers\usbhub.sys
2015-01-11 20:34 - 2013-11-27 02:41 - 00325120 _____ () C:\Windows\system32\Drivers\usbport.sys
2015-01-11 20:34 - 2013-11-27 02:41 - 00099840 _____ () C:\Windows\system32\Drivers\usbccgp.sys
2015-01-11 20:34 - 2013-11-27 02:41 - 00053248 _____ () C:\Windows\system32\Drivers\usbehci.sys
2015-01-11 20:34 - 2013-11-27 02:41 - 00030720 _____ () C:\Windows\system32\Drivers\usbuhci.sys
2015-01-11 20:34 - 2013-11-27 02:41 - 00007808 _____ () C:\Windows\system32\Drivers\usbd.sys
2015-01-11 20:34 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-01-11 20:34 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2015-01-11 20:34 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2015-01-11 20:34 - 2013-10-04 03:16 - 00116736 _____ () C:\Windows\system32\Drivers\drmk.sys
2015-01-11 20:34 - 2013-10-04 02:36 - 00230400 _____ () C:\Windows\system32\Drivers\portcls.sys
2015-01-11 20:34 - 2013-07-26 03:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2015-01-11 20:34 - 2013-07-26 02:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2015-01-11 20:34 - 2013-07-25 10:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2015-01-11 20:34 - 2013-07-25 09:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2015-01-11 20:34 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-01-11 20:34 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-01-11 20:34 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2015-01-11 20:34 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-01-11 20:34 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-01-11 20:34 - 2013-07-03 05:05 - 00076800 _____ () C:\Windows\system32\Drivers\hidclass.sys
2015-01-11 20:34 - 2013-07-03 05:05 - 00032896 _____ () C:\Windows\system32\Drivers\hidparse.sys
2015-01-11 20:34 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2015-01-11 20:34 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-01-11 20:34 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-01-11 20:34 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-01-11 20:34 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-01-11 20:34 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-01-11 20:34 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-01-11 20:34 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-01-11 20:34 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-01-11 20:34 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-01-11 20:34 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-01-11 20:34 - 2013-04-26 06:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-01-11 20:34 - 2013-04-26 05:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2015-01-11 20:34 - 2013-04-10 07:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2015-01-11 20:34 - 2013-02-27 06:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-01-11 20:34 - 2013-02-12 05:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-01-11 20:34 - 2012-11-28 23:56 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2015-01-11 20:34 - 2012-11-28 23:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2015-01-11 20:34 - 2012-11-28 23:56 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2015-01-11 20:34 - 2012-11-23 04:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2015-01-11 20:34 - 2012-11-02 06:59 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2015-01-11 20:34 - 2012-11-02 06:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2015-01-11 20:34 - 2012-09-25 23:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2015-01-11 20:34 - 2012-09-25 23:46 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2015-01-11 20:34 - 2012-03-17 08:58 - 00075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2015-01-11 20:34 - 2011-11-17 07:35 - 00395776 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2015-01-11 20:34 - 2011-11-17 06:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2015-01-11 20:34 - 2011-10-26 06:25 - 01572864 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-01-11 20:34 - 2011-10-26 05:32 - 01328128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-01-11 20:34 - 2011-08-17 06:26 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2015-01-11 20:34 - 2011-08-17 06:25 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2015-01-11 20:34 - 2011-08-17 05:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2015-01-11 20:34 - 2011-08-17 05:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2015-01-11 20:34 - 2011-07-09 03:46 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-01-11 20:34 - 2011-06-15 11:02 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\odbctrac.dll
2015-01-11 20:34 - 2011-06-15 11:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\odbccp32.dll
2015-01-11 20:34 - 2011-06-15 11:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccu32.dll
2015-01-11 20:34 - 2011-06-15 11:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccr32.dll
2015-01-11 20:34 - 2011-06-15 09:55 - 00319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2015-01-11 20:34 - 2011-06-15 09:55 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2015-01-11 20:34 - 2011-06-15 09:55 - 00122880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2015-01-11 20:34 - 2011-06-15 09:55 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2015-01-11 20:34 - 2011-06-15 09:55 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
2015-01-11 20:34 - 2011-05-24 12:42 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll
2015-01-11 20:34 - 2011-05-24 11:40 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2015-01-11 20:34 - 2011-05-24 11:40 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2015-01-11 20:34 - 2011-05-24 11:39 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2015-01-11 20:34 - 2011-05-24 11:37 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2015-01-11 20:34 - 2011-04-29 04:06 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-01-11 20:34 - 2011-04-29 04:05 - 00410112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2015-01-11 20:34 - 2011-04-29 04:05 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2015-01-11 20:34 - 2011-04-27 03:40 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-01-11 20:34 - 2011-04-27 03:39 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-01-11 20:34 - 2011-04-09 07:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-01-11 20:34 - 2011-04-09 06:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-01-11 20:34 - 2011-03-11 07:34 - 01395712 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2015-01-11 20:34 - 2011-03-11 07:34 - 01359872 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2015-01-11 20:34 - 2011-03-11 06:33 - 01164288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2015-01-11 20:34 - 2011-03-11 06:33 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2015-01-11 20:34 - 2011-03-03 07:24 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-01-11 20:34 - 2011-03-03 07:24 - 00183296 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2015-01-11 20:34 - 2011-03-03 07:21 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2015-01-11 20:34 - 2011-03-03 06:38 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2015-01-11 20:34 - 2011-03-03 06:36 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
2015-01-11 20:34 - 2011-02-05 18:10 - 00642944 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-01-11 20:34 - 2011-02-05 18:10 - 00020352 _____ (Microsoft Corporation) C:\Windows\system32\kdusb.dll
2015-01-11 20:34 - 2011-02-05 18:10 - 00019328 _____ (Microsoft Corporation) C:\Windows\system32\kd1394.dll
2015-01-11 20:34 - 2011-02-05 18:10 - 00017792 _____ (Microsoft Corporation) C:\Windows\system32\kdcom.dll
2015-01-11 20:34 - 2011-02-05 18:06 - 00605552 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-01-11 20:34 - 2011-02-05 18:06 - 00566208 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-01-11 20:34 - 2011-02-05 18:06 - 00518672 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-01-11 20:34 - 2011-02-03 12:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2015-01-11 20:34 - 2010-12-23 11:42 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2015-01-11 20:34 - 2010-12-23 11:42 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2015-01-11 20:34 - 2010-12-23 11:36 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2015-01-11 20:34 - 2010-12-23 06:54 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll
2015-01-11 20:34 - 2010-12-23 06:54 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2015-01-11 20:34 - 2010-12-23 06:50 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax
2015-01-11 20:32 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-01-11 20:32 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-01-11 20:28 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-01-11 20:28 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-01-11 20:28 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-01-11 20:28 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-01-11 20:28 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-01-11 20:28 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-01-11 20:28 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2015-01-11 20:28 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-01-11 20:28 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-01-11 20:28 - 2014-07-14 03:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-01-11 20:28 - 2014-07-14 02:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-01-11 20:28 - 2014-03-04 10:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-01-11 20:28 - 2014-03-04 10:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-01-11 20:28 - 2014-03-04 10:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-01-11 20:28 - 2014-03-04 10:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-01-11 20:28 - 2014-03-04 10:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-01-11 20:28 - 2014-03-04 10:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-01-11 20:28 - 2014-03-04 10:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-01-11 20:28 - 2014-03-04 10:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-01-11 20:28 - 2014-03-04 10:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-01-11 20:28 - 2014-03-04 09:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-01-11 20:28 - 2014-03-04 09:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-01-11 20:28 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-01-11 20:28 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-01-11 20:28 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-01-11 20:28 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-01-11 20:28 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-01-11 20:28 - 2013-08-02 03:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-01-11 20:28 - 2013-08-02 03:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 03:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 02:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 02:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 02:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-01-11 20:28 - 2013-08-02 01:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 01:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 01:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-01-11 20:28 - 2013-08-02 01:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-01-11 20:28 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-01-11 20:28 - 2013-05-13 06:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2015-01-11 20:28 - 2013-05-13 04:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2015-01-11 20:28 - 2013-05-13 04:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2015-01-11 20:28 - 2013-05-13 04:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2015-01-11 20:28 - 2012-07-04 23:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2015-01-11 20:28 - 2012-07-04 23:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2015-01-11 20:28 - 2012-07-04 23:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2015-01-11 20:28 - 2012-07-04 22:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2015-01-11 20:28 - 2012-07-04 22:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2015-01-11 20:28 - 2012-06-06 07:02 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2015-01-11 20:28 - 2012-06-06 06:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2015-01-11 20:28 - 2012-04-26 06:41 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
2015-01-11 20:28 - 2012-04-26 06:34 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe
2015-01-11 20:28 - 2011-10-15 07:31 - 00723456 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2015-01-11 20:28 - 2011-10-15 06:38 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2015-01-11 20:28 - 2011-08-27 06:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2015-01-11 20:28 - 2011-08-27 05:26 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2015-01-11 20:28 - 2011-02-23 05:55 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2015-01-11 20:27 - 2014-08-23 03:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-01-11 20:27 - 2014-08-23 02:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-01-11 20:27 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2015-01-11 20:27 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2015-01-11 20:27 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2015-01-11 20:27 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2015-01-11 20:27 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2015-01-11 20:27 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2015-01-11 20:27 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2015-01-11 20:27 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2015-01-11 20:27 - 2012-05-14 06:26 - 00956928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-01-11 20:27 - 2011-12-16 09:46 - 00634880 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2015-01-11 20:27 - 2011-12-16 08:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2015-01-11 20:27 - 2011-05-03 06:29 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-01-11 20:27 - 2011-05-03 05:30 - 00741376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-01-11 20:25 - 2015-01-11 20:25 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2015-01-11 20:25 - 2012-02-17 07:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2015-01-11 20:25 - 2012-02-17 06:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2015-01-11 20:25 - 2012-02-17 05:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2015-01-11 20:22 - 2015-01-11 20:22 - 00543589 _____ () C:\ProgramData\1421004041.bdinstall.bin
2015-01-11 20:22 - 2015-01-11 20:22 - 00000385 _____ () C:\Windows\system32\user_gensett.xml
2015-01-11 20:22 - 2015-01-11 20:22 - 00000385 _____ () C:\Users\Daniel\AppData\Roaminguser_gensett.xml
2015-01-11 20:21 - 2015-01-11 20:27 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Bitdefender
2015-01-11 20:21 - 2015-01-11 20:21 - 00253404 ____H () C:\bdr-ld01
2015-01-11 20:21 - 2015-01-11 20:21 - 00009216 ____H () C:\bdr-ld01.mbr
2015-01-11 20:21 - 2015-01-11 20:21 - 00000684 ____H () C:\bdr-cf01
2015-01-11 20:21 - 2015-01-11 20:21 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-01-11 20:21 - 2015-01-11 20:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015
2015-01-11 20:21 - 2015-01-11 20:21 - 00000000 ____D () C:\ProgramData\BDLogging
2015-01-11 20:21 - 2015-01-11 17:19 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Bitdefender
2015-01-11 20:21 - 2014-10-03 20:11 - 00263032 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2015-01-11 20:21 - 2014-09-25 15:57 - 01288472 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2015-01-11 20:21 - 2014-07-04 17:49 - 49563064 ____H () C:\bdr-im01.gz
2015-01-11 20:21 - 2014-05-16 13:04 - 00647752 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2015-01-11 20:21 - 2013-11-13 15:41 - 00093600 _____ (BitDefender LLC) C:\Windows\system32\Drivers\BdfNdisf6.sys
2015-01-11 20:21 - 2013-11-04 15:47 - 00082824 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys
2015-01-11 20:21 - 2013-11-04 15:47 - 00074512 _____ (BitDefender SRL) C:\Windows\SysWOW64\bdsandboxuiskin32.dll
2015-01-11 20:21 - 2013-08-13 13:38 - 03271472 ____H () C:\bdr-bz01
2015-01-11 20:21 - 2012-04-17 14:34 - 00076944 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2015-01-11 20:21 - 2009-07-14 14:21 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2015-01-11 20:21 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
2015-01-11 20:20 - 2015-01-11 20:22 - 00000000 ____D () C:\ProgramData\Bitdefender
2015-01-11 20:20 - 2015-01-11 20:21 - 00000000 ____D () C:\Program Files\Bitdefender
2015-01-11 20:20 - 2015-01-11 20:20 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\QuickScan
2015-01-11 20:20 - 2015-01-11 20:20 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2015-01-11 20:20 - 2014-10-15 16:14 - 00452040 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2015-01-11 20:20 - 2013-11-04 15:47 - 00084848 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUISkin.dll
2015-01-11 20:20 - 2013-11-04 15:46 - 00034384 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUH.dll
2015-01-11 20:20 - 2013-08-23 12:48 - 00150256 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2015-01-11 20:19 - 2014-05-14 17:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-01-11 20:19 - 2014-05-14 17:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-01-11 20:19 - 2014-05-14 17:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-01-11 20:19 - 2014-05-14 17:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-01-11 20:19 - 2014-05-14 17:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-01-11 20:19 - 2014-05-14 17:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-01-11 20:19 - 2014-05-14 17:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-01-11 20:19 - 2014-05-14 17:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-01-11 20:19 - 2014-05-14 17:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-01-11 20:19 - 2014-05-14 17:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-01-11 20:19 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-01-11 20:19 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-01-11 20:19 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-01-11 20:19 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-01-11 19:47 - 2015-01-11 19:47 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apps\2.0
2015-01-11 18:57 - 2015-01-10 22:59 - 00058016 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-11 18:45 - 2015-01-11 18:45 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2015-01-11 18:45 - 2015-01-11 18:45 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen
2015-01-11 18:45 - 2015-01-11 18:45 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2015-01-11 18:45 - 2015-01-11 18:45 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2015-01-11 18:45 - 2015-01-11 18:45 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen
2015-01-11 18:45 - 2015-01-11 18:45 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien
2015-01-11 18:45 - 2015-01-11 18:45 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2015-01-11 18:45 - 2015-01-11 18:45 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2015-01-11 18:45 - 2015-01-11 18:45 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2015-01-11 18:45 - 2015-01-11 18:45 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-11 18:45 - 2015-01-11 18:45 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2015-01-11 18:45 - 2015-01-11 18:45 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Anwendungsdaten
2015-01-11 18:45 - 2015-01-11 18:45 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten
2015-01-11 18:45 - 2015-01-11 13:44 - 00000000 ____D () C:\Users\Administrator
2015-01-11 18:45 - 2015-01-10 21:53 - 00001421 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-11 18:45 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-11 18:45 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-11 18:42 - 2015-01-11 20:53 - 00000000 ___RD () C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-11 18:42 - 2015-01-11 18:42 - 00000020 ___SH () C:\Users\Daniel\ntuser.ini
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 _SHDL () C:\Users\Default\Startmenü
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 _SHDL () C:\Users\Daniel\Vorlagen
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 _SHDL () C:\Users\Daniel\Startmenü
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 _SHDL () C:\Users\Daniel\Netzwerkumgebung
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 _SHDL () C:\Users\Daniel\Lokale Einstellungen
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 _SHDL () C:\Users\Daniel\Eigene Dateien
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 _SHDL () C:\Users\Daniel\Druckumgebung
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 _SHDL () C:\Users\Daniel\Documents\Eigene Musik
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 _SHDL () C:\Users\Daniel\Documents\Eigene Bilder
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 _SHDL () C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 _SHDL () C:\Users\Daniel\AppData\Local\Verlauf
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 _SHDL () C:\Users\Daniel\AppData\Local\Anwendungsdaten
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 _SHDL () C:\Users\Daniel\Anwendungsdaten
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 _SHDL () C:\Programme
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 _SHDL () C:\ProgramData\Startmenü
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 _SHDL () C:\ProgramData\Favoriten
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 _SHDL () C:\ProgramData\Dokumente
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 __SHD () C:\Recovery
2015-01-11 18:42 - 2015-01-11 18:42 - 00000000 ____D () C:\Users\Daniel\AppData\Local\VirtualStore
2015-01-11 18:42 - 2015-01-10 22:47 - 00000000 ____D () C:\Users\Daniel
2015-01-11 18:42 - 2015-01-10 21:55 - 00001409 _____ () C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-11 18:40 - 2015-01-11 18:40 - 00001355 _____ () C:\Windows\TSSysprep.log
2015-01-11 18:40 - 2015-01-11 18:40 - 00000000 _____ () C:\Windows\ativpsrm.bin
2015-01-11 18:40 - 2015-01-11 17:17 - 01832103 _____ () C:\Windows\WindowsUpdate.log
2015-01-11 15:40 - 2015-01-11 15:41 - 87179530 _____ () C:\Users\Daniel\Downloads\gapps-kk-20140105-signed.zip
2015-01-11 14:28 - 2015-01-11 14:28 - 00305104 _____ () C:\Users\Daniel\Downloads\gmer.log
2015-01-11 14:06 - 2015-01-11 14:06 - 00380416 _____ () C:\Users\Daniel\Downloads\z6xx3f9d.exe
2015-01-11 14:02 - 2015-01-11 14:07 - 00000791 _____ () C:\Users\Daniel\Desktop\Neues Textdokument.txt
2015-01-11 13:52 - 2015-01-11 13:52 - 00380416 _____ () C:\Users\Daniel\Downloads\Gmer-19357.exe
2015-01-11 13:48 - 2015-01-11 18:31 - 00012061 _____ () C:\Users\Daniel\Downloads\FRST.txt
2015-01-11 13:48 - 2015-01-11 18:31 - 00000000 ____D () C:\FRST
2015-01-11 13:48 - 2015-01-11 13:48 - 00016354 _____ () C:\Users\Daniel\Downloads\Addition.txt
2015-01-11 13:47 - 2015-01-11 13:47 - 02124288 _____ (Farbar) C:\Users\Daniel\Downloads\FRST64.exe
2015-01-11 13:44 - 2015-01-11 17:23 - 00000488 _____ () C:\Users\Daniel\Downloads\defogger_disable.log
2015-01-11 13:44 - 2015-01-11 13:44 - 00000000 _____ () C:\Users\Administrator\defogger_reenable
2015-01-11 13:43 - 2015-01-11 13:43 - 00050477 _____ () C:\Users\Daniel\Downloads\Defogger.exe
2015-01-11 12:52 - 2015-01-11 12:52 - 00000000 ____D () C:\Users\Daniel\Downloads\4-16_GApps_Minimal_4.4.2_signed
2015-01-11 12:51 - 2015-01-11 12:51 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-01-11 12:51 - 2015-01-11 12:51 - 00000000 ____D () C:\Users\Daniel\Downloads\CARBON-KK-UNOFFICIAL-20141116-1326-serranoltexx
2015-01-11 12:45 - 2015-01-11 12:45 - 00000000 ____D () C:\Users\Daniel\Downloads\Odin_3.10.0
2015-01-11 12:39 - 2015-01-11 12:39 - 20508733 _____ () C:\Users\Daniel\Downloads\4-16_GApps_Minimal_4.4.2_signed.zip
2015-01-11 12:38 - 2015-01-11 12:42 - 230443019 _____ () C:\Users\Daniel\Downloads\CARBON-KK-UNOFFICIAL-20141116-1326-serranoltexx.zip
2015-01-11 12:37 - 2015-01-11 12:37 - 01004639 _____ () C:\Users\Daniel\Downloads\Odin_3.10.0.zip
2015-01-10 22:59 - 2015-01-10 22:59 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI
2015-01-10 22:59 - 2015-01-10 22:59 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI
2015-01-10 22:57 - 2015-01-10 22:57 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\ATI
2015-01-10 22:57 - 2015-01-10 22:57 - 00000000 ____D () C:\Users\Daniel\AppData\Local\ATI
2015-01-10 22:57 - 2015-01-10 22:57 - 00000000 ____D () C:\ProgramData\ATI
2015-01-10 22:55 - 2015-01-10 22:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2015-01-10 22:55 - 2015-01-10 22:55 - 00000000 ____D () C:\ProgramData\AMD
2015-01-10 22:55 - 2015-01-10 22:55 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2015-01-10 22:55 - 2015-01-10 22:55 - 00000000 ____D () C:\Program Files\ATI
2015-01-10 22:55 - 2015-01-10 22:55 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2015-01-10 22:55 - 2015-01-10 22:55 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2015-01-10 22:55 - 2015-01-10 22:55 - 00000000 ____D () C:\Program Files (x86)\AMD APP
2015-01-10 22:54 - 2015-01-10 22:55 - 00000000 ____D () C:\Program Files\ATI Technologies
2015-01-10 22:54 - 2015-01-10 22:54 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList
2015-01-10 22:54 - 2015-01-10 22:54 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList
2015-01-10 22:54 - 2015-01-10 22:54 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieBrowserModeList
2015-01-10 22:54 - 2015-01-10 22:54 - 00000000 ____D () C:\AMD
2015-01-10 22:53 - 2015-01-10 22:53 - 05451464 _____ (Advanced Micro Devices, Inc.) C:\Users\Daniel\Downloads\autodetectutility.exe
2015-01-10 22:47 - 2015-01-10 22:52 - 00000000 ____D () C:\Users\Administrator\.zenmap
2015-01-10 22:47 - 2015-01-10 22:47 - 00000000 ____D () C:\Users\Daniel\.zenmap
2015-01-10 22:46 - 2015-01-10 22:46 - 15620228 _____ (Insecure.org) C:\Users\Daniel\Downloads\nmap-5.20-setup.exe
2015-01-10 22:46 - 2015-01-10 22:46 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nmap
2015-01-10 22:46 - 2015-01-10 22:46 - 00000000 ____D () C:\Program Files\WinPcap
2015-01-10 22:46 - 2015-01-10 22:46 - 00000000 ____D () C:\Program Files (x86)\Nmap
2015-01-10 22:20 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-01-10 22:20 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-01-10 22:20 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-01-10 22:20 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-01-10 22:18 - 2015-01-10 22:18 - 01558224 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-10 22:15 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-01-10 22:15 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-01-10 22:15 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-01-10 22:15 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-01-10 22:15 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-01-10 22:15 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-01-10 22:15 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-01-10 22:15 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-01-10 22:15 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-01-10 22:15 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-01-10 22:15 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-10 22:15 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-01-10 22:15 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-01-10 22:15 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-01-10 22:15 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-01-10 22:15 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-01-10 22:15 - 2013-10-01 21:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-01-10 22:15 - 2013-10-01 21:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-01-10 22:13 - 2012-08-23 15:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-01-10 22:13 - 2012-08-23 15:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2015-01-10 22:13 - 2012-08-23 14:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-01-10 22:13 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2015-01-10 22:12 - 2012-08-23 15:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-01-10 22:12 - 2012-08-23 11:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2015-01-10 22:12 - 2012-08-23 10:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-01-10 22:10 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-01-10 22:10 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-01-10 22:10 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-01-10 22:10 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-01-10 22:10 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-01-10 22:10 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-01-10 22:10 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-01-10 22:10 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-01-10 22:10 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-01-10 22:10 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-01-10 22:09 - 2012-07-26 04:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2015-01-10 22:09 - 2012-07-26 04:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2015-01-10 22:09 - 2012-07-26 04:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2015-01-10 22:09 - 2012-07-26 04:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2015-01-10 22:09 - 2012-07-26 04:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2015-01-10 22:09 - 2012-07-26 03:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2015-01-10 22:09 - 2012-07-26 03:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2015-01-10 22:09 - 2012-06-02 15:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2015-01-10 22:08 - 2014-06-27 03:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-01-10 22:08 - 2014-06-27 02:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-01-10 22:07 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-01-10 22:07 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-01-10 22:07 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-01-10 22:07 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-01-10 22:07 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-01-10 22:07 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-01-10 22:07 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-01-10 22:07 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-01-10 22:07 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-01-10 22:07 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-01-10 22:07 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-01-10 22:07 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-01-10 22:07 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-01-10 22:07 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-01-10 22:07 - 2014-06-24 04:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-01-10 22:07 - 2014-06-24 03:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-01-10 22:07 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2015-01-10 22:07 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2015-01-10 22:07 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2015-01-10 22:07 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2015-01-10 22:07 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2015-01-10 22:07 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2015-01-10 22:07 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2015-01-10 22:07 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2015-01-10 22:07 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2015-01-10 22:07 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2015-01-10 22:07 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2015-01-10 22:07 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2015-01-10 22:07 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2015-01-10 22:07 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2015-01-10 22:07 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2015-01-10 22:07 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2015-01-10 22:07 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2015-01-10 22:07 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2015-01-10 22:07 - 2012-12-07 14:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2015-01-10 22:07 - 2012-12-07 14:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2015-01-10 22:07 - 2012-12-07 13:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2015-01-10 22:07 - 2012-12-07 13:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2015-01-10 22:07 - 2012-12-07 12:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2015-01-10 22:07 - 2012-12-07 12:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2015-01-10 22:07 - 2012-12-07 12:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2015-01-10 22:07 - 2012-12-07 12:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2015-01-10 22:07 - 2012-12-07 12:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2015-01-10 22:07 - 2012-12-07 12:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2015-01-10 22:07 - 2012-12-07 12:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2015-01-10 22:07 - 2012-12-07 12:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2015-01-10 22:07 - 2012-12-07 12:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2015-01-10 22:07 - 2012-12-07 12:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2015-01-10 22:07 - 2012-12-07 12:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2015-01-10 22:07 - 2012-12-07 12:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2015-01-10 22:07 - 2012-12-07 12:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2015-01-10 22:07 - 2012-12-07 12:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2015-01-10 22:07 - 2012-12-07 11:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2015-01-10 22:07 - 2012-12-07 11:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2015-01-10 22:07 - 2012-12-07 11:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2015-01-10 22:07 - 2012-12-07 11:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2015-01-10 22:07 - 2012-12-07 11:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2015-01-10 22:07 - 2012-12-07 11:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2015-01-10 22:07 - 2012-12-07 11:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2015-01-10 22:07 - 2012-12-07 11:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2015-01-10 22:07 - 2012-12-07 11:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2015-01-10 22:07 - 2012-12-07 11:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2015-01-10 22:07 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2015-01-10 22:07 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2015-01-10 22:07 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2015-01-10 22:07 - 2012-12-07 11:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2015-01-10 22:07 - 2012-10-09 19:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2015-01-10 22:07 - 2012-10-09 19:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2015-01-10 22:07 - 2012-10-09 18:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2015-01-10 22:07 - 2012-10-09 18:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2015-01-10 22:06 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-01-10 22:06 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-01-10 22:06 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-01-10 22:06 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-01-10 22:06 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-01-10 22:06 - 2014-08-01 12:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-01-10 22:06 - 2014-08-01 12:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2015-01-10 22:06 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2015-01-10 22:06 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2015-01-10 22:06 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2015-01-10 22:06 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2015-01-10 22:06 - 2014-07-09 03:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2015-01-10 22:06 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2015-01-10 22:06 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2015-01-10 22:06 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2015-01-10 22:06 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2015-01-10 22:06 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2015-01-10 22:06 - 2014-07-08 23:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2015-01-10 22:06 - 2014-07-08 23:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2015-01-10 22:06 - 2014-06-25 03:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-01-10 22:06 - 2014-06-25 02:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-01-10 22:06 - 2014-02-04 03:35 - 00274880 _____ () C:\Windows\system32\Drivers\msiscsi.sys
2015-01-10 22:06 - 2014-02-04 03:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2015-01-10 22:06 - 2014-02-04 03:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2015-01-10 22:06 - 2014-02-04 03:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2015-01-10 22:06 - 2014-02-04 03:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2015-01-10 22:06 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2015-01-10 22:06 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-01-10 22:06 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-01-10 22:06 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2015-01-10 22:06 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2015-01-10 22:06 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2015-01-10 22:06 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2015-01-10 22:06 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2015-01-10 22:06 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2015-01-10 22:06 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2015-01-10 22:06 - 2013-08-05 03:25 - 00155584 _____ () C:\Windows\system32\Drivers\ataport.sys
2015-01-10 22:06 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-01-10 22:06 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-01-10 22:06 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-01-10 22:06 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-01-10 22:06 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-10 22:06 - 2013-05-10 06:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2015-01-10 22:06 - 2013-05-10 04:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2015-01-10 22:06 - 2013-03-19 06:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2015-01-10 22:06 - 2012-10-03 18:44 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-10 22:06 - 2012-10-03 18:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2015-01-10 22:06 - 2012-10-03 18:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-10 22:06 - 2012-10-03 18:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-10 22:06 - 2012-10-03 18:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2015-01-10 22:06 - 2012-10-03 18:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2015-01-10 22:06 - 2012-10-03 17:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2015-01-10 22:06 - 2012-10-03 17:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-10 22:06 - 2012-10-03 17:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2015-01-10 22:06 - 2012-10-03 17:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2015-01-10 22:06 - 2012-08-22 19:12 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-01-10 22:06 - 2012-08-21 22:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2015-01-10 22:06 - 2012-07-04 21:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2015-01-10 22:06 - 2012-05-05 09:36 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-10 22:06 - 2012-05-05 08:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-10 22:06 - 2012-05-01 06:40 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-10 22:06 - 2012-01-13 08:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-10 22:06 - 2012-01-04 11:44 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2015-01-10 22:06 - 2012-01-04 09:58 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2015-01-10 22:06 - 2011-12-30 07:26 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2015-01-10 22:06 - 2011-12-30 06:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2015-01-10 22:06 - 2011-06-16 06:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
2015-01-10 22:06 - 2011-06-16 05:33 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2015-01-10 22:06 - 2011-05-04 06:25 - 02315776 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-01-10 22:06 - 2011-05-04 06:22 - 02223616 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-01-10 22:06 - 2011-05-04 06:22 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-01-10 22:06 - 2011-05-04 06:22 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-01-10 22:06 - 2011-05-04 06:22 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-01-10 22:06 - 2011-05-04 06:22 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2015-01-10 22:06 - 2011-05-04 06:19 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-01-10 22:06 - 2011-05-04 06:19 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-01-10 22:06 - 2011-05-04 06:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2015-01-10 22:06 - 2011-05-04 05:34 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-01-10 22:06 - 2011-05-04 05:32 - 01401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-01-10 22:06 - 2011-05-04 05:32 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2015-01-10 22:06 - 2011-05-04 05:32 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2015-01-10 22:06 - 2011-05-04 05:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2015-01-10 22:06 - 2011-05-04 05:32 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2015-01-10 22:06 - 2011-05-04 05:28 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-01-10 22:06 - 2011-05-04 05:28 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-01-10 22:06 - 2011-05-04 05:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2015-01-10 22:06 - 2011-03-11 07:41 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2015-01-10 22:06 - 2011-03-11 07:41 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2015-01-10 22:06 - 2011-03-11 07:41 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2015-01-10 22:06 - 2011-03-11 07:41 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2015-01-10 22:06 - 2011-03-11 07:41 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2015-01-10 22:06 - 2011-03-11 07:33 - 02565632 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2015-01-10 22:06 - 2011-03-11 07:30 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2015-01-10 22:06 - 2011-03-11 06:33 - 01699328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2015-01-10 22:06 - 2011-03-11 06:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2015-01-10 22:06 - 2011-03-11 05:37 - 00091648 _____ () C:\Windows\system32\Drivers\USBSTOR.SYS
2015-01-10 22:06 - 2011-02-18 11:51 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe
2015-01-10 22:06 - 2011-02-18 06:39 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
2015-01-10 22:05 - 2013-01-24 07:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2015-01-10 22:04 - 2015-01-10 22:04 - 00000000 __SHD () C:\Users\Daniel\AppData\Local\EmieUserList
2015-01-10 22:04 - 2015-01-10 22:04 - 00000000 __SHD () C:\Users\Daniel\AppData\Local\EmieSiteList
2015-01-10 22:04 - 2015-01-10 22:04 - 00000000 __SHD () C:\Users\Daniel\AppData\Local\EmieBrowserModeList
2015-01-10 22:01 - 2014-01-24 03:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2015-01-10 22:00 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-01-10 22:00 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-01-10 22:00 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-01-10 21:57 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-01-10 21:57 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-01-10 21:55 - 2015-01-10 21:55 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Adobe
2015-01-10 21:53 - 2015-01-10 21:53 - 00000385 _____ () C:\Users\Administrator\AppData\Roaminguser_gensett.xml
2015-01-10 21:53 - 2015-01-10 21:53 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-12 03:33 - 2009-07-14 06:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2015-01-12 03:33 - 2009-07-14 06:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2015-01-12 03:33 - 2009-07-14 05:45 - 00000000 ____D () C:\Windows\Setup
2015-01-12 03:33 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\oobe
2015-01-12 03:32 - 2010-11-21 08:06 - 00000000 ____D () C:\Windows\SysWOW64\winrm
2015-01-12 03:32 - 2010-11-21 08:06 - 00000000 ____D () C:\Windows\SysWOW64\WCN
2015-01-12 03:32 - 2010-11-21 08:06 - 00000000 ____D () C:\Windows\SysWOW64\sysprep
2015-01-12 03:32 - 2010-11-21 08:06 - 00000000 ____D () C:\Windows\SysWOW64\slmgr
2015-01-12 03:32 - 2010-11-21 08:06 - 00000000 ____D () C:\Windows\SysWOW64\Printing_Admin_Scripts
2015-01-12 03:32 - 2010-11-21 08:06 - 00000000 ____D () C:\Windows\system32\winrm
2015-01-12 03:32 - 2010-11-21 08:06 - 00000000 ____D () C:\Windows\system32\WCN
2015-01-12 03:32 - 2010-11-21 08:06 - 00000000 ____D () C:\Windows\system32\slmgr
2015-01-12 03:32 - 2010-11-21 08:06 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts
2015-01-12 03:32 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\DigitalLocker
2015-01-12 03:32 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2015-01-12 03:32 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-01-12 03:32 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\DVD Maker
2015-01-12 03:32 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-01-12 03:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Setup
2015-01-12 03:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2015-01-12 03:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2015-01-12 03:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2015-01-12 03:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\com
2015-01-12 03:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\MUI
2015-01-12 03:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\migwiz
2015-01-12 03:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\com
2015-01-12 03:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\servicing
2015-01-12 03:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\IME
2015-01-11 21:35 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2015-01-11 21:35 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Defender
2015-01-11 21:35 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-01-11 21:35 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-11 21:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2015-01-11 21:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2015-01-11 21:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2015-01-11 21:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2015-01-11 21:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Setup
2015-01-11 21:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-11 20:53 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-11 20:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-11 20:19 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\restore
2015-01-11 18:58 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-01-11 18:42 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-01-11 18:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Recovery
2015-01-11 18:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-01-11 18:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Windows NT
2015-01-11 18:40 - 2009-07-14 05:46 - 00002790 _____ () C:\Windows\DtcInstall.log
2015-01-11 18:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sysprep
2015-01-11 18:38 - 2010-11-21 08:17 - 00000000 ____D () C:\Windows\CSC
2015-01-11 17:22 - 2009-07-14 06:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-11 17:20 - 2009-07-14 05:45 - 00020848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-11 17:20 - 2009-07-14 05:45 - 00020848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-11 17:18 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-11 17:18 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-01-11 17:17 - 2010-11-21 04:47 - 00011304 _____ () C:\Windows\PFRO.log
2015-01-11 17:17 - 2009-07-14 05:51 - 00025807 _____ () C:\Windows\setupact.log
2015-01-10 22:22 - 2009-07-14 05:45 - 00267816 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-10 22:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-01-10 22:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-01-10 22:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\13-9-legacy_vista_win7_64_dd_ccc_whql.exe
C:\Users\Administrator\AppData\Local\Temp\AutoDetectUtilApp.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys
[2010-11-21 04:23] - [2010-11-21 04:23] - 0295808 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\System32\Drivers\volsnap.sys No Company Name <===== ATTENTION!



LastRegBack: 2015-01-11 18:38

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber · 11.01.2015, 18:34

Woher hast du die Win7 Scheibe?

slow · 11.01.2015, 18:44

Oh Hi Schrauber, danke für die Antwort, ja ich weiß das ist wirklich viel text aber vielleicht hilft es ja weiter... Habs so ausfühlich wie möglich beschrieben.
Die GMER Logfile kommt jetzt.

Moment, ich schaue kurz in dem Beleg nach.

AOT-Software.de hieß der Laden.

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-11 18:43:38
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Samsung_SSD_840_PRO_Series rev.DXM06B0Q 119,24GB
Running: Gmer-19357.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\uwrirpod.sys


---- User code sections - GMER 2.1 ----

.text    C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                              00000000775d1570 6 bytes [48, B8, F0, 12, A3, 01]
.text    C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                          00000000775d1578 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe[772] C:\Windows\system32\kernel32.dll!UnhandledExceptionFilter + 1                                                                 00000000773fb7e1 11 bytes [B8, F0, 12, BB, 01, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                        00000000775b92d1 5 bytes [B8, 39, 69, E2, 75]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                                                        00000000775b92d7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                 00000000775d13a0 6 bytes [48, B8, 39, BD, E2, 75]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                                             00000000775d13a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                                 00000000775d1470 6 bytes [48, B8, F9, A9, E2, 75]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                             00000000775d1478 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                           00000000775d1510 6 bytes [48, B8, F9, 32, E2, 75]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                       00000000775d1518 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                      00000000775d1530 6 bytes [48, B8, 39, 1C, E2, 75]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                                  00000000775d1538 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                                    00000000775d1550 6 bytes [48, B8, F9, 1D, E2, 75]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                                00000000775d1558 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                      00000000775d1570 6 bytes [48, B8, 39, A8, E2, 75]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                  00000000775d1578 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                    00000000775d1650 6 bytes [48, B8, 79, 2F, E2, 75]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                                00000000775d1658 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                       00000000775d1670 6 bytes [48, B8, 79, 36, E2, 75]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                                   00000000775d1678 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                        00000000775d1700 6 bytes [48, B8, B9, 34, E2, 75]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                                    00000000775d1708 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                       00000000775d1780 6 bytes [48, B8, 39, 2A, E2, 75]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                                   00000000775d1788 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                          00000000775d1790 6 bytes [48, B8, B9, 26, E2, 75]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                      00000000775d1798 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                         00000000775d1cd0 6 bytes [48, B8, 79, 28, E2, 75]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                                     00000000775d1cd8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                        00000000775d1d30 6 bytes [48, B8, F9, 24, E2, 75]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                                    00000000775d1d38 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                            00000000775d20a0 6 bytes [48, B8, F9, BE, E2, 75]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                        00000000775d20a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                                        00000000775d25e0 6 bytes [48, B8, 79, 83, E2, 75]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                                                    00000000775d25e8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                      00000000775d27e0 6 bytes [48, B8, 39, 31, E2, 75]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                                  00000000775d27e8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                  00000000775d29a0 6 bytes [48, B8, B9, C0, E2, 75]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                              00000000775d29a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                        00000000775d2a80 6 bytes [48, B8, 79, 3D, E2, 75]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                                    00000000775d2a88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                         00000000775d2a90 6 bytes [48, B8, B9, 3B, E2, 75]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                                     00000000775d2a98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                                                  0000000077643201 11 bytes [B8, 39, 85, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                   0000000077361b21 11 bytes [B8, 79, BB, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                             0000000077361c10 12 bytes [48, B8, F9, 39, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                                      0000000077362b61 8 bytes [B8, 79, D0, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                                     0000000077362b6a 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                               000000007737db80 12 bytes [48, B8, B9, 2D, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                  0000000077380931 11 bytes [B8, B9, E3, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                                00000000773b52f1 11 bytes [B8, B9, 7A, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                                00000000773b5311 11 bytes [B8, 39, 77, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                         00000000773ca5e0 12 bytes [48, B8, B9, 81, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                         00000000773ca6f0 12 bytes [48, B8, 39, 7E, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                                            00000000773ef491 11 bytes [B8, 79, D7, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                                            00000000773ef691 11 bytes [B8, F9, D3, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                                      00000000773ef6c1 8 bytes [B8, F9, CC, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                                     00000000773ef6ca 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                    000007fefd3b1861 11 bytes [B8, 79, 52, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                    000007fefd3b2db1 11 bytes [B8, 39, AF, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                 000007fefd3b3461 11 bytes [B8, F9, B0, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                     000007fefd3b8ef0 12 bytes [48, B8, 79, AD, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                       000007fefd3b94c0 12 bytes [48, B8, B9, 50, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                 000007fefd3bbfd1 11 bytes [B8, B9, AB, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                     000007fefd3c2af1 11 bytes [B8, F9, 4E, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                 000007fefd3e4350 12 bytes [48, B8, B9, 42, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                               000007fefd3f0c11 11 bytes [B8, 79, C9, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                             000007fefd3f2871 8 bytes [B8, 39, 23, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                            000007fefd3f287a 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                   000007fefd3f28b1 11 bytes [B8, F9, 40, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                    000007fefebd642d 11 bytes [B8, 39, 5B, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                          000007fefebd6484 12 bytes [48, B8, F9, 55, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                000007fefebd6519 11 bytes [B8, 39, 62, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                          000007fefebd6c34 12 bytes [48, B8, 39, 54, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                     000007fefebd7ab5 11 bytes [B8, F9, 5C, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                 000007fefebd8b01 11 bytes [B8, B9, 57, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                 000007fefebd8c39 11 bytes [B8, 79, 59, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\WS2_32.dll!WSASend + 1                                                                                                            000007feff6913b1 11 bytes [B8, 79, A6, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\WS2_32.dll!closesocket                                                                                                            000007feff6918e0 12 bytes [48, B8, B9, A4, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\WS2_32.dll!WSASocketW + 1                                                                                                         000007feff691bd1 11 bytes [B8, F9, A2, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\WS2_32.dll!WSARecv + 1                                                                                                            000007feff692201 11 bytes [B8, 39, E0, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\WS2_32.dll!GetAddrInfoW                                                                                                           000007feff6923c0 12 bytes [48, B8, 39, 8C, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\WS2_32.dll!connect                                                                                                                000007feff6945c0 12 bytes [48, B8, 79, 67, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                               000007feff698001 11 bytes [B8, 39, A1, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\WS2_32.dll!gethostbyname                                                                                                          000007feff698df0 7 bytes [48, B8, B9, 8F, E2, 75, 00]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\WS2_32.dll!gethostbyname + 9                                                                                                      000007feff698df9 3 bytes [00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW                                                                                                         000007feff69c090 12 bytes [48, B8, F9, 8D, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\WS2_32.dll!socket + 1                                                                                                             000007feff69de91 11 bytes [B8, 39, D9, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\WS2_32.dll!recv + 1                                                                                                               000007feff69df41 11 bytes [B8, 79, DE, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\WS2_32.dll!WSAConnect + 1                                                                                                         000007feff6be0f1 11 bytes [B8, B9, DC, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\DNSAPI.dll!DnsQuery_UTF8                                                                                                          000007fefc9a56e0 12 bytes [48, B8, F9, C5, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\DNSAPI.dll!DnsQuery_W                                                                                                             000007fefc9b010c 12 bytes [48, B8, 39, C4, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\DNSAPI.dll!DnsQuery_A                                                                                                             000007fefc9cdaa0 12 bytes [48, B8, 79, C2, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\urlmon.dll!URLDownloadToCacheFileW                                                                                                000007feff4a5570 12 bytes [48, B8, B9, 65, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\urlmon.dll!URLDownloadToFileW + 1                                                                                                 000007feff4d3681 11 bytes [B8, F9, 63, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\msi.dll!MsiDecomposeDescriptorW + 157                                                                                             000007feeed33e45 11 bytes [B8, 39, EE, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\msi.dll!MsiQueryProductStateA + 1                                                                                                 000007feeedb2659 11 bytes [B8, 79, 4B, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\msi.dll!MsiInstallProductA + 1                                                                                                    000007feeedb2ad5 11 bytes [B8, F9, 47, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\msi.dll!MsiQueryProductStateW + 1                                                                                                 000007feeedc1311 11 bytes [B8, 39, 4D, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\msi.dll!MsiInstallProductW + 1                                                                                                    000007feeedc167d 11 bytes [B8, B9, 49, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\msi.dll!MsiOpenDatabaseW + 1                                                                                                      000007feeedd9cf1 11 bytes [B8, 39, 46, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\msi.dll!MsiOpenDatabaseA + 1                                                                                                      000007feeedd9f1d 11 bytes [B8, 79, 44, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                        00000000775b92d1 5 bytes [B8, 39, 69, E2, 75]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                                                        00000000775b92d7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                 00000000775d13a0 6 bytes [48, B8, 39, BD, E2, 75]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                                             00000000775d13a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                                 00000000775d1470 6 bytes [48, B8, F9, A9, E2, 75]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                             00000000775d1478 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                           00000000775d1510 6 bytes [48, B8, F9, 32, E2, 75]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                       00000000775d1518 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                      00000000775d1530 6 bytes [48, B8, 39, 1C, E2, 75]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                                  00000000775d1538 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                                    00000000775d1550 6 bytes [48, B8, F9, 1D, E2, 75]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                                00000000775d1558 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                      00000000775d1570 6 bytes [48, B8, 39, A8, E2, 75]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                  00000000775d1578 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                    00000000775d1650 6 bytes [48, B8, 79, 2F, E2, 75]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                                00000000775d1658 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                       00000000775d1670 6 bytes [48, B8, 79, 36, E2, 75]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                                   00000000775d1678 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                        00000000775d1700 6 bytes [48, B8, B9, 34, E2, 75]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                                    00000000775d1708 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                       00000000775d1780 6 bytes [48, B8, 39, 2A, E2, 75]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                                   00000000775d1788 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                          00000000775d1790 6 bytes [48, B8, B9, 26, E2, 75]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                      00000000775d1798 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                         00000000775d1cd0 6 bytes [48, B8, 79, 28, E2, 75]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                                     00000000775d1cd8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                        00000000775d1d30 6 bytes [48, B8, F9, 24, E2, 75]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                                    00000000775d1d38 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                            00000000775d20a0 6 bytes [48, B8, F9, BE, E2, 75]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                        00000000775d20a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                                        00000000775d25e0 6 bytes [48, B8, 79, 83, E2, 75]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                                                    00000000775d25e8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                      00000000775d27e0 6 bytes [48, B8, 39, 31, E2, 75]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                                  00000000775d27e8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                  00000000775d29a0 6 bytes [48, B8, B9, C0, E2, 75]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                              00000000775d29a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                        00000000775d2a80 6 bytes [48, B8, 79, 3D, E2, 75]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                                    00000000775d2a88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                         00000000775d2a90 6 bytes [48, B8, B9, 3B, E2, 75]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                                     00000000775d2a98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                                                  0000000077643201 11 bytes [B8, 39, 85, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                   0000000077361b21 11 bytes [B8, 79, BB, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                             0000000077361c10 12 bytes [48, B8, F9, 39, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                                      0000000077362b61 8 bytes [B8, 79, D0, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                                     0000000077362b6a 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                               000000007737db80 12 bytes [48, B8, B9, 2D, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                  0000000077380931 11 bytes [B8, B9, E3, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                                00000000773b52f1 11 bytes [B8, B9, 7A, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                                00000000773b5311 11 bytes [B8, 39, 77, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                         00000000773ca5e0 12 bytes [48, B8, B9, 81, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                         00000000773ca6f0 12 bytes [48, B8, 39, 7E, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                                            00000000773ef491 11 bytes [B8, 79, D7, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                                            00000000773ef691 11 bytes [B8, F9, D3, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                                      00000000773ef6c1 8 bytes [B8, F9, CC, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                                     00000000773ef6ca 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                    000007fefd3b1861 11 bytes [B8, 79, 52, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                    000007fefd3b2db1 11 bytes [B8, 39, AF, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                 000007fefd3b3461 11 bytes [B8, F9, B0, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                     000007fefd3b8ef0 12 bytes [48, B8, 79, AD, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                       000007fefd3b94c0 12 bytes [48, B8, B9, 50, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                 000007fefd3bbfd1 11 bytes [B8, B9, AB, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                     000007fefd3c2af1 11 bytes [B8, F9, 4E, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                 000007fefd3e4350 12 bytes [48, B8, B9, 42, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                               000007fefd3f0c11 11 bytes [B8, 79, C9, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                             000007fefd3f2871 8 bytes [B8, 39, 23, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                            000007fefd3f287a 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                   000007fefd3f28b1 11 bytes [B8, F9, 40, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                    000007fefebd642d 11 bytes [B8, 39, 5B, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                          000007fefebd6484 12 bytes [48, B8, F9, 55, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                000007fefebd6519 11 bytes [B8, 39, 62, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                          000007fefebd6c34 12 bytes [48, B8, 39, 54, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                     000007fefebd7ab5 11 bytes [B8, F9, 5C, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                 000007fefebd8b01 11 bytes [B8, B9, 57, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                 000007fefebd8c39 11 bytes [B8, 79, 59, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49                                                                                                   000007fefe5c4ea1 11 bytes [B8, 39, E7, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                                                                                                       000007fefe5c55c8 12 bytes [48, B8, B9, 6C, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                                                                                                       000007fefe5db85c 12 bytes [48, B8, F9, 6A, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW                                                                                                 000007fefe5db9d0 12 bytes [48, B8, 79, 60, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA                                                                                                 000007fefe5dba3c 12 bytes [48, B8, B9, 5E, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\WS2_32.dll!WSASend + 1                                                                                                            000007feff6913b1 11 bytes [B8, 79, A6, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\WS2_32.dll!closesocket                                                                                                            000007feff6918e0 12 bytes [48, B8, B9, A4, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\WS2_32.dll!WSASocketW + 1                                                                                                         000007feff691bd1 11 bytes [B8, F9, A2, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\WS2_32.dll!WSARecv + 1                                                                                                            000007feff692201 11 bytes [B8, 39, E0, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\WS2_32.dll!GetAddrInfoW                                                                                                           000007feff6923c0 12 bytes [48, B8, 39, 8C, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\WS2_32.dll!connect                                                                                                                000007feff6945c0 12 bytes [48, B8, 79, 67, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                               000007feff698001 11 bytes [B8, 39, A1, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\WS2_32.dll!gethostbyname                                                                                                          000007feff698df0 7 bytes [48, B8, B9, 8F, E2, 75, 00]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\WS2_32.dll!gethostbyname + 9                                                                                                      000007feff698df9 3 bytes [00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW                                                                                                         000007feff69c090 12 bytes [48, B8, F9, 8D, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\WS2_32.dll!socket + 1                                                                                                             000007feff69de91 11 bytes [B8, 39, D9, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\WS2_32.dll!recv + 1                                                                                                               000007feff69df41 11 bytes [B8, 79, DE, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\WS2_32.dll!WSAConnect + 1                                                                                                         000007feff6be0f1 11 bytes [B8, B9, DC, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1                                                                                                 000007fefd78dc81 11 bytes [B8, 79, 8A, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\DNSAPI.dll!DnsQuery_UTF8                                                                                                          000007fefc9a56e0 12 bytes [48, B8, F9, C5, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\DNSAPI.dll!DnsQuery_W                                                                                                             000007fefc9b010c 12 bytes [48, B8, 39, C4, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\DNSAPI.dll!DnsQuery_A                                                                                                             000007fefc9cdaa0 12 bytes [48, B8, 79, C2, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\msi.dll!MsiDecomposeDescriptorW + 157                                                                                             000007feeed33e45 11 bytes [B8, 39, EE, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\msi.dll!MsiQueryProductStateA + 1                                                                                                 000007feeedb2659 11 bytes [B8, 79, 4B, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\msi.dll!MsiInstallProductA + 1                                                                                                    000007feeedb2ad5 11 bytes [B8, F9, 47, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\msi.dll!MsiQueryProductStateW + 1                                                                                                 000007feeedc1311 11 bytes [B8, 39, 4D, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\msi.dll!MsiInstallProductW + 1                                                                                                    000007feeedc167d 11 bytes [B8, B9, 49, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\msi.dll!MsiOpenDatabaseW + 1                                                                                                      000007feeedd9cf1 11 bytes [B8, 39, 46, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1184] C:\Windows\system32\msi.dll!MsiOpenDatabaseA + 1                                                                                                      000007feeedd9f1d 11 bytes [B8, 79, 44, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                        00000000775b92d1 5 bytes [B8, 39, 69, E2, 75]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                                                        00000000775b92d7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                 00000000775d13a0 6 bytes [48, B8, 39, BD, E2, 75]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                                             00000000775d13a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                                 00000000775d1470 6 bytes [48, B8, F9, A9, E2, 75]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                             00000000775d1478 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                           00000000775d1510 6 bytes [48, B8, F9, 32, E2, 75]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                       00000000775d1518 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                      00000000775d1530 6 bytes [48, B8, 39, 1C, E2, 75]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                                  00000000775d1538 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                                    00000000775d1550 6 bytes [48, B8, F9, 1D, E2, 75]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                                00000000775d1558 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                      00000000775d1570 6 bytes [48, B8, 39, A8, E2, 75]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                  00000000775d1578 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                    00000000775d1650 6 bytes [48, B8, 79, 2F, E2, 75]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                                00000000775d1658 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                       00000000775d1670 6 bytes [48, B8, 79, 36, E2, 75]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                                   00000000775d1678 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                        00000000775d1700 6 bytes [48, B8, B9, 34, E2, 75]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                                    00000000775d1708 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                       00000000775d1780 6 bytes [48, B8, 39, 2A, E2, 75]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                                   00000000775d1788 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                          00000000775d1790 6 bytes [48, B8, B9, 26, E2, 75]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                      00000000775d1798 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                         00000000775d1cd0 6 bytes [48, B8, 79, 28, E2, 75]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                                     00000000775d1cd8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                        00000000775d1d30 6 bytes [48, B8, F9, 24, E2, 75]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                                    00000000775d1d38 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                            00000000775d20a0 6 bytes [48, B8, F9, BE, E2, 75]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                        00000000775d20a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                                        00000000775d25e0 6 bytes [48, B8, 79, 83, E2, 75]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                                                    00000000775d25e8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                      00000000775d27e0 6 bytes [48, B8, 39, 31, E2, 75]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                                  00000000775d27e8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                  00000000775d29a0 6 bytes [48, B8, B9, C0, E2, 75]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                              00000000775d29a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                        00000000775d2a80 6 bytes [48, B8, 79, 3D, E2, 75]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                                    00000000775d2a88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                         00000000775d2a90 6 bytes [48, B8, B9, 3B, E2, 75]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                                     00000000775d2a98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                                                  0000000077643201 11 bytes [B8, 39, 85, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                   0000000077361b21 11 bytes [B8, 79, BB, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                             0000000077361c10 12 bytes [48, B8, F9, 39, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                                      0000000077362b61 8 bytes [B8, 79, D0, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                                     0000000077362b6a 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                               000000007737db80 12 bytes [48, B8, B9, 2D, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                  0000000077380931 11 bytes [B8, B9, E3, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                                00000000773b52f1 11 bytes [B8, B9, 7A, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                                00000000773b5311 11 bytes [B8, 39, 77, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                         00000000773ca5e0 12 bytes [48, B8, B9, 81, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                         00000000773ca6f0 12 bytes [48, B8, 39, 7E, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                                            00000000773ef491 11 bytes [B8, 79, D7, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                                            00000000773ef691 11 bytes [B8, F9, D3, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                                      00000000773ef6c1 8 bytes [B8, F9, CC, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                                     00000000773ef6ca 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                    000007fefd3b1861 11 bytes [B8, 79, 52, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                    000007fefd3b2db1 11 bytes [B8, 39, AF, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                 000007fefd3b3461 11 bytes [B8, F9, B0, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                     000007fefd3b8ef0 12 bytes [48, B8, 79, AD, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                       000007fefd3b94c0 12 bytes [48, B8, B9, 50, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                 000007fefd3bbfd1 11 bytes [B8, B9, AB, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                     000007fefd3c2af1 11 bytes [B8, F9, 4E, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                 000007fefd3e4350 12 bytes [48, B8, B9, 42, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                               000007fefd3f0c11 11 bytes [B8, 79, C9, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                             000007fefd3f2871 8 bytes [B8, 39, 23, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                            000007fefd3f287a 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                   000007fefd3f28b1 11 bytes [B8, F9, 40, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                    000007fefebd642d 11 bytes [B8, 39, 5B, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                          000007fefebd6484 12 bytes [48, B8, F9, 55, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                000007fefebd6519 11 bytes [B8, 39, 62, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                          000007fefebd6c34 12 bytes [48, B8, 39, 54, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                     000007fefebd7ab5 11 bytes [B8, F9, 5C, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                 000007fefebd8b01 11 bytes [B8, B9, 57, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                 000007fefebd8c39 11 bytes [B8, 79, 59, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\WS2_32.dll!WSASend + 1                                                                                                            000007feff6913b1 11 bytes [B8, 79, A6, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\WS2_32.dll!closesocket                                                                                                            000007feff6918e0 12 bytes [48, B8, B9, A4, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\WS2_32.dll!WSASocketW + 1                                                                                                         000007feff691bd1 11 bytes [B8, F9, A2, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\WS2_32.dll!WSARecv + 1                                                                                                            000007feff692201 11 bytes [B8, 39, E0, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\WS2_32.dll!GetAddrInfoW                                                                                                           000007feff6923c0 12 bytes [48, B8, 39, 8C, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\WS2_32.dll!connect                                                                                                                000007feff6945c0 12 bytes [48, B8, 79, 67, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                               000007feff698001 11 bytes [B8, 39, A1, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\WS2_32.dll!gethostbyname                                                                                                          000007feff698df0 7 bytes [48, B8, B9, 8F, E2, 75, 00]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\WS2_32.dll!gethostbyname + 9                                                                                                      000007feff698df9 3 bytes [00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW                                                                                                         000007feff69c090 12 bytes [48, B8, F9, 8D, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\WS2_32.dll!socket + 1                                                                                                             000007feff69de91 11 bytes [B8, 39, D9, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\WS2_32.dll!recv + 1                                                                                                               000007feff69df41 11 bytes [B8, 79, DE, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1268] C:\Windows\system32\WS2_32.dll!WSAConnect + 1                                                                                                         000007feff6be0f1 11 bytes [B8, B9, DC, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                        00000000775b92d1 5 bytes [B8, 39, 69, E2, 75]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                                                        00000000775b92d7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                 00000000775d13a0 6 bytes [48, B8, 39, BD, E2, 75]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                                             00000000775d13a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                                 00000000775d1470 6 bytes [48, B8, F9, A9, E2, 75]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                             00000000775d1478 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                           00000000775d1510 6 bytes [48, B8, F9, 32, E2, 75]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                       00000000775d1518 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                      00000000775d1530 6 bytes [48, B8, 39, 1C, E2, 75]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                                  00000000775d1538 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                                    00000000775d1550 6 bytes [48, B8, F9, 1D, E2, 75]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                                00000000775d1558 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                      00000000775d1570 6 bytes [48, B8, 39, A8, E2, 75]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                  00000000775d1578 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                    00000000775d1650 6 bytes [48, B8, 79, 2F, E2, 75]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                                00000000775d1658 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                       00000000775d1670 6 bytes [48, B8, 79, 36, E2, 75]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                                   00000000775d1678 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                        00000000775d1700 6 bytes [48, B8, B9, 34, E2, 75]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                                    00000000775d1708 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                       00000000775d1780 6 bytes [48, B8, 39, 2A, E2, 75]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                                   00000000775d1788 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                          00000000775d1790 6 bytes [48, B8, B9, 26, E2, 75]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                      00000000775d1798 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                         00000000775d1cd0 6 bytes [48, B8, 79, 28, E2, 75]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                                     00000000775d1cd8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                        00000000775d1d30 6 bytes [48, B8, F9, 24, E2, 75]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                                    00000000775d1d38 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                            00000000775d20a0 6 bytes [48, B8, F9, BE, E2, 75]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                        00000000775d20a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                                        00000000775d25e0 6 bytes [48, B8, 79, 83, E2, 75]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                                                    00000000775d25e8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                      00000000775d27e0 6 bytes [48, B8, 39, 31, E2, 75]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                                  00000000775d27e8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                  00000000775d29a0 6 bytes [48, B8, B9, C0, E2, 75]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                              00000000775d29a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                        00000000775d2a80 6 bytes [48, B8, 79, 3D, E2, 75]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                                    00000000775d2a88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                         00000000775d2a90 6 bytes [48, B8, B9, 3B, E2, 75]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                                     00000000775d2a98 4 bytes [00, 00, 50, C3]

slow · 11.01.2015, 18:48

Code:

ATTFilter

.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                                                  0000000077643201 11 bytes [B8, 39, 85, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                   0000000077361b21 11 bytes [B8, 79, BB, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                             0000000077361c10 12 bytes [48, B8, F9, 39, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                                      0000000077362b61 8 bytes [B8, 79, D0, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                                     0000000077362b6a 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                               000000007737db80 12 bytes [48, B8, B9, 2D, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                  0000000077380931 11 bytes [B8, B9, E3, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                                00000000773b52f1 11 bytes [B8, B9, 7A, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                                00000000773b5311 11 bytes [B8, 39, 77, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                         00000000773ca5e0 12 bytes [48, B8, B9, 81, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                         00000000773ca6f0 12 bytes [48, B8, 39, 7E, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                                            00000000773ef491 11 bytes [B8, 79, D7, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                                            00000000773ef691 11 bytes [B8, F9, D3, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                                      00000000773ef6c1 8 bytes [B8, F9, CC, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                                     00000000773ef6ca 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                    000007fefd3b1861 11 bytes [B8, 79, 52, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                    000007fefd3b2db1 11 bytes [B8, 39, AF, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                 000007fefd3b3461 11 bytes [B8, F9, B0, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                     000007fefd3b8ef0 12 bytes [48, B8, 79, AD, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                       000007fefd3b94c0 12 bytes [48, B8, B9, 50, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                 000007fefd3bbfd1 11 bytes [B8, B9, AB, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                     000007fefd3c2af1 11 bytes [B8, F9, 4E, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                 000007fefd3e4350 12 bytes [48, B8, B9, 42, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                               000007fefd3f0c11 11 bytes [B8, 79, C9, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                             000007fefd3f2871 8 bytes [B8, 39, 23, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                            000007fefd3f287a 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                   000007fefd3f28b1 11 bytes [B8, F9, 40, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                    000007fefebd642d 11 bytes [B8, 39, 5B, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                          000007fefebd6484 12 bytes [48, B8, F9, 55, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                000007fefebd6519 11 bytes [B8, 39, 62, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                          000007fefebd6c34 12 bytes [48, B8, 39, 54, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                     000007fefebd7ab5 11 bytes [B8, F9, 5C, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                 000007fefebd8b01 11 bytes [B8, B9, 57, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                 000007fefebd8c39 11 bytes [B8, 79, 59, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\system32\WS2_32.dll!WSASend + 1                                                                                                            000007feff6913b1 11 bytes [B8, 79, A6, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\system32\WS2_32.dll!closesocket                                                                                                            000007feff6918e0 12 bytes [48, B8, B9, A4, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\system32\WS2_32.dll!WSASocketW + 1                                                                                                         000007feff691bd1 11 bytes [B8, F9, A2, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\system32\WS2_32.dll!WSARecv + 1                                                                                                            000007feff692201 11 bytes [B8, 39, E0, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\system32\WS2_32.dll!GetAddrInfoW                                                                                                           000007feff6923c0 12 bytes [48, B8, 39, 8C, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\system32\WS2_32.dll!connect                                                                                                                000007feff6945c0 12 bytes [48, B8, 79, 67, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                               000007feff698001 11 bytes [B8, 39, A1, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\system32\WS2_32.dll!gethostbyname                                                                                                          000007feff698df0 7 bytes [48, B8, B9, 8F, E2, 75, 00]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\system32\WS2_32.dll!gethostbyname + 9                                                                                                      000007feff698df9 3 bytes [00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW                                                                                                         000007feff69c090 12 bytes [48, B8, F9, 8D, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\system32\WS2_32.dll!socket + 1                                                                                                             000007feff69de91 11 bytes [B8, 39, D9, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\system32\WS2_32.dll!recv + 1                                                                                                               000007feff69df41 11 bytes [B8, 79, DE, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1444] C:\Windows\system32\WS2_32.dll!WSAConnect + 1                                                                                                         000007feff6be0f1 11 bytes [B8, B9, DC, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1444] c:\windows\system32\DNSAPI.dll!DnsQuery_UTF8                                                                                                          000007fefc9a56e0 12 bytes [48, B8, F9, C5, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1444] c:\windows\system32\DNSAPI.dll!DnsQuery_W                                                                                                             000007fefc9b010c 12 bytes [48, B8, 39, C4, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1444] c:\windows\system32\DNSAPI.dll!DnsQuery_A                                                                                                             000007fefc9cdaa0 12 bytes [48, B8, 79, C2, E2, 75, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                        00000000775b92d1 5 bytes [B8, 39, 69, E2, 75]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                                                        00000000775b92d7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                 00000000775d13a0 6 bytes [48, B8, 39, BD, E2, 75]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                                             00000000775d13a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                                 00000000775d1470 6 bytes [48, B8, F9, A9, E2, 75]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                             00000000775d1478 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                           00000000775d1510 6 bytes [48, B8, F9, 32, E2, 75]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                       00000000775d1518 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                      00000000775d1530 6 bytes [48, B8, 39, 1C, E2, 75]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                                  00000000775d1538 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                                    00000000775d1550 6 bytes [48, B8, F9, 1D, E2, 75]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                                00000000775d1558 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                      00000000775d1570 6 bytes [48, B8, 39, A8, E2, 75]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                  00000000775d1578 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                    00000000775d1650 6 bytes [48, B8, 79, 2F, E2, 75]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                                00000000775d1658 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                       00000000775d1670 6 bytes [48, B8, 79, 36, E2, 75]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                                   00000000775d1678 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                        00000000775d1700 6 bytes [48, B8, B9, 34, E2, 75]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                                    00000000775d1708 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                       00000000775d1780 6 bytes [48, B8, 39, 2A, E2, 75]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                                   00000000775d1788 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                          00000000775d1790 6 bytes [48, B8, B9, 26, E2, 75]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                      00000000775d1798 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                         00000000775d1cd0 6 bytes [48, B8, 79, 28, E2, 75]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                                     00000000775d1cd8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                        00000000775d1d30 6 bytes [48, B8, F9, 24, E2, 75]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                                    00000000775d1d38 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                            00000000775d20a0 6 bytes [48, B8, F9, BE, E2, 75]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                        00000000775d20a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                                        00000000775d25e0 6 bytes [48, B8, 79, 83, E2, 75]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                                                    00000000775d25e8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                      00000000775d27e0 6 bytes [48, B8, 39, 31, E2, 75]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                                  00000000775d27e8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                  00000000775d29a0 6 bytes [48, B8, B9, C0, E2, 75]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                              00000000775d29a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                        00000000775d2a80 6 bytes [48, B8, 79, 3D, E2, 75]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                                    00000000775d2a88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                         00000000775d2a90 6 bytes [48, B8, B9, 3B, E2, 75]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                                     00000000775d2a98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                            00000000775d2b80 6 bytes [48, B8, 79, E5, E2, 75]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8                                                                                                        00000000775d2b88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                                                  0000000077643201 11 bytes [B8, 39, 85, E2, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                   0000000077361b21 11 bytes [B8, 79, BB, E2, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                             0000000077361c10 12 bytes [48, B8, F9, 39, E2, 75, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                                      0000000077362b61 8 bytes [B8, 79, D0, E2, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                                     0000000077362b6a 2 bytes [50, C3]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                               000000007737db80 12 bytes [48, B8, B9, 2D, E2, 75, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                  0000000077380931 11 bytes [B8, B9, E3, E2, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                                00000000773b52f1 11 bytes [B8, B9, 7A, E2, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                                00000000773b5311 11 bytes [B8, 39, 77, E2, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                         00000000773ca5e0 12 bytes [48, B8, B9, 81, E2, 75, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                         00000000773ca6f0 12 bytes [48, B8, 39, 7E, E2, 75, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                                            00000000773ef491 11 bytes [B8, 79, D7, E2, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                                            00000000773ef691 11 bytes [B8, F9, D3, E2, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                                      00000000773ef6c1 8 bytes [B8, F9, CC, E2, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                                     00000000773ef6ca 2 bytes [50, C3]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                    000007fefd3b1861 11 bytes [B8, 79, 52, E2, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                    000007fefd3b2db1 11 bytes [B8, 39, AF, E2, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                 000007fefd3b3461 11 bytes [B8, F9, B0, E2, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                     000007fefd3b8ef0 12 bytes [48, B8, 79, AD, E2, 75, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                       000007fefd3b94c0 12 bytes [48, B8, B9, 50, E2, 75, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                 000007fefd3bbfd1 11 bytes [B8, B9, AB, E2, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                     000007fefd3c2af1 11 bytes [B8, F9, 4E, E2, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                 000007fefd3e4350 12 bytes [48, B8, B9, 42, E2, 75, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                               000007fefd3f0c11 11 bytes [B8, 79, C9, E2, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                             000007fefd3f2871 8 bytes [B8, 39, 23, E2, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                            000007fefd3f287a 2 bytes [50, C3]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                   000007fefd3f28b1 11 bytes [B8, F9, 40, E2, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                    000007fefebd642d 11 bytes [B8, 39, 5B, E2, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                          000007fefebd6484 12 bytes [48, B8, F9, 55, E2, 75, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                000007fefebd6519 11 bytes [B8, 39, 62, E2, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                          000007fefebd6c34 12 bytes [48, B8, 39, 54, E2, 75, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                     000007fefebd7ab5 11 bytes [B8, F9, 5C, E2, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                 000007fefebd8b01 11 bytes [B8, B9, 57, E2, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                 000007fefebd8c39 11 bytes [B8, 79, 59, E2, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\System32\DNSAPI.dll!DnsQuery_UTF8                                                                                                          000007fefc9a56e0 12 bytes [48, B8, F9, C5, E2, 75, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\System32\DNSAPI.dll!DnsQuery_W                                                                                                             000007fefc9b010c 12 bytes [48, B8, 39, C4, E2, 75, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\System32\DNSAPI.dll!DnsQuery_A                                                                                                             000007fefc9cdaa0 12 bytes [48, B8, 79, C2, E2, 75, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\system32\WS2_32.dll!WSASend + 1                                                                                                            000007feff6913b1 11 bytes [B8, 79, A6, E2, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\system32\WS2_32.dll!closesocket                                                                                                            000007feff6918e0 12 bytes [48, B8, B9, A4, E2, 75, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\system32\WS2_32.dll!WSASocketW + 1                                                                                                         000007feff691bd1 11 bytes [B8, F9, A2, E2, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\system32\WS2_32.dll!WSARecv + 1                                                                                                            000007feff692201 11 bytes [B8, 39, E0, E2, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\system32\WS2_32.dll!GetAddrInfoW                                                                                                           000007feff6923c0 12 bytes [48, B8, 39, 8C, E2, 75, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\system32\WS2_32.dll!connect                                                                                                                000007feff6945c0 12 bytes [48, B8, 79, 67, E2, 75, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                               000007feff698001 11 bytes [B8, 39, A1, E2, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\system32\WS2_32.dll!gethostbyname                                                                                                          000007feff698df0 7 bytes [48, B8, B9, 8F, E2, 75, 00]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\system32\WS2_32.dll!gethostbyname + 9                                                                                                      000007feff698df9 3 bytes [00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW                                                                                                         000007feff69c090 12 bytes [48, B8, F9, 8D, E2, 75, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\system32\WS2_32.dll!socket + 1                                                                                                             000007feff69de91 11 bytes [B8, 39, D9, E2, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\system32\WS2_32.dll!recv + 1                                                                                                               000007feff69df41 11 bytes [B8, 79, DE, E2, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1620] C:\Windows\system32\WS2_32.dll!WSAConnect + 1                                                                                                         000007feff6be0f1 11 bytes [B8, B9, DC, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                        00000000775b92d1 5 bytes [B8, 39, 69, E2, 75]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                                                        00000000775b92d7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                 00000000775d13a0 6 bytes [48, B8, 39, BD, E2, 75]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                                             00000000775d13a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                                 00000000775d1470 6 bytes [48, B8, F9, A9, E2, 75]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                             00000000775d1478 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                           00000000775d1510 6 bytes [48, B8, F9, 32, E2, 75]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                       00000000775d1518 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                      00000000775d1530 6 bytes [48, B8, 39, 1C, E2, 75]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                                  00000000775d1538 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                                    00000000775d1550 6 bytes [48, B8, F9, 1D, E2, 75]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                                00000000775d1558 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                      00000000775d1570 6 bytes [48, B8, 39, A8, E2, 75]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                  00000000775d1578 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                    00000000775d1650 6 bytes [48, B8, 79, 2F, E2, 75]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                                00000000775d1658 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                       00000000775d1670 6 bytes [48, B8, 79, 36, E2, 75]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                                   00000000775d1678 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                        00000000775d1700 6 bytes [48, B8, B9, 34, E2, 75]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                                    00000000775d1708 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                       00000000775d1780 6 bytes [48, B8, 39, 2A, E2, 75]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                                   00000000775d1788 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                          00000000775d1790 6 bytes [48, B8, B9, 26, E2, 75]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                      00000000775d1798 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                         00000000775d1cd0 6 bytes [48, B8, 79, 28, E2, 75]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                                     00000000775d1cd8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                        00000000775d1d30 6 bytes [48, B8, F9, 24, E2, 75]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                                    00000000775d1d38 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                            00000000775d20a0 6 bytes [48, B8, F9, BE, E2, 75]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                        00000000775d20a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                                        00000000775d25e0 6 bytes [48, B8, 79, 83, E2, 75]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                                                    00000000775d25e8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                      00000000775d27e0 6 bytes [48, B8, 39, 31, E2, 75]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                                  00000000775d27e8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                  00000000775d29a0 6 bytes [48, B8, B9, C0, E2, 75]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                              00000000775d29a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                        00000000775d2a80 6 bytes [48, B8, 79, 3D, E2, 75]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                                    00000000775d2a88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                         00000000775d2a90 6 bytes [48, B8, B9, 3B, E2, 75]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                                     00000000775d2a98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                                                  0000000077643201 11 bytes [B8, 39, 85, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                   0000000077361b21 11 bytes [B8, 79, BB, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                             0000000077361c10 12 bytes [48, B8, F9, 39, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                                      0000000077362b61 8 bytes [B8, 79, D0, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                                     0000000077362b6a 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                               000000007737db80 12 bytes [48, B8, B9, 2D, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                  0000000077380931 11 bytes [B8, B9, E3, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                                00000000773b52f1 11 bytes [B8, B9, 7A, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                                00000000773b5311 11 bytes [B8, 39, 77, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                         00000000773ca5e0 12 bytes [48, B8, B9, 81, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                         00000000773ca6f0 12 bytes [48, B8, 39, 7E, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                                            00000000773ef491 11 bytes [B8, 79, D7, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                                            00000000773ef691 11 bytes [B8, F9, D3, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                                      00000000773ef6c1 8 bytes [B8, F9, CC, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                                     00000000773ef6ca 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                    000007fefd3b1861 11 bytes [B8, 79, 52, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                    000007fefd3b2db1 11 bytes [B8, 39, AF, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                 000007fefd3b3461 11 bytes [B8, F9, B0, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                     000007fefd3b8ef0 12 bytes [48, B8, 79, AD, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                       000007fefd3b94c0 12 bytes [48, B8, B9, 50, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                 000007fefd3bbfd1 11 bytes [B8, B9, AB, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                     000007fefd3c2af1 11 bytes [B8, F9, 4E, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                 000007fefd3e4350 12 bytes [48, B8, B9, 42, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                               000007fefd3f0c11 11 bytes [B8, 79, C9, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                             000007fefd3f2871 8 bytes [B8, 39, 23, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                            000007fefd3f287a 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                   000007fefd3f28b1 11 bytes [B8, F9, 40, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                    000007fefebd642d 11 bytes [B8, 39, 5B, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                          000007fefebd6484 12 bytes [48, B8, F9, 55, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                000007fefebd6519 11 bytes [B8, 39, 62, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                          000007fefebd6c34 12 bytes [48, B8, 39, 54, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                     000007fefebd7ab5 11 bytes [B8, F9, 5C, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                 000007fefebd8b01 11 bytes [B8, B9, 57, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                 000007fefebd8c39 11 bytes [B8, 79, 59, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49                                                                                                   000007fefe5c4ea1 11 bytes [B8, 39, E7, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                                                                                                       000007fefe5c55c8 12 bytes [48, B8, B9, 6C, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                                                                                                       000007fefe5db85c 12 bytes [48, B8, F9, 6A, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW                                                                                                 000007fefe5db9d0 12 bytes [48, B8, 79, 60, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA                                                                                                 000007fefe5dba3c 12 bytes [48, B8, B9, 5E, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\system32\WS2_32.dll!WSASend + 1                                                                                                            000007feff6913b1 11 bytes [B8, 79, A6, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\system32\WS2_32.dll!closesocket                                                                                                            000007feff6918e0 12 bytes [48, B8, B9, A4, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\system32\WS2_32.dll!WSASocketW + 1                                                                                                         000007feff691bd1 11 bytes [B8, F9, A2, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\system32\WS2_32.dll!WSARecv + 1                                                                                                            000007feff692201 11 bytes [B8, 39, E0, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\system32\WS2_32.dll!GetAddrInfoW                                                                                                           000007feff6923c0 12 bytes [48, B8, 39, 8C, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\system32\WS2_32.dll!connect                                                                                                                000007feff6945c0 12 bytes [48, B8, 79, 67, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                               000007feff698001 11 bytes [B8, 39, A1, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\system32\WS2_32.dll!gethostbyname                                                                                                          000007feff698df0 7 bytes [48, B8, B9, 8F, E2, 75, 00]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\system32\WS2_32.dll!gethostbyname + 9                                                                                                      000007feff698df9 3 bytes [00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW                                                                                                         000007feff69c090 12 bytes [48, B8, F9, 8D, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\system32\WS2_32.dll!socket + 1                                                                                                             000007feff69de91 11 bytes [B8, 39, D9, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\system32\WS2_32.dll!recv + 1                                                                                                               000007feff69df41 11 bytes [B8, 79, DE, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1648] C:\Windows\system32\WS2_32.dll!WSAConnect + 1                                                                                                         000007feff6be0f1 11 bytes [B8, B9, DC, E2, 75, 00, 00, ...]
.text    C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                          00000000775d1570 6 bytes [48, B8, F0, 12, 82, 01]
.text    C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                      00000000775d1578 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe[1816] C:\Windows\system32\kernel32.dll!UnhandledExceptionFilter + 1                                                             00000000773fb7e1 11 bytes [B8, F0, 12, 9D, 01, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2152] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                   0000000077361b21 11 bytes [B8, 79, BB, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2152] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                             0000000077361c10 12 bytes [48, B8, F9, 39, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[2152] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                                      0000000077362b61 8 bytes [B8, 79, D0, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2152] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                                     0000000077362b6a 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[2152] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                               000000007737db80 12 bytes [48, B8, B9, 2D, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[2152] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                  0000000077380931 11 bytes [B8, B9, E3, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2152] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                                00000000773b52f1 11 bytes [B8, B9, 7A, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2152] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                                00000000773b5311 11 bytes [B8, 39, 77, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2152] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                         00000000773ca5e0 12 bytes [48, B8, B9, 81, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[2152] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                         00000000773ca6f0 12 bytes [48, B8, 39, 7E, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[2152] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                                            00000000773ef491 11 bytes [B8, 79, D7, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2152] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                                            00000000773ef691 11 bytes [B8, F9, D3, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2152] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                                      00000000773ef6c1 8 bytes [B8, F9, CC, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2152] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                                     00000000773ef6ca 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[2152] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                    000007fefd3b1861 11 bytes [B8, 79, 52, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2152] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                    000007fefd3b2db1 11 bytes [B8, 39, AF, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2152] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                 000007fefd3b3461 11 bytes [B8, F9, B0, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2152] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                     000007fefd3b8ef0 12 bytes [48, B8, 79, AD, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[2152] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                       000007fefd3b94c0 12 bytes [48, B8, B9, 50, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[2152] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                 000007fefd3bbfd1 11 bytes [B8, B9, AB, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2152] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                     000007fefd3c2af1 11 bytes [B8, F9, 4E, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2152] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                 000007fefd3e4350 12 bytes [48, B8, B9, 42, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[2152] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                               000007fefd3f0c11 11 bytes [B8, 79, C9, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2152] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                             000007fefd3f2871 8 bytes [B8, 39, 23, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2152] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                            000007fefd3f287a 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[2152] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                   000007fefd3f28b1 11 bytes [B8, F9, 40, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2152] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                    000007fefebd642d 11 bytes [B8, 39, 5B, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2152] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                          000007fefebd6484 12 bytes [48, B8, F9, 55, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[2152] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                000007fefebd6519 11 bytes [B8, 39, 62, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2152] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                          000007fefebd6c34 12 bytes [48, B8, 39, 54, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[2152] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                     000007fefebd7ab5 11 bytes [B8, F9, 5C, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2152] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                 000007fefebd8b01 11 bytes [B8, B9, 57, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2152] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                 000007fefebd8c39 11 bytes [B8, 79, 59, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2152] C:\Windows\system32\WS2_32.dll!WSASend + 1                                                                                                            000007feff6913b1 11 bytes [B8, 79, A6, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2152] C:\Windows\system32\WS2_32.dll!closesocket                                                                                                            000007feff6918e0 12 bytes [48, B8, B9, A4, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[2152] C:\Windows\system32\WS2_32.dll!WSASocketW + 1                                                                                                         000007feff691bd1 11 bytes [B8, F9, A2, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2152] C:\Windows\system32\WS2_32.dll!WSARecv + 1                                                                                                            000007feff692201 11 bytes [B8, 39, E0, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2152] C:\Windows\system32\WS2_32.dll!GetAddrInfoW                                                                                                           000007feff6923c0 12 bytes [48, B8, 39, 8C, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[2152] C:\Windows\system32\WS2_32.dll!connect                                                                                                                000007feff6945c0 12 bytes [48, B8, 79, 67, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[2152] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                               000007feff698001 11 bytes [B8, 39, A1, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2152] C:\Windows\system32\WS2_32.dll!gethostbyname                                                                                                          000007feff698df0 7 bytes [48, B8, B9, 8F, E2, 75, 00]
.text    C:\Windows\system32\svchost.exe[2152] C:\Windows\system32\WS2_32.dll!gethostbyname + 9                                                                                                      000007feff698df9 3 bytes [00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2152] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW                                                                                                         000007feff69c090 12 bytes [48, B8, F9, 8D, E2, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[2152] C:\Windows\system32\WS2_32.dll!socket + 1                                                                                                             000007feff69de91 11 bytes [B8, 39, D9, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2152] C:\Windows\system32\WS2_32.dll!recv + 1                                                                                                               000007feff69df41 11 bytes [B8, 79, DE, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2152] C:\Windows\system32\WS2_32.dll!WSAConnect + 1                                                                                                         000007feff6be0f1 11 bytes [B8, B9, DC, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                  00000000775b92d1 5 bytes [B8, 39, 69, E2, 75]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                                                  00000000775b92d7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                           00000000775d13a0 6 bytes [48, B8, 39, BD, E2, 75]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                                       00000000775d13a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                           00000000775d1470 6 bytes [48, B8, F9, A9, E2, 75]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                       00000000775d1478 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                     00000000775d1510 6 bytes [48, B8, F9, 32, E2, 75]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                 00000000775d1518 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                00000000775d1530 6 bytes [48, B8, 39, 1C, E2, 75]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                            00000000775d1538 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                              00000000775d1550 6 bytes [48, B8, F9, 1D, E2, 75]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                          00000000775d1558 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                00000000775d1570 6 bytes [48, B8, 39, A8, E2, 75]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                            00000000775d1578 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                              00000000775d1650 6 bytes [48, B8, 79, 2F, E2, 75]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                          00000000775d1658 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                 00000000775d1670 6 bytes [48, B8, 79, 36, E2, 75]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                             00000000775d1678 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                  00000000775d1700 6 bytes [48, B8, B9, 34, E2, 75]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                              00000000775d1708 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                 00000000775d1780 6 bytes [48, B8, 39, 2A, E2, 75]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                             00000000775d1788 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                    00000000775d1790 6 bytes [48, B8, B9, 26, E2, 75]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                00000000775d1798 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                   00000000775d1cd0 6 bytes [48, B8, 79, 28, E2, 75]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                               00000000775d1cd8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                  00000000775d1d30 6 bytes [48, B8, F9, 24, E2, 75]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                              00000000775d1d38 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                      00000000775d20a0 6 bytes [48, B8, F9, BE, E2, 75]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                  00000000775d20a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                                  00000000775d25e0 6 bytes [48, B8, 79, 83, E2, 75]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                                              00000000775d25e8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                00000000775d27e0 6 bytes [48, B8, 39, 31, E2, 75]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                            00000000775d27e8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                            00000000775d29a0 6 bytes [48, B8, B9, C0, E2, 75]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                        00000000775d29a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                  00000000775d2a80 6 bytes [48, B8, 79, 3D, E2, 75]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                              00000000775d2a88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                   00000000775d2a90 6 bytes [48, B8, B9, 3B, E2, 75]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                               00000000775d2a98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                      00000000775d2b80 6 bytes [48, B8, 79, E5, E2, 75]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8                                                                                                  00000000775d2b88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                                            0000000077643201 11 bytes [B8, 39, 85, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                              000007fefd3b1861 11 bytes [B8, 79, 52, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                              000007fefd3b2db1 11 bytes [B8, 39, AF, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                           000007fefd3b3461 11 bytes [B8, F9, B0, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                               000007fefd3b8ef0 12 bytes [48, B8, 79, AD, E2, 75, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                 000007fefd3b94c0 12 bytes [48, B8, B9, 50, E2, 75, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                           000007fefd3bbfd1 11 bytes [B8, B9, AB, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                               000007fefd3c2af1 11 bytes [B8, F9, 4E, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                           000007fefd3e4350 12 bytes [48, B8, B9, 42, E2, 75, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                         000007fefd3f0c11 11 bytes [B8, 79, C9, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                       000007fefd3f2871 8 bytes [B8, 39, 23, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                      000007fefd3f287a 2 bytes [50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                             000007fefd3f28b1 11 bytes [B8, F9, 40, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                              000007fefebd642d 11 bytes [B8, 39, 5B, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                    000007fefebd6484 12 bytes [48, B8, F9, 55, E2, 75, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                          000007fefebd6519 11 bytes [B8, 39, 62, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                    000007fefebd6c34 12 bytes [48, B8, 39, 54, E2, 75, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                               000007fefebd7ab5 11 bytes [B8, F9, 5C, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                           000007fefebd8b01 11 bytes [B8, B9, 57, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[2860] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                           000007fefebd8c39 11 bytes [B8, 79, 59, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\sppsvc.exe[3136] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                    0000000077361b21 11 bytes [B8, 79, BB, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\sppsvc.exe[3136] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                              0000000077361c10 12 bytes [48, B8, F9, 39, E2, 75, 00, ...]
.text    C:\Windows\system32\sppsvc.exe[3136] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                                       0000000077362b61 8 bytes [B8, 79, D0, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\sppsvc.exe[3136] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                                      0000000077362b6a 2 bytes [50, C3]
.text    C:\Windows\system32\sppsvc.exe[3136] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                                000000007737db80 12 bytes [48, B8, B9, 2D, E2, 75, 00, ...]
.text    C:\Windows\system32\sppsvc.exe[3136] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                   0000000077380931 11 bytes [B8, B9, E3, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\sppsvc.exe[3136] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                                 00000000773b52f1 11 bytes [B8, B9, 7A, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\sppsvc.exe[3136] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                                 00000000773b5311 11 bytes [B8, 39, 77, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\sppsvc.exe[3136] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                          00000000773ca5e0 12 bytes [48, B8, B9, 81, E2, 75, 00, ...]
.text    C:\Windows\system32\sppsvc.exe[3136] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                          00000000773ca6f0 12 bytes [48, B8, 39, 7E, E2, 75, 00, ...]
.text    C:\Windows\system32\sppsvc.exe[3136] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                                             00000000773ef491 11 bytes [B8, 79, D7, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\sppsvc.exe[3136] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                                             00000000773ef691 11 bytes [B8, F9, D3, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\sppsvc.exe[3136] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                                       00000000773ef6c1 8 bytes [B8, F9, CC, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\sppsvc.exe[3136] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                                      00000000773ef6ca 2 bytes [50, C3]
.text    C:\Windows\system32\sppsvc.exe[3136] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                     000007fefd3b1861 11 bytes [B8, 79, 52, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\sppsvc.exe[3136] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                     000007fefd3b2db1 11 bytes [B8, 39, AF, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\sppsvc.exe[3136] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                  000007fefd3b3461 11 bytes [B8, F9, B0, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\sppsvc.exe[3136] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                      000007fefd3b8ef0 12 bytes [48, B8, 79, AD, E2, 75, 00, ...]
.text    C:\Windows\system32\sppsvc.exe[3136] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                        000007fefd3b94c0 12 bytes [48, B8, B9, 50, E2, 75, 00, ...]
.text    C:\Windows\system32\sppsvc.exe[3136] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                  000007fefd3bbfd1 11 bytes [B8, B9, AB, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\sppsvc.exe[3136] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                      000007fefd3c2af1 11 bytes [B8, F9, 4E, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\sppsvc.exe[3136] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                  000007fefd3e4350 12 bytes [48, B8, B9, 42, E2, 75, 00, ...]
.text    C:\Windows\system32\sppsvc.exe[3136] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                                000007fefd3f0c11 11 bytes [B8, 79, C9, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\sppsvc.exe[3136] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                              000007fefd3f2871 8 bytes [B8, 39, 23, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\sppsvc.exe[3136] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                             000007fefd3f287a 2 bytes [50, C3]
.text    C:\Windows\system32\sppsvc.exe[3136] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                    000007fefd3f28b1 11 bytes [B8, F9, 40, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\sppsvc.exe[3136] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                     000007fefebd642d 11 bytes [B8, 39, 5B, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\sppsvc.exe[3136] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                           000007fefebd6484 12 bytes [48, B8, F9, 55, E2, 75, 00, ...]
.text    C:\Windows\system32\sppsvc.exe[3136] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                 000007fefebd6519 11 bytes [B8, 39, 62, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\sppsvc.exe[3136] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                           000007fefebd6c34 12 bytes [48, B8, 39, 54, E2, 75, 00, ...]
.text    C:\Windows\system32\sppsvc.exe[3136] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                      000007fefebd7ab5 11 bytes [B8, F9, 5C, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\sppsvc.exe[3136] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                  000007fefebd8b01 11 bytes [B8, B9, 57, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\sppsvc.exe[3136] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                  000007fefebd8c39 11 bytes [B8, 79, 59, E2, 75, 00, 00, ...]

slow · 11.01.2015, 18:51

Code:

ATTFilter

.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                       00000000775b92d1 5 bytes [B8, 39, 69, E2, 75]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                                                       00000000775b92d7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                00000000775d13a0 6 bytes [48, B8, 39, BD, E2, 75]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                                            00000000775d13a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                                00000000775d1470 6 bytes [48, B8, F9, A9, E2, 75]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                            00000000775d1478 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                          00000000775d1510 6 bytes [48, B8, F9, 32, E2, 75]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                      00000000775d1518 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                     00000000775d1530 6 bytes [48, B8, 39, 1C, E2, 75]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                                 00000000775d1538 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                                   00000000775d1550 6 bytes [48, B8, F9, 1D, E2, 75]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                               00000000775d1558 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                     00000000775d1570 6 bytes [48, B8, 39, A8, E2, 75]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                 00000000775d1578 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                   00000000775d1650 6 bytes [48, B8, 79, 2F, E2, 75]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                               00000000775d1658 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                      00000000775d1670 6 bytes [48, B8, 79, 36, E2, 75]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                                  00000000775d1678 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                       00000000775d1700 6 bytes [48, B8, B9, 34, E2, 75]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                                   00000000775d1708 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                      00000000775d1780 6 bytes [48, B8, 39, 2A, E2, 75]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                                  00000000775d1788 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                         00000000775d1790 6 bytes [48, B8, B9, 26, E2, 75]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                     00000000775d1798 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                        00000000775d1cd0 6 bytes [48, B8, 79, 28, E2, 75]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                                    00000000775d1cd8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                       00000000775d1d30 6 bytes [48, B8, F9, 24, E2, 75]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                                   00000000775d1d38 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                           00000000775d20a0 6 bytes [48, B8, F9, BE, E2, 75]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                       00000000775d20a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                                       00000000775d25e0 6 bytes [48, B8, 79, 83, E2, 75]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                                                   00000000775d25e8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                     00000000775d27e0 6 bytes [48, B8, 39, 31, E2, 75]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                                 00000000775d27e8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                 00000000775d29a0 6 bytes [48, B8, B9, C0, E2, 75]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                             00000000775d29a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                       00000000775d2a80 6 bytes [48, B8, 79, 3D, E2, 75]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                                   00000000775d2a88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                        00000000775d2a90 6 bytes [48, B8, B9, 3B, E2, 75]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                                    00000000775d2a98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                           00000000775d2b80 6 bytes [48, B8, 79, E5, E2, 75]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8                                                                                                       00000000775d2b88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                                                 0000000077643201 11 bytes [B8, 39, 85, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                  0000000077361b21 11 bytes [B8, 79, BB, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                            0000000077361c10 12 bytes [48, B8, F9, 39, E2, 75, 00, ...]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                                     0000000077362b61 8 bytes [B8, 79, D0, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                                    0000000077362b6a 2 bytes [50, C3]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                              000000007737db80 12 bytes [48, B8, B9, 2D, E2, 75, 00, ...]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                 0000000077380931 11 bytes [B8, B9, E3, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                               00000000773b52f1 11 bytes [B8, B9, 7A, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                               00000000773b5311 11 bytes [B8, 39, 77, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                        00000000773ca5e0 12 bytes [48, B8, B9, 81, E2, 75, 00, ...]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                        00000000773ca6f0 12 bytes [48, B8, 39, 7E, E2, 75, 00, ...]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                                           00000000773ef491 11 bytes [B8, 79, D7, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                                           00000000773ef691 11 bytes [B8, F9, D3, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                                     00000000773ef6c1 8 bytes [B8, F9, CC, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                                    00000000773ef6ca 2 bytes [50, C3]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                   000007fefd3b1861 11 bytes [B8, 79, 52, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                   000007fefd3b2db1 11 bytes [B8, 39, AF, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                000007fefd3b3461 11 bytes [B8, F9, B0, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                    000007fefd3b8ef0 12 bytes [48, B8, 79, AD, E2, 75, 00, ...]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                      000007fefd3b94c0 12 bytes [48, B8, B9, 50, E2, 75, 00, ...]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                000007fefd3bbfd1 11 bytes [B8, B9, AB, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                    000007fefd3c2af1 11 bytes [B8, F9, 4E, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                000007fefd3e4350 12 bytes [48, B8, B9, 42, E2, 75, 00, ...]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                              000007fefd3f0c11 11 bytes [B8, 79, C9, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                            000007fefd3f2871 8 bytes [B8, 39, 23, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                           000007fefd3f287a 2 bytes [50, C3]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                  000007fefd3f28b1 11 bytes [B8, F9, 40, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                   000007fefebd642d 11 bytes [B8, 39, 5B, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                         000007fefebd6484 12 bytes [48, B8, F9, 55, E2, 75, 00, ...]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                               000007fefebd6519 11 bytes [B8, 39, 62, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                         000007fefebd6c34 12 bytes [48, B8, 39, 54, E2, 75, 00, ...]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                    000007fefebd7ab5 11 bytes [B8, F9, 5C, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                000007fefebd8b01 11 bytes [B8, B9, 57, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                000007fefebd8c39 11 bytes [B8, 79, 59, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49                                                                                                  000007fefe5c4ea1 11 bytes [B8, 79, EC, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                                                                                                      000007fefe5c55c8 12 bytes [48, B8, B9, 6C, E2, 75, 00, ...]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                                                                                                      000007fefe5db85c 12 bytes [48, B8, F9, 6A, E2, 75, 00, ...]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW                                                                                                000007fefe5db9d0 12 bytes [48, B8, 79, 60, E2, 75, 00, ...]
.text    C:\Windows\system32\taskhost.exe[3296] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA                                                                                                000007fefe5dba3c 12 bytes [48, B8, B9, 5E, E2, 75, 00, ...]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                                00000000775b92d1 5 bytes [B8, F9, 55, E2, 75]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                                                                00000000775b92d7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                                         00000000775d1470 6 bytes [48, B8, F9, 5C, E2, 75]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                                     00000000775d1478 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                   00000000775d1510 6 bytes [48, B8, F9, 32, E2, 75]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                               00000000775d1518 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                              00000000775d1530 6 bytes [48, B8, 39, 1C, E2, 75]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                                          00000000775d1538 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                                            00000000775d1550 6 bytes [48, B8, F9, 1D, E2, 75]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                                        00000000775d1558 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                              00000000775d1570 6 bytes [48, B8, 39, 5B, E2, 75]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                          00000000775d1578 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                            00000000775d1650 6 bytes [48, B8, 79, 2F, E2, 75]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                                        00000000775d1658 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                               00000000775d1670 6 bytes [48, B8, 79, 36, E2, 75]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                                           00000000775d1678 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                00000000775d1700 6 bytes [48, B8, B9, 34, E2, 75]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                                            00000000775d1708 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                               00000000775d1780 6 bytes [48, B8, 39, 2A, E2, 75]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                                           00000000775d1788 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                  00000000775d1790 6 bytes [48, B8, B9, 26, E2, 75]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                              00000000775d1798 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                                 00000000775d1cd0 6 bytes [48, B8, 79, 28, E2, 75]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                                             00000000775d1cd8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                00000000775d1d30 6 bytes [48, B8, F9, 24, E2, 75]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                                            00000000775d1d38 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                    00000000775d20a0 6 bytes [48, B8, B9, 5E, E2, 75]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                                00000000775d20a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                              00000000775d27e0 6 bytes [48, B8, 39, 31, E2, 75]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                                          00000000775d27e8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                          00000000775d29a0 6 bytes [48, B8, 79, 60, E2, 75]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                                      00000000775d29a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                00000000775d2a80 6 bytes [48, B8, 79, 3D, E2, 75]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                                            00000000775d2a88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                 00000000775d2a90 6 bytes [48, B8, B9, 3B, E2, 75]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                                             00000000775d2a98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                    00000000775d2b80 6 bytes [48, B8, 79, 75, E2, 75]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8                                                                                                                00000000775d2b88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                                     0000000077361c10 12 bytes [48, B8, F9, 39, E2, 75, 00, ...]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                                              0000000077362b61 8 bytes [B8, 39, 69, E2, 75, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                                             0000000077362b6a 2 bytes [50, C3]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                                       000000007737db80 12 bytes [48, B8, B9, 2D, E2, 75, 00, ...]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                          0000000077380931 11 bytes [B8, B9, 73, E2, 75, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                                                    00000000773ef491 11 bytes [B8, 39, 70, E2, 75, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                                                    00000000773ef691 11 bytes [B8, B9, 6C, E2, 75, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                                              00000000773ef6c1 8 bytes [B8, B9, 65, E2, 75, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                                             00000000773ef6ca 2 bytes [50, C3]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                         000007fefd3e4350 12 bytes [48, B8, B9, 42, E2, 75, 00, ...]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                                       000007fefd3f0c11 11 bytes [B8, 39, 62, E2, 75, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                                     000007fefd3f2871 8 bytes [B8, 39, 23, E2, 75, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                                    000007fefd3f287a 2 bytes [50, C3]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                           000007fefd3f28b1 11 bytes [B8, F9, 40, E2, 75, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                            000007fefebd642d 11 bytes [B8, 79, 4B, E2, 75, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                                  000007fefebd6484 12 bytes [48, B8, 39, 46, E2, 75, 00, ...]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                        000007fefebd6519 11 bytes [B8, 79, 52, E2, 75, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                                  000007fefebd6c34 12 bytes [48, B8, 79, 44, E2, 75, 00, ...]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                             000007fefebd7ab5 11 bytes [B8, 39, 4D, E2, 75, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                         000007fefebd8b01 11 bytes [B8, F9, 47, E2, 75, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                         000007fefebd8c39 11 bytes [B8, B9, 49, E2, 75, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[3244] C:\Windows\system32\WS2_32.dll!connect                                                                                                                        000007feff6945c0 12 bytes [48, B8, 39, 54, E2, 75, 00, ...]
.text    C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                            00000000775d1570 6 bytes [48, B8, F0, 12, 24, 02]
.text    C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                        00000000775d1578 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[3092] C:\Windows\system32\kernel32.dll!UnhandledExceptionFilter + 1                                                               00000000773fb7e1 11 bytes [B8, F0, 12, 49, 02, 00, 00, ...]
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtReadFile                                                                                                       000000007777f8f0 5 bytes JMP 00000001757e6619
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                                          000000007777f9e0 5 bytes JMP 00000001757e5c99
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess                                                                                          000000007777fb28 5 bytes JMP 00000001757e56a9
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                                                                                    000000007777fc20 5 bytes JMP 00000001757e31d9
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection                                                                                               000000007777fc50 5 bytes JMP 00000001757e15f1
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection                                                                                             000000007777fc80 5 bytes JMP 00000001757e1689
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                               000000007777fcb0 5 bytes JMP 00000001757e5611
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                                                             000000007777fe14 5 bytes JMP 00000001757e30a9
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject                                                                                                000000007777fe44 5 bytes JMP 00000001757e3309
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread                                                                                                 000000007777ff24 5 bytes JMP 00000001757e3271
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx                                                                                                000000007777ffec 5 bytes JMP 00000001757e2ee1
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                                   0000000077780004 5 bytes JMP 00000001757e2db1
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                                     00000000777800b4 5 bytes JMP 00000001757e1ed9
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                                                    00000000777801c4 5 bytes JMP 00000001757e2301
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess                                                                                                  0000000077780814 5 bytes JMP 00000001757e2e49
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                                 00000000777808a4 5 bytes JMP 00000001757e2d19
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                                     0000000077780df4 5 bytes JMP 00000001757e5d31
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError                                                                                                 0000000077781604 5 bytes JMP 00000001757e4ac9
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                                               0000000077781920 5 bytes JMP 00000001757e3141
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                                           0000000077781be4 5 bytes JMP 00000001757e5dc9
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess                                                                                                 0000000077781d54 5 bytes JMP 00000001757e3439
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                                                  0000000077781d70 5 bytes JMP 00000001757e33a1
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl                                                                                                     0000000077781ee8 5 bytes JMP 00000001757e69a9
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter                                                                                       00000000777988c4 5 bytes JMP 00000001757e1ab1
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx                                                                                     00000000777c0d3b 5 bytes JMP 00000001757e2009
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\SysWOW64\ntdll.dll!RtlReportException                                                                                               000000007780860f 5 bytes JMP 00000001757e4b61
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters                                                                                       000000007780e8ab 5 bytes JMP 00000001757e1f71
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA                                                                                               0000000076f60e00 5 bytes JMP 00000001757e1da9
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                                0000000076f61072 5 bytes JMP 00000001757e2a21
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                                                                                                  0000000076f6499f 5 bytes JMP 00000001757e25f9
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                                                                        0000000076f73bbb 5 bytes JMP 00000001757e3011
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW                                                                                         0000000076f79aa4 5 bytes JMP 00000001757e6581
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\kernel32.dll!MoveFileExW                                                                                                   0000000076f79b05 5 bytes JMP 00000001757e6321
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot                                                                                      0000000076f87327 5 bytes JMP 00000001757e2729
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\kernel32.dll!Process32NextW                                                                                                0000000076f888da 5 bytes JMP 00000001757e5c01
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\kernel32.dll!MoveFileExA                                                                                                   0000000076f8ccb1 5 bytes JMP 00000001757e61f1
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA                                                                                         0000000076f8ccd1 5 bytes JMP 00000001757e6451
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\kernel32.dll!WinExec                                                                                                       0000000076fe2ff1 5 bytes JMP 00000001757e28f1
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA                                                                                             000000007700748b 5 bytes JMP 00000001757e46a1
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW                                                                                             00000000770074ae 5 bytes JMP 00000001757e47d1
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\kernel32.dll!ReadConsoleA                                                                                                  0000000077007859 5 bytes JMP 00000001757e4901
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\kernel32.dll!ReadConsoleW                                                                                                  00000000770078d2 5 bytes JMP 00000001757e4a31
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime                                                                                     0000000075608f8d 5 bytes JMP 00000000757e1a19
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle                                                                                                 000000007560c436 5 bytes JMP 00000000757e3b59
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory                                                                                          000000007560eca6 5 bytes JMP 00000000757e3601
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess                                                                                                 000000007560f206 5 bytes JMP 00000000757e2399
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW                                                                                             000000007560fa89 5 bytes JMP 00000000757e1e41
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW                                                                                            000000007560fbb7 5 bytes JMP 00000000757e60c1
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW                                                                                                0000000075611358 5 bytes JMP 00000000757e3ac1
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW                                                                                                  000000007561137f 5 bytes JMP 00000000757e3a29
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                                            0000000075611d29 5 bytes JMP 00000000757e1981
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress                                                                                              0000000075611e15 5 bytes JMP 00000000757e24c9
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                                              0000000075612ab1 5 bytes JMP 00000000757e57d9
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA                                                                                              0000000075612cd9 5 bytes JMP 00000000757e5741
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                                                 0000000075612d17 5 bytes JMP 00000000757e5871
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA                                                                                            0000000075612e7a 5 bytes JMP 00000000757e18e9
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\KERNELBASE.dll!SleepEx                                                                                                     0000000075613b70 5 bytes JMP 00000000757e2269
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\KERNELBASE.dll!Sleep                                                                                                       0000000075614496 5 bytes JMP 00000000757e2431
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\KERNELBASE.dll!CreateThread                                                                                                0000000075614608 5 bytes JMP 00000000757e3569
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread                                                                                          0000000075614631 5 bytes JMP 00000000757e2c81
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA                                                                                                 000000007561c734 5 bytes JMP 00000000757e27c1
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\ADVAPI32.DLL!OpenServiceW                                                                                                  000000007690c9ec 5 bytes JMP 00000001757e3c89
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\ADVAPI32.DLL!OpenServiceA                                                                                                  0000000076912b70 5 bytes JMP 00000001757e3bf1
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\ADVAPI32.DLL!CloseServiceHandle                                                                                            000000007691361c 5 bytes JMP 00000001757e40b1
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\ADVAPI32.DLL!RegOpenKeyExA + 222                                                                                           0000000076914965 5 bytes JMP 00000001757e6b71
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\ADVAPI32.DLL!CreateServiceW                                                                                                00000000769270c4 5 bytes JMP 00000001757e4311
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\ADVAPI32.DLL!ControlService                                                                                                00000000769270dc 5 bytes JMP 00000001757e3e51
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\ADVAPI32.DLL!DeleteService                                                                                                 00000000769270f4 5 bytes JMP 00000001757e3ee9
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\ADVAPI32.DLL!ChangeServiceConfigA                                                                                          00000000769431f4 5 bytes JMP 00000001757e3f81
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\ADVAPI32.DLL!ChangeServiceConfigW                                                                                          0000000076943204 5 bytes JMP 00000001757e4019
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\ADVAPI32.DLL!ControlServiceExA                                                                                             0000000076943214 5 bytes JMP 00000001757e3d21
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\ADVAPI32.DLL!ControlServiceExW                                                                                             0000000076943224 5 bytes JMP 00000001757e3db9
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\ADVAPI32.DLL!CreateServiceA                                                                                                0000000076943264 5 bytes JMP 00000001757e4279
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\msvcrt.dll!_lock + 41                                                                                                      000000000041a472 5 bytes JMP 00000000757e6c09
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\msvcrt.dll!__p__fmode                                                                                                      00000000004227ce 5 bytes JMP 00000000757e1be1
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\msvcrt.dll!__p__environ                                                                                                    000000000042e6cf 5 bytes JMP 00000000757e1b49
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                        00000000758e1465 2 bytes [8E, 75]
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                       00000000758e14bb 2 bytes [8E, 75]
.text    ...                                                                                                                                                                                         * 2
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\USER32.dll!GetMessageW                                                                                                     0000000075a778e2 5 bytes JMP 00000001757e4441
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\USER32.dll!GetMessageA                                                                                                     0000000075a77bd3 5 bytes JMP 00000001757e43a9
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                                                 0000000075a78a29 5 bytes JMP 00000001757e4f89
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\USER32.dll!FindWindowW                                                                                                     0000000075a798fd 5 bytes JMP 00000001757e5a39
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize                                                                                         0000000075a7b6ed 5 bytes JMP 00000001757e6ca1
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\USER32.dll!CreateWindowExA                                                                                                 0000000075a7d22e 5 bytes JMP 00000001757e5021
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                                                 0000000075a7ee09 5 bytes JMP 00000001757e34d1
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\USER32.dll!FindWindowA                                                                                                     0000000075a7ffe6 5 bytes JMP 00000001757e5909
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\USER32.dll!FindWindowExA                                                                                                   0000000075a800d9 5 bytes JMP 00000001757e59a1
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\USER32.dll!PeekMessageW                                                                                                    0000000075a805ba 5 bytes JMP 00000001757e4571
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\USER32.dll!ShowWindow                                                                                                      0000000075a80dfb 5 bytes JMP 00000001757e50b9
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\USER32.dll!PostMessageW                                                                                                    0000000075a812a5 5 bytes JMP 00000001757e6ad9
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\USER32.dll!SetWindowTextW                                                                                                  0000000075a820ec 5 bytes JMP 00000001757e5449
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\USER32.dll!PostMessageA                                                                                                    0000000075a83baa 5 bytes JMP 00000001757e6a41
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\USER32.dll!PeekMessageA                                                                                                    0000000075a85f74 5 bytes JMP 00000001757e44d9
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\USER32.dll!CallNextHookEx                                                                                                  0000000075a86285 5 bytes JMP 00000001757e4bf9
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                                               0000000075a87603 5 bytes JMP 00000001757e2be9
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\USER32.dll!SetWindowTextA                                                                                                  0000000075a87aee 5 bytes JMP 00000001757e53b1
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                                               0000000075a8835c 5 bytes JMP 00000001757e2b51
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW                                                                                      0000000075a9ce54 5 bytes JMP 00000001757e51e9
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                                                             0000000075a9f52b 5 bytes JMP 00000001757e4c91
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\USER32.dll!FindWindowExW                                                                                                   0000000075a9f588 5 bytes JMP 00000001757e5ad1
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW                                                                                   0000000075aa10a0 5 bytes JMP 00000001757e5151
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\USER32.dll!MessageBoxExA                                                                                                   0000000075acfcd6 2 bytes JMP 00000001757e5281
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 3                                                                                               0000000075acfcd9 2 bytes [D1, FF]
.text    C:\Users\Daniel\Downloads\Defogger.exe[3768] C:\Windows\syswow64\USER32.dll!MessageBoxExW                                                                                                   0000000075acfcfa 5 bytes JMP 00000001757e5319
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                 00000000775b92d1 5 bytes [B8, 39, 69, E2, 75]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                                                 00000000775b92d7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                          00000000775d13a0 6 bytes [48, B8, 39, BD, E2, 75]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                                      00000000775d13a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                          00000000775d1470 6 bytes [48, B8, F9, A9, E2, 75]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                      00000000775d1478 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                    00000000775d1510 6 bytes [48, B8, F9, 32, E2, 75]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                00000000775d1518 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                               00000000775d1530 6 bytes [48, B8, 39, 1C, E2, 75]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                           00000000775d1538 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                             00000000775d1550 6 bytes [48, B8, F9, 1D, E2, 75]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                         00000000775d1558 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                               00000000775d1570 6 bytes [48, B8, 39, A8, E2, 75]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                           00000000775d1578 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                             00000000775d1650 6 bytes [48, B8, 79, 2F, E2, 75]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                         00000000775d1658 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                00000000775d1670 6 bytes [48, B8, 79, 36, E2, 75]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                            00000000775d1678 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                 00000000775d1700 6 bytes [48, B8, B9, 34, E2, 75]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                             00000000775d1708 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                00000000775d1780 6 bytes [48, B8, 39, 2A, E2, 75]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                            00000000775d1788 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                   00000000775d1790 6 bytes [48, B8, B9, 26, E2, 75]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                               00000000775d1798 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                  00000000775d1cd0 6 bytes [48, B8, 79, 28, E2, 75]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                              00000000775d1cd8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                 00000000775d1d30 6 bytes [48, B8, F9, 24, E2, 75]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                             00000000775d1d38 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                     00000000775d20a0 6 bytes [48, B8, F9, BE, E2, 75]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                 00000000775d20a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                                 00000000775d25e0 6 bytes [48, B8, 79, 83, E2, 75]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                                             00000000775d25e8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                               00000000775d27e0 6 bytes [48, B8, 39, 31, E2, 75]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                           00000000775d27e8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                           00000000775d29a0 6 bytes [48, B8, B9, C0, E2, 75]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                       00000000775d29a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                 00000000775d2a80 6 bytes [48, B8, 79, 3D, E2, 75]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                             00000000775d2a88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                  00000000775d2a90 6 bytes [48, B8, B9, 3B, E2, 75]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                              00000000775d2a98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                     00000000775d2b80 6 bytes [48, B8, 79, E5, E2, 75]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8                                                                                                 00000000775d2b88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                                           0000000077643201 11 bytes [B8, 39, 85, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                            0000000077361b21 11 bytes [B8, 79, BB, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                      0000000077361c10 12 bytes [48, B8, F9, 39, E2, 75, 00, ...]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                               0000000077362b61 8 bytes [B8, 79, D0, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                              0000000077362b6a 2 bytes [50, C3]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                        000000007737db80 12 bytes [48, B8, B9, 2D, E2, 75, 00, ...]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                           0000000077380931 11 bytes [B8, B9, E3, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                         00000000773b52f1 11 bytes [B8, B9, 7A, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                         00000000773b5311 11 bytes [B8, 39, 77, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                  00000000773ca5e0 12 bytes [48, B8, B9, 81, E2, 75, 00, ...]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                  00000000773ca6f0 12 bytes [48, B8, 39, 7E, E2, 75, 00, ...]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                                     00000000773ef491 11 bytes [B8, 79, D7, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                                     00000000773ef691 11 bytes [B8, F9, D3, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                               00000000773ef6c1 8 bytes [B8, F9, CC, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                              00000000773ef6ca 2 bytes [50, C3]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                             000007fefd3b1861 11 bytes [B8, 79, 52, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                             000007fefd3b2db1 11 bytes [B8, 39, AF, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                          000007fefd3b3461 11 bytes [B8, F9, B0, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                              000007fefd3b8ef0 12 bytes [48, B8, 79, AD, E2, 75, 00, ...]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                000007fefd3b94c0 12 bytes [48, B8, B9, 50, E2, 75, 00, ...]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                          000007fefd3bbfd1 11 bytes [B8, B9, AB, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                              000007fefd3c2af1 11 bytes [B8, F9, 4E, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                          000007fefd3e4350 12 bytes [48, B8, B9, 42, E2, 75, 00, ...]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                        000007fefd3f0c11 11 bytes [B8, 79, C9, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                      000007fefd3f2871 8 bytes [B8, 39, 23, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                     000007fefd3f287a 2 bytes [50, C3]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                            000007fefd3f28b1 11 bytes [B8, F9, 40, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49                                                                                            000007fefe5c4ea1 11 bytes [B8, B9, EA, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                                                                                                000007fefe5c55c8 12 bytes [48, B8, B9, 6C, E2, 75, 00, ...]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                                                                                                000007fefe5db85c 12 bytes [48, B8, F9, 6A, E2, 75, 00, ...]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW                                                                                          000007fefe5db9d0 12 bytes [48, B8, 79, 60, E2, 75, 00, ...]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA                                                                                          000007fefe5dba3c 12 bytes [48, B8, B9, 5E, E2, 75, 00, ...]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                             000007fefebd642d 11 bytes [B8, 39, 5B, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                   000007fefebd6484 12 bytes [48, B8, F9, 55, E2, 75, 00, ...]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                         000007fefebd6519 11 bytes [B8, 39, 62, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                   000007fefebd6c34 12 bytes [48, B8, 39, 54, E2, 75, 00, ...]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                              000007fefebd7ab5 11 bytes [B8, F9, 5C, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                          000007fefebd8b01 11 bytes [B8, B9, 57, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\IEEtwCollector.exe[3224] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                          000007fefebd8c39 11 bytes [B8, 79, 59, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                        00000000775b92d1 5 bytes [B8, 39, 69, E2, 75]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                                                        00000000775b92d7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                 00000000775d13a0 6 bytes [48, B8, 39, BD, E2, 75]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                                             00000000775d13a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                                 00000000775d1470 6 bytes [48, B8, F9, A9, E2, 75]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                             00000000775d1478 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                           00000000775d1510 6 bytes [48, B8, F9, 32, E2, 75]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                       00000000775d1518 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                      00000000775d1530 6 bytes [48, B8, 39, 1C, E2, 75]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                                  00000000775d1538 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                                    00000000775d1550 6 bytes [48, B8, F9, 1D, E2, 75]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                                00000000775d1558 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                      00000000775d1570 6 bytes [48, B8, 39, A8, E2, 75]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                  00000000775d1578 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                    00000000775d1650 6 bytes [48, B8, 79, 2F, E2, 75]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                                00000000775d1658 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                       00000000775d1670 6 bytes [48, B8, 79, 36, E2, 75]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                                   00000000775d1678 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                        00000000775d1700 6 bytes [48, B8, B9, 34, E2, 75]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                                    00000000775d1708 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                       00000000775d1780 6 bytes [48, B8, 39, 2A, E2, 75]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                                   00000000775d1788 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                          00000000775d1790 6 bytes [48, B8, B9, 26, E2, 75]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                      00000000775d1798 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                         00000000775d1cd0 6 bytes [48, B8, 79, 28, E2, 75]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                                     00000000775d1cd8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                        00000000775d1d30 6 bytes [48, B8, F9, 24, E2, 75]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                                    00000000775d1d38 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                            00000000775d20a0 6 bytes [48, B8, F9, BE, E2, 75]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                        00000000775d20a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                                        00000000775d25e0 6 bytes [48, B8, 79, 83, E2, 75]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                                                    00000000775d25e8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                      00000000775d27e0 6 bytes [48, B8, 39, 31, E2, 75]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                                  00000000775d27e8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                  00000000775d29a0 6 bytes [48, B8, B9, C0, E2, 75]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                              00000000775d29a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                        00000000775d2a80 6 bytes [48, B8, 79, 3D, E2, 75]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                                    00000000775d2a88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                         00000000775d2a90 6 bytes [48, B8, B9, 3B, E2, 75]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                                     00000000775d2a98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                            00000000775d2b80 6 bytes [48, B8, 79, E5, E2, 75]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8                                                                                                        00000000775d2b88 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                                                  0000000077643201 11 bytes [B8, 39, 85, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                   0000000077361b21 11 bytes [B8, 79, BB, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                             0000000077361c10 12 bytes [48, B8, F9, 39, E2, 75, 00, ...]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                                      0000000077362b61 8 bytes [B8, 79, D0, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                                     0000000077362b6a 2 bytes [50, C3]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                               000000007737db80 12 bytes [48, B8, B9, 2D, E2, 75, 00, ...]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                  0000000077380931 11 bytes [B8, B9, E3, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                                00000000773b52f1 11 bytes [B8, B9, 7A, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                                00000000773b5311 11 bytes [B8, 39, 77, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                         00000000773ca5e0 12 bytes [48, B8, B9, 81, E2, 75, 00, ...]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                         00000000773ca6f0 12 bytes [48, B8, 39, 7E, E2, 75, 00, ...]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                                            00000000773ef491 11 bytes [B8, 79, D7, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                                            00000000773ef691 11 bytes [B8, F9, D3, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                                      00000000773ef6c1 8 bytes [B8, F9, CC, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                                     00000000773ef6ca 2 bytes [50, C3]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                    000007fefd3b1861 11 bytes [B8, 79, 52, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                    000007fefd3b2db1 11 bytes [B8, 39, AF, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                 000007fefd3b3461 11 bytes [B8, F9, B0, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                     000007fefd3b8ef0 12 bytes [48, B8, 79, AD, E2, 75, 00, ...]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                       000007fefd3b94c0 12 bytes [48, B8, B9, 50, E2, 75, 00, ...]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                 000007fefd3bbfd1 11 bytes [B8, B9, AB, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                     000007fefd3c2af1 11 bytes [B8, F9, 4E, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                 000007fefd3e4350 12 bytes [48, B8, B9, 42, E2, 75, 00, ...]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                               000007fefd3f0c11 11 bytes [B8, 79, C9, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                             000007fefd3f2871 8 bytes [B8, 39, 23, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                            000007fefd3f287a 2 bytes [50, C3]

slow · 11.01.2015, 18:53

Code:

ATTFilter

.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                   000007fefd3f28b1 11 bytes [B8, F9, 40, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49                                                                                                   000007fefe5c4ea1 11 bytes [B8, 79, EC, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                                                                                                       000007fefe5c55c8 12 bytes [48, B8, B9, 6C, E2, 75, 00, ...]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                                                                                                       000007fefe5db85c 12 bytes [48, B8, F9, 6A, E2, 75, 00, ...]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW                                                                                                 000007fefe5db9d0 12 bytes [48, B8, 79, 60, E2, 75, 00, ...]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA                                                                                                 000007fefe5dba3c 12 bytes [48, B8, B9, 5E, E2, 75, 00, ...]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                    000007fefebd642d 11 bytes [B8, 39, 5B, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                          000007fefebd6484 12 bytes [48, B8, F9, 55, E2, 75, 00, ...]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                000007fefebd6519 11 bytes [B8, 39, 62, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                          000007fefebd6c34 12 bytes [48, B8, 39, 54, E2, 75, 00, ...]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                     000007fefebd7ab5 11 bytes [B8, F9, 5C, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                 000007fefebd8b01 11 bytes [B8, B9, 57, E2, 75, 00, 00, ...]
.text    C:\Windows\system32\DllHost.exe[3788] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                 000007fefebd8c39 11 bytes [B8, 79, 59, E2, 75, 00, 00, ...]
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtReadFile                                                                                                     000000007777f8f0 5 bytes JMP 00000001757e6619
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                                        000000007777f9e0 5 bytes JMP 00000001757e5c99
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess                                                                                        000000007777fb28 5 bytes JMP 00000001757e56a9
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                                                                                  000000007777fc20 5 bytes JMP 00000001757e31d9
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection                                                                                             000000007777fc50 5 bytes JMP 00000001757e15f1
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection                                                                                           000000007777fc80 5 bytes JMP 00000001757e1689
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                             000000007777fcb0 5 bytes JMP 00000001757e5611
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                                                           000000007777fe14 5 bytes JMP 00000001757e30a9
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject                                                                                              000000007777fe44 5 bytes JMP 00000001757e3309
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread                                                                                               000000007777ff24 5 bytes JMP 00000001757e3271
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx                                                                                              000000007777ffec 5 bytes JMP 00000001757e2ee1
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                                 0000000077780004 5 bytes JMP 00000001757e2db1
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                                   00000000777800b4 5 bytes JMP 00000001757e1ed9
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                                                  00000000777801c4 5 bytes JMP 00000001757e2301
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess                                                                                                0000000077780814 5 bytes JMP 00000001757e2e49
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                               00000000777808a4 5 bytes JMP 00000001757e2d19
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                                   0000000077780df4 5 bytes JMP 00000001757e5d31
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError                                                                                               0000000077781604 5 bytes JMP 00000001757e4ac9
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                                             0000000077781920 5 bytes JMP 00000001757e3141
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                                         0000000077781be4 5 bytes JMP 00000001757e5dc9
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess                                                                                               0000000077781d54 5 bytes JMP 00000001757e3439
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                                                0000000077781d70 5 bytes JMP 00000001757e33a1
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl                                                                                                   0000000077781ee8 5 bytes JMP 00000001757e69a9
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter                                                                                     00000000777988c4 5 bytes JMP 00000001757e1ab1
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx                                                                                   00000000777c0d3b 5 bytes JMP 00000001757e2009
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\SysWOW64\ntdll.dll!RtlReportException                                                                                             000000007780860f 5 bytes JMP 00000001757e4b61
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters                                                                                     000000007780e8ab 5 bytes JMP 00000001757e1f71
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA                                                                                             0000000076f60e00 5 bytes JMP 00000001757e1da9
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                              0000000076f61072 5 bytes JMP 00000001757e2a21
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                                                                                                0000000076f6499f 5 bytes JMP 00000001757e25f9
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                                                                      0000000076f73bbb 5 bytes JMP 00000001757e3011
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW                                                                                       0000000076f79aa4 5 bytes JMP 00000001757e6581
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\kernel32.dll!MoveFileExW                                                                                                 0000000076f79b05 5 bytes JMP 00000001757e6321
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot                                                                                    0000000076f87327 5 bytes JMP 00000001757e2729
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\kernel32.dll!Process32NextW                                                                                              0000000076f888da 5 bytes JMP 00000001757e5c01
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\kernel32.dll!MoveFileExA                                                                                                 0000000076f8ccb1 5 bytes JMP 00000001757e61f1
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA                                                                                       0000000076f8ccd1 5 bytes JMP 00000001757e6451
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\kernel32.dll!WinExec                                                                                                     0000000076fe2ff1 5 bytes JMP 00000001757e28f1
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA                                                                                           000000007700748b 5 bytes JMP 00000001757e46a1
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW                                                                                           00000000770074ae 5 bytes JMP 00000001757e47d1
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\kernel32.dll!ReadConsoleA                                                                                                0000000077007859 5 bytes JMP 00000001757e4901
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\kernel32.dll!ReadConsoleW                                                                                                00000000770078d2 5 bytes JMP 00000001757e4a31
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime                                                                                   0000000075608f8d 5 bytes JMP 00000000757e1a19
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle                                                                                               000000007560c436 5 bytes JMP 00000000757e3b59
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory                                                                                        000000007560eca6 5 bytes JMP 00000000757e3601
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess                                                                                               000000007560f206 5 bytes JMP 00000000757e2399
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW                                                                                           000000007560fa89 5 bytes JMP 00000000757e1e41
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW                                                                                          000000007560fbb7 5 bytes JMP 00000000757e60c1
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW                                                                                              0000000075611358 5 bytes JMP 00000000757e3ac1
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW                                                                                                000000007561137f 5 bytes JMP 00000000757e3a29
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                                          0000000075611d29 5 bytes JMP 00000000757e1981
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress                                                                                            0000000075611e15 5 bytes JMP 00000000757e24c9
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                                            0000000075612ab1 5 bytes JMP 00000000757e57d9
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA                                                                                            0000000075612cd9 5 bytes JMP 00000000757e5741
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                                               0000000075612d17 5 bytes JMP 00000000757e5871
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA                                                                                          0000000075612e7a 5 bytes JMP 00000000757e18e9
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\KERNELBASE.dll!SleepEx                                                                                                   0000000075613b70 5 bytes JMP 00000000757e2269
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\KERNELBASE.dll!Sleep                                                                                                     0000000075614496 5 bytes JMP 00000000757e2431
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\KERNELBASE.dll!CreateThread                                                                                              0000000075614608 5 bytes JMP 00000000757e3569
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread                                                                                        0000000075614631 5 bytes JMP 00000000757e2c81
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA                                                                                               000000007561c734 5 bytes JMP 00000000757e27c1
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW                                                                                                000000007690c9ec 5 bytes JMP 00000001757e3c89
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA                                                                                                0000000076912b70 5 bytes JMP 00000001757e3bf1
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle                                                                                          000000007691361c 5 bytes JMP 00000001757e40b1
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222                                                                                         0000000076914965 5 bytes JMP 00000001757e6b71
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                                                                              00000000769270c4 5 bytes JMP 00000001757e4311
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\ADVAPI32.dll!ControlService                                                                                              00000000769270dc 5 bytes JMP 00000001757e3e51
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\ADVAPI32.dll!DeleteService                                                                                               00000000769270f4 5 bytes JMP 00000001757e3ee9
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA                                                                                        00000000769431f4 5 bytes JMP 00000001757e3f81
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW                                                                                        0000000076943204 5 bytes JMP 00000001757e4019
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA                                                                                           0000000076943214 5 bytes JMP 00000001757e3d21
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW                                                                                           0000000076943224 5 bytes JMP 00000001757e3db9
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                                                                              0000000076943264 5 bytes JMP 00000001757e4279
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\msvcrt.dll!_lock + 41                                                                                                    000000000065a472 5 bytes JMP 00000000757e6c09
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\msvcrt.dll!__p__fmode                                                                                                    00000000006627ce 5 bytes JMP 00000000757e1be1
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\msvcrt.dll!__p__environ                                                                                                  000000000066e6cf 5 bytes JMP 00000000757e1b49
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\USER32.dll!GetMessageW                                                                                                   0000000075a778e2 5 bytes JMP 00000001757e4441
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\USER32.dll!GetMessageA                                                                                                   0000000075a77bd3 5 bytes JMP 00000001757e43a9
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                                               0000000075a78a29 5 bytes JMP 00000001757e4f89
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\USER32.dll!FindWindowW                                                                                                   0000000075a798fd 5 bytes JMP 00000001757e5a39
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize                                                                                       0000000075a7b6ed 5 bytes JMP 00000001757e6ca1
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\USER32.dll!CreateWindowExA                                                                                               0000000075a7d22e 5 bytes JMP 00000001757e5021
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                                               0000000075a7ee09 5 bytes JMP 00000001757e34d1
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\USER32.dll!FindWindowA                                                                                                   0000000075a7ffe6 5 bytes JMP 00000001757e5909
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\USER32.dll!FindWindowExA                                                                                                 0000000075a800d9 5 bytes JMP 00000001757e59a1
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\USER32.dll!PeekMessageW                                                                                                  0000000075a805ba 5 bytes JMP 00000001757e4571
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\USER32.dll!ShowWindow                                                                                                    0000000075a80dfb 5 bytes JMP 00000001757e50b9
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\USER32.dll!PostMessageW                                                                                                  0000000075a812a5 5 bytes JMP 00000001757e6ad9
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\USER32.dll!SetWindowTextW                                                                                                0000000075a820ec 5 bytes JMP 00000001757e5449
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\USER32.dll!PostMessageA                                                                                                  0000000075a83baa 5 bytes JMP 00000001757e6a41
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\USER32.dll!PeekMessageA                                                                                                  0000000075a85f74 5 bytes JMP 00000001757e44d9
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\USER32.dll!CallNextHookEx                                                                                                0000000075a86285 5 bytes JMP 00000001757e4bf9
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                                             0000000075a87603 5 bytes JMP 00000001757e2be9
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\USER32.dll!SetWindowTextA                                                                                                0000000075a87aee 5 bytes JMP 00000001757e53b1
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                                             0000000075a8835c 5 bytes JMP 00000001757e2b51
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW                                                                                    0000000075a9ce54 5 bytes JMP 00000001757e51e9
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                                                           0000000075a9f52b 5 bytes JMP 00000001757e4c91
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\USER32.dll!FindWindowExW                                                                                                 0000000075a9f588 5 bytes JMP 00000001757e5ad1
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW                                                                                 0000000075aa10a0 5 bytes JMP 00000001757e5151
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\USER32.dll!MessageBoxExA                                                                                                 0000000075acfcd6 2 bytes JMP 00000001757e5281
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 3                                                                                             0000000075acfcd9 2 bytes [D1, FF]
.text    C:\Users\Daniel\Downloads\Gmer-19357.exe[1376] C:\Windows\syswow64\USER32.dll!MessageBoxExW                                                                                                 0000000075acfcfa 5 bytes JMP 00000001757e5319

---- Modules - GMER 2.1 ----

Module   \??\C:\Users\ADMINI~1\AppData\Local\Temp\uwrirpod.sys (GMER)                                                                                                                                fffff88005dc1000-fffff88005dd1000 (65536 bytes)

---- Threads - GMER 2.1 ----

Thread   C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3048:1428]                                                                                                                      0000000076d67587
Thread   C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3048:2740]                                                                                                                      0000000072097712
Thread   C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3048:3100]                                                                                                                      00000000777b2e65
Thread   C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3048:3676]                                                                                                                      00000000777b3e85
Thread   C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3048:3764]                                                                                                                      00000000777b3e85
Thread   C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3048:3776]                                                                                                                      00000000777b3e85
---- Processes - GMER 2.1 ----

Library  \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\trufos.dll (*** suspicious ***) @ C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [772] (FILE NOT FOUND)  000007fefb820000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\Control\SQMServiceList@SQMServiceList                                                                                                                         netprofm,netman
Reg      HKLM\SYSTEM\ControlSet002\Control\SQMServiceList@SQMServiceList                                                                                                                             netprofm,netman

---- EOF - GMER 2.1 ----

Mein Gott war das viel^^

Ich hoffe es bringt was und wir können anfangen zu cleanen.

MfG slow

schrauber · 11.01.2015, 20:59

hi,

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

slow · 12.01.2015, 03:32

Danke für die Antwort schrauber,
Habe mbar geupdated, durchlaufen lassen aber es wurde nichts gefunden.

Hier die Log file:

Code:

ATTFilter

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17501

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.842000 GHz
Memory total: 4294037504, free: 2659926016

Downloaded database version: v2015.01.11.11
Downloaded database version: v2015.01.07.01
Downloaded database version: v2014.12.06.01
=======================================
Initializing...
------------ Kernel report ------------
     01/12/2015 03:23:06
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\trufos.sys
\SystemRoot\system32\DRIVERS\FLTMGR.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\avc3.sys
\SystemRoot\system32\DRIVERS\gzflt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\??\c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys
\??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\bdvedisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\avchv.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avckf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\clbcatq.dll
\Windows\System32\kernel32.dll
\Windows\System32\imm32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\lpk.dll
\Windows\System32\difxapi.dll
\Windows\System32\sechost.dll
\Windows\System32\ws2_32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\urlmon.dll
\Windows\System32\shell32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\setupapi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\wininet.dll
\Windows\System32\ole32.dll
\Windows\System32\iertutil.dll
\Windows\System32\Wldap32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\msctf.dll
\Windows\System32\gdi32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\advapi32.dll
\Windows\System32\psapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\user32.dll
\Windows\System32\usp10.dll
\Windows\System32\nsi.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\wintrust.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\userenv.dll
\Windows\System32\profapi.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004afa060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa800485d060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004afa060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004afab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004afa060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80048211e0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800485d060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File user open failed: C:\WINDOWS\SYSTEM32\drivers\acpi.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\atapi.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ataport.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\cdrom.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\drmk.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\intelppm.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\serenum.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\serial.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sermouse.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\disk.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\usbd.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\usbehci.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\usbhub.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\usbport.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\parport.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\pci.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\pciide.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\pciidex.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\portcls.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\termdd.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\umbus.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\volmgr.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\volsnap.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\HdAudio.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\hidclass.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\hidparse.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\hidusb.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\monitor.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\mouclass.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\mouhid.sys (0x00000005)
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F9FAB0CC

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 249860096

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 128035676160 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org

Database version: v2015.01.11.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17501
Administrator :: DANIEL-PC [administrator]

12.01.2015 03:23:16
mbar-log-2015-01-12 (03-23-16).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 352059
Time elapsed: 5 minute(s), 

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

slow · 12.01.2015, 05:23

TDSSKiller hat auch nichts gefunden... Komisch was geht denn da ab.... o.O

Code:

ATTFilter

03:39:39.0217 0x0f38  TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
03:40:07.0734 0x0f38  ============================================================
03:40:07.0734 0x0f38  Current date / time: 2015/01/12 03:40:07.0734
03:40:07.0734 0x0f38  SystemInfo:
03:40:07.0734 0x0f38  
03:40:07.0734 0x0f38  OS Version: 6.1.7601 ServicePack: 1.0
03:40:07.0734 0x0f38  Product type: Workstation
03:40:07.0734 0x0f38  ComputerName: DANIEL-PC
03:40:07.0734 0x0f38  UserName: Administrator
03:40:07.0734 0x0f38  Windows directory: C:\Windows
03:40:07.0734 0x0f38  System windows directory: C:\Windows
03:40:07.0734 0x0f38  Running under WOW64
03:40:07.0734 0x0f38  Processor architecture: Intel x64
03:40:07.0734 0x0f38  Number of processors: 4
03:40:07.0734 0x0f38  Page size: 0x1000
03:40:07.0734 0x0f38  Boot type: Normal boot
03:40:07.0734 0x0f38  ============================================================
03:40:07.0734 0x0f38  BG loaded
03:40:07.0827 0x0f38  System UUID: {2374ED33-5A35-A46C-D7B5-6098EEF27402}
03:40:08.0295 0x0f38  Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 ( 119.24 Gb ), SectorSize: 0x200, Cylinders: 0xE584, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x000000A0
03:40:08.0295 0x0f38  ============================================================
03:40:08.0295 0x0f38  \Device\Harddisk0\DR0:
03:40:08.0295 0x0f38  MBR partitions:
03:40:08.0295 0x0f38  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
03:40:08.0295 0x0f38  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000
03:40:08.0295 0x0f38  ============================================================
03:40:08.0295 0x0f38  C: <-> \Device\Harddisk0\DR0\Partition2
03:40:08.0295 0x0f38  ============================================================
03:40:08.0295 0x0f38  Initialize success
03:40:08.0295 0x0f38  ============================================================
03:41:00.0493 0x0c2c  ============================================================
03:41:00.0493 0x0c2c  Scan started
03:41:00.0493 0x0c2c  Mode: Manual; SigCheck; TDLFS; 
03:41:00.0493 0x0c2c  ============================================================
03:41:00.0493 0x0c2c  KSN ping started
03:41:03.0254 0x0c2c  KSN ping finished: true
03:41:04.0034 0x0c2c  ================ Scan system memory ========================
03:41:04.0034 0x0c2c  System memory - ok
03:41:04.0034 0x0c2c  ================ Scan services =============================
03:41:04.0050 0x0c2c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
03:41:04.0284 0x0c2c  1394ohci - ok
03:41:04.0299 0x0c2c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
03:41:04.0299 0x0c2c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ACPI.sys. md5: D81D9E70B8A6DD14D42D7B4EFA65D5F2, sha256: FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002
03:41:04.0299 0x0c2c  ACPI - detected LockedFile.Multi.Generic ( 1 )
03:41:07.0029 0x0c2c  Detect skipped due to KSN trusted
03:41:07.0029 0x0c2c  ACPI - ok
03:41:07.0045 0x0c2c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
03:41:07.0076 0x0c2c  AcpiPmi - ok
03:41:07.0092 0x0c2c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
03:41:07.0123 0x0c2c  adp94xx - ok
03:41:07.0139 0x0c2c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
03:41:07.0170 0x0c2c  adpahci - ok
03:41:07.0170 0x0c2c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
03:41:07.0201 0x0c2c  adpu320 - ok
03:41:07.0201 0x0c2c  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
03:41:07.0263 0x0c2c  AeLookupSvc - ok
03:41:07.0263 0x0c2c  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
03:41:07.0295 0x0c2c  AFD - ok
03:41:07.0310 0x0c2c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
03:41:07.0326 0x0c2c  agp440 - ok
03:41:07.0326 0x0c2c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
03:41:07.0341 0x0c2c  ALG - ok
03:41:07.0357 0x0c2c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
03:41:07.0373 0x0c2c  aliide - ok
03:41:07.0373 0x0c2c  [ DDEA39A56B801A675E118429AF6A30D2, D61A702E8777514A6926D1D5EB180F33C6317871013B355E7C17FE37C14C5D7F ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
03:41:07.0404 0x0c2c  AMD External Events Utility - ok
03:41:07.0404 0x0c2c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
03:41:07.0419 0x0c2c  amdide - ok
03:41:07.0419 0x0c2c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
03:41:07.0451 0x0c2c  AmdK8 - ok
03:41:07.0685 0x0c2c  [ 7F2BDD27F3611041D6B0D6C565A748A7, F74A3589253AAEDAFB15D5C439771339FC3B78B1CE51409A630822B653D4885D ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
03:41:07.0965 0x0c2c  amdkmdag - ok
03:41:07.0997 0x0c2c  [ 8E2A3479CF4E871F37D0F023692E6694, BE995D5679ABEF800E24208A068C44A10607305A8C328FF29A11DCAAB4D18FBB ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
03:41:08.0012 0x0c2c  amdkmdap - ok
03:41:08.0028 0x0c2c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
03:41:08.0043 0x0c2c  AmdPPM - ok
03:41:08.0043 0x0c2c  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
03:41:08.0059 0x0c2c  amdsata - ok
03:41:08.0075 0x0c2c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
03:41:08.0090 0x0c2c  amdsbs - ok
03:41:08.0090 0x0c2c  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
03:41:08.0106 0x0c2c  amdxata - ok
03:41:08.0121 0x0c2c  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
03:41:08.0153 0x0c2c  AppID - ok
03:41:08.0153 0x0c2c  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
03:41:08.0184 0x0c2c  AppIDSvc - ok
03:41:08.0199 0x0c2c  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
03:41:08.0215 0x0c2c  Appinfo - ok
03:41:08.0215 0x0c2c  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
03:41:08.0246 0x0c2c  AppMgmt - ok
03:41:08.0246 0x0c2c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
03:41:08.0262 0x0c2c  arc - ok
03:41:08.0262 0x0c2c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
03:41:08.0293 0x0c2c  arcsas - ok
03:41:08.0293 0x0c2c  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
03:41:08.0324 0x0c2c  aspnet_state - ok
03:41:08.0324 0x0c2c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
03:41:08.0355 0x0c2c  AsyncMac - ok
03:41:08.0355 0x0c2c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
03:41:08.0355 0x0c2c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\atapi.sys. md5: 02062C0B390B7729EDC9E69C680A6F3C, sha256: 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273
03:41:08.0355 0x0c2c  atapi - detected LockedFile.Multi.Generic ( 1 )
03:41:11.0101 0x0c2c  Detect skipped due to KSN trusted
03:41:11.0101 0x0c2c  atapi - ok
03:41:11.0335 0x0c2c  [ 7F2BDD27F3611041D6B0D6C565A748A7, F74A3589253AAEDAFB15D5C439771339FC3B78B1CE51409A630822B653D4885D ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
03:41:11.0616 0x0c2c  atikmdag - ok
03:41:11.0647 0x0c2c  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
03:41:11.0678 0x0c2c  AudioEndpointBuilder - ok
03:41:11.0709 0x0c2c  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\Windows\System32\Audiosrv.dll
03:41:11.0725 0x0c2c  AudioSrv - ok
03:41:11.0756 0x0c2c  [ 70CCDD9BCBAA5A918A7D135E28A824E2, D98A6D7885A7E44AD32F25BECE65151773E50D3B155020A03A5801DE5A090EA3 ] avc3            C:\Windows\system32\DRIVERS\avc3.sys
03:41:11.0819 0x0c2c  avc3 - ok
03:41:11.0819 0x0c2c  [ D0B093DDF5FD05E4D0109159E9153A52, 2F8430F4B7EECB3C9712E443460F1F9B4FA52EB123FE3B0ED63AAD88616C13A4 ] avchv           C:\Windows\system32\DRIVERS\avchv.sys
03:41:11.0834 0x0c2c  avchv - ok
03:41:11.0850 0x0c2c  [ 0956716D5565680DC83992C11BBDB2C2, 7349F32F3E8596E680EE26BB1CA97AFADB42ED1B4652859CE5E221F67371B412 ] avckf           C:\Windows\system32\DRIVERS\avckf.sys
03:41:11.0881 0x0c2c  avckf - ok
03:41:11.0881 0x0c2c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
03:41:11.0912 0x0c2c  AxInstSV - ok
03:41:11.0928 0x0c2c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
03:41:11.0959 0x0c2c  b06bdrv - ok
03:41:11.0975 0x0c2c  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
03:41:11.0990 0x0c2c  b57nd60a - ok
03:41:12.0006 0x0c2c  [ C60E9DB373515F23A1CF82AC06926426, 59D6697777CC31D209DAB644133E73B785B017699E5DDF02EA6292C104353C16 ] BdDesktopParental C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe
03:41:12.0021 0x0c2c  BdDesktopParental - ok
03:41:12.0021 0x0c2c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
03:41:12.0053 0x0c2c  BDESVC - ok
03:41:12.0053 0x0c2c  [ 3533B749563E89EFAC7290A2BA3B4097, 1A1AB9D02EF729A622B2C2ECF788FD5DEC11A078C71CD31581D9F610D0050591 ] BdfNdisf        c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys
03:41:12.0068 0x0c2c  BdfNdisf - ok
03:41:12.0068 0x0c2c  [ EC80614A72BC7039D2B22E3DD6C15895, 932260AB126523428B884034162E3619E1B7FA13720F830783B592AAE825AC86 ] bdfwfpf         C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
03:41:12.0084 0x0c2c  bdfwfpf - ok
03:41:12.0084 0x0c2c  [ C0247341C1BCD7FF2742821D0AD7AFBC, EC2B246F3233302DB540394AC0F11F294CA16FB9E44110126CC9807BAC20EA35 ] bdfwfpf_pc      C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys
03:41:12.0099 0x0c2c  bdfwfpf_pc - ok
03:41:12.0115 0x0c2c  [ B9ECE7FD9F58DAF19450C88338DC5267, 9857DFE0BDDEA791F2DDA99C24A064D488B52E4AC1402A37EF22C244C9283681 ] BDSandBox       C:\Windows\system32\drivers\bdsandbox.sys
03:41:12.0131 0x0c2c  BDSandBox - ok
03:41:12.0131 0x0c2c  [ 50F796CB1E8C80F3D19435CB50C3DAB5, 20CE5C1242F8D0DFEE13C8D07EF1A67F670A078BA44E810A3A042C6A060FACC9 ] BDVEDISK        C:\Windows\system32\DRIVERS\bdvedisk.sys
03:41:12.0146 0x0c2c  BDVEDISK - ok
03:41:12.0146 0x0c2c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
03:41:12.0177 0x0c2c  Beep - ok
03:41:12.0193 0x0c2c  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
03:41:12.0224 0x0c2c  BFE - ok
03:41:12.0255 0x0c2c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
03:41:12.0302 0x0c2c  BITS - ok
03:41:12.0318 0x0c2c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
03:41:12.0333 0x0c2c  blbdrive - ok
03:41:12.0333 0x0c2c  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
03:41:12.0349 0x0c2c  bowser - ok
03:41:12.0349 0x0c2c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
03:41:12.0380 0x0c2c  BrFiltLo - ok
03:41:12.0380 0x0c2c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
03:41:12.0396 0x0c2c  BrFiltUp - ok
03:41:12.0396 0x0c2c  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
03:41:12.0411 0x0c2c  Browser - ok
03:41:12.0427 0x0c2c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
03:41:12.0458 0x0c2c  Brserid - ok
03:41:12.0458 0x0c2c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
03:41:12.0474 0x0c2c  BrSerWdm - ok
03:41:12.0474 0x0c2c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
03:41:12.0505 0x0c2c  BrUsbMdm - ok
03:41:12.0505 0x0c2c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
03:41:12.0521 0x0c2c  BrUsbSer - ok
03:41:12.0521 0x0c2c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
03:41:12.0536 0x0c2c  BTHMODEM - ok
03:41:12.0552 0x0c2c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
03:41:12.0583 0x0c2c  bthserv - ok
03:41:12.0583 0x0c2c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
03:41:12.0630 0x0c2c  cdfs - ok
03:41:12.0630 0x0c2c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
03:41:12.0630 0x0c2c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\cdrom.sys. md5: F036CE71586E93D94DAB220D7BDF4416, sha256: BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B
03:41:12.0630 0x0c2c  cdrom - detected LockedFile.Multi.Generic ( 1 )
03:41:15.0438 0x0c2c  Detect skipped due to KSN trusted
03:41:15.0438 0x0c2c  cdrom - ok
03:41:15.0438 0x0c2c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
03:41:15.0485 0x0c2c  CertPropSvc - ok
03:41:15.0485 0x0c2c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
03:41:15.0516 0x0c2c  circlass - ok
03:41:15.0516 0x0c2c  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
03:41:15.0547 0x0c2c  CLFS - ok
03:41:15.0547 0x0c2c  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:41:15.0578 0x0c2c  clr_optimization_v2.0.50727_32 - ok
03:41:15.0594 0x0c2c  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
03:41:15.0609 0x0c2c  clr_optimization_v2.0.50727_64 - ok
03:41:15.0625 0x0c2c  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
03:41:15.0641 0x0c2c  clr_optimization_v4.0.30319_32 - ok
03:41:15.0656 0x0c2c  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
03:41:15.0672 0x0c2c  clr_optimization_v4.0.30319_64 - ok
03:41:15.0672 0x0c2c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
03:41:15.0687 0x0c2c  CmBatt - ok
03:41:15.0687 0x0c2c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
03:41:15.0703 0x0c2c  cmdide - ok
03:41:15.0719 0x0c2c  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
03:41:15.0750 0x0c2c  CNG - ok
03:41:15.0750 0x0c2c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
03:41:15.0765 0x0c2c  Compbatt - ok
03:41:15.0781 0x0c2c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
03:41:15.0781 0x0c2c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\CompositeBus.sys. md5: 03EDB043586CCEBA243D689BDDA370A8, sha256: 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959
03:41:15.0781 0x0c2c  CompositeBus - detected LockedFile.Multi.Generic ( 1 )
03:41:18.0573 0x0c2c  Detect skipped due to KSN trusted
03:41:18.0573 0x0c2c  CompositeBus - ok
03:41:18.0573 0x0c2c  COMSysApp - ok
03:41:18.0573 0x0c2c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
03:41:18.0605 0x0c2c  crcdisk - ok
03:41:18.0605 0x0c2c  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
03:41:18.0636 0x0c2c  CryptSvc - ok
03:41:18.0636 0x0c2c  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
03:41:18.0667 0x0c2c  CSC - ok
03:41:18.0683 0x0c2c  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
03:41:18.0714 0x0c2c  CscService - ok
03:41:18.0729 0x0c2c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
03:41:18.0776 0x0c2c  DcomLaunch - ok
03:41:18.0776 0x0c2c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
03:41:18.0823 0x0c2c  defragsvc - ok
03:41:18.0823 0x0c2c  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
03:41:18.0870 0x0c2c  DfsC - ok
03:41:18.0870 0x0c2c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
03:41:18.0901 0x0c2c  Dhcp - ok
03:41:18.0901 0x0c2c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
03:41:18.0932 0x0c2c  discache - ok
03:41:18.0932 0x0c2c  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
03:41:18.0932 0x0c2c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\disk.sys. md5: 9819EEE8B5EA3784EC4AF3B137A5244C, sha256: 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427
03:41:18.0932 0x0c2c  Disk - detected LockedFile.Multi.Generic ( 1 )
03:41:23.0095 0x0c2c  Detect skipped due to KSN trusted
03:41:23.0095 0x0c2c  Disk - ok
03:41:23.0108 0x0c2c  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
03:41:23.0149 0x0c2c  dmvsc - ok
03:41:23.0158 0x0c2c  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
03:41:23.0179 0x0c2c  Dnscache - ok
03:41:23.0187 0x0c2c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
03:41:23.0227 0x0c2c  dot3svc - ok
03:41:23.0234 0x0c2c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
03:41:23.0268 0x0c2c  DPS - ok
03:41:23.0271 0x0c2c  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
03:41:23.0272 0x0c2c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\drmkaud.sys. md5: 9B19F34400D24DF84C858A421C205754, sha256: 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7
03:41:23.0272 0x0c2c  drmkaud - detected LockedFile.Multi.Generic ( 1 )
03:41:25.0935 0x0c2c  Detect skipped due to KSN trusted
03:41:25.0935 0x0c2c  drmkaud - ok
03:41:26.0019 0x0c2c  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
03:41:26.0186 0x0c2c  DXGKrnl - ok
03:41:26.0194 0x0c2c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
03:41:26.0235 0x0c2c  EapHost - ok
03:41:26.0302 0x0c2c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
03:41:26.0402 0x0c2c  ebdrv - ok
03:41:26.0402 0x0c2c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
03:41:26.0433 0x0c2c  EFS - ok
03:41:26.0449 0x0c2c  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
03:41:26.0496 0x0c2c  ehRecvr - ok
03:41:26.0496 0x0c2c  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
03:41:26.0511 0x0c2c  ehSched - ok
03:41:26.0527 0x0c2c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
03:41:26.0558 0x0c2c  elxstor - ok
03:41:26.0558 0x0c2c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
03:41:26.0574 0x0c2c  ErrDev - ok
03:41:26.0589 0x0c2c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
03:41:26.0636 0x0c2c  EventSystem - ok
03:41:26.0636 0x0c2c  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
03:41:26.0683 0x0c2c  exfat - ok
03:41:26.0683 0x0c2c  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
03:41:26.0730 0x0c2c  fastfat - ok
03:41:26.0730 0x0c2c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
03:41:26.0745 0x0c2c  fdc - ok
03:41:26.0745 0x0c2c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
03:41:26.0792 0x0c2c  fdPHost - ok
03:41:26.0792 0x0c2c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
03:41:26.0823 0x0c2c  FDResPub - ok
03:41:26.0823 0x0c2c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
03:41:26.0839 0x0c2c  FileInfo - ok
03:41:26.0854 0x0c2c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
03:41:26.0886 0x0c2c  Filetrace - ok
03:41:26.0886 0x0c2c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
03:41:26.0901 0x0c2c  flpydisk - ok
03:41:26.0917 0x0c2c  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
03:41:26.0932 0x0c2c  FltMgr - ok
03:41:26.0964 0x0c2c  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
03:41:27.0010 0x0c2c  FontCache - ok
03:41:27.0026 0x0c2c  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
03:41:27.0042 0x0c2c  FontCache3.0.0.0 - ok
03:41:27.0057 0x0c2c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
03:41:27.0073 0x0c2c  FsDepends - ok
03:41:27.0088 0x0c2c  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
03:41:27.0104 0x0c2c  Fs_Rec - ok
03:41:27.0104 0x0c2c  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
03:41:27.0135 0x0c2c  fvevol - ok
03:41:27.0135 0x0c2c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
03:41:27.0151 0x0c2c  gagp30kx - ok
03:41:27.0182 0x0c2c  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
03:41:27.0229 0x0c2c  gpsvc - ok
03:41:27.0229 0x0c2c  [ 0A9D58AABD01DA97B1D101473EFA7659, C18EA4F5BF569C230AD682A418F69B6E4209AD467BCCBDABD0515DBB582BF04B ] gzflt           C:\Windows\system32\DRIVERS\gzflt.sys
03:41:27.0260 0x0c2c  gzflt - ok
03:41:27.0260 0x0c2c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
03:41:27.0276 0x0c2c  hcw85cir - ok
03:41:27.0291 0x0c2c  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
03:41:27.0291 0x0c2c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HdAudio.sys. md5: 975761C778E33CD22498059B91E7373A, sha256: 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9
03:41:27.0291 0x0c2c  HdAudAddService - detected LockedFile.Multi.Generic ( 1 )
03:41:30.0006 0x0c2c  Detect skipped due to KSN trusted
03:41:30.0006 0x0c2c  HdAudAddService - ok
03:41:30.0021 0x0c2c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
03:41:30.0021 0x0c2c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HDAudBus.sys. md5: 97BFED39B6B79EB12CDDBFEED51F56BB, sha256: 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955
03:41:30.0021 0x0c2c  HDAudBus - detected LockedFile.Multi.Generic ( 1 )
03:41:32.0751 0x0c2c  Detect skipped due to KSN trusted
03:41:32.0751 0x0c2c  HDAudBus - ok
03:41:32.0751 0x0c2c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
03:41:32.0767 0x0c2c  HidBatt - ok
03:41:32.0782 0x0c2c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
03:41:32.0798 0x0c2c  HidBth - ok
03:41:32.0814 0x0c2c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
03:41:32.0829 0x0c2c  HidIr - ok
03:41:32.0845 0x0c2c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
03:41:32.0876 0x0c2c  hidserv - ok
03:41:32.0876 0x0c2c  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
03:41:32.0876 0x0c2c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidusb.sys. md5: 9592090A7E2B61CD582B612B6DF70536, sha256: FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F
03:41:32.0876 0x0c2c  HidUsb - detected LockedFile.Multi.Generic ( 1 )
03:41:35.0590 0x0c2c  Detect skipped due to KSN trusted
03:41:35.0590 0x0c2c  HidUsb - ok
03:41:35.0590 0x0c2c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
03:41:35.0637 0x0c2c  hkmsvc - ok
03:41:35.0637 0x0c2c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
03:41:35.0668 0x0c2c  HomeGroupListener - ok
03:41:35.0668 0x0c2c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
03:41:35.0700 0x0c2c  HomeGroupProvider - ok
03:41:35.0700 0x0c2c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
03:41:35.0715 0x0c2c  HpSAMD - ok
03:41:35.0731 0x0c2c  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
03:41:35.0778 0x0c2c  HTTP - ok
03:41:35.0793 0x0c2c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
03:41:35.0809 0x0c2c  hwpolicy - ok
03:41:35.0809 0x0c2c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
03:41:35.0809 0x0c2c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\i8042prt.sys. md5: FA55C73D4AFFA7EE23AC4BE53B4592D3, sha256: 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD
03:41:35.0809 0x0c2c  i8042prt - detected LockedFile.Multi.Generic ( 1 )
03:41:38.0586 0x0c2c  Detect skipped due to KSN trusted
03:41:38.0586 0x0c2c  i8042prt - ok
03:41:38.0601 0x0c2c  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
03:41:38.0632 0x0c2c  iaStorV - ok
03:41:38.0648 0x0c2c  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
03:41:38.0695 0x0c2c  idsvc - ok
03:41:38.0695 0x0c2c  IEEtwCollectorService - ok
03:41:38.0695 0x0c2c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
03:41:38.0710 0x0c2c  iirsp - ok
03:41:38.0726 0x0c2c  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
03:41:38.0773 0x0c2c  IKEEXT - ok
03:41:38.0773 0x0c2c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
03:41:38.0788 0x0c2c  intelide - ok
03:41:38.0788 0x0c2c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
03:41:38.0788 0x0c2c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\intelppm.sys. md5: ADA036632C664CAA754079041CF1F8C1, sha256: F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610
03:41:38.0788 0x0c2c  intelppm - detected LockedFile.Multi.Generic ( 1 )
03:41:41.0581 0x0c2c  Detect skipped due to KSN trusted
03:41:41.0581 0x0c2c  intelppm - ok
03:41:41.0581 0x0c2c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
03:41:41.0628 0x0c2c  IPBusEnum - ok
03:41:41.0628 0x0c2c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
03:41:41.0674 0x0c2c  IpFilterDriver - ok
03:41:41.0674 0x0c2c  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
03:41:41.0706 0x0c2c  iphlpsvc - ok
03:41:41.0721 0x0c2c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
03:41:41.0737 0x0c2c  IPMIDRV - ok
03:41:41.0737 0x0c2c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
03:41:41.0784 0x0c2c  IPNAT - ok
03:41:41.0784 0x0c2c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
03:41:41.0799 0x0c2c  IRENUM - ok
03:41:41.0799 0x0c2c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
03:41:41.0815 0x0c2c  isapnp - ok
03:41:41.0830 0x0c2c  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
03:41:41.0830 0x0c2c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msiscsi.sys. md5: 96BB922A0981BC7432C8CF52B5410FE6, sha256: 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA
03:41:41.0830 0x0c2c  iScsiPrt - detected LockedFile.Multi.Generic ( 1 )
03:41:44.0623 0x0c2c  Detect skipped due to KSN trusted
03:41:44.0623 0x0c2c  iScsiPrt - ok
03:41:44.0623 0x0c2c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
03:41:44.0623 0x0c2c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\kbdclass.sys. md5: BC02336F1CBA7DCC7D1213BB588A68A5, sha256: 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93
03:41:44.0623 0x0c2c  kbdclass - detected LockedFile.Multi.Generic ( 1 )
03:41:47.0415 0x0c2c  Detect skipped due to KSN trusted
03:41:47.0415 0x0c2c  kbdclass - ok
03:41:47.0415 0x0c2c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
03:41:47.0415 0x0c2c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\kbdhid.sys. md5: 0705EFF5B42A9DB58548EEC3B26BB484, sha256: 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99
03:41:47.0415 0x0c2c  kbdhid - detected LockedFile.Multi.Generic ( 1 )
03:41:50.0145 0x0c2c  Detect skipped due to KSN trusted
03:41:50.0145 0x0c2c  kbdhid - ok
03:41:50.0145 0x0c2c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
03:41:50.0161 0x0c2c  KeyIso - ok
03:41:50.0176 0x0c2c  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
03:41:50.0192 0x0c2c  KSecDD - ok
03:41:50.0192 0x0c2c  [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
03:41:50.0223 0x0c2c  KSecPkg - ok
03:41:50.0223 0x0c2c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
03:41:50.0254 0x0c2c  ksthunk - ok
03:41:50.0270 0x0c2c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
03:41:50.0317 0x0c2c  KtmRm - ok
03:41:50.0317 0x0c2c  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
03:41:50.0364 0x0c2c  LanmanServer - ok
03:41:50.0364 0x0c2c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
03:41:50.0395 0x0c2c  LanmanWorkstation - ok
03:41:50.0410 0x0c2c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
03:41:50.0442 0x0c2c  lltdio - ok
03:41:50.0442 0x0c2c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
03:41:50.0488 0x0c2c  lltdsvc - ok
03:41:50.0488 0x0c2c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
03:41:50.0535 0x0c2c  lmhosts - ok
03:41:50.0535 0x0c2c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
03:41:50.0551 0x0c2c  LSI_FC - ok
03:41:50.0551 0x0c2c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
03:41:50.0582 0x0c2c  LSI_SAS - ok
03:41:50.0582 0x0c2c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
03:41:50.0598 0x0c2c  LSI_SAS2 - ok
03:41:50.0598 0x0c2c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
03:41:50.0613 0x0c2c  LSI_SCSI - ok
03:41:50.0629 0x0c2c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
03:41:50.0660 0x0c2c  luafv - ok
03:41:50.0660 0x0c2c  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
03:41:50.0691 0x0c2c  Mcx2Svc - ok
03:41:50.0691 0x0c2c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
03:41:50.0707 0x0c2c  megasas - ok
03:41:50.0707 0x0c2c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
03:41:50.0738 0x0c2c  MegaSR - ok
03:41:50.0738 0x0c2c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
03:41:50.0769 0x0c2c  MMCSS - ok
03:41:50.0785 0x0c2c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
03:41:50.0816 0x0c2c  Modem - ok
03:41:50.0816 0x0c2c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
03:41:50.0816 0x0c2c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\monitor.sys. md5: B03D591DC7DA45ECE20B3B467E6AADAA, sha256: 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732
03:41:50.0816 0x0c2c  monitor - detected LockedFile.Multi.Generic ( 1 )
03:41:53.0546 0x0c2c  Detect skipped due to KSN trusted
03:41:53.0546 0x0c2c  monitor - ok
03:41:53.0546 0x0c2c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
03:41:53.0546 0x0c2c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mouclass.sys. md5: 7D27EA49F3C1F687D357E77A470AEA99, sha256: 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7
03:41:53.0546 0x0c2c  mouclass - detected LockedFile.Multi.Generic ( 1 )
03:41:56.0338 0x0c2c  Detect skipped due to KSN trusted
03:41:56.0338 0x0c2c  mouclass - ok
03:41:56.0338 0x0c2c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
03:41:56.0338 0x0c2c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mouhid.sys. md5: D3BF052C40B0C4166D9FD86A4288C1E6, sha256: 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183
03:41:56.0338 0x0c2c  mouhid - detected LockedFile.Multi.Generic ( 1 )
03:41:59.0053 0x0c2c  Detect skipped due to KSN trusted
03:41:59.0053 0x0c2c  mouhid - ok
03:41:59.0068 0x0c2c  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
03:41:59.0084 0x0c2c  mountmgr - ok
03:41:59.0100 0x0c2c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
03:41:59.0115 0x0c2c  mpio - ok
03:41:59.0115 0x0c2c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
03:41:59.0146 0x0c2c  mpsdrv - ok
03:41:59.0178 0x0c2c  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
03:41:59.0224 0x0c2c  MpsSvc - ok
03:41:59.0224 0x0c2c  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
03:41:59.0256 0x0c2c  MRxDAV - ok
03:41:59.0256 0x0c2c  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
03:41:59.0271 0x0c2c  mrxsmb - ok
03:41:59.0287 0x0c2c  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
03:41:59.0302 0x0c2c  mrxsmb10 - ok
03:41:59.0302 0x0c2c  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
03:41:59.0318 0x0c2c  mrxsmb20 - ok
03:41:59.0334 0x0c2c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
03:41:59.0349 0x0c2c  msahci - ok
03:41:59.0349 0x0c2c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
03:41:59.0365 0x0c2c  msdsm - ok
03:41:59.0380 0x0c2c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
03:41:59.0396 0x0c2c  MSDTC - ok
03:41:59.0396 0x0c2c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
03:41:59.0427 0x0c2c  Msfs - ok
03:41:59.0443 0x0c2c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
03:41:59.0474 0x0c2c  mshidkmdf - ok
03:41:59.0474 0x0c2c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
03:41:59.0474 0x0c2c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msisadrv.sys. md5: D916874BBD4F8B07BFB7FA9B3CCAE29D, sha256: B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1
03:41:59.0474 0x0c2c  msisadrv - detected LockedFile.Multi.Generic ( 1 )
03:42:02.0266 0x0c2c  Detect skipped due to KSN trusted
03:42:02.0266 0x0c2c  msisadrv - ok
03:42:02.0266 0x0c2c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
03:42:02.0313 0x0c2c  MSiSCSI - ok
03:42:02.0313 0x0c2c  msiserver - ok
03:42:02.0313 0x0c2c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
03:42:02.0344 0x0c2c  MSKSSRV - ok
03:42:02.0360 0x0c2c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
03:42:02.0391 0x0c2c  MSPCLOCK - ok
03:42:02.0391 0x0c2c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
03:42:02.0422 0x0c2c  MSPQM - ok
03:42:02.0438 0x0c2c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
03:42:02.0454 0x0c2c  MsRPC - ok
03:42:02.0469 0x0c2c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
03:42:02.0469 0x0c2c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mssmbios.sys. md5: 0EED230E37515A0EAEE3C2E1BC97B288, sha256: B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42
03:42:02.0469 0x0c2c  mssmbios - detected LockedFile.Multi.Generic ( 1 )
03:42:05.0262 0x0c2c  Detect skipped due to KSN trusted
03:42:05.0262 0x0c2c  mssmbios - ok
03:42:05.0262 0x0c2c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
03:42:05.0308 0x0c2c  MSTEE - ok
03:42:05.0308 0x0c2c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
03:42:05.0324 0x0c2c  MTConfig - ok
03:42:05.0324 0x0c2c  [ 03B7145C889603537E9FFEABB1AD1089, B3CD93B893D4A2370CBF382366C6F596372857F8711EF6FFF83BFE2B449F424E ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
03:42:05.0340 0x0c2c  MTsensor - ok
03:42:05.0355 0x0c2c  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
03:42:05.0371 0x0c2c  Mup - ok
03:42:05.0371 0x0c2c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
03:42:05.0418 0x0c2c  napagent - ok
03:42:05.0433 0x0c2c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
03:42:05.0464 0x0c2c  NativeWifiP - ok
03:42:05.0480 0x0c2c  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
03:42:05.0527 0x0c2c  NDIS - ok
03:42:05.0527 0x0c2c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
03:42:05.0558 0x0c2c  NdisCap - ok
03:42:05.0558 0x0c2c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
03:42:05.0589 0x0c2c  NdisTapi - ok
03:42:05.0605 0x0c2c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
03:42:05.0636 0x0c2c  Ndisuio - ok
03:42:05.0636 0x0c2c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
03:42:05.0683 0x0c2c  NdisWan - ok
03:42:05.0683 0x0c2c  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
03:42:05.0714 0x0c2c  NDProxy - ok
03:42:05.0714 0x0c2c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
03:42:05.0745 0x0c2c  NetBIOS - ok
03:42:05.0761 0x0c2c  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
03:42:05.0792 0x0c2c  NetBT - ok
03:42:05.0808 0x0c2c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
03:42:05.0823 0x0c2c  Netlogon - ok
03:42:05.0823 0x0c2c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
03:42:05.0870 0x0c2c  Netman - ok
03:42:05.0870 0x0c2c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
03:42:05.0901 0x0c2c  NetMsmqActivator - ok
03:42:05.0901 0x0c2c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
03:42:05.0932 0x0c2c  NetPipeActivator - ok
03:42:05.0932 0x0c2c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
03:42:05.0979 0x0c2c  netprofm - ok
03:42:05.0979 0x0c2c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
03:42:06.0010 0x0c2c  NetTcpActivator - ok
03:42:06.0010 0x0c2c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
03:42:06.0026 0x0c2c  NetTcpPortSharing - ok
03:42:06.0042 0x0c2c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
03:42:06.0057 0x0c2c  nfrd960 - ok
03:42:06.0057 0x0c2c  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
03:42:06.0088 0x0c2c  NlaSvc - ok
03:42:06.0088 0x0c2c  [ C31FA031335EFF434B2D94278E74BCCE, F5DFD40C16E4013CBAD0E4FB8EF2B4419702B9C215218F69C4A2DD7C4C4C1E2B ] npf             C:\Windows\system32\drivers\npf.sys
03:42:06.0104 0x0c2c  npf - ok
03:42:06.0104 0x0c2c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
03:42:06.0135 0x0c2c  Npfs - ok
03:42:06.0135 0x0c2c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
03:42:06.0166 0x0c2c  nsi - ok
03:42:06.0182 0x0c2c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
03:42:06.0213 0x0c2c  nsiproxy - ok
03:42:06.0244 0x0c2c  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
03:42:06.0307 0x0c2c  Ntfs - ok
03:42:06.0307 0x0c2c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
03:42:06.0338 0x0c2c  Null - ok
03:42:06.0338 0x0c2c  [ 786DB821BFD57C0551DBBE4F75384A7D, F956D636F834F2BA5F019E187FDB9CC33940363C75A60E53CD81310A4DB6A6AB ] nusb3hub        C:\Windows\system32\drivers\nusb3hub.sys
03:42:06.0369 0x0c2c  nusb3hub - ok
03:42:06.0369 0x0c2c  [ DAA8005CAF745042BB427A1ED7433354, 3019002F174783B76D5D8AA47F7A465B7FEC7C14235B70E5C9277FE534839226 ] nusb3xhc        C:\Windows\system32\drivers\nusb3xhc.sys
03:42:06.0385 0x0c2c  nusb3xhc - ok
03:42:06.0400 0x0c2c  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
03:42:06.0416 0x0c2c  nvraid - ok
03:42:06.0432 0x0c2c  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
03:42:06.0447 0x0c2c  nvstor - ok
03:42:06.0447 0x0c2c  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
03:42:06.0463 0x0c2c  nv_agp - ok
03:42:06.0478 0x0c2c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
03:42:06.0494 0x0c2c  ohci1394 - ok
03:42:06.0494 0x0c2c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
03:42:06.0525 0x0c2c  p2pimsvc - ok
03:42:06.0541 0x0c2c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
03:42:06.0572 0x0c2c  p2psvc - ok
03:42:06.0572 0x0c2c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
03:42:06.0572 0x0c2c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\parport.sys. md5: 0086431C29C35BE1DBC43F52CC273887, sha256: 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80
03:42:06.0572 0x0c2c  Parport - detected LockedFile.Multi.Generic ( 1 )
03:42:09.0287 0x0c2c  Detect skipped due to KSN trusted
03:42:09.0287 0x0c2c  Parport - ok
03:42:09.0287 0x0c2c  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
03:42:09.0318 0x0c2c  partmgr - ok
03:42:09.0318 0x0c2c  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
03:42:09.0349 0x0c2c  PcaSvc - ok
03:42:09.0349 0x0c2c  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
03:42:09.0349 0x0c2c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pci.sys. md5: 94575C0571D1462A0F70BDE6BD6EE6B3, sha256: 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9
03:42:09.0349 0x0c2c  pci - detected LockedFile.Multi.Generic ( 1 )
03:42:12.0126 0x0c2c  Detect skipped due to KSN trusted
03:42:12.0126 0x0c2c  pci - ok
03:42:12.0126 0x0c2c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
03:42:12.0126 0x0c2c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pciide.sys. md5: B5B8B5EF2E5CB34DF8DCF8831E3534FA, sha256: F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480
03:42:12.0126 0x0c2c  pciide - detected LockedFile.Multi.Generic ( 1 )
03:42:15.0355 0x0c2c  Detect skipped due to KSN trusted
03:42:15.0355 0x0c2c  pciide - ok
03:42:15.0355 0x0c2c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
03:42:15.0386 0x0c2c  pcmcia - ok
03:42:15.0386 0x0c2c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
03:42:15.0402 0x0c2c  pcw - ok
03:42:15.0417 0x0c2c  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
03:42:15.0464 0x0c2c  PEAUTH - ok
03:42:15.0495 0x0c2c  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
03:42:15.0558 0x0c2c  PeerDistSvc - ok
03:42:15.0573 0x0c2c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
03:42:15.0589 0x0c2c  PerfHost - ok
03:42:15.0620 0x0c2c  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
03:42:15.0698 0x0c2c  pla - ok
03:42:15.0714 0x0c2c  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
03:42:15.0729 0x0c2c  PlugPlay - ok
03:42:15.0745 0x0c2c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
03:42:15.0761 0x0c2c  PNRPAutoReg - ok
03:42:15.0761 0x0c2c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
03:42:15.0792 0x0c2c  PNRPsvc - ok
03:42:15.0807 0x0c2c  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
03:42:15.0839 0x0c2c  PolicyAgent - ok
03:42:15.0854 0x0c2c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
03:42:15.0885 0x0c2c  Power - ok
03:42:15.0901 0x0c2c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
03:42:15.0932 0x0c2c  PptpMiniport - ok
03:42:15.0932 0x0c2c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
03:42:15.0948 0x0c2c  Processor - ok
03:42:15.0963 0x0c2c  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
03:42:15.0979 0x0c2c  ProfSvc - ok
03:42:15.0979 0x0c2c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
03:42:15.0995 0x0c2c  ProtectedStorage - ok
03:42:16.0010 0x0c2c  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
03:42:16.0041 0x0c2c  Psched - ok
03:42:16.0073 0x0c2c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
03:42:16.0119 0x0c2c  ql2300 - ok
03:42:16.0135 0x0c2c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
03:42:16.0151 0x0c2c  ql40xx - ok
03:42:16.0151 0x0c2c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
03:42:16.0182 0x0c2c  QWAVE - ok
03:42:16.0182 0x0c2c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
03:42:16.0213 0x0c2c  QWAVEdrv - ok
03:42:16.0213 0x0c2c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
03:42:16.0244 0x0c2c  RasAcd - ok
03:42:16.0244 0x0c2c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
03:42:16.0275 0x0c2c  RasAgileVpn - ok
03:42:16.0291 0x0c2c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
03:42:16.0322 0x0c2c  RasAuto - ok
03:42:16.0338 0x0c2c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
03:42:16.0369 0x0c2c  Rasl2tp - ok
03:42:16.0369 0x0c2c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
03:42:16.0416 0x0c2c  RasMan - ok
03:42:16.0431 0x0c2c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
03:42:16.0463 0x0c2c  RasPppoe - ok
03:42:16.0463 0x0c2c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
03:42:16.0494 0x0c2c  RasSstp - ok
03:42:16.0509 0x0c2c  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
03:42:16.0556 0x0c2c  rdbss - ok
03:42:16.0556 0x0c2c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
03:42:16.0556 0x0c2c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdpbus.sys. md5: 302DA2A0539F2CF54D7C6CC30C1F2D8D, sha256: 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17
03:42:16.0556 0x0c2c  rdpbus - detected LockedFile.Multi.Generic ( 1 )
03:42:19.0333 0x0c2c  Detect skipped due to KSN trusted
03:42:19.0333 0x0c2c  rdpbus - ok
03:42:19.0333 0x0c2c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
03:42:19.0380 0x0c2c  RDPCDD - ok
03:42:19.0380 0x0c2c  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
03:42:19.0411 0x0c2c  RDPDR - ok
03:42:19.0411 0x0c2c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
03:42:19.0442 0x0c2c  RDPENCDD - ok
03:42:19.0458 0x0c2c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
03:42:19.0489 0x0c2c  RDPREFMP - ok
03:42:19.0489 0x0c2c  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
03:42:19.0505 0x0c2c  RdpVideoMiniport - ok
03:42:19.0520 0x0c2c  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
03:42:19.0536 0x0c2c  RDPWD - ok
03:42:19.0551 0x0c2c  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
03:42:19.0567 0x0c2c  rdyboost - ok
03:42:19.0583 0x0c2c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
03:42:19.0614 0x0c2c  RemoteAccess - ok
03:42:19.0614 0x0c2c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
03:42:19.0661 0x0c2c  RemoteRegistry - ok
03:42:19.0661 0x0c2c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
03:42:19.0692 0x0c2c  RpcEptMapper - ok
03:42:19.0707 0x0c2c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
03:42:19.0723 0x0c2c  RpcLocator - ok
03:42:19.0739 0x0c2c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
03:42:19.0770 0x0c2c  RpcSs - ok
03:42:19.0785 0x0c2c  [ ABCB5A38A0D85BDF69B7877E1AD1EED5, 44DF1A92E8FA53677A04C46088B0AD49F1F6A090820BE550A514C4FBFD91444D ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
03:42:19.0817 0x0c2c  RTL8167 - ok
03:42:19.0817 0x0c2c  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
03:42:19.0832 0x0c2c  s3cap - ok
03:42:19.0848 0x0c2c  [ E228C336F195FA629D00B02F9FFC5667, 114F562882EF2A439EC4783029A977A53588F3870AED158B46F8DA51B4CB2715 ] SafeBox         C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
03:42:19.0863 0x0c2c  SafeBox - ok
03:42:19.0863 0x0c2c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
03:42:19.0879 0x0c2c  SamSs - ok
03:42:19.0879 0x0c2c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
03:42:19.0895 0x0c2c  sbp2port - ok
03:42:19.0910 0x0c2c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
03:42:19.0941 0x0c2c  SCardSvr - ok
03:42:19.0957 0x0c2c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
03:42:19.0988 0x0c2c  scfilter - ok
03:42:20.0004 0x0c2c  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
03:42:20.0066 0x0c2c  Schedule - ok
03:42:20.0066 0x0c2c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
03:42:20.0097 0x0c2c  SCPolicySvc - ok
03:42:20.0113 0x0c2c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
03:42:20.0129 0x0c2c  SDRSVC - ok
03:42:20.0129 0x0c2c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
03:42:20.0160 0x0c2c  secdrv - ok
03:42:20.0175 0x0c2c  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
03:42:20.0207 0x0c2c  seclogon - ok
03:42:20.0207 0x0c2c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
03:42:20.0238 0x0c2c  SENS - ok
03:42:20.0253 0x0c2c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
03:42:20.0269 0x0c2c  SensrSvc - ok
03:42:20.0269 0x0c2c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
03:42:20.0269 0x0c2c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serenum.sys. md5: CB624C0035412AF0DEBEC78C41F5CA1B, sha256: A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4
03:42:20.0269 0x0c2c  Serenum - detected LockedFile.Multi.Generic ( 1 )
03:42:22.0983 0x0c2c  Detect skipped due to KSN trusted
03:42:22.0983 0x0c2c  Serenum - ok
03:42:22.0983 0x0c2c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
03:42:22.0983 0x0c2c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serial.sys. md5: C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, sha256: 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D
03:42:22.0983 0x0c2c  Serial - detected LockedFile.Multi.Generic ( 1 )
03:42:25.0776 0x0c2c  Detect skipped due to KSN trusted
03:42:25.0776 0x0c2c  Serial - ok
03:42:25.0776 0x0c2c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
03:42:25.0776 0x0c2c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sermouse.sys. md5: 1C545A7D0691CC4A027396535691C3E3, sha256: 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D
03:42:25.0776 0x0c2c  sermouse - detected LockedFile.Multi.Generic ( 1 )
03:42:28.0490 0x0c2c  Detect skipped due to KSN trusted
03:42:28.0490 0x0c2c  sermouse - ok
03:42:28.0506 0x0c2c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
03:42:28.0553 0x0c2c  SessionEnv - ok
03:42:28.0553 0x0c2c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
03:42:28.0584 0x0c2c  sffdisk - ok
03:42:28.0584 0x0c2c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
03:42:28.0599 0x0c2c  sffp_mmc - ok
03:42:28.0599 0x0c2c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
03:42:28.0615 0x0c2c  sffp_sd - ok
03:42:28.0631 0x0c2c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
03:42:28.0646 0x0c2c  sfloppy - ok
03:42:28.0646 0x0c2c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
03:42:28.0693 0x0c2c  SharedAccess - ok
03:42:28.0709 0x0c2c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
03:42:28.0740 0x0c2c  ShellHWDetection - ok
03:42:28.0755 0x0c2c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
03:42:28.0771 0x0c2c  SiSRaid2 - ok
03:42:28.0771 0x0c2c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
03:42:28.0787 0x0c2c  SiSRaid4 - ok
03:42:28.0802 0x0c2c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
03:42:28.0833 0x0c2c  Smb - ok
03:42:28.0833 0x0c2c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
03:42:28.0849 0x0c2c  SNMPTRAP - ok
03:42:28.0865 0x0c2c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
03:42:28.0880 0x0c2c  spldr - ok
03:42:28.0880 0x0c2c  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
03:42:28.0911 0x0c2c  Spooler - ok
03:42:28.0989 0x0c2c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
03:42:29.0099 0x0c2c  sppsvc - ok
03:42:29.0114 0x0c2c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
03:42:29.0145 0x0c2c  sppuinotify - ok
03:42:29.0161 0x0c2c  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
03:42:29.0177 0x0c2c  srv - ok
03:42:29.0192 0x0c2c  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
03:42:29.0208 0x0c2c  srv2 - ok
03:42:29.0223 0x0c2c  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
03:42:29.0239 0x0c2c  srvnet - ok
03:42:29.0239 0x0c2c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
03:42:29.0286 0x0c2c  SSDPSRV - ok
03:42:29.0286 0x0c2c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
03:42:29.0333 0x0c2c  SstpSvc - ok
03:42:29.0333 0x0c2c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
03:42:29.0348 0x0c2c  stexstor - ok
03:42:29.0364 0x0c2c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
03:42:29.0395 0x0c2c  stisvc - ok
03:42:29.0395 0x0c2c  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
03:42:29.0411 0x0c2c  storflt - ok
03:42:29.0426 0x0c2c  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
03:42:29.0442 0x0c2c  StorSvc - ok
03:42:29.0442 0x0c2c  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
03:42:29.0457 0x0c2c  storvsc - ok
03:42:29.0457 0x0c2c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
03:42:29.0473 0x0c2c  swenum - ok
03:42:29.0489 0x0c2c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
03:42:29.0535 0x0c2c  swprv - ok
03:42:29.0582 0x0c2c  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
03:42:29.0629 0x0c2c  SysMain - ok
03:42:29.0645 0x0c2c  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
03:42:29.0660 0x0c2c  TabletInputService - ok
03:42:29.0676 0x0c2c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
03:42:29.0723 0x0c2c  TapiSrv - ok
03:42:29.0723 0x0c2c  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
03:42:29.0754 0x0c2c  TBS - ok
03:42:29.0801 0x0c2c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
03:42:29.0863 0x0c2c  Tcpip - ok
03:42:29.0910 0x0c2c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
03:42:29.0957 0x0c2c  TCPIP6 - ok
03:42:29.0957 0x0c2c  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
03:42:29.0972 0x0c2c  tcpipreg - ok
03:42:29.0972 0x0c2c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
03:42:29.0988 0x0c2c  TDPIPE - ok
03:42:30.0003 0x0c2c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
03:42:30.0019 0x0c2c  TDTCP - ok
03:42:30.0019 0x0c2c  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
03:42:30.0035 0x0c2c  tdx - ok
03:42:30.0050 0x0c2c  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
03:42:30.0050 0x0c2c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\termdd.sys. md5: 561E7E1F06895D78DE991E01DD0FB6E5, sha256: 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D
03:42:30.0050 0x0c2c  TermDD - detected LockedFile.Multi.Generic ( 1 )
03:42:32.0827 0x0c2c  Detect skipped due to KSN trusted
03:42:32.0827 0x0c2c  TermDD - ok
03:42:32.0843 0x0c2c  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
03:42:32.0889 0x0c2c  TermService - ok
03:42:32.0889 0x0c2c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
03:42:32.0905 0x0c2c  Themes - ok
03:42:32.0921 0x0c2c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
03:42:32.0952 0x0c2c  THREADORDER - ok
03:42:32.0952 0x0c2c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
03:42:32.0983 0x0c2c  TrkWks - ok
03:42:32.0999 0x0c2c  [ 3E75A47D2DEFD2683DCA409572FBE8B2, 33964B1A05E045D3B878CDFD9F52A9086B4FA54D6D4D1DC38062D2874CACD4A0 ] trufos          C:\Windows\system32\DRIVERS\trufos.sys
03:42:33.0030 0x0c2c  trufos - ok
03:42:33.0030 0x0c2c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
03:42:33.0061 0x0c2c  TrustedInstaller - ok
03:42:33.0077 0x0c2c  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
03:42:33.0092 0x0c2c  tssecsrv - ok
03:42:33.0092 0x0c2c  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
03:42:33.0108 0x0c2c  TsUsbFlt - ok
03:42:33.0123 0x0c2c  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
03:42:33.0139 0x0c2c  TsUsbGD - ok
03:42:33.0139 0x0c2c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
03:42:33.0170 0x0c2c  tunnel - ok
03:42:33.0170 0x0c2c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
03:42:33.0201 0x0c2c  uagp35 - ok
03:42:33.0201 0x0c2c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
03:42:33.0248 0x0c2c  udfs - ok
03:42:33.0248 0x0c2c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
03:42:33.0279 0x0c2c  UI0Detect - ok
03:42:33.0279 0x0c2c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
03:42:33.0295 0x0c2c  uliagpkx - ok
03:42:33.0295 0x0c2c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
03:42:33.0295 0x0c2c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\umbus.sys. md5: DC54A574663A895C8763AF0FA1FF7561, sha256: 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE
03:42:33.0295 0x0c2c  umbus - detected LockedFile.Multi.Generic ( 1 )
03:42:36.0087 0x0c2c  Detect skipped due to KSN trusted
03:42:36.0087 0x0c2c  umbus - ok
03:42:36.0087 0x0c2c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
03:42:36.0103 0x0c2c  UmPass - ok
03:42:36.0119 0x0c2c  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
03:42:36.0150 0x0c2c  UmRdpService - ok
03:42:36.0150 0x0c2c  [ C1C2C9231EBD263DB9C4F34DBB080B32, 25A046D8CC6674A47F3338E84661BF502D21C571C50643D9EF20D334CC27538C ] UPDATESRV       C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
03:42:36.0165 0x0c2c  UPDATESRV - ok
03:42:36.0181 0x0c2c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
03:42:36.0228 0x0c2c  upnphost - ok
03:42:36.0228 0x0c2c  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
03:42:36.0228 0x0c2c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbccgp.sys. md5: DCA68B0943D6FA415F0C56C92158A83A, sha256: BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57
03:42:36.0228 0x0c2c  usbccgp - detected LockedFile.Multi.Generic ( 1 )
03:42:39.0005 0x0c2c  Detect skipped due to KSN trusted
03:42:39.0005 0x0c2c  usbccgp - ok
03:42:39.0005 0x0c2c  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
03:42:39.0036 0x0c2c  usbcir - ok
03:42:39.0036 0x0c2c  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
03:42:39.0036 0x0c2c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbehci.sys. md5: 18A85013A3E0F7E1755365D287443965, sha256: 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33
03:42:39.0036 0x0c2c  usbehci - detected LockedFile.Multi.Generic ( 1 )
03:42:41.0750 0x0c2c  Detect skipped due to KSN trusted
03:42:41.0750 0x0c2c  usbehci - ok
03:42:41.0766 0x0c2c  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
03:42:41.0766 0x0c2c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbhub.sys. md5: 8D1196CFBB223621F2C67D45710F25BA, sha256: B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003
03:42:41.0766 0x0c2c  usbhub - detected LockedFile.Multi.Generic ( 1 )
03:42:44.0496 0x0c2c  Detect skipped due to KSN trusted
03:42:44.0496 0x0c2c  usbhub - ok
03:42:44.0496 0x0c2c  [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
03:42:44.0511 0x0c2c  usbohci - ok
03:42:44.0527 0x0c2c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
03:42:44.0543 0x0c2c  usbprint - ok
03:42:44.0543 0x0c2c  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
03:42:44.0543 0x0c2c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\USBSTOR.SYS. md5: FED648B01349A3C8395A5169DB5FB7D6, sha256: DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96
03:42:44.0543 0x0c2c  USBSTOR - detected LockedFile.Multi.Generic ( 1 )
03:42:47.0335 0x0c2c  Detect skipped due to KSN trusted
03:42:47.0335 0x0c2c  USBSTOR - ok
03:42:47.0335 0x0c2c  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
03:42:47.0335 0x0c2c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbuhci.sys. md5: DD253AFC3BC6CBA412342DE60C3647F3, sha256: 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7
03:42:47.0335 0x0c2c  usbuhci - detected LockedFile.Multi.Generic ( 1 )
03:42:50.0065 0x0c2c  Detect skipped due to KSN trusted
03:42:50.0065 0x0c2c  usbuhci - ok
03:42:50.0065 0x0c2c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
03:42:50.0096 0x0c2c  UxSms - ok
03:42:50.0112 0x0c2c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
03:42:50.0127 0x0c2c  VaultSvc - ok
03:42:50.0127 0x0c2c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
03:42:50.0127 0x0c2c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vdrvroot.sys. md5: C5C876CCFC083FF3B128F933823E87BD, sha256: 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D
03:42:50.0127 0x0c2c  vdrvroot - detected LockedFile.Multi.Generic ( 1 )
03:42:52.0826 0x0c2c  Detect skipped due to KSN trusted
03:42:52.0826 0x0c2c  vdrvroot - ok
03:42:52.0857 0x0c2c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
03:42:52.0904 0x0c2c  vds - ok
03:42:52.0904 0x0c2c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
03:42:52.0920 0x0c2c  vga - ok
03:42:52.0935 0x0c2c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
03:42:52.0967 0x0c2c  VgaSave - ok
03:42:52.0967 0x0c2c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
03:42:52.0998 0x0c2c  vhdmp - ok
03:42:52.0998 0x0c2c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
03:42:53.0013 0x0c2c  viaide - ok
03:42:53.0013 0x0c2c  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
03:42:53.0045 0x0c2c  vmbus - ok
03:42:53.0045 0x0c2c  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
03:42:53.0060 0x0c2c  VMBusHID - ok
03:42:53.0060 0x0c2c  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
03:42:53.0060 0x0c2c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volmgr.sys. md5: D2AAFD421940F640B407AEFAAEBD91B0, sha256: 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161
03:42:53.0060 0x0c2c  volmgr - detected LockedFile.Multi.Generic ( 1 )
03:42:55.0868 0x0c2c  Detect skipped due to KSN trusted
03:42:55.0868 0x0c2c  volmgr - ok
03:42:55.0884 0x0c2c  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
03:42:55.0915 0x0c2c  volmgrx - ok
03:42:55.0915 0x0c2c  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
03:42:55.0915 0x0c2c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volsnap.sys. md5: 0D08D2F3B3FF84E433346669B5E0F639, sha256: 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC
03:42:55.0915 0x0c2c  volsnap - detected LockedFile.Multi.Generic ( 1 )
03:42:58.0723 0x0c2c  Detect skipped due to KSN trusted
03:42:58.0723 0x0c2c  volsnap - ok
03:42:58.0723 0x0c2c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
03:42:58.0754 0x0c2c  vsmraid - ok
03:42:58.0785 0x0c2c  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
03:42:58.0863 0x0c2c  VSS - ok
03:42:58.0895 0x0c2c  [ 43EB3386B08131F33CAD5F54F42E68B9, 626839363C0D00E96F7694F2356C4BFDE44DA3C5E2413A743D4BBFF038AEABE8 ] VSSERV          C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
03:42:58.0941 0x0c2c  VSSERV - ok
03:42:58.0941 0x0c2c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
03:42:58.0957 0x0c2c  vwifibus - ok
03:42:58.0973 0x0c2c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
03:42:59.0019 0x0c2c  W32Time - ok
03:42:59.0019 0x0c2c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
03:42:59.0035 0x0c2c  WacomPen - ok
03:42:59.0035 0x0c2c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
03:42:59.0082 0x0c2c  WANARP - ok
03:42:59.0082 0x0c2c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
03:42:59.0113 0x0c2c  Wanarpv6 - ok
03:42:59.0144 0x0c2c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
03:42:59.0207 0x0c2c  wbengine - ok
03:42:59.0207 0x0c2c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
03:42:59.0238 0x0c2c  WbioSrvc - ok
03:42:59.0253 0x0c2c  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
03:42:59.0285 0x0c2c  wcncsvc - ok
03:42:59.0285 0x0c2c  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
03:42:59.0300 0x0c2c  WcsPlugInService - ok
03:42:59.0300 0x0c2c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
03:42:59.0316 0x0c2c  Wd - ok
03:42:59.0347 0x0c2c  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
03:42:59.0378 0x0c2c  Wdf01000 - ok
03:42:59.0378 0x0c2c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
03:42:59.0409 0x0c2c  WdiServiceHost - ok
03:42:59.0425 0x0c2c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
03:42:59.0441 0x0c2c  WdiSystemHost - ok
03:42:59.0441 0x0c2c  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
03:42:59.0472 0x0c2c  WebClient - ok
03:42:59.0472 0x0c2c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
03:42:59.0519 0x0c2c  Wecsvc - ok
03:42:59.0519 0x0c2c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
03:42:59.0565 0x0c2c  wercplsupport - ok
03:42:59.0565 0x0c2c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
03:42:59.0597 0x0c2c  WerSvc - ok
03:42:59.0597 0x0c2c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
03:42:59.0643 0x0c2c  WfpLwf - ok
03:42:59.0643 0x0c2c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
03:42:59.0659 0x0c2c  WIMMount - ok
03:42:59.0659 0x0c2c  WinDefend - ok
03:42:59.0659 0x0c2c  WinHttpAutoProxySvc - ok
03:42:59.0675 0x0c2c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
03:42:59.0706 0x0c2c  Winmgmt - ok
03:42:59.0753 0x0c2c  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
03:42:59.0831 0x0c2c  WinRM - ok
03:42:59.0846 0x0c2c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
03:42:59.0893 0x0c2c  Wlansvc - ok
03:42:59.0909 0x0c2c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
03:42:59.0924 0x0c2c  WmiAcpi - ok
03:42:59.0924 0x0c2c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
03:42:59.0955 0x0c2c  wmiApSrv - ok
03:42:59.0955 0x0c2c  WMPNetworkSvc - ok
03:42:59.0955 0x0c2c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
03:42:59.0971 0x0c2c  WPCSvc - ok
03:42:59.0987 0x0c2c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
03:43:00.0002 0x0c2c  WPDBusEnum - ok
03:43:00.0002 0x0c2c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
03:43:00.0033 0x0c2c  ws2ifsl - ok
03:43:00.0049 0x0c2c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
03:43:00.0065 0x0c2c  wscsvc - ok
03:43:00.0065 0x0c2c  WSearch - ok
03:43:00.0127 0x0c2c  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
03:43:00.0189 0x0c2c  wuauserv - ok
03:43:00.0205 0x0c2c  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
03:43:00.0221 0x0c2c  WudfPf - ok
03:43:00.0221 0x0c2c  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
03:43:00.0252 0x0c2c  WUDFRd - ok
03:43:00.0252 0x0c2c  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
03:43:00.0283 0x0c2c  wudfsvc - ok
03:43:00.0283 0x0c2c  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
03:43:00.0314 0x0c2c  WwanSvc - ok
03:43:00.0314 0x0c2c  ================ Scan global ===============================
03:43:00.0314 0x0c2c  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
03:43:00.0330 0x0c2c  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
03:43:00.0345 0x0c2c  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
03:43:00.0361 0x0c2c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
03:43:00.0361 0x0c2c  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
03:43:00.0377 0x0c2c  [ Global ] - ok
03:43:00.0377 0x0c2c  ================ Scan MBR ==================================
03:43:00.0377 0x0c2c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
03:43:00.0439 0x0c2c  \Device\Harddisk0\DR0 - ok
03:43:00.0439 0x0c2c  ================ Scan VBR ==================================
03:43:00.0439 0x0c2c  [ 35F3B03A007569017DAFFB8FD54CE757 ] \Device\Harddisk0\DR0\Partition1
03:43:00.0439 0x0c2c  \Device\Harddisk0\DR0\Partition1 - ok
03:43:00.0439 0x0c2c  [ E10F1961E822A5AF51472B52976E25BA ] \Device\Harddisk0\DR0\Partition2
03:43:00.0439 0x0c2c  \Device\Harddisk0\DR0\Partition2 - ok
03:43:00.0439 0x0c2c  ================ Scan generic autorun ======================
03:43:00.0470 0x0c2c  [ 8320CF32C00B1FA95AA7CE8D3056117C, D524FB1FF444A90BA471475B1513907274C71035FDAE81E88D6C5F019220801A ] C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
03:43:00.0517 0x0c2c  Bdagent - ok
03:43:00.0533 0x0c2c  {FE68512B-524E-42B4-9F4E-BEC0CA7CC946} - ok
03:43:00.0533 0x0c2c  Sidebar - ok
03:43:00.0533 0x0c2c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
03:43:00.0564 0x0c2c  mctadmin - ok
03:43:00.0564 0x0c2c  Sidebar - ok
03:43:00.0564 0x0c2c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
03:43:00.0595 0x0c2c  mctadmin - ok
03:43:00.0611 0x0c2c  [ BDE4FEAA195C84222F7A35480B48340D, 7CE22EB7A11E9B0F443426A83AB6C724BD25D6AC4BBAE5490EF58ABD9F0F2445 ] C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
03:43:00.0642 0x0c2c  Bitdefender-Geldbörse-Agent - ok
03:43:00.0657 0x0c2c  [ BDE4FEAA195C84222F7A35480B48340D, 7CE22EB7A11E9B0F443426A83AB6C724BD25D6AC4BBAE5490EF58ABD9F0F2445 ] C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
03:43:00.0689 0x0c2c  Bitdefender-Geldbörse-Agent - ok
03:43:00.0689 0x0c2c  Waiting for KSN requests completion. In queue: 50
03:43:01.0703 0x0c2c  Waiting for KSN requests completion. In queue: 50
03:43:02.0717 0x0c2c  Waiting for KSN requests completion. In queue: 50
03:43:03.0809 0x0c2c  AV detected via SS2: Bitdefender Antivirus, C:\Program Files\Bitdefender\Bitdefender 2015\wscfix.exe ( 18.18.0.1254 ), 0x41000 ( enabled : updated )
03:43:03.0809 0x0c2c  FW detected via SS2: Bitdefender Firewall, C:\Program Files\Bitdefender\Bitdefender 2015\wscfix.exe ( 18.18.0.1254 ), 0x41010 ( enabled )
03:43:06.0554 0x0c2c  ============================================================
03:43:06.0554 0x0c2c  Scan finished
03:43:06.0554 0x0c2c  ============================================================
03:43:06.0554 0x0a10  Detected object count: 0
03:43:06.0554 0x0a10  Actual detected object count: 0

"Zur Info"

Habe grade mal versucht Chipsatz Treiber und Soundtreiber zu installieren, geht nicht ehhh wiso nicht? -.- Ich raste gleiich auus ohne Scheiss!!

Wenn ich formatiere habe ich ja die gleiche Scheis*** wieder da was soll ich denn jetzt eig.? Rechner wegwerfen oder watt?

Hab mir inzwischen ein neues Windows 8.1 bestellt, im laufe der Woche wird es wohl bei mir ankommen. Ich will sehen ob dann auch nach der Neuinstallation dann wieder solche Benutzer ihr Unwesen auf meinem Rechner treiben ohne Internetzugang.

schrauber · 12.01.2015, 09:39

Also brauchen wir nicht weiter machen?

slow · 12.01.2015, 13:49

Naja klar doch, gerne sogar, ich würde schon gerne wissen was da jetzt ist...
Es wurde ja nichts gefunden laut den Logs oder hast du noch was entdeckt?
Weil ich kann mein Windows ja nicht benutzen, nicht mals Soundtreiber kann ich installieren, Grafik auch nicht.
Deswegen wäre ich schon froh wenn wir weiter machen würden..

Grüße

schrauber · 12.01.2015, 13:55

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

slow · 12.01.2015, 14:59

Würde ich ja nach Anweisung ausführen, aber BitDefender lässt sich nicht deaktivieren.
Soll ich an lassen oder im abgesicherten Modus versuchen zu beenden und zu scannen?

11.01.2015, 18:32	#2
schrauber /// the machine /// TB-Ausbilder	Hardcore Trojaner oder dauer Pwn? :pukeface: Sorry, viel zu viel unübersichtlicher Text. Was ich bis jezt rauslesen und verstehen konnte: Du hast formatiert und neuaufgesetzt. Daraus ergibt soch folgende Schlussfolgerung: Dein System ist sauber. Formatieren überlebt nix. BIOS Viren gibt es in the wild nicht. __________________ __________________

11.01.2015, 18:34	#4
schrauber /// the machine /// TB-Ausbilder	Hardcore Trojaner oder dauer Pwn? :pukeface: Woher hast du die Win7 Scheibe? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

12.01.2015, 09:39	#12
schrauber /// the machine /// TB-Ausbilder	Hardcore Trojaner oder dauer Pwn? :pukeface: Also brauchen wir nicht weiter machen? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Hardcore Trojaner oder dauer Pwn? :pukeface:

Log-Analyse und Auswertung: Hardcore Trojaner oder dauer Pwn? :pukeface: