| |
| |||||||
Log-Analyse und Auswertung: WIN 7: NvBackend.exe - Ungültiges BildWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.04.2015, 14:57
| #1 |
| |  WIN 7: NvBackend.exe - Ungültiges Bild Guten Tag! Ich habe mit antimalewarebytes meinen Rechner bereinigt und danach AntiMB Anit-Rootkit genutzt. Inzwischen hat sich folgendes Problem aufgetan: Ich bekomme 3 mal in folge eine Fehlermeldung die ich dann 3 mal mit "OK" bestätige und dann funktioniert der Rechner wieder ganz normal. Die Fehlermeldung mit "OK" zu bestätigen ist die alleinige Möglichkeit. Anderst lässt sie sich nicht entfernen. Diese Fehlermeldung kommt jedoch immer und immer wieder. Sie lautet wie folgt: C:\User\THG Amertus\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\Ont ology.dll ist entweder nicht für die Ausführung unter Windows vorhergesehen oder enthält einen Fehler. Installieren Sie das Progamm mit den Orginalinstallationsmedien erneut, oder wenden Sie sich an den Systemadministrator oder Softwarelieferanten, um Unterstützung zu erhalten. Anbei die verlangten Logfiles: defogger_disable by jpshortstuff (23.02.10.1) Log created at 15:27 on 11/04/2015 (THG Amertus) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-04-2015
Ran by THG Amertus (administrator) on THGAMERTUS-PC on 11-04-2015 15:09:10
Running from C:\Users\THG Amertus\Downloads
Loaded Profiles: THG Amertus (Available profiles: THG Amertus)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\360rps.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\360sd.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\360rp.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\safemon\360Tray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.243\deploy\LoLLauncher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.27\deploy\LoLPatcher.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.139\deploy\LolClient.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [360sd] => C:\Program Files\360\360 Internet Security\360sdrun.exe [287560 2014-04-16] (Qihu 360 Software Co., Ltd.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291280 2012-12-21] (Intel Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1193351049-1641135016-4214113064-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2888896 2015-03-24] (Valve Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-08-24] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1193351049-1641135016-4214113064-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files\360\360 Internet Security\safemon\safemon64.dll [2014-04-23] (Qihu 360 Software Co., Ltd.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Handler: WSWSVCUchrome - No CLSID Value
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\THG Amertus\AppData\Roaming\Mozilla\Firefox\Profiles\iire6fz1.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-14] ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-06-07] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Blur (Formerly DoNotTrackMe) - C:\Users\THG Amertus\AppData\Roaming\Mozilla\Firefox\Profiles\iire6fz1.default\Extensions\donottrackplus@abine.com [2014-12-22]
FF Extension: 360网页保护 - C:\Users\THG Amertus\AppData\Roaming\Mozilla\Firefox\Profiles\iire6fz1.default\Extensions\webshield@360safe.com [2014-07-21]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\THG Amertus\AppData\Roaming\Mozilla\Firefox\Profiles\iire6fz1.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-07-20]
FF Extension: Speed Dial - C:\Users\THG Amertus\AppData\Roaming\Mozilla\Firefox\Profiles\iire6fz1.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2014-07-20]
FF Extension: Adblock Plus - C:\Users\THG Amertus\AppData\Roaming\Mozilla\Firefox\Profiles\iire6fz1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-20]
FF Extension: {ec0fd0ea-7b6e-47f1-9895-578b8fee8ad8} - C:\Users\THG Amertus\AppData\Roaming\Mozilla\Firefox\Profiles\iire6fz1.default\Extensions\{ec0fd0ea-7b6e-47f1-9895-578b8fee8ad8}.xpi [2015-02-28]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-04]
Chrome:
=======
CHR Profile: C:\Users\THG Amertus\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\THG Amertus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-10]
CHR Extension: (Google Drive) - C:\Users\THG Amertus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-10]
CHR Extension: (YouTube) - C:\Users\THG Amertus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-10]
CHR Extension: (Google Search) - C:\Users\THG Amertus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-10]
CHR Extension: (NewTab Connect) - C:\Users\THG Amertus\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlceijfdfeghdhmmbhbcffanmcggoojf [2014-04-24]
CHR Extension: (Google Wallet) - C:\Users\THG Amertus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-10]
CHR Extension: (Gmail) - C:\Users\THG Amertus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-10]
CHR HKLM-x32\...\Chrome\Extension: [elpknechjiimhpnblclkecmjphbahfgi] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jlceijfdfeghdhmmbhbcffanmcggoojf] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 360rp; C:\Program Files\360\360 Internet Security\360rps.exe [310352 2014-04-16] (Qihu 360 Software Co., Ltd.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
S3 scan; C:\Program Files\360\360 Internet Security\scan.dll [423144 2013-02-20] (S.C. BitDefender S.R.L)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZhuDongFangYu; C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe [236360 2014-04-23] (Qihu 360 Software Co., Ltd.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [97872 2014-04-21] (Qihu 360 Software Co., Ltd.)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [67664 2014-04-23] (Qihu 360 Software Co., Ltd.)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [305744 2014-04-29] (Qihu 360 Software Co., Ltd.)
R1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [41552 2014-04-29] (Qihu 360 Software Co., Ltd.)
R1 360fsflt; C:\Windows\System32\DRIVERS\360FsFlt.sys [304208 2014-05-07] (Qihu 360 Software Co., Ltd.)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [180816 2014-04-18] (Qihu 360 Software Co., Ltd.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2013-03-26] (Synaptics Incorporated)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 L1C; system32\DRIVERS\L1C62x64.sys [X]
R3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-11 15:09 - 2015-04-11 15:09 - 00014028 _____ () C:\Users\THG Amertus\Downloads\FRST.txt
2015-04-11 15:09 - 2015-04-11 15:09 - 00000000 ____D () C:\FRST
2015-04-11 15:08 - 2015-04-11 15:08 - 02095616 _____ (Farbar) C:\Users\THG Amertus\Downloads\FRST64.exe
2015-04-11 14:57 - 2015-04-11 15:05 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-05 19:32 - 2015-04-05 19:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 16:54 - 2014-11-22 12:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-04-04 16:54 - 2014-11-22 12:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-04-04 16:48 - 2015-04-04 16:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-03 16:43 - 2015-04-03 16:43 - 00000000 ____D () C:\Users\THG Amertus\Desktop\Tim
2015-04-03 16:41 - 2015-04-03 16:41 - 00000000 ____D () C:\Windows\SysWOW64\NV
2015-04-03 16:41 - 2015-04-03 16:41 - 00000000 ____D () C:\Windows\system32\NV
2015-04-03 16:40 - 2015-03-13 21:41 - 32114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-04-03 16:40 - 2015-03-13 21:41 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-04-03 16:40 - 2015-03-13 21:41 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-04-03 16:40 - 2015-03-13 21:41 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-04-03 16:40 - 2015-03-13 21:41 - 18580512 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-04-03 16:40 - 2015-03-13 21:41 - 17258024 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-04-03 16:40 - 2015-03-13 21:41 - 16022016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-04-03 16:40 - 2015-03-13 21:41 - 13297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-04-03 16:40 - 2015-03-13 21:41 - 13210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-04-03 16:40 - 2015-03-13 21:41 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-04-03 16:40 - 2015-03-13 21:41 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-04-03 16:40 - 2015-03-13 21:41 - 10262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-04-03 16:40 - 2015-03-13 21:41 - 03611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-04-03 16:40 - 2015-03-13 21:41 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-04-03 16:40 - 2015-03-13 21:41 - 02906928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-04-03 16:40 - 2015-03-13 21:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2015-04-03 16:40 - 2015-03-13 21:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2015-04-03 16:40 - 2015-03-13 21:41 - 00970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-04-03 16:40 - 2015-03-13 21:41 - 00944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-04-03 16:40 - 2015-03-13 21:41 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-04-03 16:40 - 2015-03-13 21:41 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-04-03 16:40 - 2015-03-13 21:41 - 00354112 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-04-03 16:40 - 2015-03-13 21:41 - 00306208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-04-03 16:40 - 2015-03-13 21:41 - 00032456 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2015-04-03 16:26 - 2015-04-04 16:09 - 00000000 ____D () C:\Users\THG Amertus\Desktop\Yannick
2015-03-13 22:54 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-13 22:54 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-13 22:54 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-13 22:54 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-13 22:54 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-13 22:54 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-13 22:54 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-13 22:54 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-13 22:54 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-13 22:54 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-13 22:54 - 2015-02-03 05:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-13 22:54 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-13 22:54 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-13 22:54 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-13 22:54 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-13 22:54 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-13 22:54 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-13 22:54 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-13 22:54 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-13 22:54 - 2015-02-03 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-13 22:54 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-13 22:54 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-13 22:54 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-13 22:54 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-13 22:54 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-13 22:54 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-13 22:54 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-13 22:54 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-13 22:54 - 2015-02-03 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-13 22:54 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-13 22:54 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-13 22:54 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-13 22:54 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-13 22:54 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-13 22:54 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-13 22:54 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-13 22:54 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-13 22:54 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-13 22:54 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-13 22:54 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-13 22:54 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-13 22:54 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-13 22:54 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-13 22:54 - 2015-02-03 05:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-13 22:54 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-13 22:54 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-13 22:54 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-13 22:54 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-13 22:54 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-13 22:54 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-13 22:54 - 2015-02-03 05:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-13 22:54 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-13 22:54 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-13 22:54 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-13 22:54 - 2015-02-03 05:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-13 22:54 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-13 22:54 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-13 22:54 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-13 22:54 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-13 22:54 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-13 22:54 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-13 22:54 - 2015-02-03 05:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-13 22:54 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-13 22:54 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-13 22:54 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-13 22:54 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-13 22:54 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-13 22:54 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-13 22:54 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-13 22:54 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-13 22:54 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-13 22:54 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-13 22:54 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-13 22:54 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-13 22:54 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-13 22:54 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-13 22:54 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-13 22:54 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-13 22:54 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-13 22:54 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-13 22:54 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-13 22:54 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-13 22:54 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-13 22:54 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-13 22:54 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-13 22:54 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-13 22:54 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-13 22:54 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-13 22:54 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-13 22:54 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-13 22:54 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-13 22:54 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-13 22:54 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-13 22:54 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-13 22:54 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-13 22:54 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-13 22:54 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-13 22:54 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-13 22:54 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-13 22:54 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-13 22:54 - 2014-06-28 02:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-13 22:54 - 2014-06-28 02:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-13 22:53 - 2015-03-06 07:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-13 22:53 - 2015-03-06 07:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-13 22:53 - 2015-03-06 07:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-13 22:53 - 2015-03-06 07:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-13 22:53 - 2015-03-06 07:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-13 22:53 - 2015-03-06 07:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-13 22:53 - 2015-03-06 07:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-13 22:53 - 2015-03-06 07:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-13 22:53 - 2015-03-06 07:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-13 22:53 - 2015-03-06 07:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-13 22:53 - 2015-03-06 07:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-13 22:53 - 2015-03-06 07:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-13 22:53 - 2015-03-06 07:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-13 22:53 - 2015-03-06 07:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-13 22:53 - 2015-03-06 07:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-13 22:53 - 2015-03-06 07:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-13 22:53 - 2015-03-06 07:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-13 22:53 - 2015-03-06 07:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-13 22:53 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-13 22:53 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-13 22:53 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-13 22:53 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-13 22:53 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-13 22:53 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-13 22:53 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-13 22:53 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-13 22:53 - 2015-03-06 07:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-13 22:53 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-13 22:53 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-13 22:53 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-13 22:53 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-13 22:53 - 2015-02-24 05:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-13 22:53 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-13 22:53 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-13 22:53 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-13 22:53 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-13 22:53 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-13 22:53 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-13 22:53 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-13 22:53 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-13 22:53 - 2015-02-20 05:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-13 22:53 - 2015-02-20 05:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-13 22:53 - 2015-02-20 04:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-13 22:53 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-13 22:53 - 2015-02-20 04:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-13 22:53 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-13 22:53 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-13 22:53 - 2015-02-20 04:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-13 22:53 - 2015-02-20 04:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-13 22:53 - 2015-02-20 04:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-13 22:53 - 2015-02-20 04:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-13 22:53 - 2015-02-20 04:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-13 22:53 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-13 22:53 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-13 22:53 - 2015-02-20 04:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-13 22:53 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-13 22:53 - 2015-02-20 04:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-13 22:53 - 2015-02-20 04:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-13 22:53 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-13 22:53 - 2015-02-20 04:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-13 22:53 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-13 22:53 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-13 22:53 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-13 22:53 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-13 22:53 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-13 22:53 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-13 22:53 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-13 22:53 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-13 22:53 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-13 22:53 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-13 22:53 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-13 22:53 - 2015-02-20 03:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-13 22:53 - 2015-02-20 03:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-13 22:53 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-13 22:53 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-13 22:53 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-13 22:53 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-13 22:53 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-13 22:53 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-13 22:53 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-13 22:53 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-13 22:53 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-13 22:53 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-13 22:53 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-13 22:53 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-13 22:53 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-13 22:53 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-13 22:53 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-13 22:53 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-13 22:53 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-13 22:53 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-13 22:53 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-13 22:52 - 2015-02-26 05:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-13 22:52 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-13 22:52 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-13 22:52 - 2015-02-03 05:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-13 22:52 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-13 22:52 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-13 22:52 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-13 22:09 - 2015-01-09 05:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-13 22:09 - 2015-01-09 05:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-13 22:09 - 2015-01-09 05:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-03-13 22:09 - 2015-01-09 04:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-11 15:08 - 2014-07-20 11:25 - 00000000 ____D () C:\Users\THG Amertus\AppData\Roaming\360safe
2015-04-11 14:57 - 2013-08-24 20:02 - 00000000 ____D () C:\Users\THG Amertus\AppData\Roaming\TS3Client
2015-04-11 14:57 - 2013-08-24 00:45 - 01402649 _____ () C:\Windows\WindowsUpdate.log
2015-04-11 14:56 - 2014-01-23 16:10 - 00066666 _____ () C:\Windows\setupact.log
2015-04-11 14:11 - 2013-10-07 15:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-11 13:16 - 2009-07-14 06:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-11 13:16 - 2009-07-14 06:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-11 13:14 - 2009-07-14 19:58 - 00699626 _____ () C:\Windows\system32\perfh007.dat
2015-04-11 13:14 - 2009-07-14 19:58 - 00149734 _____ () C:\Windows\system32\perfc007.dat
2015-04-11 13:14 - 2009-07-14 07:13 - 01620448 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-11 13:11 - 2015-01-17 10:08 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-11 13:07 - 2014-07-20 11:24 - 00000000 _RSHD () C:\360SANDBOX
2015-04-11 13:07 - 2014-07-20 11:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-11 13:07 - 2014-01-24 15:37 - 00400992 _____ () C:\Windows\PFRO.log
2015-04-11 13:07 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-05 19:30 - 2014-01-02 17:14 - 00000000 ____D () C:\Users\THG Amertus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-04-05 19:30 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-04-04 19:20 - 2014-07-27 18:35 - 00000000 ____D () C:\Users\THG Amertus\AppData\Local\Adobe
2015-04-03 16:41 - 2013-08-24 01:19 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-03 16:41 - 2013-08-24 01:17 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-28 05:44 - 2014-09-24 17:33 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-03-28 05:44 - 2014-09-24 17:33 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-03-28 05:43 - 2014-09-24 17:33 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-03-28 05:43 - 2014-09-24 17:33 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-03-14 13:22 - 2013-10-07 15:03 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-14 13:22 - 2013-08-24 01:42 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-14 13:22 - 2013-08-24 01:42 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-14 13:17 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-14 05:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-03-14 04:23 - 2009-07-14 06:45 - 00294640 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-14 04:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2015-03-14 04:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-14 04:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-14 04:03 - 2013-08-29 16:41 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-14 04:01 - 2013-08-29 16:41 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-13 22:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-13 21:41 - 2014-09-24 17:30 - 14121624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-03-13 21:41 - 2014-09-24 17:30 - 00878328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-03-13 21:41 - 2013-08-24 01:18 - 03303448 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-03-13 21:41 - 2013-08-24 01:18 - 00997856 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-03-13 21:41 - 2013-08-24 01:18 - 00178512 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-03-13 21:41 - 2013-08-24 01:18 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-03-13 21:41 - 2013-08-24 01:18 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-03-13 18:16 - 2013-08-24 01:19 - 06861968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-03-13 18:16 - 2013-08-24 01:19 - 03526856 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-03-13 18:16 - 2013-08-24 01:19 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-03-13 18:16 - 2013-08-24 01:19 - 01099408 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2015-03-13 18:16 - 2013-08-24 01:19 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-03-13 18:16 - 2013-08-24 01:19 - 00630416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\oemdspif.dll
2015-03-13 18:16 - 2013-08-24 01:19 - 00386248 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-03-13 18:16 - 2013-08-24 01:19 - 00075976 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2015-03-13 18:16 - 2013-08-24 01:19 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
==================== Files in the root of some directories =======
2014-08-01 12:57 - 2014-08-01 12:57 - 0000000 _____ () C:\Users\THG Amertus\AppData\Local\{C9EBF80C-BE7C-419E-B850-1744009A6BEE}
2014-06-25 16:43 - 2014-06-25 16:44 - 0000000 _____ () C:\Users\THG Amertus\AppData\Local\{FA89D8F2-CA37-4962-B771-93CC554E5511}
Some content of TEMP:
====================
C:\Users\THG Amertus\AppData\Local\Temp\avgnt.exe
C:\Users\THG Amertus\AppData\Local\Temp\Quarantine.exe
C:\Users\THG Amertus\AppData\Local\Temp\sdanircmdc.exe
C:\Users\THG Amertus\AppData\Local\Temp\sdapskill.exe
C:\Users\THG Amertus\AppData\Local\Temp\sdaspwn.exe
C:\Users\THG Amertus\AppData\Local\Temp\Setup.exe
C:\Users\THG Amertus\AppData\Local\Temp\SkypeSetup.exe
C:\Users\THG Amertus\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\THG Amertus\AppData\Local\Temp\sqlite3.dll
C:\Users\THG Amertus\AppData\Local\Temp\tbu174.exe
C:\Users\THG Amertus\AppData\Local\Temp\tbu1821.exe
C:\Users\THG Amertus\AppData\Local\Temp\tbuA784.exe
C:\Users\THG Amertus\AppData\Local\Temp\tbuCD16.exe
C:\Users\THG Amertus\AppData\Local\Temp\tbuF117.exe
C:\Users\THG Amertus\AppData\Local\Temp\utildel.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-04 04:12
==================== End Of Log ============================
--- --- --- --- --- --- FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-04-2015
Ran by THG Amertus at 2015-04-11 15:09:38
Running from C:\Users\THG Amertus\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: 360 Internet Security (Enabled - Up to date) {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}
AS: 360 Internet Security (Enabled - Up to date) {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
360 Internet Security (HKLM-x32\...\360 Internet Security) (Version: 4.9.0.4900 - Qihu 360 Software Co., Ltd.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2963 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.7.248 - Intel Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Nation Toolbar 6.5 (HKLM-x32\...\{43573897-e996-46ee-9e40-c70b3e237384}_is1) (Version: 6.5 - InfoSpace LTD.)
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.5.0 - SAMSUNG Electronics Co., Ltd.)
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
VLC media player 2.0.7 (HKLM\...\VLC media player) (Version: 2.0.7 - VideoLAN)
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
14-03-2015 04:00:15 Windows Update
22-03-2015 11:50:27 Windows Update
28-03-2015 01:13:26 Windows Update
03-04-2015 15:39:39 Windows Update
05-04-2015 03:00:11 Windows Update
05-04-2015 19:31:56 Windows Update
11-04-2015 13:18:47 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0E590424-EA2B-4AE9-A4AA-2A054DBEA419} - System32\Tasks\{38200241-C004-4C60-AB28-6832F3BFDD35} => pcalua.exe -a "C:\Users\THG Amertus\Downloads\LeagueofLegends_EUW_Installer_06_12_13.exe" -d C:\Windows\SysWOW64 -c /groupsextract:100;101;102;103; /out:"C:\Users\THG Amertus\AppData\Roaming\Riot Games\League of Legends\prerequisites" /callbackid:264
Task: {5ADFD31D-ADEB-4046-AE79-872FCC1D080F} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {6018BA2A-D7FE-4D96-9B85-32D683C72586} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {6C72080B-C053-4B30-96D4-F5FC9B904205} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-14] (Adobe Systems Incorporated)
Task: {7F43C4D2-DA67-4A7D-8D03-740F929C9025} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {83F2101A-AD8B-43D2-A53D-9AFDA15E2812} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {8C03060F-533D-4F7F-9263-C8C931AB9A00} - \ProtectedSearch\Protected Search No Task File <==== ATTENTION
Task: {B509D511-E8A4-4F1E-9173-F55DC1B20714} - System32\Tasks\{4CC3DDF6-2EBF-48B2-9213-2B7C67A53DC4} => pcalua.exe -a D:\autorun.exe -d D:\
Task: {C79C58AF-B27B-423A-905C-E69CF9BE9D7B} - System32\Tasks\{F785D247-3904-47A7-8C27-4AFC6BC3D12D} => pcalua.exe -a "C:\Users\THG Amertus\Desktop\LeagueofLegends_EUW_Installer_06_12_13.exe" -d C:\Windows\SysWOW64 -c /groupsextract:100; /out:"C:\Users\THG Amertus\AppData\Roaming\Riot Games\League of Legends\prerequisites" /callbackid:1252
Task: {EB3FFADF-8545-4B8A-A5A2-D3E59D80D160} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {EB9E4401-2927-42EB-81E0-C9C91C5CC8AC} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {EFC5B1E6-88CC-4200-ABD3-3847357C6046} - \Browser Updater\Browser Updater No Task File <==== ATTENTION
Task: {F0FFC841-CA51-41DB-B04F-72DF9DB80C98} - \SystemSockets\SystemSockets No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) ==============
2008-09-08 11:19 - 2008-09-08 11:19 - 00022016 _____ () C:\Windows\System32\cl31cl6.dll
2014-09-24 17:30 - 2015-03-13 21:41 - 00011920 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-08-24 01:19 - 2015-03-13 18:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-28 11:21 - 2014-10-24 15:16 - 00721263 _____ () C:\Windows\SysWOW64\WSCM64.dll
2013-08-24 01:12 - 2013-01-16 22:27 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-06-12 18:11 - 2013-08-24 12:48 - 01294336 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
2013-08-24 12:49 - 2015-04-11 13:11 - 02324472 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.243\deploy\LoLLauncher.exe
2015-01-17 17:57 - 2015-04-11 13:12 - 03800568 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.27\deploy\LoLPatcher.exe
2014-04-07 19:15 - 2014-04-07 19:15 - 00173568 _____ () C:\Program Files\TeamSpeak 3 Client\quazip.dll
2014-04-07 19:15 - 2014-04-07 19:15 - 01080832 _____ () C:\Program Files\TeamSpeak 3 Client\platforms\qwindows.dll
2014-04-07 19:15 - 2014-04-07 19:15 - 00833024 _____ () C:\Program Files\TeamSpeak 3 Client\sqldrivers\qsqlite.dll
2013-08-06 09:19 - 2014-08-07 18:07 - 00102344 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2013-08-06 09:19 - 2014-08-07 18:07 - 00108488 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2014-04-07 19:15 - 2014-04-07 19:15 - 00030208 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\qgif.dll
2014-04-07 19:15 - 2014-04-07 19:15 - 00233984 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\qjpeg.dll
2013-08-06 09:19 - 2014-08-07 18:07 - 00563656 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2013-11-21 17:57 - 2014-08-07 18:07 - 00579016 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2014-04-07 19:15 - 2014-04-07 19:15 - 00159232 _____ () C:\Program Files\TeamSpeak 3 Client\accessible\qtaccessiblewidgets.dll
2013-08-24 13:21 - 2013-08-24 13:21 - 00074752 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.139\deploy\LolClient.exe
2015-04-04 16:54 - 2015-03-28 05:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-09-24 17:30 - 2015-03-13 21:41 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2015-01-17 10:09 - 2015-03-10 08:37 - 00775680 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-25 01:49 - 2014-12-02 02:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-25 01:49 - 2014-12-02 02:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-25 01:49 - 2014-12-02 02:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-01-17 10:09 - 2015-03-24 06:22 - 02371776 _____ () C:\Program Files (x86)\Steam\video.dll
2015-01-17 10:09 - 2014-12-01 23:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-01-17 10:09 - 2014-12-01 23:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-01-17 10:09 - 2014-12-01 23:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-01-17 10:09 - 2014-12-01 23:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-01-17 10:09 - 2014-12-01 23:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-01-17 10:09 - 2015-03-24 06:22 - 00702656 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-02-28 11:21 - 2014-10-31 17:37 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2015-02-28 11:21 - 2014-05-19 18:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2015-01-17 10:09 - 2015-02-25 03:58 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-01-17 17:57 - 2015-04-11 13:12 - 01672184 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.27\deploy\RiotLauncher.dll
2015-01-17 10:09 - 2015-02-25 03:58 - 01709960 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2013-08-24 13:20 - 2013-08-24 13:20 - 04774248 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.139\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll
2015-03-14 13:22 - 2015-03-14 13:22 - 16858288 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1193351049-1641135016-4214113064-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\THG Amertus\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-1193351049-1641135016-4214113064-500 - Administrator - Disabled)
Gast (S-1-5-21-1193351049-1641135016-4214113064-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1193351049-1641135016-4214113064-1003 - Limited - Enabled)
THG Amertus (S-1-5-21-1193351049-1641135016-4214113064-1000 - Administrator - Enabled) => C:\Users\THG Amertus
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Ethernet-Controller
Description: Ethernet-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/06/2015 10:26:24 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]
Error: (04/06/2015 05:44:49 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
Error: (04/05/2015 10:54:19 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]
Error: (02/28/2015 00:31:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.1.5500, Zeitstempel: 0x54c1f9f3
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.1.5500, Zeitstempel: 0x54c1f224
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1168
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (02/07/2015 08:52:03 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
Error: (02/07/2015 08:52:03 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
Error: (02/07/2015 08:52:03 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]
Error: (01/17/2015 05:58:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1b90
Startzeit: 01d0326e68d169d1
Endzeit: 4
Anwendungspfad: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
Berichts-ID: affd7dd5-9e61-11e4-8844-24fd52a1e510
Error: (01/17/2015 10:08:01 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to poke open firewall
Error: (01/07/2015 01:19:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm csgo.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 500
Startzeit: 01d02a6b46499bfd
Endzeit: 188
Anwendungspfad: C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
Berichts-ID:
System errors:
=============
Error: (04/11/2015 01:10:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (04/11/2015 01:10:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
Error: (04/11/2015 01:07:48 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 11.04.2015 um 04:59:02 unerwartet heruntergefahren.
Error: (03/29/2015 11:39:41 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{EBCCA37F-12D3-4F7C-B817-1576D427796E}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.
Error: (03/22/2015 11:50:31 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{EBCCA37F-12D3-4F7C-B817-1576D427796E}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.
Error: (03/14/2015 07:09:43 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{EBCCA37F-12D3-4F7C-B817-1576D427796E}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.
Error: (03/14/2015 01:23:00 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{EBCCA37F-12D3-4F7C-B817-1576D427796E}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.
Error: (03/14/2015 01:18:12 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst MBAMScheduler erreicht.
Error: (03/14/2015 01:17:42 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst MBAMScheduler erreicht.
Error: (03/13/2015 10:04:18 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{EBCCA37F-12D3-4F7C-B817-1576D427796E}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.
Microsoft Office Sessions:
=========================
Error: (04/06/2015 10:26:24 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]
Error: (04/06/2015 05:44:49 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
Error: (04/05/2015 10:54:19 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]
Error: (02/28/2015 00:31:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f2248000000300001425116801d053418769ce37C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllff54b564-bf34-11e4-b07b-24fd52a1e510
Error: (02/07/2015 08:52:03 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
Error: (02/07/2015 08:52:03 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
Error: (02/07/2015 08:52:03 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]
Error: (01/17/2015 05:58:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: rads_user_kernel.exe0.0.0.01b9001d0326e68d169d14C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exeaffd7dd5-9e61-11e4-8844-24fd52a1e510
Error: (01/17/2015 10:08:01 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to poke open firewall
Error: (01/07/2015 01:19:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: csgo.exe0.0.0.050001d02a6b46499bfd188C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 34%
Total physical RAM: 8057.77 MB
Available physical RAM: 5242.06 MB
Total Pagefile: 16113.73 MB
Available Pagefile: 13096.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.29 GB) (Free:828.24 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: D9FA2484)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
11.04.2015, 14:58
| #2 |
| | WIN 7: NvBackend.exe - Ungültiges Bild GMER Logfile:
__________________Code:
ATTFilter GMER 2.1.19357 - GMER - Rootkit Detector and Remover
Rootkit scan 2015-04-11 15:26:02
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST1000LM024_HN-M101MBB rev.2AR20002 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\THGAME~1\AppData\Local\Temp\pwdoyfob.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe[1240] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075021401 2 bytes JMP 754ab21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe[1240] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075021419 2 bytes JMP 754ab346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe[1240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075021431 2 bytes JMP 75528ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe[1240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007502144a 2 bytes CALL 754848ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe[1240] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750214dd 2 bytes JMP 755287a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe[1240] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750214f5 2 bytes JMP 75528978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe[1240] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007502150d 2 bytes JMP 75528698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe[1240] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075021525 2 bytes JMP 75528a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe[1240] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007502153d 2 bytes JMP 7549fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe[1240] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075021555 2 bytes JMP 754a68ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe[1240] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007502156d 2 bytes JMP 75528f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe[1240] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075021585 2 bytes JMP 75528ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe[1240] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007502159d 2 bytes JMP 7552865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe[1240] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750215b5 2 bytes JMP 7549fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe[1240] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750215cd 2 bytes JMP 754ab2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe[1240] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750216b2 2 bytes JMP 75528e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe[1240] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750216bd 2 bytes JMP 755285f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075021401 2 bytes JMP 754ab21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1948] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075021419 2 bytes JMP 754ab346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075021431 2 bytes JMP 75528ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007502144a 2 bytes CALL 754848ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1948] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750214dd 2 bytes JMP 755287a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750214f5 2 bytes JMP 75528978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1948] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007502150d 2 bytes JMP 75528698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075021525 2 bytes JMP 75528a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007502153d 2 bytes JMP 7549fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1948] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075021555 2 bytes JMP 754a68ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007502156d 2 bytes JMP 75528f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075021585 2 bytes JMP 75528ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1948] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007502159d 2 bytes JMP 7552865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750215b5 2 bytes JMP 7549fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750215cd 2 bytes JMP 754ab2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750216b2 2 bytes JMP 75528e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750216bd 2 bytes JMP 755285f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2572] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007720a400 7 bytes JMP 000000016fff0228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2572] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077213f20 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2572] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007722ffb0 5 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2572] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007723f2e0 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2572] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077269a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2572] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772794c0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2572] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772987e0 7 bytes JMP 000000016fff01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2572] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd352db0 5 bytes JMP 000007fffd340180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2572] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3537d0 7 bytes JMP 000007fffd3400d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2572] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd358ef0 6 bytes JMP 000007fffd340148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2572] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd36af60 5 bytes JMP 000007fffd340110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2572] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefddd89f0 8 bytes JMP 000007fffd3401f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2572] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdddbe50 8 bytes JMP 000007fffd3401b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2572] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe2d7490 11 bytes JMP 000007fffd340228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2572] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe2ebf00 7 bytes JMP 000007fffd340260
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1640] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007720a400 7 bytes JMP 000000016fff0228
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1640] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077213f20 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1640] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007722ffb0 5 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1640] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007723f2e0 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1640] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077269a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1640] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772794c0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1640] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772987e0 7 bytes JMP 000000016fff01f0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1640] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd352db0 5 bytes JMP 000007fffd340180
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1640] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3537d0 7 bytes JMP 000007fffd3400d8
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1640] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd358ef0 6 bytes JMP 000007fffd340148
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1640] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd36af60 5 bytes JMP 000007fffd340110
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1640] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe2d7490 11 bytes JMP 000007fffd340228
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1640] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe2ebf00 7 bytes JMP 000007fffd340260
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1640] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefddd89f0 8 bytes JMP 000007fffd3401f0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1640] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdddbe50 8 bytes JMP 000007fffd3401b8
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1640] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fef8492460 5 bytes JMP 000007fefd3402d0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1640] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007fef84c96b0 6 bytes JMP 000007fefd340298
.text C:\Windows\system32\Dwm.exe[5008] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd352db0 5 bytes JMP 000007fffd340180
.text C:\Windows\system32\Dwm.exe[5008] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3537d0 7 bytes JMP 000007fffd3400d8
.text C:\Windows\system32\Dwm.exe[5008] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd358ef0 6 bytes JMP 000007fffd340148
.text C:\Windows\system32\Dwm.exe[5008] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd36af60 5 bytes JMP 000007fffd340110
.text C:\Windows\system32\Dwm.exe[5008] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefddd89f0 8 bytes JMP 000007fffd3401f0
.text C:\Windows\system32\Dwm.exe[5008] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdddbe50 8 bytes JMP 000007fffd3401b8
.text C:\Windows\system32\Dwm.exe[5008] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef626dc88 5 bytes JMP 000007fff62400d8
.text C:\Windows\system32\Dwm.exe[5008] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef626de10 5 bytes JMP 000007fff6240110
.text C:\Windows\system32\taskeng.exe[3220] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd352db0 5 bytes JMP 000007fffd340180
.text C:\Windows\system32\taskeng.exe[3220] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3537d0 7 bytes JMP 000007fffd3400d8
.text C:\Windows\system32\taskeng.exe[3220] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd358ef0 6 bytes JMP 000007fffd340148
.text C:\Windows\system32\taskeng.exe[3220] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd36af60 5 bytes JMP 000007fffd340110
.text C:\Windows\system32\taskeng.exe[3220] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefddd89f0 8 bytes JMP 000007fffd3401f0
.text C:\Windows\system32\taskeng.exe[3220] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdddbe50 8 bytes JMP 000007fffd3401b8
.text C:\Windows\system32\taskeng.exe[3220] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe2d7490 11 bytes JMP 000007fffd340228
.text C:\Windows\system32\taskeng.exe[3220] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe2ebf00 7 bytes JMP 000007fffd340260
.text C:\Windows\System32\igfxpers.exe[928] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd352db0 5 bytes JMP 000007fffd340180
.text C:\Windows\System32\igfxpers.exe[928] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3537d0 7 bytes JMP 000007fffd3400d8
.text C:\Windows\System32\igfxpers.exe[928] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd358ef0 6 bytes JMP 000007fffd340148
.text C:\Windows\System32\igfxpers.exe[928] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd36af60 5 bytes JMP 000007fffd340110
.text C:\Windows\System32\igfxpers.exe[928] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefddd89f0 8 bytes JMP 000007fffd3401f0
.text C:\Windows\System32\igfxpers.exe[928] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdddbe50 8 bytes JMP 000007fffd3401b8
.text C:\Windows\System32\igfxpers.exe[928] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe2d7490 11 bytes JMP 000007fffd340228
.text C:\Windows\System32\igfxpers.exe[928] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe2ebf00 7 bytes JMP 000007fffd340260
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1612] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075481f0e 7 bytes JMP 0000000173ca3d10
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1612] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075485bad 7 bytes JMP 0000000173ca46b0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1612] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075491409 7 bytes JMP 0000000173ca4050
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1612] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007549ea45 7 bytes JMP 0000000173ca3d00
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1612] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075528e24 7 bytes JMP 0000000173ca37c0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1612] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075528ea9 5 bytes JMP 0000000173ca3870
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1612] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000755291ff 5 bytes JMP 0000000173ca37d0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1612] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075111d29 5 bytes JMP 0000000173ca3780
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1612] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075111dd7 5 bytes JMP 0000000173ca3740
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1612] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075112ab1 5 bytes JMP 0000000101362ac0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1612] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075112d17 5 bytes JMP 0000000173ca3560
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1612] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075ed8a29 5 bytes JMP 0000000173ca2c50
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1612] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075ee4572 5 bytes JMP 0000000173ca34e0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1612] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075efe567 5 bytes JMP 0000000173ca3550
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1612] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075f207d7 5 bytes JMP 0000000173ca2a60
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1612] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075f37a5c 5 bytes JMP 0000000173ca34d0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1612] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075dfe96b 5 bytes JMP 0000000173ca2d70
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1612] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075dfeba5 5 bytes JMP 0000000173ca2d80
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1612] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077005ea5 5 bytes JMP 0000000173ca2c10
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1612] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077039d0b 5 bytes JMP 0000000173ca2ba0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1612] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075021401 2 bytes JMP 754ab21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1612] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075021419 2 bytes JMP 754ab346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075021431 2 bytes JMP 75528ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007502144a 2 bytes CALL 754848ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1612] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750214dd 2 bytes JMP 755287a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1612] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750214f5 2 bytes JMP 75528978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1612] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007502150d 2 bytes JMP 75528698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1612] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075021525 2 bytes JMP 75528a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1612] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007502153d 2 bytes JMP 7549fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1612] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075021555 2 bytes JMP 754a68ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1612] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007502156d 2 bytes JMP 75528f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1612] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075021585 2 bytes JMP 75528ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1612] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007502159d 2 bytes JMP 7552865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1612] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750215b5 2 bytes JMP 7549fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1612] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750215cd 2 bytes JMP 754ab2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1612] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750216b2 2 bytes JMP 75528e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1612] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750216bd 2 bytes JMP 755285f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\Steam.exe[3192] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075481f0e 7 bytes JMP 0000000173ca3d10
.text C:\Program Files (x86)\Steam\Steam.exe[3192] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075485bad 7 bytes JMP 0000000173ca46b0
.text C:\Program Files (x86)\Steam\Steam.exe[3192] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075491409 7 bytes JMP 0000000173ca4050
.text C:\Program Files (x86)\Steam\Steam.exe[3192] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007549ea45 7 bytes JMP 0000000173ca3d00
.text C:\Program Files (x86)\Steam\Steam.exe[3192] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075528e24 7 bytes JMP 0000000173ca37c0
.text C:\Program Files (x86)\Steam\Steam.exe[3192] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075528ea9 5 bytes JMP 0000000173ca3870
.text C:\Program Files (x86)\Steam\Steam.exe[3192] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000755291ff 5 bytes JMP 0000000173ca37d0
.text C:\Program Files (x86)\Steam\Steam.exe[3192] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075111d29 5 bytes JMP 0000000173ca3780
.text C:\Program Files (x86)\Steam\Steam.exe[3192] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075111dd7 5 bytes JMP 0000000173ca3740
.text C:\Program Files (x86)\Steam\Steam.exe[3192] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075112ab1 5 bytes JMP 0000000173ca3880
.text C:\Program Files (x86)\Steam\Steam.exe[3192] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075112d17 5 bytes JMP 0000000173ca3560
.text C:\Program Files (x86)\Steam\Steam.exe[3192] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075dfe96b 5 bytes JMP 0000000173ca2d70
.text C:\Program Files (x86)\Steam\Steam.exe[3192] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075dfeba5 5 bytes JMP 0000000173ca2d80
.text C:\Program Files (x86)\Steam\Steam.exe[3192] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075ed8a29 5 bytes JMP 0000000173ca2c50
.text C:\Program Files (x86)\Steam\Steam.exe[3192] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075ee4572 5 bytes JMP 0000000173ca34e0
.text C:\Program Files (x86)\Steam\Steam.exe[3192] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075efe567 5 bytes JMP 0000000173ca3550
.text C:\Program Files (x86)\Steam\Steam.exe[3192] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075f207d7 5 bytes JMP 0000000173ca2a60
.text C:\Program Files (x86)\Steam\Steam.exe[3192] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075f37a5c 5 bytes JMP 0000000173ca34d0
.text C:\Program Files (x86)\Steam\Steam.exe[3192] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077005ea5 5 bytes JMP 0000000173ca2c10
.text C:\Program Files (x86)\Steam\Steam.exe[3192] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077039d0b 5 bytes JMP 0000000173ca2ba0
.text C:\Program Files (x86)\Steam\Steam.exe[3192] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075021401 2 bytes JMP 754ab21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\Steam.exe[3192] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075021419 2 bytes JMP 754ab346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\Steam.exe[3192] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075021431 2 bytes JMP 75528ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\Steam.exe[3192] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007502144a 2 bytes CALL 754848ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Steam\Steam.exe[3192] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000750214dd 2 bytes JMP 755287a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\Steam.exe[3192] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000750214f5 2 bytes JMP 75528978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\Steam.exe[3192] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007502150d 2 bytes JMP 75528698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\Steam.exe[3192] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075021525 2 bytes JMP 75528a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\Steam.exe[3192] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007502153d 2 bytes JMP 7549fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\Steam.exe[3192] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075021555 2 bytes JMP 754a68ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\Steam.exe[3192] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007502156d 2 bytes JMP 75528f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\Steam.exe[3192] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075021585 2 bytes JMP 75528ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\Steam.exe[3192] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007502159d 2 bytes JMP 7552865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\Steam.exe[3192] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000750215b5 2 bytes JMP 7549fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\Steam.exe[3192] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000750215cd 2 bytes JMP 754ab2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\Steam.exe[3192] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000750216b2 2 bytes JMP 75528e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\Steam.exe[3192] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000750216bd 2 bytes JMP 755285f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2080] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075481f0e 7 bytes JMP 0000000173ca3d10
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2080] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075485bad 7 bytes JMP 0000000173ca46b0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2080] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075491409 7 bytes JMP 0000000173ca4050
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2080] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007549ea45 7 bytes JMP 0000000173ca3d00
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2080] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075528e24 7 bytes JMP 0000000173ca37c0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2080] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075528ea9 5 bytes JMP 0000000173ca3870
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2080] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000755291ff 5 bytes JMP 0000000173ca37d0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2080] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075111d29 5 bytes JMP 0000000173ca3780
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2080] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075111dd7 5 bytes JMP 0000000173ca3740
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2080] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075112ab1 5 bytes JMP 0000000173ca3880
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2080] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075112d17 5 bytes JMP 0000000173ca3560
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2080] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075dfe96b 5 bytes JMP 0000000173ca2d70
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2080] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075dfeba5 5 bytes JMP 0000000173ca2d80
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2080] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075ed8a29 5 bytes JMP 0000000173ca2c50
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2080] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075ee4572 5 bytes JMP 0000000173ca34e0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2080] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075efe567 5 bytes JMP 0000000173ca3550
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2080] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075f207d7 5 bytes JMP 0000000173ca2a60
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2080] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075f37a5c 5 bytes JMP 0000000173ca34d0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2080] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077005ea5 5 bytes JMP 0000000173ca2c10
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[2080] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077039d0b 5 bytes JMP 0000000173ca2ba0
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4240] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075481f0e 7 bytes JMP 0000000173ca3d10
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4240] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075485bad 7 bytes JMP 0000000173ca46b0
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4240] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075491409 7 bytes JMP 0000000173ca4050
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4240] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007549ea45 7 bytes JMP 0000000173ca3d00
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4240] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075528e24 7 bytes JMP 0000000173ca37c0
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4240] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075528ea9 5 bytes JMP 0000000173ca3870
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4240] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000755291ff 5 bytes JMP 0000000173ca37d0
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4240] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075111d29 5 bytes JMP 0000000173ca3780
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4240] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075111dd7 5 bytes JMP 0000000173ca3740
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4240] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075112ab1 5 bytes JMP 0000000173ca3880
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4240] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075112d17 5 bytes JMP 0000000173ca3560
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4240] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075dfe96b 5 bytes JMP 0000000173ca2d70
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4240] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075dfeba5 5 bytes JMP 0000000173ca2d80
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4240] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075ed8a29 5 bytes JMP 0000000173ca2c50
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4240] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075ee4572 5 bytes JMP 0000000173ca34e0
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4240] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075efe567 5 bytes JMP 0000000173ca3550
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4240] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075f207d7 5 bytes JMP 0000000173ca2a60
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4240] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075f37a5c 5 bytes JMP 0000000173ca34d0
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4240] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075021401 2 bytes JMP 754ab21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4240] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075021419 2 bytes JMP 754ab346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075021431 2 bytes JMP 75528ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007502144a 2 bytes CALL 754848ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4240] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750214dd 2 bytes JMP 755287a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4240] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750214f5 2 bytes JMP 75528978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4240] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007502150d 2 bytes JMP 75528698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4240] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075021525 2 bytes JMP 75528a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4240] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007502153d 2 bytes JMP 7549fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4240] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075021555 2 bytes JMP 754a68ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4240] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007502156d 2 bytes JMP 75528f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4240] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075021585 2 bytes JMP 75528ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4240] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007502159d 2 bytes JMP 7552865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4240] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750215b5 2 bytes JMP 7549fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4240] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750215cd 2 bytes JMP 754ab2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4240] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750216b2 2 bytes JMP 75528e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4240] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750216bd 2 bytes JMP 755285f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3716] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075481f0e 7 bytes JMP 0000000173ca3d10
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3716] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075485bad 7 bytes JMP 0000000173ca46b0
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3716] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075491409 7 bytes JMP 0000000173ca4050
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3716] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007549ea45 7 bytes JMP 0000000173ca3d00
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3716] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075528e24 7 bytes JMP 0000000173ca37c0
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3716] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075528ea9 5 bytes JMP 0000000173ca3870
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3716] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000755291ff 5 bytes JMP 0000000173ca37d0
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3716] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075111d29 5 bytes JMP 0000000173ca3780
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3716] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075111dd7 5 bytes JMP 0000000173ca3740
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3716] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075112ab1 5 bytes JMP 0000000173ca3880
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3716] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075112d17 5 bytes JMP 0000000173ca3560
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3716] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075ed8a29 5 bytes JMP 0000000173ca2c50
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3716] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075ee4572 5 bytes JMP 0000000173ca34e0
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3716] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075efe567 5 bytes JMP 0000000173ca3550
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3716] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075f207d7 5 bytes JMP 0000000173ca2a60
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3716] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075f37a5c 5 bytes JMP 0000000173ca34d0
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3716] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075dfe96b 5 bytes JMP 0000000173ca2d70
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3716] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075dfeba5 5 bytes JMP 0000000173ca2d80
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3716] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075021401 2 bytes JMP 754ab21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3716] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075021419 2 bytes JMP 754ab346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075021431 2 bytes JMP 75528ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007502144a 2 bytes CALL 754848ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3716] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750214dd 2 bytes JMP 755287a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3716] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750214f5 2 bytes JMP 75528978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3716] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007502150d 2 bytes JMP 75528698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3716] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075021525 2 bytes JMP 75528a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3716] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007502153d 2 bytes JMP 7549fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3716] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075021555 2 bytes JMP 754a68ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3716] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007502156d 2 bytes JMP 75528f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3716] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075021585 2 bytes JMP 75528ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3716] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007502159d 2 bytes JMP 7552865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3716] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750215b5 2 bytes JMP 7549fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3716] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750215cd 2 bytes JMP 754ab2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3716] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750216b2 2 bytes JMP 75528e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3716] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750216bd 2 bytes JMP 755285f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3716] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077005ea5 5 bytes JMP 0000000173ca2c10
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3716] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077039d0b 5 bytes JMP 0000000173ca2ba0
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3940] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075021401 2 bytes JMP 754ab21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3940] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075021419 2 bytes JMP 754ab346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3940] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075021431 2 bytes JMP 75528ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3940] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007502144a 2 bytes CALL 754848ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3940] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000750214dd 2 bytes JMP 755287a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3940] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000750214f5 2 bytes JMP 75528978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3940] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007502150d 2 bytes JMP 75528698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3940] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075021525 2 bytes JMP 75528a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3940] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007502153d 2 bytes JMP 7549fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3940] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075021555 2 bytes JMP 754a68ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3940] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007502156d 2 bytes JMP 75528f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3940] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075021585 2 bytes JMP 75528ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3940] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007502159d 2 bytes JMP 7552865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3940] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000750215b5 2 bytes JMP 7549fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3940] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000750215cd 2 bytes JMP 754ab2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3940] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000750216b2 2 bytes JMP 75528e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[3940] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000750216bd 2 bytes JMP 755285f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4256] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007720a400 7 bytes JMP 000000016fff0228
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4256] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077213f20 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4256] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007722ffb0 5 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4256] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007723f2e0 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4256] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077269a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4256] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000772794c0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4256] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000772987e0 7 bytes JMP 000000016fff01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4256] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd352db0 5 bytes JMP 000007fffd340180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4256] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3537d0 7 bytes JMP 000007fffd3400d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4256] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd358ef0 6 bytes JMP 000007fffd340148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4256] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd36af60 5 bytes JMP 000007fffd340110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4256] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefddd89f0 8 bytes JMP 000007fffd3401f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4256] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdddbe50 8 bytes JMP 000007fffd3401b8
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3744] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075481f0e 7 bytes JMP 0000000173ca3d10
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3744] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075485bad 7 bytes JMP 0000000173ca46b0
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3744] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075491409 7 bytes JMP 0000000173ca4050
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3744] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007549ea45 7 bytes JMP 0000000173ca3d00
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3744] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075528e24 7 bytes JMP 0000000173ca37c0
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3744] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075528ea9 5 bytes JMP 0000000173ca3870
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3744] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000755291ff 5 bytes JMP 0000000173ca37d0
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3744] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075111d29 5 bytes JMP 0000000173ca3780
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3744] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075111dd7 5 bytes JMP 0000000173ca3740
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3744] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075112ab1 5 bytes JMP 0000000173ca3880
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3744] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075112d17 5 bytes JMP 0000000173ca3560
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3744] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075ed8a29 5 bytes JMP 0000000173ca2c50
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3744] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075ee4572 5 bytes JMP 0000000173ca34e0
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3744] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075efe567 5 bytes JMP 0000000173ca3550
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3744] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075f207d7 5 bytes JMP 0000000173ca2a60
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3744] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075f37a5c 5 bytes JMP 0000000173ca34d0
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3744] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075dfe96b 5 bytes JMP 0000000173ca2d70
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3744] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075dfeba5 5 bytes JMP 0000000173ca2d80
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3744] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075021401 2 bytes JMP 754ab21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3744] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075021419 2 bytes JMP 754ab346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075021431 2 bytes JMP 75528ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007502144a 2 bytes CALL 754848ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3744] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750214dd 2 bytes JMP 755287a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3744] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750214f5 2 bytes JMP 75528978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3744] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007502150d 2 bytes JMP 75528698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3744] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075021525 2 bytes JMP 75528a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3744] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007502153d 2 bytes JMP 7549fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3744] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075021555 2 bytes JMP 754a68ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3744] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007502156d 2 bytes JMP 75528f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3744] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075021585 2 bytes JMP 75528ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3744] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007502159d 2 bytes JMP 7552865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3744] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750215b5 2 bytes JMP 7549fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3744] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750215cd 2 bytes JMP 754ab2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3744] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750216b2 2 bytes JMP 75528e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3744] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750216bd 2 bytes JMP 755285f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3744] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077005ea5 5 bytes JMP 0000000173ca2c10
.text C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[3744] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077039d0b 5 bytes JMP 0000000173ca2ba0
---- Kernel IAT/EAT - GMER 2.1 ----
IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff88003eb7ca4] \SystemRoot\system32\DRIVERS\360Box64.sys [.text]
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
11.04.2015, 15:02
| #3 |
| /// the machine /// TB-Ausbilder    | WIN 7: NvBackend.exe - Ungültiges Bild Hi,
__________________Logfiles von MBAM?
__________________ |
|
11.04.2015, 15:07
| #4 |
| | WIN 7: NvBackend.exe - Ungültiges Bild Mit MBAM sind die Antimalewarebyte Logfiles gemeint? Ich habe mehrere zur Auswahl. Von Februar bis Heute genau 5 Willst du alle? Hier von Heute: Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 11.04.2015 Suchlauf-Zeit: 14:47:01 Logdatei: MBAM.txt Administrator: Ja Version: 2.01.4.1018 Malware Datenbank: v2015.04.11.03 Rootkit Datenbank: v2015.03.31.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: THG Amertus Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 340221 Verstrichene Zeit: 7 Min, 5 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 0 (Keine schädliche Elemente gefunden) Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Geändert von nico_1337 (11.04.2015 um 15:16 Uhr) |
|
12.04.2015, 07:26
| #5 |
| /// the machine /// TB-Ausbilder | WIN 7: NvBackend.exe - Ungültiges Bild Ich hätte gerne das letze vor dem Problem, du sagst ja das Prob besteht seit MBAM 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.04.2015, 17:41
| #6 |
| | WIN 7: NvBackend.exe - Ungültiges Bild So wie es momentan aussieht habe ich das Problem behoben. Es kommen nach dem hochfahren keine Fehlermeldungen mehr und auch während des Betriebs läuft alles seinen gewohnten Gang. Ich habe den Dateipfad verfolgt und den ordner geöffnet in dem die angeblich fehlerhafte .dll war. Den Ordner an sich habe ich nicht gelöscht, jedoch dessen Inhalt. Dann habe ich den PC neu gestartet und das Problem ist verschwunden. Trotzdem danke für deine Hilfe! Nico |
|
14.04.2015, 07:05
| #7 |
| /// the machine /// TB-Ausbilder | WIN 7: NvBackend.exe - Ungültiges Bild ok
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu WIN 7: NvBackend.exe - Ungültiges Bild |
| appdata, ausführung, bereinigt, bild, entferne, enthält, entweder, erneut, fehlermeldung, folge, folgendes, funktionier, funktioniert, guten, installiere, installieren, league of legends, local, logfiles, msn deutschland, newtab, nvbackend, nvidia, problem, rechner, unterstützung, win, windows, zwischen |
Linear-Darstellung
