| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Internetprobleme nach VPN Verbindung mit Uni-ServerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
19.05.2015, 13:46
| #1 |
 |  Windows 7: Internetprobleme nach VPN Verbindung mit Uni-Server Hallo Liebe Trojaner-Board-Helfer, Seit ich eine VPN-Verbindung zur Uni Koblenz vor einigen Tagen hergestellt habe, treten folgende Erscheinungen auf: Nach klick auf meinen Webbrowser (Chrome) beginnt als erstes ca. 15 sek. lang ein Ladevorgang bevor die Seite tatsächlich anfängt zu laden. Mit meiner Dropbox kann ich überhaupt keine Internetverbindung herstellen ("Keine Internet-Verbindung. Ihr Computer ist offline. ..."). Nachdem ich Chrome und Dropbox wieder neu installiert habe und keinerlei Besserung zu verbuchen war, habe ich eine Systemwiederherstellung versucht. Diese jedoch brachte nach Systemneustart lediglich folgende Fehlermeldung: "Die Systemherstellung wurde nicht erfolgreich ausgeführt. Die Systemdatei und Einstellungen des Computers wurden nicht geändert." Jetzt bin ich der Überzeugung das ich mir vermutlich einen Schädling eingefangen habe. Danke schon einmal im Voraus Liebe Grüße Tim |
|
19.05.2015, 15:04
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7: Internetprobleme nach VPN Verbindung mit Uni-Server Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
19.05.2015, 17:21
| #3 |
| | Windows 7: Internetprobleme nach VPN Verbindung mit Uni-Server Hallo Liebe Trojaner-Board-Helfer,
__________________Seit ich eine VPN-Verbindung zur Uni Koblenz vor einigen Tagen hergestellt habe, treten folgende Erscheinungen auf: Nach klick auf meinen Webbrowser (Chrome) beginnt als erstes ca. 15 sek. lang ein Ladevorgang bevor die Seite tatsächlich anfängt zu laden. Mit meiner Dropbox kann ich überhaupt keine Internetverbindung herstellen ("Keine Internet-Verbindung. Ihr Computer ist offline. ..."). Nachdem ich Chrome und Dropbox wieder neu installiert habe und keinerlei Besserung zu verbuchen war, habe ich eine Systemwiederherstellung versucht. Diese jedoch brachte nach Systemneustart lediglich folgende Fehlermeldung: "Die Systemherstellung wurde nicht erfolgreich ausgeführt. Die Systemdatei und Einstellungen des Computers wurden nicht geändert." Jetzt bin ich der Überzeugung das ich mir vermutlich einen Schädling eingefangen habe. Danke schon einmal im Voraus Liebe Grüße Tim Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-05-2015 02
Ran by Tim at 2015-05-19 13:27:00
Running from D:\Users\Tim\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2530768674-2421857465-2161656677-500 - Administrator - Disabled)
Gast (S-1-5-21-2530768674-2421857465-2161656677-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2530768674-2421857465-2161656677-1004 - Limited - Enabled)
Tim (S-1-5-21-2530768674-2421857465-2161656677-1000 - Administrator - Enabled) => C:\Users\Tim
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
3Dconnexion 3DxWare 10 (64-bit) (HKLM-x32\...\{BAFCA6AC-8B37-405B-B57E-C1D45DE70ACC}) (Version: - )
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Autodesk 360 (HKLM\...\{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}) (Version: 4.0.27.1 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{C8125548-F2D5-4059-823F-1F3C5BBD9F19}) (Version: 1.2.0 - Autodesk)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 3.0.159.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2015 Add-in 64 bit (HKLM\...\{9D589081-AFC2-4932-9071-AC585AC1EA83}) (Version: 3.32.3004 - Autodesk)
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Design Review 2013 (HKLM-x32\...\Autodesk Design Review 2013) (Version: 13.0.0.82 - Autodesk, Inc.)
Autodesk Design Review 2013 (x32 Version: 13.0.0.82 - Autodesk, Inc.) Hidden
Autodesk DWG TrueView 2014 (HKLM\...\DWG TrueView 2014) (Version: 19.1.18.0 - Autodesk)
Autodesk Inventor Content Center Libraries 2014 (Desktop Content) (HKLM\...\{B46DECD1-1864-4EF1-0000-22D71E81877C}) (Version: 18.0.17000.0000 - Autodesk)
Autodesk Inventor Professional 2014 - Deutsch (German) (HKLM\...\Autodesk Inventor Professional 2014) (Version: 18.0.17000.0000 - Autodesk)
Autodesk Inventor Professional 2014 (Version: 18.0.17000.0000 - Autodesk) Hidden
Autodesk Inventor Professional 2014 Language Pack - Deutsch (German) (Version: 18.0.17000.0000 - Autodesk) Hidden
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2014 (HKLM-x32\...\{5C29CC1F-218F-4C30-948A-11066CAC59FB}) (Version: 4.0.19.0 - Autodesk)
Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.0.43.27 - Autodesk)
Autodesk ReCap (Version: 1.0.43.27 - Autodesk) Hidden
Autodesk ReCap Language Pack-English (Version: 1.0.43.27 - Autodesk) Hidden
Autodesk Revit Interoperability for Inventor 2014 (HKLM\...\Autodesk Revit Interoperability for Inventor 2014) (Version: 13.02.15161 - Autodesk)
Autodesk Revit Interoperability for Inventor 2014 (Version: 13.02.15161 - Autodesk) Hidden
Autodesk Vault Basic 2014 (Client) (HKLM\...\Autodesk Vault Basic 2014 (Client)) (Version: 18.0.86.0 - Autodesk)
Autodesk Vault Basic 2014 (Client) (Version: 18.0.86.0 - Autodesk) Hidden
Autodesk Vault Basic 2014 (Client) German Language Pack (Version: 18.0.86.0 - Autodesk) Hidden
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.25648 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Clover 3.0 (HKLM-x32\...\Clover) (Version: 3.0 - EJIE Technology)
Dassault Systemes Doc German CATIA P3 B19 (HKLM-x32\...\Dassault Systemes Doc German B19) (Version: - )
Dassault Systemes Software B19 (HKLM\...\Dassault Systemes B19_0) (Version: - )
Dassault Systemes Software Prerequisites x86-x64 (HKLM\...\{CF1EB598-B424-436A-B15F-B763846BA970}) (Version: 8.1.3 - Dassault Systemes)
Dead Space™ 3 (HKLM-x32\...\{D4329609-4102-4F8C-B83F-7FE024EEA314}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Dropbox (HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
DWG TrueView 2014 (Version: 19.1.18.0 - Autodesk) Hidden
Eco Materials Adviser for Autodesk Inventor 2014 (64-bit) (HKLM\...\{530B8614-C5DE-475B-AF6F-71BED461552C}) (Version: 4.4.1.0 - Granta Design Limited)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
Hotkey 7.0028 (HKLM-x32\...\InstallShield_{164714B6-46BC-4649-9A30-A6ED32F03B5A}) (Version: 7.0028 - NoteBook)
Hotkey 7.0028 (x32 Version: 7.0028 - NoteBook) Hidden
Insurgency (HKLM-x32\...\Steam App 222880) (Version: - New World Interactive)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.13.1402 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3220 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{1e9b4847-4e73-4d00-91f5-96e0f6ce3e5a}) (Version: 16.1.1 - Intel Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Nitro Reader 3 (HKLM\...\{4756C731-B54E-451A-9AF1-86E8AB1BEBBB}) (Version: 3.5.6.5 - Nitro)
NVIDIA Grafiktreiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Radio.fx (HKLM-x32\...\Tobit Radio.fx Server) (Version: - Tobit.Software)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.27035 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
SketchUp-Import (HKLM-x32\...\{C403E867-FCF1-432B-BCC1-8FFD40A10A6E}) (Version: 1.2.0 - Autodesk)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Sony PC Companion 2.10.259 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.259 - Sony)
Sound Blaster Cinema (HKLM-x32\...\{8801CA65-921A-4CCC-9D63-879D1D0BAA97}) (Version: 1.00.01 - Creative Technology Limited)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.0 - Synaptics Incorporated)
VBA (3821b) (x32 Version: 6.01.00.1234 - Microsoft Corporation) Hidden
Verfügbare Autodesk-Apps (HKLM-x32\...\{EDDEE94B-214D-4B07-9727-A3E46F3E379A}) (Version: 1.2.0 - Autodesk)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tim\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{00F064D8-FEC3-48ac-B07D-39C314D1727B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{0215A4C0-5431-4FD0-9B06-46589B5C4939}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{048ED0E0-12CF-4C0F-9FFA-947C2FBE8C8E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{071339A1-1946-44B2-B63E-50459B15DB86}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\TestServer.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{08A60FF7-BB37-44F4-9759-0ADA6C7B9CC9}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{0B38CACA-3D3C-48EA-BEB5-7D95F4F6EE15}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{0C3393F8-94F5-4B79-8C01-49A2D0CC0FE9}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{0D555CE0-304A-47A6-858B-B145209A3982}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{1029ABC3-2457-11D5-8E9D-0010B541CD80}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Compatibility\Bin\DbxBridge.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{12545889-6D32-4424-9967-1E1D7BD1F809}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{13009989-EFB5-48C9-8BD2-943E0392BD71}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\RxAppCtrl.Ocx (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{14679E3B-C952-4998-8E13-4B1286E6DD99}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{1481B385-759A-4B00-9257-E96357563999}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{162EF0A1-5A33-46F2-ACCF-CA388B084A09}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{18A21864-E37B-42b9-9612-2C1E8C450A29}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{1D625598-C876-4C51-8EF5-F9D8F96F62AA}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{1D6DFD6A-9E16-435A-9327-6FFEC6BA372F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{1E5724EA-3423-4BD3-ABD6-46E650D2DC66}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{1E8A29BA-827D-4031-A4A3-AE7999B402F6}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{1EA072EE-57FD-495E-889C-8243C3BDBDBC}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{1FD7F53F-7ED5-439C-9A77-A3821CD09E98}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{20E47D5B-529A-45BD-8E77-BF1A3064A008}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{21DB88B0-BFBF-11D4-8DE6-0010B541CAA8}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\iDrop.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{244298EC-E661-11d4-BC13-0010B5891E89}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\TI.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{2709544A-5B24-4F9F-A5DA-CEC7297D3A4E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{2BCA857B-A18B-4AFA-B183-CC0E49C12058}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{2C74F89E-7421-46B4-BA54-F86F1BD9F237}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{2C7D1157-7D50-4A88-9777-5EBBA3189AB8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{2F8377FC-50C1-44EF-AB7A-8FF1BB8EA277}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{3497C2EC-5684-4B21-AF74-F6760E0221DC}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{3897B445-D5B8-410d-899A-9789B8ADB643}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Compatibility\Bin\DbxBridge.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{38C8B14E-7879-4DA9-8C3F-8CAAC359293A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{3C3F63EA-C7BA-11d4-8E60-0010B541CD80}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Compatibility\Bin\DbxBridge.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2014\en-US\dwgviewrficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{3FC94EB5-AEBD-4f3f-A2A4-B6CE57113C01}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\RxAppDocView.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{3FCEB42C-9B98-486A-BED7-FD7F3ADB7291}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{40770568-0D5E-49D4-BE47-BC47A4F0B0A4}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{44A52280-AE56-490D-890C-89FB7279ED6B}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{45122C53-8483-4b62-B15A-EAA9FE5FC3D5}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{46C56738-39C6-4240-8B9B-008CCD769A84}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{47179DDE-10AC-4737-97C9-8CE5379343EA}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{475C7B4A-6964-4F9E-9708-05A16EAC31D0}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{48270F9E-CCF6-4C79-B6FF-267C960E6425}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{48FEFCD7-5D7C-4E4A-9F11-60E69A31D4B1}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{49998808-648A-4A9C-A7A5-B1672775D9AB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{4A756F5F-CBA4-428B-B17F-AF80C0C8502D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{4B40437B-8972-4444-BBE3-1588FF55F203}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{4BD03680-3C0F-4501-AFF7-3D008586917F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{4C80573A-9150-11d2-B772-0060B0F159EF}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\RxAppDocView.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{4D29B490-49B2-11D0-93C3-7E0706000000}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\Inventor.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{4E6F2E83-E7F0-4333-9772-875EB733C820}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\RxTest.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{5544903C-2CCC-487C-91BB-F310B72A8E9B}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{59A224A2-BEF8-4C89-96E0-83A5411ABB6C}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{622F6193-E4DD-46E6-BC66-2ED88E9FD28D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{62FBB030-24C7-11D3-B78D-0060B0F159EF}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\Inventor.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{644190AE-BD8F-493F-B63D-C79404AC5E07}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{6451051B-AD22-4C6A-ACCE-013A0E1DDBC3}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{64B99FDB-1D85-447F-98C7-569DBDA723DB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2014\dwgviewr.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{6BCE6F6E-C050-4F39-BD98-E2743949F724}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{6F56D7C9-18DD-4C15-9FA8-C54E3610EC40}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{6FDE7A70-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtBridge.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{6FDE7A71-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtBridge.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{6FDE7A72-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtBridge.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{6FDE7A73-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtBridge.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{6FDE7A74-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtBridge.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{6FDE7A77-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtCp.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{70DBCAE8-8C2B-450C-9E1D-43E4686C6512}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{713C0E8A-5AE8-4695-B442-5ED6C4FE5C42}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{7293E009-3015-4AD3-96EC-D42C36B5FCE3}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{72EC5CC5-88F3-45B1-A865-0A327DF58CC8}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{72EFC580-D085-4B81-8C55-26A79E445338}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{750AEC19-2E4C-4ED9-9B9F-F9CAFCD060F3}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{76283A80-50DD-11D3-A7E3-00C04F79D7BC}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\Inventor.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{794199C5-827C-41C8-8CB2-3A1EA056AF5E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{798391FE-4AF2-4851-9DDA-1F0D70C02A9E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{7BA16B3F-1AB3-4BD7-B959-52C4B8504EE9}\InprocServer32 -> AcInetUI.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{7C239DAB-BC87-45F3-B7B1-FCC1541A235B}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{81D07C3D-0350-11D3-B7C2-0060B0EC020B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\RxAppCtrl.Ocx (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{834CE679-2E47-49DE-9E41-FEC87E9192EB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{8421A29C-54B8-11D1-9837-0060B03C43C8}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\SolidObject.Dll ()
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{846217D0-8954-11D2-8DCD-0060B0C32531}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\UCxTextBtn.Ocx (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{846217D1-8954-11D2-8DCD-0060B0C32531}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\UCxTextBtn.Ocx (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{849AFB5B-D6C9-4924-A712-F7118FF9611F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{85452F88-5071-492E-B850-2E3C586DCBD8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{87F5CF8F-A06D-498F-A05F-E520E6B570DB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{89F0FC31-3B1D-494B-A75B-6BD4FA527B8A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{8AA16DFC-DFC6-4B51-8FA2-A5D812BE33BF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{8B0E6BD9-610C-11D1-9842-0060B03C43C8}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\SolidObject.Dll ()
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\TestServer.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{8ED07FEF-E1B0-4CC3-B2BA-D354828AB952}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{97E17F04-17DF-11d5-BC38-0010B5891E89}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\BodyReceiver.dll ()
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{988F4102-E6E3-4282-ACAC-55270827F2A8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{9906CDFC-DB2C-4126-9422-13139B148495}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{9A21C6C5-27FC-4442-8590-575E7AFD73BB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{9ECF83FB-23C5-43B6-83DE-93CFBDD74D4A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{A58F47CC-FF65-4152-B0B1-666C643A5BFC}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{A6A3D586-44CF-44C2-A92C-620BB713B4F2}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{ABBE3F83-D585-4A50-9B69-198B0F566F2E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{AC5CECFA-F03A-41D2-A89C-704C44935941}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{B1560245-190E-4BBD-81DF-9B642D0E5325}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{B2A579E0-A797-40B1-8AEE-A8F6404719F8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{B47196BC-D4AB-41BB-A771-543D67CFC9F5}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{B53CEF4B-1A13-49DE-BBC5-A7100FB2F38C}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{B5EE2B68-9A23-4BCD-BB77-FEA6DFB24DD6}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{B6B5DC40-96E3-11d2-B774-0060B0F159EF}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\Inventor.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{B80687F9-FA4C-4735-9DC4-E5715F2BC698}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{B8E7214B-25CA-4116-84CB-E86FB9625B36}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{BAE5802A-CF21-4F9C-AE04-D98F4036AC31}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{BBF6A206-CB04-479D-96AE-349E1E83319A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{BBF9FDF1-52DC-11D0-8C04-0800090BE8EC}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\Inventor.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{BC71DEA1-D6FB-48B8-AB06-D151C81BBCDD}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{BE54741D-E02B-4572-93D6-105AF4EDE777}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{BF224DC3-B602-4EEE-BFE9-9E4E0AED6837}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{BF4CC07E-E9BB-40D6-873F-855B211033B9}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{C061C82C-D041-4214-BB07-B608107CEFCB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{C2D4ACCC-A3D1-4A0A-AD59-0DD8BA3D5EE1}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{C343ED84-A129-11d3-B799-0060B0F159EF}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\RxApprenticeServer.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{C8C18F89-794D-466B-8B97-95634D9890EF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{C8EC7647-1E79-4F13-81D7-2EED803D0D22}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{C92F8F8C-8B2C-11d4-B872-0060B0EC020B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtBridge.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{CC23CA32-9892-4FBA-A108-FE31CA0F35A6}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{CD865713-70D6-4E15-BB7B-9B99AD9DEB85}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{CFEE2BAF-14F9-4D23-853D-B6E2BCC14263}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{D56F5AB3-9C4D-4F1A-A851-A671D9FE8C22}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{D66873EA-AAE5-41CC-8DD2-8CE3228E9F89}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{D7A1987D-4A73-11D1-9A4B-080009DCE505}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ColorButton.Ocx (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{D7A1987E-4A73-11D1-9A4B-080009DCE505}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ColorButton.Ocx (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{D86B6C47-11F2-4D95-B635-EA575F0892FC}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{DA1F437C-9BD9-11d4-B87C-0060B0EC020B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtBridge.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{DB207560-8449-4FAF-BDC2-61676EB012D4}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{DB5D476B-3FF4-4E9D-A606-1E2B473BE571}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\AcInetUI.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{DCA7356C-FF94-4b20-AE04-7AA6A8E14117}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{DDA9A20F-5B56-49F5-9465-CE82FC199352}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{DE6B563C-B074-4BF1-A8A0-B3FED8703E99}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{DE74F5AD-DA2F-429F-BAF9-850A2808D585}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{DF6525C2-6358-4B07-813D-708120C5FE1A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{E177A457-9EAA-43C3-A3CE-84874A28F6CA}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{E1C85E9F-60B2-4007-80C3-2C5E09474C3B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\RxInventorUtilities.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{E29F6C45-6927-4508-8F3F-34105FD3FC5F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{E4222C78-3670-4BB1-9AD4-7D8F3E581F2D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\TestServer.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{E60F81E1-49B3-11D0-93C3-7E0706000000}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\Inventor.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{E70DE962-842A-4488-9481-1D0FD72A020F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{E9C07CEC-7B82-49E4-BBA2-7533B88E9D64}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{EA34A0C0-5CE7-4701-A6FA-117D25CD5EBB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{EF01D98A-747B-4522-AD70-991B90855DBF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{F13E75B9-6AF6-49CB-80B3-6D2FF6E09932}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{F196F03F-651A-43AF-BE34-D11942F24445}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{F2DB0EE3-7137-4CB0-8349-483C4FF2143A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{F40E2FF0-4D77-40B2-9A44-A3AEECCE8EFF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{F5522F0C-962A-48AC-9992-E81B07628F1F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{F61064CC-DBFB-47ee-9BC8-CA5A1CBDF0DA}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\InvResc.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{F78DCF7C-043D-45FC-9D21-676FC307BA3F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{F868EAEC-1B73-4F5E-BA73-90EBA94E75BE}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{FA62F626-EBD5-4dc5-B970-D9E81E0E20E0}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{FA97F7A7-FD19-4D55-ABF2-CFEFFF777426}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{FB469644-3F14-4403-ACCA-6B13486FF7BD}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\InvTXTStack.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{FD51ED8A-D518-4554-B236-B6E9D234FD03}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{FE054BB2-AF94-40AC-88AA-2F59F7018B1D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{FE317223-8EDE-4684-B424-E48B9EA90220}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{FE718E8F-C3AA-4F30-9103-432450CF1DA1}\InprocServer32 -> axdb.dll No File
==================== Restore Points =========================
08-05-2015 14:42:11 Geplanter Prüfpunkt
18-05-2015 07:33:19 Sony PC Companion
18-05-2015 11:57:15 Systemwiederhertstelungspunkt
18-05-2015 11:57:38 Systemwiederherstellungspunkt
18-05-2015 11:57:57 Removed MSXML 4.0 SP2 (KB954430)
18-05-2015 11:58:14 Removed MSXML 4.0 SP2 (KB973688)
18-05-2015 12:19:12 Windows Modules Installer
19-05-2015 11:08:00 Wiederherstellungsvorgang
19-05-2015 12:00:00 Entfernt 3Dconnexion 3DxWare 10
19-05-2015 12:05:35 Removed FARO LS 1.1.501.0 (64bit)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0651E0EF-D474-4094-8936-9D151B0EE6D5} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {287EEE84-0384-4C5C-8F68-781991A6264B} - System32\Tasks\3DconnexionCreateProcess_3DxService.exe => D:\Programme\Treiber\3DxWinCore64\3DxService.exe
Task: {41F41157-4BBE-4484-8C5C-D7CF609D5A95} - System32\Tasks\{781AD828-8A0D-4EEC-A258-B6E8B3D1E2AC} => pcalua.exe -a E:\08_Audio\01\INSTMSIW.EXE -d E:\08_Audio\01
Task: {4B9AB634-D309-406C-91C2-8D80D2B9FB33} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-18] (Google Inc.)
Task: {8B14056B-DCA1-4A4C-ABB4-1519EA280D0E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd)
Task: {9687FAE5-D5A5-4E87-A626-12C10B9D3E37} - System32\Tasks\{53F5DBCB-EA61-4285-8B5B-C1753580C36D} => pcalua.exe -a E:\05_Touchpad\05_Touchpad\ELAN\Setup.exe -d E:\05_Touchpad\05_Touchpad\ELAN
Task: {BF4DE4FA-1024-473B-9592-64B78A906168} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-18] (Google Inc.)
Task: {E5BAF3E3-45EA-47DE-A0A2-3037F6AC28C9} - System32\Tasks\{72121E57-39FD-429D-882A-2F756D2B3E3A} => pcalua.exe -a "D:\Programme\EA\Spiele\Battlefield 3\Punkbuster\pbsetup.exe" -d "D:\Programme\EA\Spiele\Battlefield 3\Punkbuster"
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2014-12-03 11:20 - 2014-11-13 02:20 - 00013120 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-03-19 20:17 - 2012-11-14 01:22 - 00078456 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2014-03-19 20:17 - 2012-11-14 01:22 - 00386168 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2014-03-19 20:21 - 2012-11-01 12:21 - 00325120 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2013-02-05 00:21 - 2013-02-05 00:21 - 00056352 _____ () C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00937504 _____ () C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00124448 _____ () C:\Program Files\Autodesk\Autodesk Sync\QJson.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00045088 _____ () C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll
2013-08-01 10:21 - 2013-08-01 10:21 - 04912120 _____ () C:\Program Files (x86)\Hotkey\Hotkey.exe
2015-05-18 07:33 - 2014-06-23 09:07 - 00113376 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2014-10-23 21:19 - 2014-10-23 21:19 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-12-14 18:19 - 2015-01-13 15:49 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-05-29 18:50 - 2013-05-29 18:50 - 00046592 _____ () C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
2015-01-20 08:36 - 2013-06-03 14:06 - 03999512 _____ () D:\Tobit Radio.fx\Server\rfx-server.exe
2014-03-19 20:03 - 2014-11-12 23:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-09-29 08:42 - 2014-09-04 05:41 - 00047496 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2014-09-29 08:42 - 2014-09-04 05:41 - 00104328 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
2014-03-06 15:00 - 2014-03-06 15:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
2014-12-03 11:20 - 2014-11-13 02:20 - 00010952 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2015-01-20 08:36 - 2013-06-03 14:06 - 09907712 _____ () D:\Tobit Radio.fx\Client\TOBITCLT.dll
2015-01-20 08:36 - 2013-05-16 15:28 - 00242688 _____ () D:\Tobit Radio.fx\Client\rfx-client$.ger
2015-05-18 07:33 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2015-05-18 07:33 - 2014-12-04 15:18 - 00241152 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2015-05-18 07:33 - 2013-05-20 12:58 - 00620718 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll
2015-03-23 19:19 - 2015-03-23 19:19 - 02620416 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\libxt.dll
2015-05-18 07:33 - 2010-01-11 16:44 - 00053248 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll
2015-04-10 11:26 - 2015-04-10 11:26 - 00669696 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
2009-06-06 15:50 - 2009-06-06 15:50 - 00019968 _____ () C:\Program Files (x86)\Hotkey\Audiodll.dll
2014-03-19 20:21 - 2012-10-31 16:00 - 00991232 ____N () D:\Programme\Treiber\Sound Blaster Cinema\de-DE\SBCinema.resources.dll
2015-05-19 13:12 - 2014-09-04 05:41 - 00104328 _____ () C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\qjson0.dll
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-05-18 12:46 - 2015-05-05 06:06 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\libglesv2.dll
2015-05-18 12:46 - 2015-05-05 06:06 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\libegl.dll
2014-03-19 19:52 - 2013-07-16 16:39 - 01199576 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 172.18.240.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{4AE61BD5-3E3D-46F2-A66B-F6BF58CF13BD}] => (Allow) D:\Programme\Microsoft Office\Office14\GROOVE.EXE
FirewallRules: [{6540BA9B-A954-445E-8AE9-35A17248A735}] => (Allow) D:\Programme\Microsoft Office\Office14\GROOVE.EXE
FirewallRules: [{08F54F87-1E86-49C7-8A23-FF1B53E8E8D5}] => (Allow) D:\Programme\Microsoft Office\Office14\ONENOTE.EXE
FirewallRules: [{743407A4-4676-442A-94A0-DB5DFEFECD3A}] => (Allow) D:\Programme\Microsoft Office\Office14\ONENOTE.EXE
FirewallRules: [{01B91402-8B91-4C8C-A8EB-AE8C7EB3E399}] => (Allow) D:\Programme\Microsoft Office\Office14\outlook.exe
FirewallRules: [{74E9C924-E6C3-4939-A20F-7C1D597317E9}] => (Allow) D:\Programme\EA\Spiele\Battlefield 3\bf3.exe
FirewallRules: [{B66D5F9F-62AB-452A-8B04-47DD3A7CDE4E}] => (Allow) D:\Programme\EA\Spiele\Battlefield 3\bf3.exe
FirewallRules: [{37F31AB4-FC5E-4EF1-8111-E4917494D6FD}] => (Allow) LPort=50248
FirewallRules: [{43C417FA-23D6-4CDA-9FE7-D44662024DA8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{67F2F93A-B858-4F09-A9B9-183B81CB1613}C:\users\tim\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\tim\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{90305D01-109F-461F-987E-117BDAB572A6}C:\users\tim\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\tim\appdata\local\akamai\netsession_win.exe
FirewallRules: [{C39FC637-4364-453E-8B57-A7C0CD088B1C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{506CE219-D4ED-4A36-9520-D2C0657CFE1C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{03198B2A-5E22-463A-8D49-D32AE6F9C22E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{934931E5-A760-483E-B3EC-E26BBD6C6C6C}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{28FA894B-04B0-4772-9C53-9C0617AFAE6E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{9987A81B-20CF-4ACE-99DA-B87109268E7A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{DAD84685-A779-4C4C-B223-7D9B5DEA42F9}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{DB1F565D-D3CE-4857-900C-5E6C7002CBA9}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{75F6893D-F50E-4E6F-B1B9-2825CFC3DE2F}] => (Allow) D:\Programme\EA\Spiele\Battlefield 4\bf4_x86.exe
FirewallRules: [{54F1340F-BF57-4EFC-BC50-B91E1B0CA56E}] => (Allow) D:\Programme\EA\Spiele\Battlefield 4\bf4_x86.exe
FirewallRules: [{5AA07E85-F62F-477F-8788-D6B13520FC15}] => (Allow) D:\Programme\EA\Spiele\Battlefield 4\bf4.exe
FirewallRules: [{CA7CAFC4-A47B-4D8C-8337-35F0E658AC57}] => (Allow) D:\Programme\EA\Spiele\Battlefield 4\bf4.exe
FirewallRules: [{76A53D91-7273-48F5-9AED-1F4E309AB1BA}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{14B24896-B6E6-4D48-81B7-5C2B48AF2800}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A3B67A19-9082-4E8F-BF0D-2E1B1990D28B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{D9E81151-3B72-46A9-BCC0-A7FCFBB8A794}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{A1F3B545-C5D8-47AE-ACCF-91C7DFB90702}] => (Allow) D:\Tobit Radio.fx\Server\rfx-server.exe
FirewallRules: [{C8F9AEF5-0A89-4234-994D-413E85EA364C}] => (Allow) D:\Tobit Radio.fx\Server\rfx-server.exe
FirewallRules: [{E8CA61B8-1090-47E5-BA4B-17DD21FE18AB}] => (Allow) D:\Tobit Radio.fx\Client\rfx-client.exe
FirewallRules: [{987459BB-EA15-4227-8942-4F4B953C0BFA}] => (Allow) D:\Tobit Radio.fx\Client\rfx-client.exe
FirewallRules: [{D840BA2A-4BDE-4076-9AC3-A5BA0051B499}] => (Allow) D:\Programme\EA\Spiele\Battlefield 4\bf4_x86.exe
FirewallRules: [{BAA96BBC-529E-44E9-BB23-0ADD9E428B03}] => (Allow) D:\Programme\EA\Spiele\Battlefield 4\bf4_x86.exe
FirewallRules: [{431CAD55-5B69-4264-99C4-225D9700039D}] => (Allow) D:\Programme\EA\Spiele\Battlefield 4\bf4.exe
FirewallRules: [{73D3CB92-C92E-414E-B4CC-BC8914A362BC}] => (Allow) D:\Programme\EA\Spiele\Battlefield 4\bf4.exe
FirewallRules: [{7F3E20F8-B539-455C-8338-C8E7499B0952}] => (Allow) D:\Programme\EA\Spiele\Dead Space 3\deadspace3.exe
FirewallRules: [{A82FD07C-C15D-4D22-AF0A-1F07529DBFEF}] => (Allow) D:\Programme\EA\Spiele\Dead Space 3\deadspace3.exe
FirewallRules: [{14978EFD-8051-4D1C-B9A3-153065CA97C5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C5108C37-F329-4400-BB85-C8B667FC62C4}] => (Allow) C:\Users\Tim\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{737D78B8-8B06-490C-81AB-4D78353D5A0F}] => (Allow) C:\Users\Tim\AppData\Roaming\Dropbox\bin\Dropbox.exe
==================== Faulty Device Manager Devices =============
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/19/2015 01:12:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/19/2015 01:12:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: HeciServer.exe, Version: 1.28.487.1, Zeitstempel: 0x518e67a1
Name des fehlerhaften Moduls: HeciServer.exe, Version: 1.28.487.1, Zeitstempel: 0x518e67a1
Ausnahmecode: 0x40000015
Fehleroffset: 0x000000000005d239
ID des fehlerhaften Prozesses: 0x414
Startzeit der fehlerhaften Anwendung: 0xHeciServer.exe0
Pfad der fehlerhaften Anwendung: HeciServer.exe1
Pfad des fehlerhaften Moduls: HeciServer.exe2
Berichtskennung: HeciServer.exe3
Error: (05/19/2015 01:12:09 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path name Fehler bei der Überprüfung. Fehler: Type-ID=23, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0
Error: (05/19/2015 01:12:09 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path name Fehler bei der Überprüfung. Fehler: Type-ID=21, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0
Error: (05/19/2015 01:12:09 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path name Fehler bei der Überprüfung. Fehler: Type-ID=18, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0
Error: (05/19/2015 01:00:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats von <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crt>. Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben.
.
Error: (05/19/2015 00:22:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats von <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crt>. Fehler: Der angegebene Server kann den angeforderten Vorgang nicht ausführen.
.
Error: (05/19/2015 00:22:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats von <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crt>. Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben.
.
Error: (05/19/2015 00:06:43 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Tim-PC)
Description: Die Anwendung oder der Dienst "PDF Architect 3 Creator" konnte nicht neu gestartet werden.
Error: (05/19/2015 00:00:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Mgl3DCtlrRPCService.exe, Version: 2.0.14317.11011, Zeitstempel: 0x5464fd73
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b864
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000bf922
ID des fehlerhaften Prozesses: 0x86c
Startzeit der fehlerhaften Anwendung: 0xMgl3DCtlrRPCService.exe0
Pfad der fehlerhaften Anwendung: Mgl3DCtlrRPCService.exe1
Pfad des fehlerhaften Moduls: Mgl3DCtlrRPCService.exe2
Berichtskennung: Mgl3DCtlrRPCService.exe3
System errors:
=============
Error: (05/19/2015 01:12:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (05/19/2015 01:12:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Intel(R) Capability Licensing Service Interface erreicht.
Error: (05/19/2015 00:52:59 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (05/19/2015 00:00:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "3Dconnexion Broker Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/19/2015 11:30:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (05/19/2015 11:30:33 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Intel(R) Capability Licensing Service Interface erreicht.
Error: (05/19/2015 11:27:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (05/19/2015 11:27:22 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Intel(R) Capability Licensing Service Interface erreicht.
Error: (05/19/2015 11:24:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (05/19/2015 11:24:38 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Intel(R) Capability Licensing Service Interface erreicht.
Microsoft Office Sessions:
=========================
Error: (05/19/2015 01:12:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/19/2015 01:12:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HeciServer.exe1.28.487.1518e67a1HeciServer.exe1.28.487.1518e67a140000015000000000005d23941401d09224a687ecacC:\Program Files\Intel\iCLS Client\HeciServer.exeC:\Program Files\Intel\iCLS Client\HeciServer.exeed2cf958-fe17-11e4-8278-0cd292b85460
Error: (05/19/2015 01:12:09 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path name23808600
Error: (05/19/2015 01:12:09 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path name21808600
Error: (05/19/2015 01:12:09 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path name18808600
Error: (05/19/2015 01:00:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crtDieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben.
Error: (05/19/2015 00:22:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crtDer angegebene Server kann den angeforderten Vorgang nicht ausführen.
Error: (05/19/2015 00:22:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crtDieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben.
Error: (05/19/2015 00:06:43 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Tim-PC)
Description: 0creator-ws.exePDF Architect 3 Creator03026217829400
Error: (05/19/2015 00:00:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Mgl3DCtlrRPCService.exe2.0.14317.110115464fd73ntdll.dll6.1.7601.187985507b864c000037400000000000bf92286c01d092167463d724D:\Programme\Treiber\3DxWinCore64\Mgl3DCtlrRPCService.exeC:\Windows\SYSTEM32\ntdll.dlle07e0045-fe0d-11e4-8504-0cd292b85460
CodeIntegrity Errors:
===================================
Date: 2015-04-07 22:39:37.814
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-07 22:39:37.811
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-07 22:39:11.628
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-07 22:39:11.625
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-07 22:39:10.722
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-07 22:39:10.719
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-07 22:39:10.587
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-07 22:39:10.585
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-07 22:37:48.226
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-04-07 22:37:48.226
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 17%
Total physical RAM: 16304.21 MB
Available physical RAM: 13427.8 MB
Total Pagefile: 16502.4 MB
Available Pagefile: 13450.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.69 GB) (Free:55.32 GB) NTFS
Drive d: () (Fixed) (Total:465.76 GB) (Free:253.9 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 9F733E47)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: BB85F32F)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
19.05.2015, 17:23
| #4 |
| | Windows 7: Internetprobleme nach VPN Verbindung mit Uni-Server Vortsetzung: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:25 on 19/05/2015 (Tim)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-05-2015 02
Ran by Tim (administrator) on TIM-PC on 19-05-2015 13:26:40
Running from D:\Users\Tim\Downloads
Loaded Profiles: Tim (Available profiles: Tim)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(Microsoft Corporation) D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE
(Tobit.Software) D:\Tobit Radio.fx\Client\rfx-tray.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
() C:\Program Files (x86)\Hotkey\Hotkey.exe
(Microsoft Corporation) D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Autodesk Inc.) C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
() D:\Tobit Radio.fx\Server\rfx-server.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5672624 2013-03-26] (VIA)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3008824 2012-11-30] (Synaptics Incorporated)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2465088 2014-11-17] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation)
HKLM-x32\...\Run: [Sound Blaster Cinema] => D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe [711680 2012-11-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [BCSSync] => D:\Programme\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [488328 2014-09-04] (Autodesk Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\Run: [OfficeSyncProcess] => D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE [718720 2010-12-21] (Microsoft Corporation)
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\Run: [rfxsrvtray] => D:\Tobit Radio.fx\Client\rfx-tray.exe [1838872 2013-02-07] (Tobit.Software)
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [455392 2015-04-10] (Sony)
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\Policies\Explorer: []
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\MountPoints2: {570a12d5-bcd4-11e4-b996-0090f5f2dc8c} - G:\AutoRun.exe
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\MountPoints2: {570a12e0-bcd4-11e4-b996-0090f5f2dc8c} - G:\AutoRun.exe
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\MountPoints2: {bfdddd47-fd1e-11e4-a05f-0cd292b85460} - F:\startme.exe
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2014-11-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2014-11-13] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk [2014-03-19]
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\Hotkey.exe ()
Startup: C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-18]
ShortcutTarget: Dropbox.lnk -> C:\Users\Tim\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2014-09-16]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
AutoConfigURL: [S-1-5-21-2530768674-2421857465-2161656677-1000] => hxxp://www.hs-koblenz.de/proxy.pac
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000 -> {98942130-7CF9-46E5-831B-14D569129F80} URL = https://www.google.com/search?q={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-04-07] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: ExplorerWatcher Class -> {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} -> D:\Programme\Clover\TabHelper64.dll [2014-01-23] (EJIE Technology)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Programme\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-04-07] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Programme\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 172.18.240.1 172.18.240.1
FireFox:
========
FF ProfilePath: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\zrh3dtnu.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-17] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-17] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-07-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-07-16] (Intel Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-04-07] ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-04-07] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-04-07] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-04-07]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-04-07]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2015-04-07]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2015-04-07]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-04-07]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-18]
CHR Extension: (Google Docs) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-18]
CHR Extension: (Google Drive) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-18]
CHR Extension: (YouTube) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-18]
CHR Extension: (Google Search) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-18]
CHR Extension: (Kaspersky Protection) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-05-18]
CHR Extension: (Google Sheets) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-18]
CHR Extension: (Bookmark Manager) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-18]
CHR Extension: (Black carbon + silver metal) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lodhggoaglindpoejnjldimdlikkphph [2015-05-18]
CHR Extension: (Google Wallet) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-18]
CHR Extension: (Gmail) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-18]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [597896 2014-09-04] (Autodesk Inc.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-07-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-07-16] (Intel Corporation)
S3 Microsoft SharePoint Workspace Audit Service; D:\Programme\Microsoft Office\Office14\GROOVE.EXE [31124344 2010-12-27] (Microsoft Corporation)
R2 mitsijm2014; C:\Program Files\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe [952608 2013-01-25] (Autodesk, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-11-17] (NVIDIA Corporation)
S3 Origin Client Service; D:\Programme\EA\Origin\OriginClientService.exe [1910640 2015-03-11] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-01-13] ()
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [46592 2013-05-29] () [File not signed]
R2 Radio.fx; D:\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] ()
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3377904 2013-07-17] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 3dxhid; C:\Windows\System32\DRIVERS\3dxhid.sys [38672 2014-11-07] (3Dconnexion SAM)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2015-04-07] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2015-04-07] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
S3 KMJHidMini; C:\Windows\System32\DRIVERS\3dxkmj.sys [18944 2013-10-08] (3Dconnextion Inc.) [File not signed]
S3 KMJShim; C:\Windows\System32\DRIVERS\3dxshim.sys [7168 2013-10-08] (3Dconnextion Inc.) [File not signed]
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [24848 2008-01-02] (IBM)
S3 SaiKA50A; C:\Windows\System32\DRIVERS\SaiKA50A.sys [147976 2009-09-14] (Saitek)
S3 SaiUA50A; C:\Windows\System32\DRIVERS\SaiUA50A.sys [41224 2009-09-14] (Saitek)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-30] (Synaptics Incorporated)
R3 VMfilt; C:\Windows\System32\drivers\VMfilt64.sys [25600 2009-07-30] (Creative Technology Ltd.)
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-19 13:26 - 2015-05-19 13:26 - 00000000 ____D () C:\FRST
2015-05-19 13:25 - 2015-05-19 13:25 - 00000000 _____ () C:\Users\Tim\defogger_reenable
2015-05-19 13:19 - 2015-05-19 13:25 - 00000000 ____D () C:\Users\Tim\Desktop\Trojaner-Board
2015-05-19 13:12 - 2015-05-19 13:12 - 00000372 _____ () C:\Windows\PFRO.log
2015-05-19 13:01 - 2015-05-19 13:04 - 00000000 ____D () C:\Regdelnull (1)
2015-05-19 11:35 - 2015-05-19 11:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-19 11:19 - 2015-05-19 11:23 - 00000000 ____D () C:\AdwCleaner
2015-05-19 10:25 - 2015-05-19 13:12 - 00001187 _____ () C:\Windows\setupact.log
2015-05-19 10:25 - 2015-05-19 10:25 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-19 10:25 - 2015-05-19 10:22 - 00411661 _____ () C:\Users\Tim\Desktop\Borduhr.CATPart
2015-05-18 21:30 - 2015-05-19 11:29 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-18 12:46 - 2015-05-19 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-18 12:44 - 2015-05-19 13:12 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-18 12:44 - 2015-05-19 11:49 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-18 12:44 - 2015-05-18 12:44 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-18 12:44 - 2015-05-18 12:44 - 00003848 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-18 12:20 - 2015-05-18 12:20 - 00001409 _____ () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-05-18 12:20 - 2015-05-18 12:20 - 00001403 _____ () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-18 07:33 - 2015-05-19 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-05-18 07:33 - 2015-05-18 07:33 - 00000000 ____D () C:\ProgramData\Sony
2015-05-18 07:33 - 2015-05-18 07:33 - 00000000 ____D () C:\Program Files (x86)\Sony
2015-05-18 07:32 - 2015-05-18 07:32 - 28684424 _____ (Sony Mobile Communications ) C:\Users\Tim\AppData\Local\pcc.exe
2015-05-13 18:02 - 2015-05-18 20:58 - 00000000 ____D () C:\Users\Tim\Desktop\Backup HTC
2015-05-13 17:51 - 2015-05-13 17:51 - 00000000 ____D () C:\Users\Tim\AppData\Local\Macromedia
2015-05-05 20:21 - 2015-05-18 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funktionsplotter
2015-05-05 20:20 - 2015-05-05 20:20 - 00253952 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2015-05-05 20:20 - 2015-05-05 20:20 - 00074752 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2015-04-30 17:11 - 2015-04-30 17:16 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-30 17:11 - 2015-04-01 11:16 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-30 16:53 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-04-30 16:53 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2015-04-30 16:53 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-04-30 16:53 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-04-30 16:53 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-04-30 16:53 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-04-30 16:53 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2015-04-30 16:53 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2015-04-30 16:51 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-30 16:51 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-30 16:51 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-30 16:51 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-30 16:51 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-30 16:51 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-30 16:51 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-30 16:51 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-30 16:51 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-30 16:51 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-30 16:51 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-30 16:51 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-30 16:51 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-30 16:51 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-30 16:51 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-30 16:51 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-30 16:51 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-30 16:51 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-30 16:51 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-30 16:51 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-30 16:51 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-30 16:51 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-30 16:51 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-30 16:51 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-30 16:51 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-30 16:51 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-30 16:51 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-30 16:51 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-04-30 16:51 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-04-30 16:51 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-04-30 16:51 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 02644992 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-04-30 16:51 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-04-30 16:51 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-04-30 16:51 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-04-30 16:51 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-04-30 16:51 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-04-30 16:51 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-04-30 16:51 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-04-30 16:51 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-04-30 16:51 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-04-30 16:51 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-04-30 16:51 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-04-30 16:51 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 02135040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-04-30 16:51 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-04-30 16:51 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-04-30 16:51 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-04-30 16:51 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-04-30 16:51 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-04-30 16:51 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-04-30 16:51 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-04-30 16:51 - 2014-11-11 05:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-04-30 16:51 - 2014-11-11 04:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-04-30 16:51 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-04-30 16:51 - 2014-10-14 04:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-04-30 16:51 - 2014-07-17 04:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-04-30 16:51 - 2014-07-17 04:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-04-30 16:51 - 2014-07-17 04:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-04-30 16:51 - 2014-07-17 04:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-04-30 16:51 - 2014-07-17 04:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-04-30 16:51 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2015-04-30 16:51 - 2014-07-17 03:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-04-30 16:51 - 2014-07-17 03:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-04-30 16:51 - 2014-07-17 03:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-04-30 16:51 - 2014-07-17 03:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-04-30 16:51 - 2014-07-17 03:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-04-30 16:51 - 2014-06-28 02:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-04-30 16:51 - 2014-06-28 02:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-04-30 16:51 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2015-04-30 16:51 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2015-04-30 16:51 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2015-04-30 16:51 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2015-04-30 16:51 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2015-04-30 16:51 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2015-04-30 16:51 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2015-04-30 16:51 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2015-04-30 16:51 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2015-04-30 16:51 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2015-04-30 16:51 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2015-04-30 16:51 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2015-04-30 16:51 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2015-04-30 16:51 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-30 16:50 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-30 16:50 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-30 16:50 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-30 16:50 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-30 16:50 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-30 16:50 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-30 16:50 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-30 16:50 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-30 16:50 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-30 16:50 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-30 16:50 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-30 16:50 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-30 16:50 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-30 16:50 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-30 16:50 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-30 16:50 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-30 16:50 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-30 16:50 - 2015-02-26 05:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-04-30 16:50 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-30 16:50 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-04-30 16:50 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-04-30 16:50 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-04-30 16:50 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-04-30 16:50 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-04-30 16:50 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-04-30 16:50 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-04-30 16:50 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-04-30 16:50 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-04-30 16:50 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-04-30 16:50 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-04-30 16:50 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-04-30 16:50 - 2015-02-03 05:31 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-04-30 16:50 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-04-30 16:50 - 2015-02-03 05:12 - 01011200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-04-30 16:50 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-04-30 16:50 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-30 16:50 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-04-30 16:50 - 2014-12-19 05:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-04-30 16:50 - 2014-12-19 03:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-04-30 16:50 - 2014-12-11 19:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-04-30 16:50 - 2014-12-08 05:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-04-30 16:50 - 2014-12-08 04:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-04-30 16:50 - 2014-12-06 06:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-04-30 16:50 - 2014-12-06 05:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-04-30 16:50 - 2014-12-06 05:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-04-30 16:50 - 2014-10-25 03:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-04-30 16:50 - 2014-10-25 03:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-04-30 16:50 - 2014-10-18 04:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-04-30 16:50 - 2014-10-18 03:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-04-30 16:50 - 2014-09-04 07:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-04-30 16:50 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2015-04-30 16:50 - 2014-08-12 04:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-04-30 16:50 - 2014-08-12 03:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-04-30 16:50 - 2014-06-19 00:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-04-30 16:50 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-04-30 16:50 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2015-04-30 16:50 - 2014-06-19 00:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-04-30 16:50 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2015-04-30 16:50 - 2014-06-19 00:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-04-30 16:50 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2015-04-30 16:50 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2015-04-30 16:50 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-04-30 16:50 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-04-30 16:50 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2015-04-30 16:50 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-04-30 16:50 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-04-30 16:50 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-04-30 16:50 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-04-30 16:50 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-04-30 16:50 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-04-30 16:50 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-04-30 16:50 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-04-30 16:50 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-04-30 16:50 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-04-30 16:50 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-04-30 16:50 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-04-30 16:50 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-04-30 16:50 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-04-30 16:50 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-04-30 16:50 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-04-30 16:50 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-04-30 16:50 - 2012-10-03 19:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-04-30 16:50 - 2012-10-03 19:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-04-30 16:43 - 2015-02-04 05:16 - 00392192 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-04-30 16:43 - 2015-02-04 04:54 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-04-30 16:43 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-04-30 16:42 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-04-29 12:08 - 2015-04-29 12:14 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\PDF Architect 3
2015-04-29 12:07 - 2015-05-19 12:06 - 00000000 ____D () C:\ProgramData\PDF Architect 3
2015-04-29 11:56 - 2013-09-01 13:59 - 01103872 _____ () C:\Windows\SysWOW64\CBLCtlsU.ocx
2015-04-29 11:56 - 2013-07-13 13:15 - 00805376 _____ () C:\Windows\SysWOW64\EditCtlsU.ocx
2015-04-29 11:56 - 2013-07-12 23:57 - 00539648 _____ () C:\Windows\SysWOW64\LblCtlsU.ocx
2015-04-29 11:56 - 2013-04-05 14:55 - 00476160 _____ () C:\Windows\SysWOW64\TabStripCtlU.ocx
2015-04-29 11:56 - 2013-03-29 00:13 - 00645632 _____ () C:\Windows\SysWOW64\BtnCtlsU.ocx
2015-04-29 11:56 - 2013-03-03 15:37 - 01061888 _____ () C:\Windows\SysWOW64\ExLvwU.ocx
2015-04-29 08:36 - 2015-05-13 11:55 - 00017698 _____ () C:\Users\Tim\Desktop\Notenliste.xlsx
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-19 13:25 - 2014-03-19 19:41 - 00000000 ____D () C:\Users\Tim
2015-05-19 13:20 - 2009-07-14 06:45 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-19 13:20 - 2009-07-14 06:45 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-19 13:19 - 2011-04-12 09:43 - 00699342 _____ () C:\Windows\system32\perfh007.dat
2015-05-19 13:19 - 2011-04-12 09:43 - 00149450 _____ () C:\Windows\system32\perfc007.dat
2015-05-19 13:19 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-19 13:16 - 2014-03-19 19:41 - 01322819 _____ () C:\Windows\WindowsUpdate.log
2015-05-19 13:12 - 2015-01-07 11:45 - 00000433 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-05-19 13:12 - 2014-03-19 20:54 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-05-19 13:12 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-19 12:05 - 2015-03-10 20:21 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\DVDVideoSoft
2015-05-19 12:03 - 2015-02-12 21:22 - 00000000 ____D () C:\Program Files (x86)\AVS4YOU
2015-05-19 12:02 - 2014-03-20 16:19 - 00000000 ____D () C:\Users\Tim\AppData\Local\Akamai
2015-05-19 12:00 - 2014-12-08 09:39 - 00003262 _____ () C:\Windows\System32\Tasks\3DconnexionCreateProcess_3DxService.exe
2015-05-19 12:00 - 2014-04-09 11:00 - 00000000 ____D () C:\Program Files\Autodesk
2015-05-19 11:29 - 2014-09-30 08:51 - 00000000 ____D () C:\Program Files (x86)\Google
2015-05-19 11:29 - 2014-04-09 22:27 - 00000000 ____D () C:\Users\Tim\AppData\Local\Microsoft Help
2015-05-19 11:29 - 2014-04-09 22:13 - 00000000 ____D () C:\Users\Tim\AppData\Local\Autodesk,_Inc
2015-05-19 11:29 - 2014-04-09 22:09 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-05-19 11:29 - 2014-03-20 16:31 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Autodesk
2015-05-19 11:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2015-05-19 09:36 - 2015-04-15 09:07 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Nitro PDF
2015-05-19 07:34 - 2014-03-19 19:37 - 00000000 ____D () C:\Windows\Panther
2015-05-19 07:33 - 2015-04-18 17:17 - 00000080 _____ () C:\Users\Tim\AppData\Local剜捯獫慴慇敭屳呇⁁屖湥楴汴浥湥湩潦
2015-05-18 21:30 - 2014-04-12 13:52 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Dropbox
2015-05-18 21:23 - 2014-04-12 14:06 - 00000000 ___RD () C:\Users\Tim\Dropbox
2015-05-18 12:46 - 2014-03-19 21:04 - 00000000 ____D () C:\Users\Tim\AppData\Local\Google
2015-05-18 12:43 - 2014-03-19 21:03 - 00000000 ____D () C:\Users\Tim\AppData\Local\Deployment
2015-05-18 12:19 - 2015-03-10 14:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-18 12:12 - 2014-11-03 14:16 - 00007621 _____ () C:\Users\Tim\AppData\Local\Resmon.ResmonCfg
2015-05-18 11:59 - 2015-04-12 15:28 - 00000000 ____D () C:\Program Files (x86)\MathType
2015-05-18 11:59 - 2015-03-05 10:42 - 00000000 ____D () C:\ProgramData\FreePDF
2015-05-18 11:59 - 2015-03-05 10:42 - 00000000 ____D () C:\Program Files (x86)\FreePDF_XP
2015-05-18 07:33 - 2014-03-19 20:07 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-17 18:34 - 2014-09-17 07:38 - 00000000 ____D () C:\Users\Tim\Documents\Outlook-Dateien
2015-05-13 10:52 - 2014-04-09 11:00 - 00000000 ____D () C:\Users\Tim\AppData\Local\Autodesk
2015-05-13 10:52 - 2014-03-20 16:31 - 00000000 ____D () C:\ProgramData\Autodesk
2015-05-11 11:01 - 2015-03-16 10:00 - 00036330 _____ () C:\Users\Tim\Desktop\Kalender.xlsx
2015-05-06 13:17 - 2014-10-08 10:49 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Skype
2015-05-02 15:52 - 2014-04-09 12:29 - 00000000 ____D () C:\Users\Tim\Documents\Inventor
2015-05-02 14:32 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-05-01 17:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-30 18:51 - 2009-07-14 06:45 - 00537216 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-30 18:49 - 2015-04-12 11:54 - 00000000 ____D () C:\Program Files\Windows Journal
2015-04-30 18:49 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Defender
2015-04-30 18:49 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-04-30 18:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-04-30 18:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-04-30 18:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-30 18:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-04-30 18:08 - 2014-04-09 01:09 - 01593564 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-19 10:57 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
==================== Files in the root of some directories =======
2015-05-18 07:32 - 2015-05-18 07:32 - 28684424 _____ (Sony Mobile Communications ) C:\Users\Tim\AppData\Local\pcc.exe
2014-11-03 14:16 - 2015-05-18 12:12 - 0007621 _____ () C:\Users\Tim\AppData\Local\Resmon.ResmonCfg
2014-08-05 22:27 - 2014-09-12 09:33 - 0006991 _____ () C:\ProgramData\hpzinstall.log
Some content of TEMP:
====================
C:\Users\Tim\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2uuum2.dll
C:\Users\Tim\AppData\Local\Temp\Quarantine.exe
C:\Users\Tim\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-04 08:16
==================== End Of Log ============================
|
|
19.05.2015, 17:26
| #5 |
| | Windows 7: Internetprobleme nach VPN Verbindung mit Uni-Server Vortsetzung: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-05-19 13:40:00
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Samsung_SSD_840_EVO_120GB rev.EXT0BB6Q 111,79GB
Running: Gmer-19357.exe; Driver: C:\Users\Tim\AppData\Local\Temp\uwldipow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 00000000775afaa4 5 bytes JMP 0000000171212e10
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000775b0034 5 bytes JMP 0000000171212dd0
.text C:\Windows\system32\Dwm.exe[2564] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3b3460 7 bytes JMP 000007fffd3a00d8
.text C:\Windows\system32\Dwm.exe[2564] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3ca590 6 bytes JMP 000007fffd3a0148
.text C:\Windows\system32\Dwm.exe[2564] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3cac00 5 bytes JMP 000007fffd3a0180
.text C:\Windows\system32\Dwm.exe[2564] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3cada0 5 bytes JMP 000007fffd3a0110
.text C:\Windows\system32\Dwm.exe[2564] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe4c89e0 8 bytes JMP 000007fffd3a01f0
.text C:\Windows\system32\Dwm.exe[2564] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe4cbe40 8 bytes JMP 000007fffd3a01b8
.text C:\Windows\system32\Dwm.exe[2564] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef76d4da4 7 bytes JMP 000007fff76c00d8
.text C:\Windows\system32\Dwm.exe[2564] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef76f9af4 7 bytes JMP 000007fff76c0110
.text C:\Windows\System32\igfxpers.exe[2700] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3b3460 7 bytes JMP 000007fffd3a00d8
.text C:\Windows\System32\igfxpers.exe[2700] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3ca590 6 bytes JMP 000007fffd3a0148
.text C:\Windows\System32\igfxpers.exe[2700] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3cac00 5 bytes JMP 000007fffd3a0180
.text C:\Windows\System32\igfxpers.exe[2700] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3cada0 5 bytes JMP 000007fffd3a0110
.text C:\Windows\System32\igfxpers.exe[2700] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe4c89e0 8 bytes JMP 000007fffd3a01f0
.text C:\Windows\System32\igfxpers.exe[2700] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe4cbe40 8 bytes JMP 000007fffd3a01b8
.text C:\Windows\System32\igfxpers.exe[2700] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd777490 11 bytes JMP 000007fffd3a0228
.text C:\Windows\System32\igfxpers.exe[2700] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd78bf00 7 bytes JMP 000007fffd3a0260
.text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2824] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007719a3e0 7 bytes JMP 000000016fff0228
.text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2824] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000771a3f00 5 bytes JMP 000000016fff0180
.text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2824] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000771bfff0 5 bytes JMP 000000016fff01b8
.text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2824] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771cf360 5 bytes JMP 000000016fff0110
.text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2824] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000771f9ab0 7 bytes JMP 000000016fff00d8
.text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2824] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077209540 5 bytes JMP 000000016fff0148
.text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2824] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077228860 1 byte JMP 000000016fff01f0
.text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2824] C:\Windows\system32\kernel32.dll!RegSetValueExA + 2 0000000077228862 5 bytes {JMP 0xfffffffff8dc7990}
.text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2824] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3b3460 7 bytes JMP 000007fffd3a00d8
.text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2824] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3ca590 6 bytes JMP 000007fffd3a0148
.text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2824] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3cac00 5 bytes JMP 000007fffd3a0180
.text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2824] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3cada0 5 bytes JMP 000007fffd3a0110
.text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2824] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe4c89e0 8 bytes JMP 000007fffd3a01f0
.text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2824] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe4cbe40 8 bytes JMP 000007fffd3a01b8
.text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2824] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd777490 11 bytes JMP 000007fffd3a0228
.text C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2824] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd78bf00 7 bytes JMP 000007fffd3a0260
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2912] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007719a3e0 7 bytes JMP 000000016fff0228
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2912] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000771a3f00 5 bytes JMP 000000016fff0180
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2912] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000771bfff0 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2912] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771cf360 5 bytes JMP 000000016fff0110
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2912] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000771f9ab0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2912] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077209540 5 bytes JMP 000000016fff0148
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2912] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077228860 1 byte JMP 000000016fff01f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2912] C:\Windows\system32\kernel32.dll!RegSetValueExA + 2 0000000077228862 5 bytes {JMP 0xfffffffff8dc7990}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2912] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3b3460 7 bytes JMP 000007fffd3a00d8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2912] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3ca590 6 bytes JMP 000007fffd3a0148
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2912] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3cac00 5 bytes JMP 000007fffd3a0180
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2912] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3cada0 5 bytes JMP 000007fffd3a0110
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2912] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe4c89e0 8 bytes JMP 000007fffd3a01f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2912] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe4cbe40 8 bytes JMP 000007fffd3a01b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2912] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd777490 11 bytes JMP 000007fffd3a0228
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2912] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd78bf00 7 bytes JMP 000007fffd3a0260
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076d51eee 7 bytes JMP 0000000166694b10
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076d55b85 7 bytes JMP 00000001666954b0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076d613e1 7 bytes JMP 0000000166694e50
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076d6ea15 7 bytes JMP 0000000166694b00
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076df8e84 7 bytes JMP 00000001666945c0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076df8f09 5 bytes JMP 0000000166694670
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076df925f 5 bytes JMP 00000001666945d0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a01d29 5 bytes JMP 0000000166694580
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a01dd7 5 bytes JMP 0000000166694540
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a02ab1 5 bytes JMP 0000000166694680
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a02d17 5 bytes JMP 0000000166694360
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000770a8a29 5 bytes JMP 0000000166693a40
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000770b4572 5 bytes JMP 00000001666942e0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000770ce567 5 bytes JMP 0000000166694350
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000770f07d7 5 bytes JMP 0000000166693850
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077107a5c 5 bytes JMP 00000001666942d0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007549e96b 5 bytes JMP 0000000166693b60
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007549eba5 5 bytes JMP 0000000166693b80
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000756f5ea5 5 bytes JMP 0000000166693a00
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075729d0b 5 bytes JMP 0000000166693990
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076891401 2 bytes JMP 76d7b1ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076891419 2 bytes JMP 76d7b31a C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076891431 2 bytes JMP 76df8f09 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007689144a 2 bytes CALL 76d54885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768914dd 2 bytes JMP 76df8802 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768914f5 2 bytes JMP 76df89d8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007689150d 2 bytes JMP 76df86f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076891525 2 bytes JMP 76df8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007689153d 2 bytes JMP 76d6fc78 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076891555 2 bytes JMP 76d768bf C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007689156d 2 bytes JMP 76df8fc1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076891585 2 bytes JMP 76df8b22 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007689159d 2 bytes JMP 76df86bc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768915b5 2 bytes JMP 76d6fd11 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768915cd 2 bytes JMP 76d7b2b0 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768916b2 2 bytes JMP 76df8e84 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768916bd 2 bytes JMP 76df8651 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[3144] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007719a3e0 7 bytes JMP 000000016fff0228
.text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[3144] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000771a3f00 5 bytes JMP 000000016fff0180
.text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[3144] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000771bfff0 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[3144] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771cf360 5 bytes JMP 000000016fff0110
.text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[3144] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000771f9ab0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[3144] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077209540 5 bytes JMP 000000016fff0148
.text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[3144] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077228860 1 byte JMP 000000016fff01f0
.text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[3144] C:\Windows\system32\kernel32.dll!RegSetValueExA + 2 0000000077228862 5 bytes {JMP 0xfffffffff8dc7990}
.text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[3144] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3b3460 7 bytes JMP 000007fffd3900d8
.text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[3144] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3ca590 6 bytes JMP 000007fffd390148
.text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[3144] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3cac00 5 bytes JMP 000007fffd390180
.text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[3144] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3cada0 5 bytes JMP 000007fffd390110
.text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[3144] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe4c89e0 8 bytes JMP 000007fffd3901f0
.text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[3144] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe4cbe40 8 bytes JMP 000007fffd3901b8
.text D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076d51eee 7 bytes JMP 0000000166694b10
.text D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076d55b85 7 bytes JMP 00000001666954b0
.text D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076d613e1 7 bytes JMP 0000000166694e50
.text D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076d6ea15 7 bytes JMP 0000000166694b00
.text D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076df8e84 7 bytes JMP 00000001666945c0
.text D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076df8f09 5 bytes JMP 0000000166694670
.text D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076df925f 5 bytes JMP 00000001666945d0
.text D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a01d29 5 bytes JMP 0000000166694580
.text D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a01dd7 5 bytes JMP 0000000166694540
.text D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a02ab1 5 bytes JMP 0000000166694680
.text D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a02d17 5 bytes JMP 0000000166694360
.text D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007549e96b 5 bytes JMP 0000000166693b60
.text D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007549eba5 5 bytes JMP 0000000166693b80
.text D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000770a8a29 5 bytes JMP 0000000166693a40
.text D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000770b4572 5 bytes JMP 00000001666942e0
.text D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000770ce567 5 bytes JMP 0000000166694350
.text D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000770f07d7 5 bytes JMP 0000000166693850
.text D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077107a5c 5 bytes JMP 00000001666942d0
.text D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000756f5ea5 5 bytes JMP 0000000166693a00
.text D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075729d0b 5 bytes JMP 0000000166693990
.text D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076891401 2 bytes JMP 76d7b1ef C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076891419 2 bytes JMP 76d7b31a C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076891431 2 bytes JMP 76df8f09 C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007689144a 2 bytes CALL 76d54885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768914dd 2 bytes JMP 76df8802 C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768914f5 2 bytes JMP 76df89d8 C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007689150d 2 bytes JMP 76df86f8 C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076891525 2 bytes JMP 76df8ac2 C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007689153d 2 bytes JMP 76d6fc78 C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076891555 2 bytes JMP 76d768bf C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007689156d 2 bytes JMP 76df8fc1 C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076891585 2 bytes JMP 76df8b22 C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007689159d 2 bytes JMP 76df86bc C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768915b5 2 bytes JMP 76d6fd11 C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768915cd 2 bytes JMP 76d7b2b0 C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768916b2 2 bytes JMP 76df8e84 C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768916bd 2 bytes JMP 76df8651 C:\Windows\syswow64\kernel32.dll
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000773b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000773b1544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000773b18ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 00000000773b1ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000773b1bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000773b1d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000773b1e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000773b1f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 00000000773b2248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000773b26f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000773b2712 8 bytes {JMP 0x10}
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000773b276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000773b27d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000773b2b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 00000000773b2be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000773b30bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000773b3248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33 00000000773b37c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274 00000000773b38b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000773b3a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000773b3fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 00000000773b4061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000773b40d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000773b4216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000773b4254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000773b44c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000773b46ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 00000000773b4773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 00000000773b4867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 00000000773b4986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 00000000773b4ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 00000000773b4b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000773b4d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000773b4f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000773b5007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000773b51f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000773b6006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000773b61be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000773b63ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000773b63ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000773b6404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000773b645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 00000000773b6c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000773fdca0 8 bytes {JMP QWORD [RIP-0x478a2]}
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000773fde20 8 bytes {JMP QWORD [RIP-0x479ca]}
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000773fde50 8 bytes {JMP QWORD [RIP-0x47c98]}
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773fdf70 8 bytes {JMP QWORD [RIP-0x47b89]}
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000773fe020 8 bytes {JMP QWORD [RIP-0x47c7a]}
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773fe650 8 bytes {JMP QWORD [RIP-0x46b93]}
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000773fe8a0 8 bytes {JMP QWORD [RIP-0x472a2]}
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773ff100 8 bytes {JMP QWORD [RIP-0x484e0]}
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000725513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007255146b 8 bytes {JMP 0xffffffffffffffb0}
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000725516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000725519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000725519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000072551a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000775d2bf7 6 bytes JMP 0000000110057ce0
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076d51eee 7 bytes JMP 0000000166694b10
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076d55b85 7 bytes JMP 00000001666954b0
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076d613e1 7 bytes JMP 0000000166694e50
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076d6ea15 7 bytes JMP 0000000166694b00
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076df8e84 7 bytes JMP 00000001666945c0
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076df8f09 5 bytes JMP 0000000166694670
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076df925f 5 bytes JMP 00000001666945d0
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a01d29 5 bytes JMP 0000000166694580
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a01dd7 5 bytes JMP 0000000166694540
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a02ab1 5 bytes JMP 0000000166694680
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a02d17 5 bytes JMP 0000000166694360
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\USER32.dll!GetSysColor 00000000770a6c3c 5 bytes JMP 00000001100941f0
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000770a8a29 5 bytes JMP 0000000166693a40
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\USER32.dll!GetSysColorBrush 00000000770b35a4 5 bytes JMP 0000000110094230
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\USER32.dll!GetScrollInfo 00000000770b4018 7 bytes JMP 0000000110096390
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\USER32.dll!SetScrollInfo 00000000770b40cf 7 bytes JMP 0000000110096420
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\USER32.dll!ShowScrollBar 00000000770b4162 5 bytes JMP 00000001100964c0
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\USER32.dll!GetScrollPos 00000000770b4234 5 bytes JMP 00000001100963c0
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000770b4572 5 bytes JMP 00000001666942e0
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\USER32.dll!SetScrollPos 00000000770b87a5 5 bytes JMP 0000000110096450
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\USER32.dll!EnableScrollBar 00000000770b8d3a 7 bytes JMP 0000000110096360
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\USER32.dll!GetScrollRange 00000000770b90c4 5 bytes JMP 00000001100963f0
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\USER32.dll!DrawFrameControl 00000000770c12a1 7 bytes JMP 0000000110094140
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\USER32.dll!EndDialog 00000000770cb99c 5 bytes JMP 0000000110057d50
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\USER32.dll!SetScrollRange 00000000770cd50b 5 bytes JMP 0000000110096480
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000770ce567 5 bytes JMP 0000000166694350
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000770f07d7 5 bytes JMP 0000000166693850
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077107a5c 5 bytes JMP 00000001666942d0
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007549e96b 5 bytes JMP 0000000166693b60
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007549eba5 5 bytes JMP 0000000166693b80
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000756f5ea5 5 bytes JMP 0000000166693a00
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075729d0b 5 bytes JMP 0000000166693990
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076891401 2 bytes JMP 76d7b1ef C:\Windows\syswow64\kernel32.dll
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076891419 2 bytes JMP 76d7b31a C:\Windows\syswow64\kernel32.dll
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076891431 2 bytes JMP 76df8f09 C:\Windows\syswow64\kernel32.dll
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007689144a 2 bytes CALL 76d54885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768914dd 2 bytes JMP 76df8802 C:\Windows\syswow64\kernel32.dll
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768914f5 2 bytes JMP 76df89d8 C:\Windows\syswow64\kernel32.dll
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007689150d 2 bytes JMP 76df86f8 C:\Windows\syswow64\kernel32.dll
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076891525 2 bytes JMP 76df8ac2 C:\Windows\syswow64\kernel32.dll
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007689153d 2 bytes JMP 76d6fc78 C:\Windows\syswow64\kernel32.dll
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076891555 2 bytes JMP 76d768bf C:\Windows\syswow64\kernel32.dll
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007689156d 2 bytes JMP 76df8fc1 C:\Windows\syswow64\kernel32.dll
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076891585 2 bytes JMP 76df8b22 C:\Windows\syswow64\kernel32.dll
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007689159d 2 bytes JMP 76df86bc C:\Windows\syswow64\kernel32.dll
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768915b5 2 bytes JMP 76d6fd11 C:\Windows\syswow64\kernel32.dll
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768915cd 2 bytes JMP 76d7b2b0 C:\Windows\syswow64\kernel32.dll
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768916b2 2 bytes JMP 76df8e84 C:\Windows\syswow64\kernel32.dll
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768916bd 2 bytes JMP 76df8651 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000773b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000773b1544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000773b18ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 00000000773b1ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000773b1bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000773b1d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000773b1e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000773b1f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 00000000773b2248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000773b26f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000773b2712 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000773b276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000773b27d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000773b2b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 00000000773b2be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000773b30bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000773b3248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33 00000000773b37c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274 00000000773b38b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000773b3a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000773b3fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 00000000773b4061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000773b40d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000773b4216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000773b4254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000773b44c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000773b46ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 00000000773b4773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 00000000773b4867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 00000000773b4986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 00000000773b4ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 00000000773b4b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000773b4d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000773b4f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000773b5007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000773b51f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000773b6006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000773b61be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000773b63ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000773b63ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000773b6404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000773b645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 00000000773b6c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000773fdca0 8 bytes {JMP QWORD [RIP-0x478a2]}
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000773fde20 8 bytes {JMP QWORD [RIP-0x479ca]}
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000773fde50 8 bytes {JMP QWORD [RIP-0x47c98]}
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773fdf70 8 bytes {JMP QWORD [RIP-0x47b89]}
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000773fe020 8 bytes {JMP QWORD [RIP-0x47c7a]}
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773fe650 8 bytes {JMP QWORD [RIP-0x46b93]}
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000773fe8a0 8 bytes {JMP QWORD [RIP-0x472a2]}
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773ff100 8 bytes {JMP QWORD [RIP-0x484e0]}
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000725513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007255146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000725516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000725519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000725519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000072551a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076d51eee 7 bytes JMP 0000000166694b10
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076d55b85 7 bytes JMP 00000001666954b0
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076d613e1 7 bytes JMP 0000000166694e50
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076d6ea15 7 bytes JMP 0000000166694b00
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076df8e84 7 bytes JMP 00000001666945c0
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076df8f09 5 bytes JMP 0000000166694670
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076df925f 5 bytes JMP 00000001666945d0
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a01d29 5 bytes JMP 0000000166694580
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a01dd7 5 bytes JMP 0000000166694540
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a02ab1 5 bytes JMP 0000000166694680
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a02d17 5 bytes JMP 0000000166694360
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000770a8a29 5 bytes JMP 0000000166693a40
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000770b4572 5 bytes JMP 00000001666942e0
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\USER32.dll!GetMenu + 412 00000000770b51dd 7 bytes JMP 000000011003ac50
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\USER32.dll!PeekMessageA + 407 00000000770b610b 7 bytes JMP 000000011003b000
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW + 131 00000000770bc6c1 7 bytes JMP 000000011003abc0
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000770ce567 5 bytes JMP 0000000166694350
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000770f07d7 5 bytes JMP 0000000166693850
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA + 199 00000000770ffc98 7 bytes JMP 000000011003af50
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW + 52 00000000770ffcd1 7 bytes JMP 000000011003adf0
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 31 00000000770ffcf5 7 bytes JMP 000000011003af00
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077107a5c 5 bytes JMP 00000001666942d0
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007549e96b 5 bytes JMP 0000000166693b60
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007549eba5 5 bytes JMP 0000000166693b80
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076891401 2 bytes JMP 76d7b1ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076891419 2 bytes JMP 76d7b31a C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076891431 2 bytes JMP 76df8f09 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007689144a 2 bytes CALL 76d54885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768914dd 2 bytes JMP 76df8802 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768914f5 2 bytes JMP 76df89d8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007689150d 2 bytes JMP 76df86f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076891525 2 bytes JMP 76df8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007689153d 2 bytes JMP 76d6fc78 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076891555 2 bytes JMP 76d768bf C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007689156d 2 bytes JMP 76df8fc1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076891585 2 bytes JMP 76df8b22 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007689159d 2 bytes JMP 76df86bc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768915b5 2 bytes JMP 76d6fd11 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768915cd 2 bytes JMP 76d7b2b0 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768916b2 2 bytes JMP 76df8e84 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768916bd 2 bytes JMP 76df8651 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000773b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000773b1544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000773b18ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 00000000773b1ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000773b1bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000773b1d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000773b1e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000773b1f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 00000000773b2248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000773b26f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000773b2712 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000773b276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000773b27d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000773b2b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 00000000773b2be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000773b30bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000773b3248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33 00000000773b37c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274 00000000773b38b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000773b3a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000773b3fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 00000000773b4061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000773b40d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000773b4216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000773b4254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000773b44c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000773b46ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 00000000773b4773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 00000000773b4867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 00000000773b4986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 00000000773b4ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 00000000773b4b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000773b4d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000773b4f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000773b5007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000773b51f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000773b6006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000773b61be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000773b63ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000773b63ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000773b6404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000773b645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 00000000773b6c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000773fdca0 8 bytes {JMP QWORD [RIP-0x478a2]}
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000773fde20 8 bytes {JMP QWORD [RIP-0x479ca]}
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000773fde50 8 bytes {JMP QWORD [RIP-0x47c98]}
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773fdf70 8 bytes {JMP QWORD [RIP-0x47b89]}
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000773fe020 8 bytes {JMP QWORD [RIP-0x47c7a]}
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773fe650 8 bytes {JMP QWORD [RIP-0x46b93]}
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000773fe8a0 8 bytes {JMP QWORD [RIP-0x472a2]}
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773ff100 8 bytes {JMP QWORD [RIP-0x484e0]}
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000725513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007255146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000725516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000725519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000725519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000072551a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000076d51eee 7 bytes JMP 0000000166694b10
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000076d55b85 7 bytes JMP 00000001666954b0
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000076d613e1 7 bytes JMP 0000000166694e50
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 0000000076d6ea15 7 bytes JMP 0000000166694b00
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000076df8e84 7 bytes JMP 00000001666945c0
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000076df8f09 5 bytes JMP 0000000166694670
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000076df925f 5 bytes JMP 00000001666945d0
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a01d29 5 bytes JMP 0000000166694580
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a01dd7 5 bytes JMP 0000000166694540
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a02ab1 5 bytes JMP 0000000166694680
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a02d17 5 bytes JMP 0000000166694360
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007549e96b 5 bytes JMP 0000000166693b60
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007549eba5 5 bytes JMP 0000000166693b80
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000770a8a29 5 bytes JMP 0000000166693a40
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000770b4572 5 bytes JMP 00000001666942e0
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000770ce567 5 bytes JMP 0000000166694350
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000770f07d7 5 bytes JMP 0000000166693850
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077107a5c 5 bytes JMP 00000001666942d0
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000756f5ea5 5 bytes JMP 0000000166693a00
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075729d0b 5 bytes JMP 0000000166693990
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076891401 2 bytes JMP 76d7b1ef C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076891419 2 bytes JMP 76d7b31a C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076891431 2 bytes JMP 76df8f09 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007689144a 2 bytes CALL 76d54885 C:\Windows\syswow64\KERNEL32.dll
.text ... * 9
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768914dd 2 bytes JMP 76df8802 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768914f5 2 bytes JMP 76df89d8 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007689150d 2 bytes JMP 76df86f8 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076891525 2 bytes JMP 76df8ac2 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007689153d 2 bytes JMP 76d6fc78 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076891555 2 bytes JMP 76d768bf C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007689156d 2 bytes JMP 76df8fc1 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076891585 2 bytes JMP 76df8b22 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007689159d 2 bytes JMP 76df86bc C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768915b5 2 bytes JMP 76d6fd11 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768915cd 2 bytes JMP 76d7b2b0 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768916b2 2 bytes JMP 76df8e84 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768916bd 2 bytes JMP 76df8651 C:\Windows\syswow64\KERNEL32.dll
.text D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076d51eee 7 bytes JMP 0000000166694b10
.text D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076d55b85 7 bytes JMP 00000001666954b0
.text D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076d613e1 7 bytes JMP 0000000166694e50
.text D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076d6ea15 7 bytes JMP 0000000166694b00
.text D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076df8e84 7 bytes JMP 00000001666945c0
.text D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076df8f09 5 bytes JMP 0000000166694670
.text D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076df925f 5 bytes JMP 00000001666945d0
.text D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000770a8a29 5 bytes JMP 0000000166693a40
.text D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000770b4572 5 bytes JMP 00000001666942e0
.text D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000770ce567 5 bytes JMP 0000000166694350
.text D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000770f07d7 5 bytes JMP 0000000166693850
.text D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077107a5c 5 bytes JMP 00000001666942d0
.text D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076891401 2 bytes JMP 76d7b1ef C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076891419 2 bytes JMP 76d7b31a C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076891431 2 bytes JMP 76df8f09 C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007689144a 2 bytes CALL 76d54885 C:\Windows\syswow64\kernel32.dll
.text ...
|
|
19.05.2015, 17:31
| #6 |
| | Windows 7: Internetprobleme nach VPN Verbindung mit Uni-Server Fortsetzung: [CODE].text D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768914dd 2 bytes JMP 76df8802 C:\Windows\syswow64\kernel32.dll .text D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768914f5 2 bytes JMP 76df89d8 C:\Windows\syswow64\kernel32.dll .text D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007689150d 2 bytes JMP 76df86f8 C:\Windows\syswow64\kernel32.dll .text D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076891525 2 bytes JMP 76df8ac2 C:\Windows\syswow64\kernel32.dll .text D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007689153d 2 bytes JMP 76d6fc78 C:\Windows\syswow64\kernel32.dll .text D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076891555 2 bytes JMP 76d768bf C:\Windows\syswow64\kernel32.dll .text D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007689156d 2 bytes JMP 76df8fc1 C:\Windows\syswow64\kernel32.dll .text D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076891585 2 bytes JMP 76df8b22 C:\Windows\syswow64\kernel32.dll .text D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007689159d 2 bytes JMP 76df86bc C:\Windows\syswow64\kernel32.dll .text D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768915b5 2 bytes JMP 76d6fd11 C:\Windows\syswow64\kernel32.dll .text D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768915cd 2 bytes JMP 76d7b2b0 C:\Windows\syswow64\kernel32.dll .text D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768916b2 2 bytes JMP 76df8e84 C:\Windows\syswow64\kernel32.dll .text D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768916bd 2 bytes JMP 76df8651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000773b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000773b1544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000773b18ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 00000000773b1ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000773b1bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000773b1d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000773b1e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000773b1f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 00000000773b2248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000773b26f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000773b2712 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000773b276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000773b27d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000773b2b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 00000000773b2be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000773b30bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000773b3248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33 00000000773b37c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274 00000000773b38b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000773b3a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000773b3fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 00000000773b4061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000773b40d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000773b4216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000773b4254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000773b44c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000773b46ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 00000000773b4773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 00000000773b4867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 00000000773b4986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 00000000773b4ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 00000000773b4b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000773b4d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000773b4f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000773b5007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000773b51f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000773b6006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000773b61be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000773b63ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000773b63ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000773b6404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000773b645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 00000000773b6c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000773fdca0 8 bytes {JMP QWORD [RIP-0x478a2]} .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000773fde20 8 bytes {JMP QWORD [RIP-0x479ca]} .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000773fde50 8 bytes {JMP QWORD [RIP-0x47c98]} .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773fdf70 8 bytes {JMP QWORD [RIP-0x47b89]} .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000773fe020 8 bytes {JMP QWORD [RIP-0x47c7a]} .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773fe650 8 bytes {JMP QWORD [RIP-0x46b93]} .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000773fe8a0 8 bytes {JMP QWORD [RIP-0x472a2]} .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773ff100 8 bytes {JMP QWORD [RIP-0x484e0]} .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000725513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007255146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000725516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000725519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000725519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000072551a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076d51eee 7 bytes JMP 0000000166694b10 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076d55b85 7 bytes JMP 00000001666954b0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076d613e1 7 bytes JMP 0000000166694e50 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076d6ea15 7 bytes JMP 0000000166694b00 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076df8e84 7 bytes JMP 00000001666945c0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076df8f09 5 bytes JMP 0000000166694670 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076df925f 5 bytes JMP 00000001666945d0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a01d29 5 bytes JMP 0000000166694580 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a01dd7 5 bytes JMP 0000000166694540 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a02ab1 5 bytes JMP 0000000166694680 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a02d17 5 bytes JMP 0000000166694360 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000770a8a29 5 bytes JMP 0000000166693a40 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000770b4572 5 bytes JMP 00000001666942e0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000770ce567 5 bytes JMP 0000000166694350 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000770f07d7 5 bytes JMP 0000000166693850 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077107a5c 5 bytes JMP 00000001666942d0 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007549e96b 5 bytes JMP 0000000166693b60 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007549eba5 5 bytes JMP 0000000166693b80 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000756f5ea5 5 bytes JMP 0000000166693a00 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075729d0b 5 bytes JMP 0000000166693990 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076891401 2 bytes JMP 76d7b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076891419 2 bytes JMP 76d7b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076891431 2 bytes JMP 76df8f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007689144a 2 bytes CALL 76d54885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768914dd 2 bytes JMP 76df8802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768914f5 2 bytes JMP 76df89d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007689150d 2 bytes JMP 76df86f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076891525 2 bytes JMP 76df8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007689153d 2 bytes JMP 76d6fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076891555 2 bytes JMP 76d768bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007689156d 2 bytes JMP 76df8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076891585 2 bytes JMP 76df8b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007689159d 2 bytes JMP 76df86bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768915b5 2 bytes JMP 76d6fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768915cd 2 bytes JMP 76d7b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768916b2 2 bytes JMP 76df8e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768916bd 2 bytes JMP 76df8651 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000773b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000773b1544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000773b18ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 00000000773b1ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000773b1bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000773b1d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000773b1e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000773b1f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 00000000773b2248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000773b26f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000773b2712 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000773b276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000773b27d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000773b2b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 00000000773b2be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000773b30bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000773b3248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33 00000000773b37c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274 00000000773b38b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000773b3a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000773b3fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 00000000773b4061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000773b40d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000773b4216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000773b4254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000773b44c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000773b46ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 00000000773b4773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 00000000773b4867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 00000000773b4986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 00000000773b4ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 00000000773b4b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000773b4d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000773b4f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000773b5007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000773b51f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000773b6006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000773b61be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000773b63ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000773b63ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000773b6404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000773b645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 00000000773b6c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000773fdca0 8 bytes {JMP QWORD [RIP-0x478a2]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000773fde20 8 bytes {JMP QWORD [RIP-0x479ca]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000773fde50 8 bytes {JMP QWORD [RIP-0x47c98]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773fdf70 8 bytes {JMP QWORD [RIP-0x47b89]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000773fe020 8 bytes {JMP QWORD [RIP-0x47c7a]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773fe650 8 bytes {JMP QWORD [RIP-0x46b93]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000773fe8a0 8 bytes {JMP QWORD [RIP-0x472a2]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773ff100 8 bytes {JMP QWORD [RIP-0x484e0]} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000725513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007255146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000725516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000725519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000725519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000072551a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076d51eee 7 bytes JMP 0000000166694b10 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076d55b85 7 bytes JMP 00000001666954b0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076d613e1 7 bytes JMP 0000000166694e50 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076d6ea15 7 bytes JMP 0000000166694b00 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076df8e84 7 bytes JMP 00000001666945c0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076df8f09 5 bytes JMP 0000000166694670 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076df925f 5 bytes JMP 00000001666945d0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a01d29 5 bytes JMP 0000000166694580 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a01dd7 5 bytes JMP 0000000166694540 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a02ab1 5 bytes JMP 0000000166694680 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a02d17 5 bytes JMP 0000000166694360 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007549e96b 5 bytes JMP 0000000166693b60 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007549eba5 5 bytes JMP 0000000166693b80 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000770a8a29 5 bytes JMP 0000000166693a40 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000770b4572 5 bytes JMP 00000001666942e0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000770ce567 5 bytes JMP 0000000166694350 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000770f07d7 5 bytes JMP 0000000166693850 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077107a5c 5 bytes JMP 00000001666942d0 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000756f5ea5 5 bytes JMP 0000000166693a00 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075729d0b 5 bytes JMP 0000000166693990 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076891401 2 bytes JMP 76d7b1ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076891419 2 bytes JMP 76d7b31a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076891431 2 bytes JMP 76df8f09 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007689144a 2 bytes CALL 76d54885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768914dd 2 bytes JMP 76df8802 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768914f5 2 bytes JMP 76df89d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007689150d 2 bytes JMP 76df86f8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076891525 2 bytes JMP 76df8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007689153d 2 bytes JMP 76d6fc78 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076891555 2 bytes JMP 76d768bf C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007689156d 2 bytes JMP 76df8fc1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076891585 2 bytes JMP 76df8b22 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007689159d 2 bytes JMP 76df86bc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768915b5 2 bytes JMP 76d6fd11 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768915cd 2 bytes JMP 76d7b2b0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768916b2 2 bytes JMP 76df8e84 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768916bd 2 bytes JMP 76df8651 C:\Windows\syswow64\kernel32.dll .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000773b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000773b1544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000773b18ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 00000000773b1ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000773b1bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000773b1d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000773b1e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000773b1f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 00000000773b2248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000773b26f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000773b2712 8 bytes {JMP 0x10} .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000773b276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000773b27d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000773b2b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 00000000773b2be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000773b30bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000773b3248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33 00000000773b37c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274 00000000773b38b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000773b3a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000773b3fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 00000000773b4061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000773b40d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000773b4216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000773b4254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000773b44c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000773b46ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 00000000773b4773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 00000000773b4867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 00000000773b4986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 00000000773b4ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 00000000773b4b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000773b4d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000773b4f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000773b5007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000773b51f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000773b6006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000773b61be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...] .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000773b63ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...] .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000773b63ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...] .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000773b6404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...] .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000773b645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...] .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 00000000773b6c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...] .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000773fdca0 8 bytes {JMP QWORD [RIP-0x478a2]} .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000773fde20 8 bytes {JMP QWORD [RIP-0x479ca]} .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000773fde50 8 bytes {JMP QWORD [RIP-0x47c98]} .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773fdf70 8 bytes {JMP QWORD [RIP-0x47b89]} .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000773fe020 8 bytes {JMP QWORD [RIP-0x47c7a]} .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773fe650 8 bytes {JMP QWORD [RIP-0x46b93]} .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000773fe8a0 8 bytes {JMP QWORD [RIP-0x472a2]} .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773ff100 8 bytes {JMP QWORD [RIP-0x484e0]} .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000725513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007255146b 8 bytes {JMP 0xffffffffffffffb0} .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000725516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000725519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000725519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000072551a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000076d51eee 7 bytes JMP 0000000166694b10 .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000076d55b85 7 bytes JMP 00000001666954b0 .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000076d613e1 7 bytes JMP 0000000166694e50 .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 0000000076d6ea15 7 bytes JMP 0000000166694b00 .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000076df8e84 7 bytes JMP 00000001666945c0 .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000076df8f09 5 bytes JMP 0000000166694670 .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000076df925f 5 bytes JMP 00000001666945d0 .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a01d29 5 bytes JMP 0000000166694580 .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a01dd7 5 bytes JMP 0000000166694540 .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a02ab1 5 bytes JMP 0000000166694680 .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a02d17 5 bytes JMP 0000000166694360 .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007549e96b 5 bytes JMP 0000000166693b60 .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007549eba5 5 bytes JMP 0000000166693b80 .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000770a8a29 5 bytes JMP 0000000166693a40 .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000770b4572 5 bytes JMP 00000001666942e0 .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000770ce567 5 bytes JMP 0000000166694350 .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000770f07d7 5 bytes JMP 0000000166693850 .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077107a5c 5 bytes JMP 00000001666942d0 .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000756f5ea5 5 bytes JMP 0000000166693a00 .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075729d0b 5 bytes JMP 0000000166693990 .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076891401 2 bytes JMP 76d7b1ef C:\Windows\syswow64\KERNEL32.dll .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076891419 2 bytes JMP 76d7b31a C:\Windows\syswow64\KERNEL32.dll .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076891431 2 bytes JMP 76df8f09 C:\Windows\syswow64\KERNEL32.dll .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007689144a 2 bytes CALL 76d54885 C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768914dd 2 bytes JMP 76df8802 C:\Windows\syswow64\KERNEL32.dll .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768914f5 2 bytes JMP 76df89d8 C:\Windows\syswow64\KERNEL32.dll .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007689150d 2 bytes JMP 76df86f8 C:\Windows\syswow64\KERNEL32.dll .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076891525 2 bytes JMP 76df8ac2 C:\Windows\syswow64\KERNEL32.dll .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007689153d 2 bytes JMP 76d6fc78 C:\Windows\syswow64\KERNEL32.dll .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076891555 2 bytes JMP 76d768bf C:\Windows\syswow64\KERNEL32.dll .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007689156d 2 bytes JMP 76df8fc1 C:\Windows\syswow64\KERNEL32.dll .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076891585 2 bytes JMP 76df8b22 C:\Windows\syswow64\KERNEL32.dll .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007689159d 2 bytes JMP 76df86bc C:\Windows\syswow64\KERNEL32.dll .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768915b5 2 bytes JMP 76d6fd11 C:\Windows\syswow64\KERNEL32.dll .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768915cd 2 bytes JMP 76d7b2b0 C:\Windows\syswow64\KERNEL32.dll .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768916b2 2 bytes JMP 76df8e84 C:\Windows\syswow64\KERNEL32.dll .text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768916bd 2 bytes JMP 76df8651 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3728] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007719a3e0 7 bytes JMP 000000016fff0228 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3728] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000771a3f00 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3728] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000771bfff0 5 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3728] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771cf360 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3728] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000771f9ab0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3728] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077209540 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3728] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077228860 1 byte JMP 000000016fff01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3728] C:\Windows\system32\kernel32.dll!RegSetValueExA + 2 0000000077228862 5 bytes {JMP 0xfffffffff8dc7990} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3728] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3b3460 7 bytes JMP 000007fffd3a00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3728] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3ca590 6 bytes JMP 000007fffd3a0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3728] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3cac00 5 bytes JMP 000007fffd3a0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3728] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3cada0 5 bytes JMP 000007fffd3a0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3728] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe4c89e0 8 bytes JMP 000007fffd3a01f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3728] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe4cbe40 8 bytes JMP 000007fffd3a01b8 .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000773b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000773b1544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000773b18ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 00000000773b1ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000773b1bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000773b1d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000773b1e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000773b1f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 00000000773b2248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000773b26f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000773b2712 8 bytes {JMP 0x10} .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000773b276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000773b27d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000773b2b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 00000000773b2be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000773b30bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000773b3248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33 00000000773b37c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274 00000000773b38b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000773b3a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000773b3fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 00000000773b4061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000773b40d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000773b4216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000773b4254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000773b44c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000773b46ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 00000000773b4773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 00000000773b4867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 00000000773b4986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 00000000773b4ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 00000000773b4b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000773b4d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000773b4f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000773b5007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000773b51f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000773b6006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000773b61be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000773b63ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000773b63ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000773b6404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000773b645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 00000000773b6c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000773fdca0 8 bytes {JMP QWORD [RIP-0x478a2]} .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000773fde20 8 bytes {JMP QWORD [RIP-0x479ca]} .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000773fde50 8 bytes {JMP QWORD [RIP-0x47c98]} .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773fdf70 8 bytes {JMP QWORD [RIP-0x47b89]} .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000773fe020 8 bytes {JMP QWORD [RIP-0x47c7a]} .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773fe650 8 bytes {JMP QWORD [RIP-0x46b93]} .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000773fe8a0 8 bytes {JMP QWORD [RIP-0x472a2]} .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773ff100 8 bytes {JMP QWORD [RIP-0x484e0]} .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000725513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007255146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000725516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000725519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000725519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000072551a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076d51eee 7 bytes JMP 0000000166694b10 .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076d55b85 7 bytes JMP 00000001666954b0 .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076d58769 5 bytes [33, C0, C2, 04, 00] .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076d613e1 7 bytes JMP 0000000166694e50 .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076d6ea15 7 bytes JMP 0000000166694b00 .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076df8e84 7 bytes JMP 00000001666945c0 .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076df8f09 5 bytes JMP 0000000166694670 .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076df925f 5 bytes JMP 00000001666945d0 .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a01d29 5 bytes JMP 0000000166694580 .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a01dd7 5 bytes JMP 0000000166694540 .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a02ab1 5 bytes JMP 0000000166694680 .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a02d17 5 bytes JMP 0000000166694360 .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000770a8a29 5 bytes JMP 0000000166693a40 .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000770b4572 5 bytes JMP 00000001666942e0 .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000770ce567 5 bytes JMP 0000000166694350 .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000770f07d7 5 bytes JMP 0000000166693850 .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077107a5c 5 bytes JMP 00000001666942d0 .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007549e96b 5 bytes JMP 0000000166693b60 .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007549eba5 5 bytes JMP 0000000166693b80 .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076891401 2 bytes JMP 76d7b1ef C:\Windows\syswow64\kernel32.dll .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076891419 2 bytes JMP 76d7b31a C:\Windows\syswow64\kernel32.dll .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076891431 2 bytes JMP 76df8f09 C:\Windows\syswow64\kernel32.dll .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007689144a 2 bytes CALL 76d54885 C:\Windows\syswow64\kernel32.dll .text ... * 9 |
|
19.05.2015, 17:33
| #7 |
| | Windows 7: Internetprobleme nach VPN Verbindung mit Uni-Server Fortsetzung: Code:
ATTFilter .text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768914dd 2 bytes JMP 76df8802 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768914f5 2 bytes JMP 76df89d8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007689150d 2 bytes JMP 76df86f8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076891525 2 bytes JMP 76df8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007689153d 2 bytes JMP 76d6fc78 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076891555 2 bytes JMP 76d768bf C:\Windows\syswow64\kernel32.dll
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007689156d 2 bytes JMP 76df8fc1 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076891585 2 bytes JMP 76df8b22 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007689159d 2 bytes JMP 76df86bc C:\Windows\syswow64\kernel32.dll
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768915b5 2 bytes JMP 76d6fd11 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768915cd 2 bytes JMP 76d7b2b0 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768916b2 2 bytes JMP 76df8e84 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768916bd 2 bytes JMP 76df8651 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\CCleaner\CCleaner64.exe[3872] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd777490 11 bytes JMP 000007fffd390228
.text C:\Program Files\CCleaner\CCleaner64.exe[3872] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd78bf00 7 bytes JMP 000007fffd390260
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000773b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000773b1544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000773b18ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 00000000773b1ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000773b1bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000773b1d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000773b1e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000773b1f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 00000000773b2248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000773b26f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000773b2712 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000773b276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000773b27d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000773b2b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 00000000773b2be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000773b30bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000773b3248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33 00000000773b37c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274 00000000773b38b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000773b3a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000773b3fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 00000000773b4061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000773b40d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000773b4216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000773b4254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000773b44c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000773b46ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 00000000773b4773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 00000000773b4867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 00000000773b4986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 00000000773b4ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 00000000773b4b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000773b4d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000773b4f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000773b5007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000773b51f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000773b6006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000773b61be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000773b63ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000773b63ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000773b6404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000773b645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 00000000773b6c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000773fdca0 8 bytes {JMP QWORD [RIP-0x478a2]}
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000773fde20 8 bytes {JMP QWORD [RIP-0x479ca]}
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000773fde50 8 bytes {JMP QWORD [RIP-0x47c98]}
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773fdf70 8 bytes {JMP QWORD [RIP-0x47b89]}
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000773fe020 8 bytes {JMP QWORD [RIP-0x47c7a]}
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773fe650 8 bytes {JMP QWORD [RIP-0x46b93]}
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000773fe8a0 8 bytes {JMP QWORD [RIP-0x472a2]}
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773ff100 8 bytes {JMP QWORD [RIP-0x484e0]}
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000725513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007255146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000725516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000725519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000725519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000072551a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000773b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000773b1544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000773b18ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 00000000773b1ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000773b1bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000773b1d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000773b1e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000773b1f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 00000000773b2248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000773b26f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000773b2712 8 bytes {JMP 0x10}
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000773b276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000773b27d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000773b2b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 00000000773b2be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000773b30bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000773b3248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33 00000000773b37c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274 00000000773b38b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000773b3a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000773b3fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 00000000773b4061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000773b40d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000773b4216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000773b4254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000773b44c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000773b46ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 00000000773b4773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 00000000773b4867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 00000000773b4986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 00000000773b4ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 00000000773b4b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000773b4d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000773b4f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000773b5007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000773b51f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000773b6006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000773b61be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000773b63ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000773b63ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000773b6404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000773b645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 00000000773b6c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000773fdca0 8 bytes {JMP QWORD [RIP-0x478a2]}
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000773fde20 8 bytes {JMP QWORD [RIP-0x479ca]}
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000773fde50 8 bytes {JMP QWORD [RIP-0x47c98]}
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773fdf70 8 bytes {JMP QWORD [RIP-0x47b89]}
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000773fe020 8 bytes {JMP QWORD [RIP-0x47c7a]}
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773fe650 8 bytes {JMP QWORD [RIP-0x46b93]}
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000773fe8a0 8 bytes {JMP QWORD [RIP-0x472a2]}
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773ff100 8 bytes {JMP QWORD [RIP-0x484e0]}
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000725513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007255146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000725516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000725519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000725519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000072551a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000645d17fa 2 bytes CALL 76d511a9 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 00000000645d1860 2 bytes CALL 76d511a9 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 00000000645d1942 2 bytes JMP 75147089 C:\Windows\syswow64\WS2_32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 00000000645d194d 2 bytes JMP 7514cba6 C:\Windows\syswow64\WS2_32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076891401 2 bytes JMP 76d7b1ef C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076891419 2 bytes JMP 76d7b31a C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076891431 2 bytes JMP 76df8f09 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007689144a 2 bytes CALL 76d54885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768914dd 2 bytes JMP 76df8802 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768914f5 2 bytes JMP 76df89d8 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007689150d 2 bytes JMP 76df86f8 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076891525 2 bytes JMP 76df8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007689153d 2 bytes JMP 76d6fc78 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076891555 2 bytes JMP 76d768bf C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007689156d 2 bytes JMP 76df8fc1 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076891585 2 bytes JMP 76df8b22 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007689159d 2 bytes JMP 76df86bc C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768915b5 2 bytes JMP 76d6fd11 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768915cd 2 bytes JMP 76d7b2b0 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768916b2 2 bytes JMP 76df8e84 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768916bd 2 bytes JMP 76df8651 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000773b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000773b1544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000773b18ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 00000000773b1ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000773b1bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000773b1d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000773b1e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000773b1f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 00000000773b2248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000773b26f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000773b2712 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000773b276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000773b27d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000773b2b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 00000000773b2be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000773b30bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000773b3248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33 00000000773b37c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274 00000000773b38b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000773b3a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000773b3fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 00000000773b4061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000773b40d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000773b4216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000773b4254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000773b44c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000773b46ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 00000000773b4773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 00000000773b4867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 00000000773b4986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 00000000773b4ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 00000000773b4b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000773b4d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000773b4f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000773b5007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000773b51f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000773b6006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000773b61be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000773b63ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000773b63ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000773b6404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000773b645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 00000000773b6c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000773fdca0 8 bytes {JMP QWORD [RIP-0x478a2]}
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000773fde20 8 bytes {JMP QWORD [RIP-0x479ca]}
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000773fde50 8 bytes {JMP QWORD [RIP-0x47c98]}
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773fdf70 8 bytes {JMP QWORD [RIP-0x47b89]}
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000773fe020 8 bytes {JMP QWORD [RIP-0x47c7a]}
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773fe650 8 bytes {JMP QWORD [RIP-0x46b93]}
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000773fe8a0 8 bytes {JMP QWORD [RIP-0x472a2]}
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773ff100 8 bytes {JMP QWORD [RIP-0x484e0]}
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000725513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007255146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000725516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000725519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000725519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000072551a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000773b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000773b1544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000773b18ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 00000000773b1ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000773b1bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000773b1d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000773b1e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000773b1f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 00000000773b2248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000773b26f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000773b2712 8 bytes {JMP 0x10}
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000773b276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000773b27d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000773b2b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 00000000773b2be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000773b30bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000773b3248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33 00000000773b37c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274 00000000773b38b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000773b3a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000773b3fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 00000000773b4061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000773b40d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000773b4216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000773b4254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000773b44c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000773b46ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 00000000773b4773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 00000000773b4867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 00000000773b4986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 00000000773b4ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 00000000773b4b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000773b4d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000773b4f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000773b5007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000773b51f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000773b6006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000773b61be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000773b63ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000773b63ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000773b6404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000773b645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 00000000773b6c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000773fdca0 8 bytes {JMP QWORD [RIP-0x478a2]}
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000773fde20 8 bytes {JMP QWORD [RIP-0x479ca]}
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000773fde50 8 bytes {JMP QWORD [RIP-0x47c98]}
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773fdf70 8 bytes {JMP QWORD [RIP-0x47b89]}
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000773fe020 8 bytes {JMP QWORD [RIP-0x47c7a]}
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773fe650 8 bytes {JMP QWORD [RIP-0x46b93]}
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000773fe8a0 8 bytes {JMP QWORD [RIP-0x472a2]}
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773ff100 8 bytes {JMP QWORD [RIP-0x484e0]}
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000725513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007255146b 8 bytes {JMP 0xffffffffffffffb0}
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000725516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000725519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000725519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000072551a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076d58769 5 bytes JMP 000000010067b780
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000773b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000773b1544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000773b18ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 00000000773b1ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000773b1bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000773b1d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000773b1e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000773b1f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 00000000773b2248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000773b26f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000773b2712 8 bytes {JMP 0x10}
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000773b276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000773b27d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000773b2b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 00000000773b2be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000773b30bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000773b3248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33 00000000773b37c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274 00000000773b38b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000773b3a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000773b3fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 00000000773b4061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000773b40d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000773b4216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000773b4254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000773b44c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000773b46ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 00000000773b4773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 00000000773b4867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 00000000773b4986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 00000000773b4ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 00000000773b4b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000773b4d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000773b4f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000773b5007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000773b51f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000773b6006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000773b61be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000773b63ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000773b63ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000773b6404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000773b645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 00000000773b6c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000773fdca0 8 bytes {JMP QWORD [RIP-0x478a2]}
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000773fde20 8 bytes {JMP QWORD [RIP-0x479ca]}
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000773fde50 8 bytes {JMP QWORD [RIP-0x47c98]}
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773fdf70 8 bytes {JMP QWORD [RIP-0x47b89]}
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000773fe020 8 bytes {JMP QWORD [RIP-0x47c7a]}
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773fe650 8 bytes {JMP QWORD [RIP-0x46b93]}
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000773fe8a0 8 bytes {JMP QWORD [RIP-0x472a2]}
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773ff100 8 bytes {JMP QWORD [RIP-0x484e0]}
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000725513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007255146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000725516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000725519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000725519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000072551a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[6428] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007719a3e0 7 bytes JMP 000000016fff0228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[6428] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000771a3f00 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[6428] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000771bfff0 5 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[6428] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771cf360 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[6428] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000771f9ab0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[6428] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077209540 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[6428] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077228860 1 byte JMP 000000016fff01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[6428] C:\Windows\system32\kernel32.dll!RegSetValueExA + 2 0000000077228862 5 bytes {JMP 0xfffffffff8dc7990}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[6428] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3b3460 7 bytes JMP 000007fffd3a00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[6428] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3ca590 6 bytes JMP 000007fffd3a0148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[6428] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3cac00 5 bytes JMP 000007fffd3a0180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[6428] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3cada0 5 bytes JMP 000007fffd3a0110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[6428] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe4c89e0 8 bytes JMP 000007fffd3a01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[6428] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe4cbe40 8 bytes JMP 000007fffd3a01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[6428] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd777490 11 bytes JMP 000007fffd3a0228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[6428] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd78bf00 7 bytes JMP 000007fffd3a0260
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6744] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3b3460 7 bytes JMP 000007fffd3a00d8
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6744] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3ca590 6 bytes JMP 000007fffd3a0148
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6744] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3cac00 5 bytes JMP 000007fffd3a0180
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6744] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3cada0 5 bytes JMP 000007fffd3a0110
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6744] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe4c89e0 8 bytes JMP 000007fffd3a01f0
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6744] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe4cbe40 8 bytes JMP 000007fffd3a01b8
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000773b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000773b1544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000773b18ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 00000000773b1ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000773b1bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000773b1d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000773b1e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000773b1f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 00000000773b2248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000773b26f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000773b2712 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000773b276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000773b27d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000773b2b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 00000000773b2be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000773b30bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000773b3248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33 00000000773b37c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274 00000000773b38b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000773b3a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000773b3fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 00000000773b4061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000773b40d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000773b4216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000773b4254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000773b44c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000773b46ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 00000000773b4773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 00000000773b4867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 00000000773b4986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 00000000773b4ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 00000000773b4b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000773b4d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000773b4f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000773b5007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000773b51f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000773b6006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000773b61be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000773b63ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000773b63ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000773b6404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000773b645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 00000000773b6c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000773fdca0 8 bytes {JMP QWORD [RIP-0x478a2]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000773fde20 8 bytes {JMP QWORD [RIP-0x479ca]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000773fde50 8 bytes {JMP QWORD [RIP-0x47c98]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773fdf70 8 bytes {JMP QWORD [RIP-0x47b89]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000773fe020 8 bytes {JMP QWORD [RIP-0x47c7a]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773fe650 8 bytes {JMP QWORD [RIP-0x46b93]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000773fe8a0 8 bytes {JMP QWORD [RIP-0x472a2]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773ff100 8 bytes {JMP QWORD [RIP-0x484e0]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000725513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007255146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000725516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000725519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000725519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000072551a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000773b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000773b1544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000773b18ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 00000000773b1ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000773b1bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000773b1d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000773b1e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000773b1f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 00000000773b2248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000773b26f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000773b2712 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000773b276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000773b27d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000773b2b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 00000000773b2be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000773b30bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000773b3248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33 00000000773b37c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274 00000000773b38b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000773b3a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000773b3fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 00000000773b4061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000773b40d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000773b4216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000773b4254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000773b44c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000773b46ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 00000000773b4773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 00000000773b4867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 00000000773b4986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
|
|
19.05.2015, 17:34
| #8 |
| | Windows 7: Internetprobleme nach VPN Verbindung mit Uni-Server Fortsetzung: (Ende) Code:
ATTFilter .text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 00000000773b4ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 00000000773b4b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000773b4d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000773b4f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000773b5007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000773b51f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000773b6006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000773b61be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000773b63ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000773b63ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000773b6404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000773b645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 00000000773b6c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000773fdca0 8 bytes {JMP QWORD [RIP-0x478a2]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000773fde20 8 bytes {JMP QWORD [RIP-0x479ca]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000773fde50 8 bytes {JMP QWORD [RIP-0x47c98]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773fdf70 8 bytes {JMP QWORD [RIP-0x47b89]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000773fe020 8 bytes {JMP QWORD [RIP-0x47c7a]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773fe650 8 bytes {JMP QWORD [RIP-0x46b93]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000773fe8a0 8 bytes {JMP QWORD [RIP-0x472a2]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773ff100 8 bytes {JMP QWORD [RIP-0x484e0]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000725513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007255146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000725516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000725519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000725519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000072551a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000773b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000773b1544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000773b18ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 00000000773b1ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000773b1bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000773b1d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000773b1e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000773b1f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 00000000773b2248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000773b26f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000773b2712 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000773b276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000773b27d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000773b2b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 00000000773b2be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000773b30bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000773b3248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33 00000000773b37c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274 00000000773b38b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000773b3a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000773b3fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 00000000773b4061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000773b40d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000773b4216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000773b4254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000773b44c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000773b46ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 00000000773b4773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 00000000773b4867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 00000000773b4986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 00000000773b4ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 00000000773b4b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000773b4d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000773b4f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000773b5007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000773b51f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000773b6006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000773b61be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000773b63ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000773b63ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000773b6404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000773b645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 00000000773b6c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000773fdca0 8 bytes {JMP QWORD [RIP-0x478a2]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000773fde20 8 bytes {JMP QWORD [RIP-0x479ca]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000773fde50 8 bytes {JMP QWORD [RIP-0x47c98]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773fdf70 8 bytes {JMP QWORD [RIP-0x47b89]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000773fe020 8 bytes {JMP QWORD [RIP-0x47c7a]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773fe650 8 bytes {JMP QWORD [RIP-0x46b93]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000773fe8a0 8 bytes {JMP QWORD [RIP-0x472a2]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773ff100 8 bytes {JMP QWORD [RIP-0x484e0]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000725513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007255146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000725516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000725519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000725519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000072551a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\system32\wuauclt.exe[6660] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3b3460 7 bytes JMP 000007fffd3a00d8
.text C:\Windows\system32\wuauclt.exe[6660] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3ca590 6 bytes JMP 000007fffd3a0148
.text C:\Windows\system32\wuauclt.exe[6660] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3cac00 5 bytes JMP 000007fffd3a0180
.text C:\Windows\system32\wuauclt.exe[6660] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3cada0 5 bytes JMP 000007fffd3a0110
.text C:\Windows\system32\wuauclt.exe[6660] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd777490 11 bytes JMP 000007fffd3a0228
.text C:\Windows\system32\wuauclt.exe[6660] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd78bf00 7 bytes JMP 000007fffd3a0260
.text C:\Windows\system32\wuauclt.exe[6660] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe4c89e0 8 bytes JMP 000007fffd3a01f0
.text C:\Windows\system32\wuauclt.exe[6660] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe4cbe40 8 bytes JMP 000007fffd3a01b8
.text C:\Windows\explorer.exe[5320] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd777490 5 bytes JMP 000007fffb660060
.text C:\Windows\explorer.exe[5320] C:\Windows\system32\dwmapi.dll!DwmExtendFrameIntoClientArea 000007fefb673580 5 bytes JMP 000007fffb660010
.text C:\Windows\explorer.exe[5320] C:\Windows\system32\UIAutomationCore.dll!UiaReturnRawElementProvider 000007feea712dec 5 bytes JMP 000007fefb660028
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000773b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000773b1544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000773b18ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 00000000773b1ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000773b1bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000773b1d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000773b1e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000773b1f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 00000000773b2248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000773b26f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000773b2712 8 bytes {JMP 0x10}
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000773b276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000773b27d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000773b2b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 00000000773b2be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000773b30bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000773b3248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33 00000000773b37c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274 00000000773b38b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000773b3a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000773b3fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 00000000773b4061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000773b40d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000773b4216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000773b4254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000773b44c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000773b46ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 00000000773b4773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 00000000773b4867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 00000000773b4986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 00000000773b4ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 00000000773b4b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000773b4d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000773b4f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000773b5007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000773b51f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000773b6006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000773b61be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000773b63ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000773b63ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000773b6404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000773b645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 00000000773b6c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000773fdca0 8 bytes {JMP QWORD [RIP-0x478a2]}
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000773fde20 8 bytes {JMP QWORD [RIP-0x479ca]}
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000773fde50 8 bytes {JMP QWORD [RIP-0x47c98]}
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773fdf70 8 bytes {JMP QWORD [RIP-0x47b89]}
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000773fe020 8 bytes {JMP QWORD [RIP-0x47c7a]}
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773fe650 8 bytes {JMP QWORD [RIP-0x46b93]}
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000773fe8a0 8 bytes {JMP QWORD [RIP-0x472a2]}
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773ff100 8 bytes {JMP QWORD [RIP-0x484e0]}
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000725513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007255146b 8 bytes {JMP 0xffffffffffffffb0}
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000725516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000725519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000725519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000072551a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076d51eee 7 bytes JMP 0000000166694b10
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076d55b85 7 bytes JMP 00000001666954b0
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076d613e1 7 bytes JMP 0000000166694e50
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076d6ea15 7 bytes JMP 0000000166694b00
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076df8e84 7 bytes JMP 00000001666945c0
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076df8f09 5 bytes JMP 0000000166694670
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076df925f 5 bytes JMP 00000001666945d0
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a01d29 5 bytes JMP 0000000166694580
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a01dd7 5 bytes JMP 0000000166694540
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a02ab1 5 bytes JMP 0000000166694680
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a02d17 5 bytes JMP 0000000166694360
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007549e96b 5 bytes JMP 0000000166693b60
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007549eba5 5 bytes JMP 0000000166693b80
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000770a8a29 5 bytes JMP 0000000166693a40
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000770b4572 5 bytes JMP 00000001666942e0
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000770ce567 5 bytes JMP 0000000166694350
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000770f07d7 5 bytes JMP 0000000166693850
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077107a5c 5 bytes JMP 00000001666942d0
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000756f5ea5 5 bytes JMP 0000000166693a00
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075729d0b 5 bytes JMP 0000000166693990
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076891401 2 bytes JMP 76d7b1ef C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076891419 2 bytes JMP 76d7b31a C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076891431 2 bytes JMP 76df8f09 C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007689144a 2 bytes CALL 76d54885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768914dd 2 bytes JMP 76df8802 C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768914f5 2 bytes JMP 76df89d8 C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007689150d 2 bytes JMP 76df86f8 C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076891525 2 bytes JMP 76df8ac2 C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007689153d 2 bytes JMP 76d6fc78 C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076891555 2 bytes JMP 76d768bf C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007689156d 2 bytes JMP 76df8fc1 C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076891585 2 bytes JMP 76df8b22 C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007689159d 2 bytes JMP 76df86bc C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768915b5 2 bytes JMP 76d6fd11 C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768915cd 2 bytes JMP 76d7b2b0 C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768916b2 2 bytes JMP 76df8e84 C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768916bd 2 bytes JMP 76df8651 C:\Windows\syswow64\kernel32.dll
? C:\Windows\system32\mssprxy.dll [2644] entry point in ".rdata" section 0000000074c071e6
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000773b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000773b1544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000773b18ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 00000000773b1ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000773b1bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000773b1d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000773b1e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000773b1f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 00000000773b2248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000773b26f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000773b2712 8 bytes {JMP 0x10}
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000773b276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000773b27d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000773b2b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 00000000773b2be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000773b30bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000773b3248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33 00000000773b37c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274 00000000773b38b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000773b3a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000773b3fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 00000000773b4061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000773b40d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000773b4216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000773b4254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000773b44c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000773b46ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 00000000773b4773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 00000000773b4867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 00000000773b4986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 00000000773b4ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 00000000773b4b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000773b4d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000773b4f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000773b5007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000773b51f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000773b6006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000773b61be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000773b63ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000773b63ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000773b6404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000773b645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 00000000773b6c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000773fdca0 8 bytes {JMP QWORD [RIP-0x478a2]}
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000773fde20 8 bytes {JMP QWORD [RIP-0x479ca]}
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000773fde50 8 bytes {JMP QWORD [RIP-0x47c98]}
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773fdf70 8 bytes {JMP QWORD [RIP-0x47b89]}
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000773fe020 8 bytes {JMP QWORD [RIP-0x47c7a]}
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773fe650 8 bytes {JMP QWORD [RIP-0x46b93]}
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000773fe8a0 8 bytes {JMP QWORD [RIP-0x472a2]}
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773ff100 8 bytes {JMP QWORD [RIP-0x484e0]}
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000725513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007255146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000725516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000725519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000725519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000072551a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076d51eee 7 bytes JMP 0000000166694b10
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076d55b85 7 bytes JMP 00000001666954b0
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076d613e1 7 bytes JMP 0000000166694e50
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076d6ea15 7 bytes JMP 0000000166694b00
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076df8e84 7 bytes JMP 00000001666945c0
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076df8f09 5 bytes JMP 0000000166694670
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076df925f 5 bytes JMP 00000001666945d0
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a01d29 5 bytes JMP 0000000166694580
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a01dd7 5 bytes JMP 0000000166694540
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a02ab1 5 bytes JMP 0000000166694680
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a02d17 5 bytes JMP 0000000166694360
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007549e96b 5 bytes JMP 0000000166693b60
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007549eba5 5 bytes JMP 0000000166693b80
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000770a8a29 5 bytes JMP 0000000166693a40
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000770b4572 5 bytes JMP 00000001666942e0
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000770ce567 5 bytes JMP 0000000166694350
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000770f07d7 5 bytes JMP 0000000166693850
.text C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077107a5c 5 bytes JMP 00000001666942d0
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0cd292b85460
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0cd292b85460@40984e5004ce 0x75 0x01 0xAC 0x13 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0cd292b85460 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0cd292b85460@40984e5004ce 0x75 0x01 0xAC 0x13 ...
---- EOF - GMER 2.1 ----
|
|
20.05.2015, 06:55
| #9 |
| /// the machine /// TB-Ausbilder | Windows 7: Internetprobleme nach VPN Verbindung mit Uni-Server Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.05.2015, 09:12
| #10 |
| | MBAM.txt, ADWCleaner, JRT.txt MBAM.txt: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 20.05.2015 Suchlauf-Zeit: 09:39:39 Logdatei: mbam.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.05.20.01 Rootkit Datenbank: v2015.05.16.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Tim Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 360286 Verstrichene Zeit: 5 Min, 18 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 0 (Keine schädliche Elemente gefunden) Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 0 (Keine schädliche Elemente gefunden) Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Code:
ATTFilter # AdwCleaner v4.204 - Bericht erstellt 20/05/2015 um 09:52:04
# Aktualisiert 12/05/2015 von Xplode
# Datenbank : 2015-05-12.2 [Lokal]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : Tim - TIM-PC
# Gestarted von : D:\Users\Tim\Downloads\AdwCleaner_4.204.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
***** [ Internetbrowser ] *****
-\\ Internet Explorer v8.0.7601.17514
-\\ Mozilla Firefox v
-\\ Google Chrome v42.0.2311.152
*************************
AdwCleaner[R0].txt - [3475 Bytes] - [19/05/2015 11:19:45]
AdwCleaner[R1].txt - [1036 Bytes] - [19/05/2015 11:23:26]
AdwCleaner[R2].txt - [1155 Bytes] - [20/05/2015 09:51:41]
AdwCleaner[S0].txt - [3432 Bytes] - [19/05/2015 11:21:41]
AdwCleaner[S1].txt - [1096 Bytes] - [19/05/2015 11:23:50]
AdwCleaner[S2].txt - [1076 Bytes] - [20/05/2015 09:52:04]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1135 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.4 (05.19.2015:1)
OS: Windows 7 Professional x64
Ran by Tim on 20.05.2015 at 9:59:37,93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.05.2015 at 10:01:58,66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2015
Ran by Tim (administrator) on TIM-PC on 20-05-2015 10:06:38
Running from C:\Users\Tim\Desktop\Trojaner-Board
Loaded Profiles: Tim (Available profiles: Tim)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Corporation) D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() D:\Tobit Radio.fx\Server\rfx-server.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
() C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(EJIE Technology) D:\Programme\Clover\clover.exe
(Farbar) C:\Users\Tim\Desktop\Trojaner-Board\FRST64 (1).exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5672624 2013-03-26] (VIA)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3008824 2012-11-30] (Synaptics Incorporated)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2465088 2014-11-17] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation)
HKLM-x32\...\Run: [Sound Blaster Cinema] => D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe [711680 2012-11-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [BCSSync] => D:\Programme\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [488328 2014-09-04] (Autodesk Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\Run: [OfficeSyncProcess] => D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE [718720 2010-12-21] (Microsoft Corporation)
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\Run: [rfxsrvtray] => D:\Tobit Radio.fx\Client\rfx-tray.exe [1838872 2013-02-07] (Tobit.Software)
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [455392 2015-04-10] (Sony)
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\Policies\Explorer: []
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\MountPoints2: {570a12d5-bcd4-11e4-b996-0090f5f2dc8c} - G:\AutoRun.exe
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\MountPoints2: {570a12e0-bcd4-11e4-b996-0090f5f2dc8c} - G:\AutoRun.exe
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\MountPoints2: {bfdddd47-fd1e-11e4-a05f-0cd292b85460} - F:\startme.exe
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2014-11-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2014-11-13] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk [2014-03-19]
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\Hotkey.exe ()
Startup: C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-18]
ShortcutTarget: Dropbox.lnk -> C:\Users\Tim\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2014-09-16]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
AutoConfigURL: [S-1-5-21-2530768674-2421857465-2161656677-1000] => hxxp://www.hs-koblenz.de/proxy.pac
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000 -> {98942130-7CF9-46E5-831B-14D569129F80} URL = https://www.google.com/search?q={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-04-07] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: ExplorerWatcher Class -> {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} -> D:\Programme\Clover\TabHelper64.dll [2014-01-23] (EJIE Technology)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Programme\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-04-07] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Programme\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 172.18.240.1 172.18.240.1
FireFox:
========
FF ProfilePath: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\zrh3dtnu.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-17] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-17] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-07-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-07-16] (Intel Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-04-07] ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-04-07] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-04-07] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-04-07]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-04-07]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2015-04-07]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2015-04-07]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-04-07]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-18]
CHR Extension: (Google Docs) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-18]
CHR Extension: (Google Drive) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-18]
CHR Extension: (YouTube) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-18]
CHR Extension: (Google Search) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-18]
CHR Extension: (Kaspersky Protection) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-05-18]
CHR Extension: (Google Sheets) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-18]
CHR Extension: (Bookmark Manager) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-18]
CHR Extension: (Black carbon + silver metal) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lodhggoaglindpoejnjldimdlikkphph [2015-05-18]
CHR Extension: (Google Wallet) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-18]
CHR Extension: (Gmail) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-18]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [597896 2014-09-04] (Autodesk Inc.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-07-16] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-07-16] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; D:\Programme\Microsoft Office\Office14\GROOVE.EXE [31124344 2010-12-27] (Microsoft Corporation)
S2 mitsijm2014; C:\Program Files\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe [952608 2013-01-25] (Autodesk, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-11-17] (NVIDIA Corporation)
S3 Origin Client Service; D:\Programme\EA\Origin\OriginClientService.exe [1910640 2015-03-11] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-01-13] ()
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [46592 2013-05-29] () [File not signed]
R2 Radio.fx; D:\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] ()
S2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3377904 2013-07-17] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 3dxhid; C:\Windows\System32\DRIVERS\3dxhid.sys [38672 2014-11-07] (3Dconnexion SAM)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2015-04-07] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2015-04-07] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
S3 KMJHidMini; C:\Windows\System32\DRIVERS\3dxkmj.sys [18944 2013-10-08] (3Dconnextion Inc.) [File not signed]
S3 KMJShim; C:\Windows\System32\DRIVERS\3dxshim.sys [7168 2013-10-08] (3Dconnextion Inc.) [File not signed]
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [24848 2008-01-02] (IBM)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 SaiKA50A; C:\Windows\System32\DRIVERS\SaiKA50A.sys [147976 2009-09-14] (Saitek)
S3 SaiUA50A; C:\Windows\System32\DRIVERS\SaiUA50A.sys [41224 2009-09-14] (Saitek)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-30] (Synaptics Incorporated)
R3 VMfilt; C:\Windows\System32\drivers\VMfilt64.sys [25600 2009-07-30] (Creative Technology Ltd.)
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-20 10:02 - 2015-05-20 10:02 - 00001215 _____ () C:\Users\Tim\Desktop\AdwCleaner[S2].txt
2015-05-20 10:01 - 2015-05-20 10:01 - 00000598 _____ () C:\Users\Tim\Desktop\JRT.txt
2015-05-20 09:59 - 2015-05-20 09:59 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-TIM-PC-Windows-7-Professional-(64-bit).dat
2015-05-20 09:59 - 2015-05-20 09:59 - 00000000 ____D () C:\RegBackup
2015-05-20 09:46 - 2015-05-20 09:46 - 00001208 _____ () C:\Users\Tim\Desktop\mbam.txt
2015-05-20 09:37 - 2015-05-20 09:38 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-20 09:37 - 2015-05-20 09:37 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-20 09:37 - 2015-05-20 09:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-05-20 09:37 - 2015-05-20 09:37 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-05-20 09:37 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-20 09:37 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-20 09:37 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-19 14:42 - 2015-05-19 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-05-19 14:42 - 2015-05-19 14:42 - 00000000 ____D () C:\Program Files\7-Zip
2015-05-19 13:26 - 2015-05-20 10:06 - 00000000 ____D () C:\FRST
2015-05-19 13:25 - 2015-05-19 13:25 - 00000000 _____ () C:\Users\Tim\defogger_reenable
2015-05-19 13:19 - 2015-05-20 08:10 - 00000000 ____D () C:\Users\Tim\Desktop\Trojaner-Board
2015-05-19 13:12 - 2015-05-20 09:52 - 00000744 _____ () C:\Windows\PFRO.log
2015-05-19 13:01 - 2015-05-19 13:04 - 00000000 ____D () C:\Regdelnull (1)
2015-05-19 11:35 - 2015-05-19 11:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-19 11:19 - 2015-05-20 09:52 - 00000000 ____D () C:\AdwCleaner
2015-05-19 10:25 - 2015-05-20 09:52 - 00001355 _____ () C:\Windows\setupact.log
2015-05-19 10:25 - 2015-05-19 10:25 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-19 10:25 - 2015-05-19 10:22 - 00411661 _____ () C:\Users\Tim\Desktop\Borduhr.CATPart
2015-05-18 21:30 - 2015-05-19 11:29 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-18 12:46 - 2015-05-19 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-18 12:44 - 2015-05-20 09:56 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-18 12:44 - 2015-05-20 09:52 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-18 12:44 - 2015-05-19 13:51 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-18 12:44 - 2015-05-19 13:51 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-18 12:20 - 2015-05-18 12:20 - 00001409 _____ () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-05-18 12:20 - 2015-05-18 12:20 - 00001403 _____ () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-18 07:33 - 2015-05-19 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-05-18 07:33 - 2015-05-18 07:33 - 00000000 ____D () C:\ProgramData\Sony
2015-05-18 07:33 - 2015-05-18 07:33 - 00000000 ____D () C:\Program Files (x86)\Sony
2015-05-18 07:32 - 2015-05-18 07:32 - 28684424 _____ (Sony Mobile Communications ) C:\Users\Tim\AppData\Local\pcc.exe
2015-05-13 18:02 - 2015-05-18 20:58 - 00000000 ____D () C:\Users\Tim\Desktop\Backup HTC
2015-05-13 17:51 - 2015-05-13 17:51 - 00000000 ____D () C:\Users\Tim\AppData\Local\Macromedia
2015-05-05 20:21 - 2015-05-18 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funktionsplotter
2015-05-05 20:20 - 2015-05-05 20:20 - 00253952 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2015-05-05 20:20 - 2015-05-05 20:20 - 00074752 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2015-04-30 17:11 - 2015-04-30 17:16 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-30 17:11 - 2015-04-01 11:16 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-30 16:53 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-04-30 16:53 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2015-04-30 16:53 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-04-30 16:53 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-04-30 16:53 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-04-30 16:53 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-04-30 16:53 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2015-04-30 16:53 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2015-04-30 16:51 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-30 16:51 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-30 16:51 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-30 16:51 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-30 16:51 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-30 16:51 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-30 16:51 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-30 16:51 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-30 16:51 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-30 16:51 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-30 16:51 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-30 16:51 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-30 16:51 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-30 16:51 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-30 16:51 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-30 16:51 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-30 16:51 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-30 16:51 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-30 16:51 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-30 16:51 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-30 16:51 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-30 16:51 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-30 16:51 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-30 16:51 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-30 16:51 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-30 16:51 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-30 16:51 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-30 16:51 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-04-30 16:51 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-04-30 16:51 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-04-30 16:51 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 02644992 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-04-30 16:51 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-04-30 16:51 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-04-30 16:51 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-04-30 16:51 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-04-30 16:51 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-04-30 16:51 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-04-30 16:51 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-04-30 16:51 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-04-30 16:51 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-04-30 16:51 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-04-30 16:51 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-04-30 16:51 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 02135040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-04-30 16:51 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-04-30 16:51 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-04-30 16:51 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-04-30 16:51 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-04-30 16:51 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-04-30 16:51 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-04-30 16:51 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-04-30 16:51 - 2014-11-11 05:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-04-30 16:51 - 2014-11-11 04:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-04-30 16:51 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-04-30 16:51 - 2014-10-14 04:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-04-30 16:51 - 2014-07-17 04:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-04-30 16:51 - 2014-07-17 04:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-04-30 16:51 - 2014-07-17 04:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-04-30 16:51 - 2014-07-17 04:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-04-30 16:51 - 2014-07-17 04:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-04-30 16:51 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2015-04-30 16:51 - 2014-07-17 03:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-04-30 16:51 - 2014-07-17 03:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-04-30 16:51 - 2014-07-17 03:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-04-30 16:51 - 2014-07-17 03:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-04-30 16:51 - 2014-07-17 03:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-04-30 16:51 - 2014-06-28 02:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-04-30 16:51 - 2014-06-28 02:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-04-30 16:51 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2015-04-30 16:51 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2015-04-30 16:51 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2015-04-30 16:51 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2015-04-30 16:51 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2015-04-30 16:51 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2015-04-30 16:51 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2015-04-30 16:51 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2015-04-30 16:51 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2015-04-30 16:51 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2015-04-30 16:51 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2015-04-30 16:51 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2015-04-30 16:51 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2015-04-30 16:51 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-30 16:50 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-30 16:50 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-30 16:50 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-30 16:50 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-30 16:50 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-30 16:50 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-30 16:50 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-30 16:50 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-30 16:50 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-30 16:50 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-30 16:50 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-30 16:50 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-30 16:50 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-30 16:50 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-30 16:50 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-30 16:50 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-30 16:50 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-30 16:50 - 2015-02-26 05:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-04-30 16:50 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-30 16:50 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-04-30 16:50 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-04-30 16:50 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-04-30 16:50 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-04-30 16:50 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-04-30 16:50 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-04-30 16:50 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-04-30 16:50 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-04-30 16:50 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-04-30 16:50 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-04-30 16:50 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-04-30 16:50 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-04-30 16:50 - 2015-02-03 05:31 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-04-30 16:50 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-04-30 16:50 - 2015-02-03 05:12 - 01011200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-04-30 16:50 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-04-30 16:50 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-30 16:50 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-04-30 16:50 - 2014-12-19 05:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-04-30 16:50 - 2014-12-19 03:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-04-30 16:50 - 2014-12-11 19:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-04-30 16:50 - 2014-12-08 05:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-04-30 16:50 - 2014-12-08 04:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-04-30 16:50 - 2014-12-06 06:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-04-30 16:50 - 2014-12-06 05:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-04-30 16:50 - 2014-12-06 05:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-04-30 16:50 - 2014-10-25 03:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-04-30 16:50 - 2014-10-25 03:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-04-30 16:50 - 2014-10-18 04:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-04-30 16:50 - 2014-10-18 03:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-04-30 16:50 - 2014-09-04 07:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-04-30 16:50 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2015-04-30 16:50 - 2014-08-12 04:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-04-30 16:50 - 2014-08-12 03:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-04-30 16:50 - 2014-06-19 00:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-04-30 16:50 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-04-30 16:50 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2015-04-30 16:50 - 2014-06-19 00:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-04-30 16:50 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2015-04-30 16:50 - 2014-06-19 00:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-04-30 16:50 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2015-04-30 16:50 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2015-04-30 16:50 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-04-30 16:50 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-04-30 16:50 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2015-04-30 16:50 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-04-30 16:50 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-04-30 16:50 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-04-30 16:50 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-04-30 16:50 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-04-30 16:50 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-04-30 16:50 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-04-30 16:50 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-04-30 16:50 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-04-30 16:50 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-04-30 16:50 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-04-30 16:50 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-04-30 16:50 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-04-30 16:50 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-04-30 16:50 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-04-30 16:50 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-04-30 16:50 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-04-30 16:50 - 2012-10-03 19:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-04-30 16:50 - 2012-10-03 19:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-04-30 16:43 - 2015-02-04 05:16 - 00392192 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-04-30 16:43 - 2015-02-04 04:54 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-04-30 16:43 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-04-30 16:42 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-04-29 12:08 - 2015-04-29 12:14 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\PDF Architect 3
2015-04-29 12:07 - 2015-05-19 12:06 - 00000000 ____D () C:\ProgramData\PDF Architect 3
2015-04-29 11:56 - 2013-09-01 13:59 - 01103872 _____ () C:\Windows\SysWOW64\CBLCtlsU.ocx
2015-04-29 11:56 - 2013-07-13 13:15 - 00805376 _____ () C:\Windows\SysWOW64\EditCtlsU.ocx
2015-04-29 11:56 - 2013-07-12 23:57 - 00539648 _____ () C:\Windows\SysWOW64\LblCtlsU.ocx
2015-04-29 11:56 - 2013-04-05 14:55 - 00476160 _____ () C:\Windows\SysWOW64\TabStripCtlU.ocx
2015-04-29 11:56 - 2013-03-29 00:13 - 00645632 _____ () C:\Windows\SysWOW64\BtnCtlsU.ocx
2015-04-29 11:56 - 2013-03-03 15:37 - 01061888 _____ () C:\Windows\SysWOW64\ExLvwU.ocx
2015-04-29 08:36 - 2015-05-13 11:55 - 00017698 _____ () C:\Users\Tim\Desktop\Notenliste.xlsx
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-20 10:05 - 2014-03-19 20:54 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-05-20 10:00 - 2009-07-14 06:45 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-20 10:00 - 2009-07-14 06:45 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-20 09:58 - 2011-04-12 09:43 - 00699342 _____ () C:\Windows\system32\perfh007.dat
2015-05-20 09:58 - 2011-04-12 09:43 - 00149450 _____ () C:\Windows\system32\perfc007.dat
2015-05-20 09:58 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-20 09:56 - 2014-03-19 19:41 - 01398681 _____ () C:\Windows\WindowsUpdate.log
2015-05-20 09:52 - 2015-01-07 11:45 - 00000433 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-05-20 09:52 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-19 13:25 - 2014-03-19 19:41 - 00000000 ____D () C:\Users\Tim
2015-05-19 12:05 - 2015-03-10 20:21 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\DVDVideoSoft
2015-05-19 12:03 - 2015-02-12 21:22 - 00000000 ____D () C:\Program Files (x86)\AVS4YOU
2015-05-19 12:02 - 2014-03-20 16:19 - 00000000 ____D () C:\Users\Tim\AppData\Local\Akamai
2015-05-19 12:00 - 2014-12-08 09:39 - 00003262 _____ () C:\Windows\System32\Tasks\3DconnexionCreateProcess_3DxService.exe
2015-05-19 12:00 - 2014-04-09 11:00 - 00000000 ____D () C:\Program Files\Autodesk
2015-05-19 11:29 - 2014-09-30 08:51 - 00000000 ____D () C:\Program Files (x86)\Google
2015-05-19 11:29 - 2014-04-09 22:27 - 00000000 ____D () C:\Users\Tim\AppData\Local\Microsoft Help
2015-05-19 11:29 - 2014-04-09 22:13 - 00000000 ____D () C:\Users\Tim\AppData\Local\Autodesk,_Inc
2015-05-19 11:29 - 2014-04-09 22:09 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-05-19 11:29 - 2014-03-20 16:31 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Autodesk
2015-05-19 11:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2015-05-19 09:36 - 2015-04-15 09:07 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Nitro PDF
2015-05-19 07:34 - 2014-03-19 19:37 - 00000000 ____D () C:\Windows\Panther
2015-05-19 07:33 - 2015-04-18 17:17 - 00000080 _____ () C:\Users\Tim\AppData\Local剜捯獫慴慇敭屳呇⁁屖湥楴汴浥湥湩潦
2015-05-18 21:30 - 2014-04-12 13:52 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Dropbox
2015-05-18 21:23 - 2014-04-12 14:06 - 00000000 ___RD () C:\Users\Tim\Dropbox
2015-05-18 12:46 - 2014-03-19 21:04 - 00000000 ____D () C:\Users\Tim\AppData\Local\Google
2015-05-18 12:43 - 2014-03-19 21:03 - 00000000 ____D () C:\Users\Tim\AppData\Local\Deployment
2015-05-18 12:19 - 2015-03-10 14:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-18 12:12 - 2014-11-03 14:16 - 00007621 _____ () C:\Users\Tim\AppData\Local\Resmon.ResmonCfg
2015-05-18 11:59 - 2015-04-12 15:28 - 00000000 ____D () C:\Program Files (x86)\MathType
2015-05-18 11:59 - 2015-03-05 10:42 - 00000000 ____D () C:\ProgramData\FreePDF
2015-05-18 11:59 - 2015-03-05 10:42 - 00000000 ____D () C:\Program Files (x86)\FreePDF_XP
2015-05-18 07:33 - 2014-03-19 20:07 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-17 18:34 - 2014-09-17 07:38 - 00000000 ____D () C:\Users\Tim\Documents\Outlook-Dateien
2015-05-13 10:52 - 2014-04-09 11:00 - 00000000 ____D () C:\Users\Tim\AppData\Local\Autodesk
2015-05-13 10:52 - 2014-03-20 16:31 - 00000000 ____D () C:\ProgramData\Autodesk
2015-05-11 11:01 - 2015-03-16 10:00 - 00036330 _____ () C:\Users\Tim\Desktop\Kalender.xlsx
2015-05-06 13:17 - 2014-10-08 10:49 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Skype
2015-05-02 15:52 - 2014-04-09 12:29 - 00000000 ____D () C:\Users\Tim\Documents\Inventor
2015-05-02 14:32 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-05-01 17:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-30 18:51 - 2009-07-14 06:45 - 00537216 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-30 18:49 - 2015-04-12 11:54 - 00000000 ____D () C:\Program Files\Windows Journal
2015-04-30 18:49 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Defender
2015-04-30 18:49 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-04-30 18:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-04-30 18:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-04-30 18:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-30 18:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-04-30 18:08 - 2014-04-09 01:09 - 01593564 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
==================== Files in the root of some directories =======
2015-05-18 07:32 - 2015-05-18 07:32 - 28684424 _____ (Sony Mobile Communications ) C:\Users\Tim\AppData\Local\pcc.exe
2014-11-03 14:16 - 2015-05-18 12:12 - 0007621 _____ () C:\Users\Tim\AppData\Local\Resmon.ResmonCfg
2014-08-05 22:27 - 2014-09-12 09:33 - 0006991 _____ () C:\ProgramData\hpzinstall.log
Some content of TEMP:
====================
C:\Users\Tim\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3mmov4.dll
C:\Users\Tim\AppData\Local\Temp\Quarantine.exe
C:\Users\Tim\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-04 08:16
==================== End Of Log ============================
--- --- --- |
|
20.05.2015, 20:33
| #11 |
| /// the machine /// TB-Ausbilder | Windows 7: Internetprobleme nach VPN Verbindung mit Uni-ServerESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.05.2015, 08:51
| #12 |
| | Windows 7: Internetprobleme nach VPN Verbindung mit Uni-Server Guten Morgen! Der ESET-Scanner hat einige infizierte Dateien gefunden: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=5c54cbc063cca04c823230d92c42cb6f
# engine=23948
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-21 07:20:33
# local_time=2015-05-21 09:20:33 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1296 16777213 100 100 2618 36269115 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 1528067 183822683 0 0
# scanned=376044
# found=11
# cleaned=11
# scan_time=2032
sh=34AA6C24CE5A526BC0E7E57C36BFF26656D54797 ft=1 fh=1bde4a98e6bad6cd vn="Variante von Win32/DownloadGuide.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\avira-free-antivir.exe"
sh=E750C443A83F9B135B499E7917C5A93120384BB3 ft=1 fh=4eedbac881d1fc72 vn="Win32/DownWare.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\DTLite4491-0356.exe"
sh=CE9A0EB1748895D12D25223034E6B55059863240 ft=1 fh=3e92a1834760c140 vn="Variante von Win32/WinloadSDA.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\Dxtory-lnstall.exe"
sh=C9973F358FB3BEBB13DD1B1C3EB63C8F1D12946B ft=1 fh=c6cd0c57ade7db32 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\KaLoMa - CHIP-Installer.exe"
sh=4DBB24944C417DE1BDF419116B4590BF25BD8F9D ft=1 fh=160e5b36c5c9cf21 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\PDF24 Creator - CHIP-Installer.exe"
sh=1DC26BBEAFBAF69A274CAFE534156EACE3A49A8D ft=1 fh=07386e4897eae14b vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\PDFCreator-2_0_2-setup (1).exe"
sh=1DC26BBEAFBAF69A274CAFE534156EACE3A49A8D ft=1 fh=07386e4897eae14b vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\pdfcreator-2_0_2-setup.exe"
sh=F218CB4810038F0B9E1DAA6A8E73FA258D620A8C ft=1 fh=719afe2b4494447f vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\pdfcreator-2_1_1-setup.exe"
sh=02AE50CDA1DBDD4518963C1A9D7063C81E136309 ft=1 fh=691f2086075791c1 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\VLC media player 64 Bit - CHIP-Installer (1).exe"
sh=1AEEDC323FDDBADD2AF1962A8AEBF6035C93A765 ft=1 fh=89e1c64adff58b81 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\VLC media player 64 Bit - CHIP-Installer (2).exe"
sh=2B962DF0BE0E4FBAB81E77AFC253F82FB136253E ft=1 fh=c5f6a624e00f0cfa vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\VLC media player 64 Bit - CHIP-Installer.exe"
Code:
ATTFilter Results of screen317's Security Check version 1.001
Windows 7 Service Pack 1 x64 (UAC is enabled)
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 17.0.0.134
Google Chrome (42.0.2311.152)
````````Process Check: objlist.exe by Laurent````````
Kaspersky Lab Kaspersky Internet Security 15.0.0 avp.exe
Kaspersky Lab Kaspersky Internet Security 15.0.0 avpui.exe
Kaspersky Lab Kaspersky Internet Security 15.0.0 plugin-nm-server.exe
Kaspersky Lab Kaspersky Internet Security 15.0.0 klwtblfs.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2015
Ran by Tim (administrator) on TIM-PC on 21-05-2015 09:27:12
Running from C:\Users\Tim\Desktop\Trojaner-Board
Loaded Profiles: Tim (Available profiles: Tim)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(Microsoft Corporation) D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE
(Tobit.Software) D:\Tobit Radio.fx\Client\rfx-tray.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
() C:\Program Files (x86)\Hotkey\Hotkey.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Microsoft Corporation) D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Autodesk Inc.) C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
() D:\Tobit Radio.fx\Server\rfx-server.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(EJIE Technology) D:\Programme\Clover\clover.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Tim\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Farbar) C:\Users\Tim\Desktop\Trojaner-Board\FRST64 (1).exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5672624 2013-03-26] (VIA)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3008824 2012-11-30] (Synaptics Incorporated)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2465088 2014-11-17] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation)
HKLM-x32\...\Run: [Sound Blaster Cinema] => D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe [711680 2012-11-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [BCSSync] => D:\Programme\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [488328 2014-09-04] (Autodesk Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\Run: [OfficeSyncProcess] => D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE [718720 2010-12-21] (Microsoft Corporation)
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\Run: [rfxsrvtray] => D:\Tobit Radio.fx\Client\rfx-tray.exe [1838872 2013-02-07] (Tobit.Software)
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [455392 2015-04-10] (Sony)
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\Policies\Explorer: []
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\MountPoints2: {570a12d5-bcd4-11e4-b996-0090f5f2dc8c} - G:\AutoRun.exe
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\MountPoints2: {570a12e0-bcd4-11e4-b996-0090f5f2dc8c} - G:\AutoRun.exe
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\MountPoints2: {bfdddd47-fd1e-11e4-a05f-0cd292b85460} - F:\startme.exe
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2014-11-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2014-11-13] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk [2014-03-19]
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\Hotkey.exe ()
Startup: C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-18]
ShortcutTarget: Dropbox.lnk -> C:\Users\Tim\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2014-09-16]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
AutoConfigURL: [S-1-5-21-2530768674-2421857465-2161656677-1000] => hxxp://www.hs-koblenz.de/proxy.pac
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000 -> {98942130-7CF9-46E5-831B-14D569129F80} URL = https://www.google.com/search?q={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-04-07] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: ExplorerWatcher Class -> {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} -> D:\Programme\Clover\TabHelper64.dll [2014-01-23] (EJIE Technology)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Programme\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-04-07] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Programme\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 172.18.240.1 172.18.240.1
FireFox:
========
FF ProfilePath: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\zrh3dtnu.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-17] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-17] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-07-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-07-16] (Intel Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-04-07] ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-04-07] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-04-07] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-04-07]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-04-07]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2015-04-07]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2015-04-07]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-04-07]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-18]
CHR Extension: (Google Docs) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-18]
CHR Extension: (Google Drive) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-18]
CHR Extension: (YouTube) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-18]
CHR Extension: (Google Search) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-18]
CHR Extension: (Kaspersky Protection) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-05-18]
CHR Extension: (Google Sheets) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-18]
CHR Extension: (Bookmark Manager) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-18]
CHR Extension: (Black carbon + silver metal) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lodhggoaglindpoejnjldimdlikkphph [2015-05-18]
CHR Extension: (Google Wallet) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-18]
CHR Extension: (Gmail) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-18]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [597896 2014-09-04] (Autodesk Inc.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-07-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-07-16] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; D:\Programme\Microsoft Office\Office14\GROOVE.EXE [31124344 2010-12-27] (Microsoft Corporation)
R2 mitsijm2014; C:\Program Files\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe [952608 2013-01-25] (Autodesk, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-11-17] (NVIDIA Corporation)
S3 Origin Client Service; D:\Programme\EA\Origin\OriginClientService.exe [1910640 2015-03-11] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-01-13] ()
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [46592 2013-05-29] () [File not signed]
R2 Radio.fx; D:\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] ()
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3377904 2013-07-17] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 3dxhid; C:\Windows\System32\DRIVERS\3dxhid.sys [38672 2014-11-07] (3Dconnexion SAM)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2015-04-07] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2015-04-07] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
S3 KMJHidMini; C:\Windows\System32\DRIVERS\3dxkmj.sys [18944 2013-10-08] (3Dconnextion Inc.) [File not signed]
S3 KMJShim; C:\Windows\System32\DRIVERS\3dxshim.sys [7168 2013-10-08] (3Dconnextion Inc.) [File not signed]
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [24848 2008-01-02] (IBM)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 SaiKA50A; C:\Windows\System32\DRIVERS\SaiKA50A.sys [147976 2009-09-14] (Saitek)
R3 SaiUA50A; C:\Windows\System32\DRIVERS\SaiUA50A.sys [41224 2009-09-14] (Saitek)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-30] (Synaptics Incorporated)
R3 VMfilt; C:\Windows\System32\drivers\VMfilt64.sys [25600 2009-07-30] (Creative Technology Ltd.)
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-21 09:26 - 2015-05-21 09:26 - 00000882 _____ () C:\Users\Tim\Desktop\checkup.txt
2015-05-21 09:24 - 2015-05-21 08:41 - 00852630 _____ () C:\Users\Tim\Desktop\SecurityCheck.exe
2015-05-20 10:07 - 2015-05-20 10:07 - 00073993 _____ () C:\Users\Tim\Desktop\FRST.txt
2015-05-20 10:02 - 2015-05-20 10:02 - 00001215 _____ () C:\Users\Tim\Desktop\AdwCleaner[S2].txt
2015-05-20 10:01 - 2015-05-20 10:01 - 00000598 _____ () C:\Users\Tim\Desktop\JRT.txt
2015-05-20 09:59 - 2015-05-20 09:59 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-TIM-PC-Windows-7-Professional-(64-bit).dat
2015-05-20 09:59 - 2015-05-20 09:59 - 00000000 ____D () C:\RegBackup
2015-05-20 09:46 - 2015-05-20 09:46 - 00001208 _____ () C:\Users\Tim\Desktop\mbam.txt
2015-05-20 09:37 - 2015-05-20 09:38 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-20 09:37 - 2015-05-20 09:37 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-20 09:37 - 2015-05-20 09:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-05-20 09:37 - 2015-05-20 09:37 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-05-20 09:37 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-20 09:37 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-20 09:37 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-19 14:42 - 2015-05-19 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-05-19 14:42 - 2015-05-19 14:42 - 00000000 ____D () C:\Program Files\7-Zip
2015-05-19 13:26 - 2015-05-21 09:27 - 00000000 ____D () C:\FRST
2015-05-19 13:25 - 2015-05-19 13:25 - 00000000 _____ () C:\Users\Tim\defogger_reenable
2015-05-19 13:19 - 2015-05-20 08:10 - 00000000 ____D () C:\Users\Tim\Desktop\Trojaner-Board
2015-05-19 13:12 - 2015-05-20 09:52 - 00000744 _____ () C:\Windows\PFRO.log
2015-05-19 13:01 - 2015-05-19 13:04 - 00000000 ____D () C:\Regdelnull (1)
2015-05-19 11:35 - 2015-05-19 11:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-19 11:19 - 2015-05-20 09:52 - 00000000 ____D () C:\AdwCleaner
2015-05-19 10:25 - 2015-05-21 08:36 - 00001523 _____ () C:\Windows\setupact.log
2015-05-19 10:25 - 2015-05-19 10:25 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-19 10:25 - 2015-05-19 10:22 - 00411661 _____ () C:\Users\Tim\Desktop\Borduhr.CATPart
2015-05-18 21:30 - 2015-05-19 11:29 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-18 12:46 - 2015-05-19 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-18 12:44 - 2015-05-21 08:56 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-18 12:44 - 2015-05-21 08:37 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-18 12:44 - 2015-05-19 13:51 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-18 12:44 - 2015-05-19 13:51 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-18 12:20 - 2015-05-18 12:20 - 00001409 _____ () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-05-18 12:20 - 2015-05-18 12:20 - 00001403 _____ () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-18 07:33 - 2015-05-19 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-05-18 07:33 - 2015-05-18 07:33 - 00000000 ____D () C:\ProgramData\Sony
2015-05-18 07:33 - 2015-05-18 07:33 - 00000000 ____D () C:\Program Files (x86)\Sony
2015-05-18 07:32 - 2015-05-18 07:32 - 28684424 _____ (Sony Mobile Communications ) C:\Users\Tim\AppData\Local\pcc.exe
2015-05-13 18:02 - 2015-05-18 20:58 - 00000000 ____D () C:\Users\Tim\Desktop\Backup HTC
2015-05-13 17:51 - 2015-05-13 17:51 - 00000000 ____D () C:\Users\Tim\AppData\Local\Macromedia
2015-05-05 20:21 - 2015-05-18 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funktionsplotter
2015-05-05 20:20 - 2015-05-05 20:20 - 00253952 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2015-05-05 20:20 - 2015-05-05 20:20 - 00074752 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2015-04-30 17:11 - 2015-04-30 17:16 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-30 17:11 - 2015-04-01 11:16 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-30 16:53 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-04-30 16:53 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2015-04-30 16:53 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-04-30 16:53 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-04-30 16:53 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-04-30 16:53 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-04-30 16:53 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2015-04-30 16:53 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2015-04-30 16:51 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-30 16:51 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-30 16:51 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-30 16:51 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-30 16:51 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-30 16:51 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-30 16:51 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-30 16:51 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-30 16:51 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-30 16:51 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-30 16:51 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-30 16:51 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-30 16:51 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-30 16:51 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-30 16:51 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-30 16:51 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-30 16:51 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-30 16:51 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-30 16:51 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-30 16:51 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-30 16:51 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-30 16:51 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-30 16:51 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-30 16:51 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-30 16:51 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-30 16:51 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-30 16:51 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-30 16:51 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-04-30 16:51 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-04-30 16:51 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-04-30 16:51 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 02644992 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-04-30 16:51 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-04-30 16:51 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-04-30 16:51 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-04-30 16:51 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-04-30 16:51 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-04-30 16:51 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-04-30 16:51 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-04-30 16:51 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-04-30 16:51 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-04-30 16:51 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-04-30 16:51 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-04-30 16:51 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 02135040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-04-30 16:51 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-04-30 16:51 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-04-30 16:51 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-04-30 16:51 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-04-30 16:51 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-04-30 16:51 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-04-30 16:51 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-04-30 16:51 - 2014-11-11 05:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-04-30 16:51 - 2014-11-11 04:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-04-30 16:51 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-04-30 16:51 - 2014-10-14 04:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-04-30 16:51 - 2014-07-17 04:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-04-30 16:51 - 2014-07-17 04:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-04-30 16:51 - 2014-07-17 04:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-04-30 16:51 - 2014-07-17 04:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-04-30 16:51 - 2014-07-17 04:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-04-30 16:51 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2015-04-30 16:51 - 2014-07-17 03:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-04-30 16:51 - 2014-07-17 03:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-04-30 16:51 - 2014-07-17 03:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-04-30 16:51 - 2014-07-17 03:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-04-30 16:51 - 2014-07-17 03:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-04-30 16:51 - 2014-06-28 02:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-04-30 16:51 - 2014-06-28 02:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-04-30 16:51 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2015-04-30 16:51 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2015-04-30 16:51 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2015-04-30 16:51 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2015-04-30 16:51 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2015-04-30 16:51 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2015-04-30 16:51 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2015-04-30 16:51 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2015-04-30 16:51 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2015-04-30 16:51 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2015-04-30 16:51 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2015-04-30 16:51 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2015-04-30 16:51 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2015-04-30 16:51 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-30 16:50 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-30 16:50 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-30 16:50 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-30 16:50 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-30 16:50 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-30 16:50 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-30 16:50 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-30 16:50 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-30 16:50 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-30 16:50 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-30 16:50 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-30 16:50 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-30 16:50 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-30 16:50 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-30 16:50 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-30 16:50 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-30 16:50 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-30 16:50 - 2015-02-26 05:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-04-30 16:50 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-30 16:50 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-04-30 16:50 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-04-30 16:50 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-04-30 16:50 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-04-30 16:50 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-04-30 16:50 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-04-30 16:50 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-04-30 16:50 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-04-30 16:50 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-04-30 16:50 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-04-30 16:50 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-04-30 16:50 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-04-30 16:50 - 2015-02-03 05:31 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-04-30 16:50 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-04-30 16:50 - 2015-02-03 05:12 - 01011200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-04-30 16:50 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-04-30 16:50 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-30 16:50 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-04-30 16:50 - 2014-12-19 05:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-04-30 16:50 - 2014-12-19 03:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-04-30 16:50 - 2014-12-11 19:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-04-30 16:50 - 2014-12-08 05:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-04-30 16:50 - 2014-12-08 04:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-04-30 16:50 - 2014-12-06 06:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-04-30 16:50 - 2014-12-06 05:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-04-30 16:50 - 2014-12-06 05:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-04-30 16:50 - 2014-10-25 03:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-04-30 16:50 - 2014-10-25 03:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-04-30 16:50 - 2014-10-18 04:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-04-30 16:50 - 2014-10-18 03:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-04-30 16:50 - 2014-09-04 07:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-04-30 16:50 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2015-04-30 16:50 - 2014-08-12 04:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-04-30 16:50 - 2014-08-12 03:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-04-30 16:50 - 2014-06-19 00:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-04-30 16:50 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-04-30 16:50 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2015-04-30 16:50 - 2014-06-19 00:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-04-30 16:50 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2015-04-30 16:50 - 2014-06-19 00:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-04-30 16:50 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2015-04-30 16:50 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2015-04-30 16:50 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-04-30 16:50 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-04-30 16:50 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2015-04-30 16:50 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-04-30 16:50 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-04-30 16:50 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-04-30 16:50 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-04-30 16:50 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-04-30 16:50 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-04-30 16:50 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-04-30 16:50 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-04-30 16:50 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-04-30 16:50 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-04-30 16:50 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-04-30 16:50 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-04-30 16:50 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-04-30 16:50 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-04-30 16:50 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-04-30 16:50 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-04-30 16:50 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-04-30 16:50 - 2012-10-03 19:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-04-30 16:50 - 2012-10-03 19:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-04-30 16:43 - 2015-02-04 05:16 - 00392192 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-04-30 16:43 - 2015-02-04 04:54 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-04-30 16:43 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-04-30 16:42 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-04-29 12:08 - 2015-04-29 12:14 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\PDF Architect 3
2015-04-29 12:07 - 2015-05-19 12:06 - 00000000 ____D () C:\ProgramData\PDF Architect 3
2015-04-29 11:56 - 2013-09-01 13:59 - 01103872 _____ () C:\Windows\SysWOW64\CBLCtlsU.ocx
2015-04-29 11:56 - 2013-07-13 13:15 - 00805376 _____ () C:\Windows\SysWOW64\EditCtlsU.ocx
2015-04-29 11:56 - 2013-07-12 23:57 - 00539648 _____ () C:\Windows\SysWOW64\LblCtlsU.ocx
2015-04-29 11:56 - 2013-04-05 14:55 - 00476160 _____ () C:\Windows\SysWOW64\TabStripCtlU.ocx
2015-04-29 11:56 - 2013-03-29 00:13 - 00645632 _____ () C:\Windows\SysWOW64\BtnCtlsU.ocx
2015-04-29 11:56 - 2013-03-03 15:37 - 01061888 _____ () C:\Windows\SysWOW64\ExLvwU.ocx
2015-04-29 08:36 - 2015-05-13 11:55 - 00017698 _____ () C:\Users\Tim\Desktop\Notenliste.xlsx
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-21 09:22 - 2014-03-19 20:54 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-05-21 08:45 - 2009-07-14 06:45 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-21 08:45 - 2009-07-14 06:45 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-21 08:41 - 2014-03-19 19:41 - 01437745 _____ () C:\Windows\WindowsUpdate.log
2015-05-21 08:40 - 2011-04-12 09:43 - 00699342 _____ () C:\Windows\system32\perfh007.dat
2015-05-21 08:40 - 2011-04-12 09:43 - 00149450 _____ () C:\Windows\system32\perfc007.dat
2015-05-21 08:40 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-21 08:37 - 2015-01-07 11:45 - 00000433 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-05-21 08:36 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-19 13:25 - 2014-03-19 19:41 - 00000000 ____D () C:\Users\Tim
2015-05-19 12:05 - 2015-03-10 20:21 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\DVDVideoSoft
2015-05-19 12:03 - 2015-02-12 21:22 - 00000000 ____D () C:\Program Files (x86)\AVS4YOU
2015-05-19 12:02 - 2014-03-20 16:19 - 00000000 ____D () C:\Users\Tim\AppData\Local\Akamai
2015-05-19 12:00 - 2014-12-08 09:39 - 00003262 _____ () C:\Windows\System32\Tasks\3DconnexionCreateProcess_3DxService.exe
2015-05-19 12:00 - 2014-04-09 11:00 - 00000000 ____D () C:\Program Files\Autodesk
2015-05-19 11:29 - 2014-09-30 08:51 - 00000000 ____D () C:\Program Files (x86)\Google
2015-05-19 11:29 - 2014-04-09 22:27 - 00000000 ____D () C:\Users\Tim\AppData\Local\Microsoft Help
2015-05-19 11:29 - 2014-04-09 22:13 - 00000000 ____D () C:\Users\Tim\AppData\Local\Autodesk,_Inc
2015-05-19 11:29 - 2014-04-09 22:09 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-05-19 11:29 - 2014-03-20 16:31 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Autodesk
2015-05-19 11:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2015-05-19 09:36 - 2015-04-15 09:07 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Nitro PDF
2015-05-19 07:34 - 2014-03-19 19:37 - 00000000 ____D () C:\Windows\Panther
2015-05-19 07:33 - 2015-04-18 17:17 - 00000080 _____ () C:\Users\Tim\AppData\Local剜捯獫慴慇敭屳呇⁁屖湥楴汴浥湥湩潦
2015-05-18 21:30 - 2014-04-12 13:52 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Dropbox
2015-05-18 21:23 - 2014-04-12 14:06 - 00000000 ___RD () C:\Users\Tim\Dropbox
2015-05-18 12:46 - 2014-03-19 21:04 - 00000000 ____D () C:\Users\Tim\AppData\Local\Google
2015-05-18 12:43 - 2014-03-19 21:03 - 00000000 ____D () C:\Users\Tim\AppData\Local\Deployment
2015-05-18 12:19 - 2015-03-10 14:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-18 12:12 - 2014-11-03 14:16 - 00007621 _____ () C:\Users\Tim\AppData\Local\Resmon.ResmonCfg
2015-05-18 11:59 - 2015-04-12 15:28 - 00000000 ____D () C:\Program Files (x86)\MathType
2015-05-18 11:59 - 2015-03-05 10:42 - 00000000 ____D () C:\ProgramData\FreePDF
2015-05-18 11:59 - 2015-03-05 10:42 - 00000000 ____D () C:\Program Files (x86)\FreePDF_XP
2015-05-18 07:33 - 2014-03-19 20:07 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-17 18:34 - 2014-09-17 07:38 - 00000000 ____D () C:\Users\Tim\Documents\Outlook-Dateien
2015-05-13 10:52 - 2014-04-09 11:00 - 00000000 ____D () C:\Users\Tim\AppData\Local\Autodesk
2015-05-13 10:52 - 2014-03-20 16:31 - 00000000 ____D () C:\ProgramData\Autodesk
2015-05-11 11:01 - 2015-03-16 10:00 - 00036330 _____ () C:\Users\Tim\Desktop\Kalender.xlsx
2015-05-06 13:17 - 2014-10-08 10:49 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Skype
2015-05-02 15:52 - 2014-04-09 12:29 - 00000000 ____D () C:\Users\Tim\Documents\Inventor
2015-05-02 14:32 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-05-01 17:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-30 18:51 - 2009-07-14 06:45 - 00537216 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-30 18:49 - 2015-04-12 11:54 - 00000000 ____D () C:\Program Files\Windows Journal
2015-04-30 18:49 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Defender
2015-04-30 18:49 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-04-30 18:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-04-30 18:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-04-30 18:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-30 18:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-04-30 18:08 - 2014-04-09 01:09 - 01593564 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
==================== Files in the root of some directories =======
2015-05-18 07:32 - 2015-05-18 07:32 - 28684424 _____ (Sony Mobile Communications ) C:\Users\Tim\AppData\Local\pcc.exe
2014-11-03 14:16 - 2015-05-18 12:12 - 0007621 _____ () C:\Users\Tim\AppData\Local\Resmon.ResmonCfg
2014-08-05 22:27 - 2014-09-12 09:33 - 0006991 _____ () C:\ProgramData\hpzinstall.log
Some content of TEMP:
====================
C:\Users\Tim\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9nlf8n.dll
C:\Users\Tim\AppData\Local\Temp\Quarantine.exe
C:\Users\Tim\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-20 14:43
==================== End Of Log ============================
--- --- --- Die Symptome mit dem ca. 15 sekündigen Ladevorgang beim öffnen des Web-Browsers und die nicht herzustellende Verbindung zur Dropbox sind aber leider immer noch vorhanden. Dies hat vor ein paar Tagen alles noch einwandfrei funktioniert, daher bin ich ein wenig stutzig.  |
|
22.05.2015, 06:39
| #13 |
| /// the machine /// TB-Ausbilder | Windows 7: Internetprobleme nach VPN Verbindung mit Uni-Server Mit welchem Browser hast Du die Probleme? Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter D:\Downloads\avira-free-antivir.exe
D:\Downloads\DTLite4491-0356.exe
D:\Downloads\Dxtory-lnstall.exe
D:\Downloads\KaLoMa - CHIP-Installer.exe
D:\Downloads\PDF24 Creator - CHIP-Installer.exe
D:\Downloads\PDFCreator-2_0_2-setup (1).exe
D:\Downloads\pdfcreator-2_0_2-setup.exe
D:\Downloads\pdfcreator-2_1_1-setup.exe
D:\Downloads\VLC media player 64 Bit - CHIP-Installer (1).exe
D:\Downloads\VLC media player 64 Bit - CHIP-Installer (2).exe
D:\Downloads\VLC media player 64 Bit - CHIP-Installer.exe
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Downloadverhalten überdenken: CHIP-Installer - was ist das? - Anleitungen Du musst den Proxy auch komplett rausnehmen in den Einstellungen, wenn Du nicht in der UNI bist.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.05.2015, 07:36
| #14 |
| | Windows 7: Internetprobleme nach VPN Verbindung mit Uni-Server FRST Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Scan Tool (x64) Version: 21-05-2015
Ran by Tim at 2015-05-22 07:45:25 Run:1
Running from C:\Users\Tim\Desktop\Trojaner-Board
Loaded Profiles: Tim (Available profiles: Tim)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
D:\Downloads\avira-free-antivir.exe
D:\Downloads\DTLite4491-0356.exe
D:\Downloads\Dxtory-lnstall.exe
D:\Downloads\KaLoMa - CHIP-Installer.exe
D:\Downloads\PDF24 Creator - CHIP-Installer.exe
D:\Downloads\PDFCreator-2_0_2-setup (1).exe
D:\Downloads\pdfcreator-2_0_2-setup.exe
D:\Downloads\pdfcreator-2_1_1-setup.exe
D:\Downloads\VLC media player 64 Bit - CHIP-Installer (1).exe
D:\Downloads\VLC media player 64 Bit - CHIP-Installer (2).exe
D:\Downloads\VLC media player 64 Bit - CHIP-Installer.exe
Emptytemp:
*****************
"D:\Downloads\avira-free-antivir.exe" => File/Directory not found.
"D:\Downloads\DTLite4491-0356.exe" => File/Directory not found.
"D:\Downloads\Dxtory-lnstall.exe" => File/Directory not found.
"D:\Downloads\KaLoMa - CHIP-Installer.exe" => File/Directory not found.
"D:\Downloads\PDF24 Creator - CHIP-Installer.exe" => File/Directory not found.
"D:\Downloads\PDFCreator-2_0_2-setup (1).exe" => File/Directory not found.
"D:\Downloads\pdfcreator-2_0_2-setup.exe" => File/Directory not found.
"D:\Downloads\pdfcreator-2_1_1-setup.exe" => File/Directory not found.
"D:\Downloads\VLC media player 64 Bit - CHIP-Installer (1).exe" => File/Directory not found.
"D:\Downloads\VLC media player 64 Bit - CHIP-Installer (2).exe" => File/Directory not found.
"D:\Downloads\VLC media player 64 Bit - CHIP-Installer.exe" => File/Directory not found.
EmptyTemp: => Removed 456 MB temporary data.
The system needed a reboot.
==== End of Fixlog 07:45:36 ====
Nachdem ich die Probleme mit dem VPN festgestellt habe, hab' ich die Verbindung komplett ausgeschaltet. Welche Einstellungen genau muss ich denn noch ändern. Ich dachte ich hätte wieder alles auf den Ursprungszustand zurückgesetzt Wie bekomme ich denn die in dem verlinkten Artikel beschriebenen "Tools" wieder restlos entfernt? Sind Downloads auf Heise.de denn sauberer? |
|
22.05.2015, 20:03
| #15 |
| /// the machine /// TB-Ausbilder | Windows 7: Internetprobleme nach VPN Verbindung mit Uni-Server Solange Du keinen Downloadmanager nutzt sollten das passen. Systemsteuerung > Internetoptionen > Verbindungen > LAN Einstellungen > dort den Proxy raus.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 7: Internetprobleme nach VPN Verbindung mit Uni-Server |
| .dll, active, administrator, adware, akamai, appdata, blaster, browser, bytes, c:\windows, cache, ccleaner, code, computer, cpu, defender, desktop, dll, driver, eingefangen, einstellungen, engine, erfolgreich, explorer, explorer.exe, fehlermeldung, file, files, filter, flash player, folge, folgende, formation, fängt, generic, gmer, google, harddisk, helper, herstellen, hotkey, ics, ide, information, installation, installiert, intel, interne, internet, internet explorer, internetprobleme, internetverbindung, kaspersky, kernel, klick, microsoft, mozilla, neu, not, notebook, nvidia, office, pdf, probleme, programme, realtek, registry, rundll, scan, schädling, security, seite, server, service, service.exe, services, services.exe, software, sound, svchost.exe, system, system32, systemdatei, systemwiederherstellung, temp, treiber, udp, update, usb, verbindung, vpn, windows, windows 7, wuauclt.exe, überhaupt |
Linear-Darstellung
