| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Verdächtiges Element: Unknown process 2416Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.07.2015, 11:29
| #1 |
 |  Verdächtiges Element: Unknown process 2416 Hallo liebe Trojanerboard-Community, mein Antivirus (F-Secure) hat vor ein paar Tagen bei einem manuellen Scan ein verdächtiges Element gefunden: Unknown process 2416. Sollte ich mir deswegen Sorgen machen? Bei den bisherigen Scans (F-Secure, MBAM, Trend Micro Housecall, TDSSKiller) wurde nichts (mehr) gefunden und der Pc läuft eigentlich normal. (Allerdings betrachtet TDSSKiller die seltsamerweise nicht signierten Broadcom WLTRAY und WLTRYSVC.exe als Sicherheitsrisiko) Gruss Jerot Logs (aufgeteilt auf mehrere Posts, da sie ansonsten zu lang sind): FRST Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-07-2015
Ran by admin (administrator) on ADMIN-PC on 05-07-2015 11:48:28
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available Profiles: admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSHDLL64.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
() C:\Program Files\Corsair USB Headset\Customapp\Program\CAHS.exe
() C:\Program Files\Corsair USB Headset\Customapp\Program\CAHS.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fslauncher.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6470760 2012-05-15] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1175656 2012-05-11] (Realtek Semiconductor)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [7144960 2013-01-16] (Broadcom Corporation)
HKLM\...\Run: [CAHS1Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CAHS1.dll,CMICtrlWnd
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [F-Secure Hoster (45119)] => C:\Program Files (x86)\F-Secure\fshoster32.exe [187432 2014-02-19] (F-Secure Corporation)
HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE [310312 2014-10-14] (F-Secure Corporation)
HKU\S-1-5-21-2586655326-3906653631-2063846596-1000\...\Run: [Steam] => E:\Steam\steam.exe [2892992 2015-06-20] (Valve Corporation)
HKU\S-1-5-21-2586655326-3906653631-2063846596-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
HKU\S-1-5-21-2586655326-3906653631-2063846596-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2586655326-3906653631-2063846596-1000\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-2586655326-3906653631-2063846596-1000\...\MountPoints2: {8cf626a8-6012-11e2-ba8e-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-2586655326-3906653631-2063846596-1000\...\MountPoints2: {c13f0f34-5fdb-11e2-b63e-806e6f6e6963} - D:\setup.exe
HKU\S-1-5-21-2586655326-3906653631-2063846596-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-21] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-01-16]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2586655326-3906653631-2063846596-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp
BHO: Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https64.dll [2015-06-15] (F-Secure Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll [2015-06-15] (F-Secure Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4683DED9-1F33-466F-9BE9-40EB9011C123}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{96BC0138-6242-49DA-B98E-FA0E0CFD92E8}: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VLC\npvlc.dll [2012-12-16] (VideoLAN)
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{ecb89366-3694-4ebf-8b1d-65ac5e87c344}] - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https
FF Extension: Browsing Protection - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https [2014-12-12]
Chrome:
=======
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-03]
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-03]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-03]
CHR Extension: (Google Search) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-03]
CHR Extension: (Search by F-Secure) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkmikccifolokanfakbeadbmgchomeli [2014-12-07]
CHR Extension: (Browsing Protection by F-Secure) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2014-12-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Wallet) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-03]
CHR HKU\S-1-5-21-2586655326-3906653631-2063846596-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gkmikccifolokanfakbeadbmgchomeli] - C:\Program Files (x86)\F-Secure\apps\SafeSearch\Chrome\main.crx [2014-05-09]
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - C:/Program Files (x86)/F-Secure/apps/CCF_Scanning/bin/browser/install/fs_chrome_https/fs_chrome_https.crx [2014-11-27]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [233328 2012-01-23] (DTS, Inc)
R2 fshoster; C:\Program Files (x86)\F-Secure\fshoster32.exe [187432 2014-02-19] (F-Secure Corporation)
R3 FSMA; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE [216104 2014-10-14] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe [60456 2015-03-14] (F-Secure Corporation)
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1751096 2015-06-01] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6666808 2015-06-08] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-17] (NVIDIA Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-06-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-17] (NVIDIA Corporation)
S3 Origin Client Service; E:\Spiele\Origin\OriginClientService.exe [1931632 2015-05-23] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-01-29] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-01-29] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [5834752 2013-01-16] (Broadcom Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2011-11-03] (Broadcom Corporation.)
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-05-20] (Broadcom Corporation.)
R3 CorsairCAHS1; C:\Windows\System32\drivers\CAHS164.sys [1308160 2011-06-16] (C-Media Electronics Inc)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [208424 2015-06-08] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [71080 2015-06-08] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [55336 2015-05-29] ()
R3 fsni; C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\fsni64.sys [95784 2015-06-15] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13248 2013-06-24] ()
R3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE1200w764.sys [1254464 2011-03-29] (Broadcom Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46768 2015-06-17] (NVIDIA Corporation)
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
U2 TMAgent; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-05 10:53 - 2015-07-05 10:53 - 00183093 _____ C:\Users\admin\Desktop\GMER.log
2015-07-05 10:36 - 2015-07-05 11:48 - 00016278 _____ C:\Users\admin\Desktop\FRST.txt
2015-07-05 10:36 - 2015-07-05 10:38 - 00067346 _____ C:\Users\admin\Desktop\Addition.txt
2015-07-05 10:31 - 2015-07-05 10:31 - 02112512 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2015-07-05 10:31 - 2015-07-05 10:31 - 00380416 _____ C:\Users\admin\Downloads\Gmer-19357 (1).exe
2015-07-04 19:20 - 2015-07-04 19:24 - 00000000 ____D C:\Windows\pss
2015-07-04 19:10 - 2015-07-04 19:10 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\admin\Downloads\rkill (1).exe
2015-07-04 11:31 - 2015-07-04 19:23 - 00000000 ____D C:\Users\admin\Desktop\CCE
2015-07-04 11:28 - 2015-07-04 11:28 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\admin\Downloads\tdsskiller.exe
2015-07-04 11:23 - 2015-07-04 11:26 - 23732069 _____ C:\Users\admin\Downloads\cce_2.5.242177.201_x32.zip
2015-07-04 11:20 - 2015-07-04 11:23 - 25543261 _____ C:\Users\admin\Downloads\cce_2.5.242177.201_x64 (1).zip
2015-06-29 20:34 - 2015-06-29 20:37 - 25543261 _____ C:\Users\admin\Downloads\cce_2.5.242177.201_x64.zip
2015-06-29 19:36 - 2015-06-29 19:36 - 00000000 ____D C:\Program Files (x86)\ESET
2015-06-27 17:40 - 2015-06-27 18:12 - 300000000 _____ C:\Users\admin\Downloads\TW2EE_Patch-22.bin
2015-06-27 16:33 - 2015-06-27 17:05 - 300000000 _____ C:\Users\admin\Downloads\TW2EE_Patch-21.bin
2015-06-27 15:42 - 2015-06-27 16:14 - 300000000 _____ C:\Users\admin\Downloads\TW2EE_Patch-20.bin
2015-06-27 15:10 - 2015-06-27 15:42 - 300000000 _____ C:\Users\admin\Downloads\TW2EE_Patch-19.bin
2015-06-27 14:35 - 2015-06-27 15:07 - 300000000 _____ C:\Users\admin\Downloads\TW2EE_Patch-18.bin
2015-06-27 14:00 - 2015-06-27 14:32 - 300000000 _____ C:\Users\admin\Downloads\TW2EE_Patch-17.bin
2015-06-27 11:11 - 2015-06-27 11:43 - 300000000 _____ C:\Users\admin\Downloads\TW2EE_Patch-16.bin
2015-06-27 10:34 - 2015-06-27 11:06 - 300000000 _____ C:\Users\admin\Downloads\TW2EE_Patch-15.bin
2015-06-27 10:00 - 2015-06-27 10:33 - 300000000 _____ C:\Users\admin\Downloads\TW2EE_Patch-14.bin
2015-06-27 09:28 - 2015-06-27 10:00 - 300000000 _____ C:\Users\admin\Downloads\TW2EE_Patch-13.bin
2015-06-26 16:18 - 2015-06-26 16:50 - 300000000 _____ C:\Users\admin\Downloads\TW2EE_Patch-12.bin
2015-06-26 15:46 - 2015-06-26 16:18 - 300000000 _____ C:\Users\admin\Downloads\TW2EE_Patch-11.bin
2015-06-26 15:05 - 2015-06-26 15:37 - 300000000 _____ C:\Users\admin\Downloads\TW2EE_Patch-10.bin
2015-06-26 14:44 - 2015-06-26 14:44 - 00015143 _____ C:\Users\admin\AppData\Local\recently-used.xbel
2015-06-26 14:13 - 2015-06-26 14:46 - 300000000 _____ C:\Users\admin\Downloads\TW2EE_Patch-9.bin
2015-06-26 13:29 - 2015-06-26 13:29 - 00000000 ____D C:\Users\admin\AppData\Roaming\NVIDIA
2015-06-26 10:28 - 2015-06-26 10:28 - 00000000 ____D C:\Users\admin\AppData\Local\GWX
2015-06-25 17:32 - 2015-06-25 17:33 - 00000000 ____D C:\Users\admin\AppData\Local\NVIDIA
2015-06-25 17:32 - 2015-06-25 17:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-06-25 17:32 - 2015-06-17 11:10 - 42729104 _____ C:\Windows\system32\nvcompiler.dll
2015-06-25 17:32 - 2015-06-17 11:10 - 37748880 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-06-25 17:32 - 2015-06-17 11:10 - 30481552 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-06-25 17:32 - 2015-06-17 11:10 - 22947144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-06-25 17:32 - 2015-06-17 11:10 - 16145200 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-06-25 17:32 - 2015-06-17 11:10 - 15866992 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-06-25 17:32 - 2015-06-17 11:10 - 15224784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-06-25 17:32 - 2015-06-17 11:10 - 14497520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-06-25 17:32 - 2015-06-17 11:10 - 13263056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-06-25 17:32 - 2015-06-17 11:10 - 12855416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-06-25 17:32 - 2015-06-17 11:10 - 11831856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-06-25 17:32 - 2015-06-17 11:10 - 11011216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-06-25 17:32 - 2015-06-17 11:10 - 03395648 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-06-25 17:32 - 2015-06-17 11:10 - 02997544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-06-25 17:32 - 2015-06-17 11:10 - 02932368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-06-25 17:32 - 2015-06-17 11:10 - 02599752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-06-25 17:32 - 2015-06-17 11:10 - 01898128 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435330.dll
2015-06-25 17:32 - 2015-06-17 11:10 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-06-25 17:32 - 2015-06-17 11:10 - 01571696 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-06-25 17:32 - 2015-06-17 11:10 - 01567576 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-06-25 17:32 - 2015-06-17 11:10 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435330.dll
2015-06-25 17:32 - 2015-06-17 11:10 - 01320304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-06-25 17:32 - 2015-06-17 11:10 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-06-25 17:32 - 2015-06-17 11:10 - 01099992 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-06-25 17:32 - 2015-06-17 11:10 - 01060168 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-06-25 17:32 - 2015-06-17 11:10 - 01050768 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-06-25 17:32 - 2015-06-17 11:10 - 00982672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-06-25 17:32 - 2015-06-17 11:10 - 00975176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-06-25 17:32 - 2015-06-17 11:10 - 00938752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-06-25 17:32 - 2015-06-17 11:10 - 00503408 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-06-25 17:32 - 2015-06-17 11:10 - 00408392 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-06-25 17:32 - 2015-06-17 11:10 - 00407296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-06-25 17:32 - 2015-06-17 11:10 - 00364176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-06-25 17:32 - 2015-06-17 11:10 - 00204648 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-06-25 17:32 - 2015-06-17 11:10 - 00176904 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-06-25 17:32 - 2015-06-17 11:10 - 00155280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-06-25 17:32 - 2015-06-17 11:10 - 00150832 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-06-25 17:32 - 2015-06-17 11:10 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-06-25 17:32 - 2015-06-17 11:10 - 00112784 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-06-25 17:32 - 2015-06-17 11:10 - 00105288 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-06-25 17:32 - 2015-06-17 11:10 - 00061616 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-06-25 17:32 - 2015-06-17 11:10 - 00057520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-06-25 17:32 - 2015-06-17 11:10 - 00046768 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-06-25 17:32 - 2015-06-17 11:10 - 00040280 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-06-25 17:30 - 2015-06-25 17:32 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-25 17:30 - 2015-06-25 17:30 - 00000000 ____D C:\NVIDIA
2015-06-25 17:29 - 2015-06-17 08:48 - 06873232 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-06-25 17:29 - 2015-06-17 08:48 - 03492168 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-06-25 17:29 - 2015-06-17 08:48 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-06-25 17:29 - 2015-06-17 08:48 - 00937616 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-06-25 17:29 - 2015-06-17 08:48 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-06-25 17:29 - 2015-06-17 08:48 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-06-25 17:29 - 2015-06-02 16:11 - 04421614 _____ C:\Windows\system32\nvcoproc.bin
2015-06-25 12:34 - 2015-06-25 13:08 - 292264080 _____ (NVIDIA Corporation) C:\Users\admin\Downloads\353.30-desktop-win8-win7-winvista-64bit-international-whql.exe
2015-06-24 12:55 - 2014-09-05 04:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-06-24 12:55 - 2014-09-05 03:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-06-24 12:54 - 2014-12-11 19:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-06-24 12:49 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-06-24 12:49 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-06-24 12:49 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-06-24 12:49 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-06-24 12:49 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-06-24 12:49 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-06-24 12:49 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-06-24 12:49 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-06-24 12:49 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-06-24 12:49 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-06-24 12:49 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-06-24 12:49 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-06-24 12:49 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-06-24 12:49 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-06-24 12:49 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-06-24 12:47 - 2015-05-09 20:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-06-24 12:47 - 2015-05-09 05:27 - 03147776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-06-24 12:47 - 2015-05-09 05:27 - 02589184 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-06-24 12:47 - 2015-05-09 05:27 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-06-24 12:47 - 2015-05-09 05:27 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-06-24 12:47 - 2015-05-09 05:27 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-06-24 12:47 - 2015-05-09 05:27 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-06-24 12:47 - 2015-05-09 05:27 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-06-24 12:47 - 2015-05-09 05:26 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-06-24 12:47 - 2015-05-09 05:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-06-24 12:47 - 2015-05-09 05:26 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-06-24 12:47 - 2015-05-09 05:26 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-06-24 12:47 - 2015-05-09 05:14 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-06-24 12:47 - 2015-05-09 05:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-06-24 12:47 - 2015-05-09 05:14 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-06-24 12:47 - 2015-05-09 05:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-06-24 12:47 - 2015-05-09 05:13 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-06-24 12:47 - 2015-04-27 21:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-06-24 12:47 - 2015-04-27 21:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-06-24 12:47 - 2015-04-27 21:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-06-24 12:47 - 2015-04-27 21:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-06-24 12:47 - 2015-04-27 21:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-06-24 12:47 - 2015-04-27 21:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-06-24 12:47 - 2015-04-27 21:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-06-24 12:47 - 2015-04-27 21:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-06-24 12:47 - 2015-03-14 05:21 - 01632768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-06-24 12:47 - 2015-03-14 05:21 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-06-24 12:47 - 2015-03-14 05:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-06-24 12:47 - 2015-03-14 05:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-06-24 12:46 - 2015-01-09 05:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-06-24 12:46 - 2015-01-09 05:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-06-24 12:46 - 2015-01-09 05:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-06-24 12:46 - 2015-01-09 04:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-06-24 12:45 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-24 12:45 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-24 12:45 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-24 12:45 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-24 12:45 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-24 12:45 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-24 12:45 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-24 12:45 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-24 12:45 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-24 12:45 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-24 12:45 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-24 12:45 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-24 12:45 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-24 12:45 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-24 12:45 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-24 12:45 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-24 12:45 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-24 12:45 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-24 12:45 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-24 12:45 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-24 12:45 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-24 12:45 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-24 12:45 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-24 12:45 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-24 12:45 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-24 12:45 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-24 12:45 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-24 12:45 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-24 12:45 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-24 12:45 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-24 12:45 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-24 12:45 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-24 12:45 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-24 12:45 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-24 12:45 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-24 12:45 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-24 12:45 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-24 12:45 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-24 12:45 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-24 12:45 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-24 12:45 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-24 12:45 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-24 12:45 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-24 12:45 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-24 12:45 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-24 12:45 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-24 12:45 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-24 12:45 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-24 12:45 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-24 12:45 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-24 12:45 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-24 12:45 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-24 12:45 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-24 12:45 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-24 12:45 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-24 12:45 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-24 12:45 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-24 12:45 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-24 12:45 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-24 12:45 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-24 12:45 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-06-24 12:45 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-06-24 12:35 - 2015-06-24 12:35 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-06-24 12:35 - 2015-06-24 12:35 - 00000000 ___SD C:\Windows\system32\GWX
2015-06-24 12:33 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2015-06-24 12:33 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2015-06-24 12:33 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2015-06-24 12:33 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2015-06-24 12:33 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2015-06-24 12:33 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2015-06-24 12:33 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2015-06-24 12:33 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2015-06-24 12:33 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2015-06-24 12:33 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2015-06-24 11:40 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-06-24 11:40 - 2013-11-23 00:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-06-24 11:39 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-06-24 11:39 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-06-24 11:39 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-06-24 11:39 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-06-24 11:39 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-06-24 11:39 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-06-24 11:39 - 2013-09-08 04:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2015-06-24 11:39 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2015-06-24 11:39 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2015-06-24 11:39 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2015-06-24 11:33 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2015-06-24 11:33 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2015-06-24 11:31 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-06-24 11:31 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-06-24 11:31 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-06-24 11:31 - 2015-02-03 05:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-06-24 11:31 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-06-24 11:30 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-06-24 11:30 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-06-24 11:23 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2015-06-24 11:21 - 2015-06-24 11:21 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2015-06-24 11:21 - 2015-06-24 11:21 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2015-06-24 11:21 - 2015-06-24 11:21 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2015-06-24 11:21 - 2015-06-24 11:21 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2015-06-24 11:21 - 2015-06-24 11:21 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-06-24 11:21 - 2015-06-24 11:21 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-06-24 11:21 - 2015-06-24 11:21 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-06-24 11:21 - 2015-06-24 11:21 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2015-06-24 11:21 - 2015-06-24 11:21 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-06-24 11:21 - 2015-06-24 11:21 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-06-24 11:21 - 2015-06-24 11:21 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2015-06-24 11:21 - 2015-06-24 11:21 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2015-06-24 11:21 - 2015-06-24 11:21 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-06-24 11:21 - 2015-06-24 11:21 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2015-06-24 11:21 - 2015-06-24 11:21 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-06-24 11:21 - 2015-06-24 11:21 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-06-24 11:21 - 2015-06-24 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2015-06-24 11:21 - 2015-06-24 11:21 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-06-24 11:21 - 2015-06-24 11:21 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-06-24 11:21 - 2015-06-24 11:21 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-06-24 11:21 - 2015-06-24 11:21 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-06-24 11:21 - 2015-06-24 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2015-06-24 11:21 - 2015-06-24 11:21 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-06-24 11:21 - 2015-06-24 11:21 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-06-24 11:21 - 2015-06-24 11:21 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-06-24 11:21 - 2015-06-24 11:21 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-06-24 11:21 - 2015-06-24 11:21 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-06-24 11:21 - 2015-06-24 11:21 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2015-06-24 11:21 - 2015-06-24 11:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-06-24 11:21 - 2015-06-24 11:21 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-06-24 11:21 - 2015-06-24 11:21 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2015-06-24 11:21 - 2015-06-24 11:21 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-06-24 11:21 - 2015-06-24 11:21 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2015-06-24 11:21 - 2015-06-24 11:21 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-06-24 11:21 - 2015-06-24 11:21 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-06-24 11:21 - 2015-06-24 11:21 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2015-06-24 11:21 - 2015-06-24 11:21 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-06-24 11:21 - 2015-06-24 11:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2015-06-24 11:21 - 2015-06-24 11:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-06-24 11:21 - 2015-06-24 11:21 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-06-24 11:21 - 2015-06-24 11:21 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-06-24 11:21 - 2015-06-24 11:21 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2015-06-24 11:21 - 2015-06-24 11:21 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-06-24 11:21 - 2015-06-24 11:21 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2015-06-24 11:21 - 2015-06-24 11:21 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-06-24 11:21 - 2015-06-24 11:21 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-06-24 11:21 - 2015-06-24 11:21 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-06-24 11:21 - 2015-06-24 11:21 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-06-24 11:14 - 2015-06-24 11:23 - 00011802 _____ C:\Windows\IE11_main.log
2015-06-24 11:14 - 2015-06-24 11:14 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2015-06-24 11:14 - 2015-06-24 11:14 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-06-24 11:14 - 2015-06-24 11:14 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2015-06-24 11:14 - 2015-06-24 11:14 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2015-06-24 11:14 - 2015-06-24 11:14 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-06-24 11:14 - 2015-06-24 11:14 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2015-06-24 11:14 - 2015-06-24 11:14 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2015-06-24 11:14 - 2015-06-24 11:14 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2015-06-24 11:14 - 2015-06-24 11:14 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2015-06-24 11:14 - 2015-06-24 11:14 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-06-24 11:14 - 2015-06-24 11:14 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-06-24 11:14 - 2015-06-24 11:14 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2015-06-24 11:14 - 2015-06-24 11:14 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2015-06-24 11:14 - 2015-06-24 11:14 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2015-06-24 11:14 - 2015-06-24 11:14 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2015-06-24 11:14 - 2015-06-24 11:14 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2015-06-24 11:14 - 2015-06-24 11:14 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2015-06-24 11:14 - 2015-06-24 11:14 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-06-24 11:14 - 2015-06-24 11:14 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2015-06-24 11:14 - 2015-06-24 11:14 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2015-06-24 11:14 - 2015-06-24 11:14 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-06-24 11:14 - 2015-06-24 11:14 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-06-24 11:14 - 2015-06-24 11:14 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-06-24 11:14 - 2015-06-24 11:14 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-06-24 11:14 - 2015-06-24 11:14 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-06-24 11:14 - 2015-06-24 11:14 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-06-24 11:14 - 2015-06-24 11:14 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-06-24 11:14 - 2015-06-24 11:14 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-06-24 11:14 - 2015-06-24 11:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2015-06-24 11:14 - 2015-06-24 11:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2015-06-24 11:14 - 2015-06-24 11:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-06-24 11:14 - 2015-06-24 11:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-06-24 11:14 - 2015-06-24 11:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2015-06-24 11:14 - 2015-06-24 11:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-06-24 11:14 - 2015-06-24 11:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2015-06-24 11:14 - 2015-06-24 11:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-06-24 11:14 - 2015-06-24 11:14 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-06-24 11:14 - 2015-06-24 11:14 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-06-24 11:01 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2015-06-24 11:01 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2015-06-24 11:01 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2015-06-24 11:01 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2015-06-24 11:01 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2015-06-24 11:01 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2015-06-24 11:01 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2015-06-24 11:01 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2015-06-24 11:01 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2015-06-24 11:01 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2015-06-24 11:01 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2015-06-24 11:01 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2015-06-24 11:01 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2015-06-24 11:01 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2015-06-24 10:59 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-06-24 10:59 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-06-24 10:58 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2015-06-24 10:58 - 2013-07-12 12:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2015-06-24 10:58 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2015-06-24 10:57 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-24 10:56 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-06-24 10:56 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-06-24 10:56 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-06-24 10:56 - 2013-04-10 08:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2015-06-24 10:56 - 2011-02-03 13:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2015-06-24 10:55 - 2015-01-31 05:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-06-24 10:55 - 2015-01-31 05:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-06-24 10:55 - 2015-01-31 01:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-06-24 10:55 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-06-24 10:55 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-06-24 10:55 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-06-24 10:55 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-06-24 10:54 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-24 10:54 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-24 10:54 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-24 10:54 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-24 10:54 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-24 10:54 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-24 10:54 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-24 10:54 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-24 10:54 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-24 10:54 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-24 10:54 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-24 10:54 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-24 10:54 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-24 10:54 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-24 10:54 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-24 10:54 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-24 10:54 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-24 10:54 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-24 10:54 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-24 10:54 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-24 10:54 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-24 10:54 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-24 10:54 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-24 10:54 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-24 10:54 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-24 10:54 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-24 10:54 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-24 10:54 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-24 10:54 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-24 10:54 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-24 10:54 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-24 10:54 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-24 10:54 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-24 10:54 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-24 10:54 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-24 10:54 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-24 10:54 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-24 10:54 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-24 10:54 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-24 10:54 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-24 10:54 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-24 10:54 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-24 10:54 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-24 10:54 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-24 10:54 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-24 10:54 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-24 10:54 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-24 10:54 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-24 10:54 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-24 10:54 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-24 10:54 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-24 10:54 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-24 10:54 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-24 10:54 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-24 10:54 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-24 10:54 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-24 10:54 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-24 10:54 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-24 10:54 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-24 10:54 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-24 10:54 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-24 10:54 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-24 10:54 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-24 10:54 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-24 10:54 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-24 10:54 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-24 10:54 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-24 10:54 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-24 10:54 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-24 10:54 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-24 10:54 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-24 10:54 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-24 10:54 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-24 10:54 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-24 10:54 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-24 10:54 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-24 10:54 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-24 10:54 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-24 10:54 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-24 10:54 - 2014-12-06 06:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-06-24 10:54 - 2014-12-06 05:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-06-24 10:54 - 2014-12-06 05:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-06-24 10:54 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-06-24 10:54 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-06-24 10:35 - 2015-06-24 10:35 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-24 10:35 - 2015-06-24 10:35 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-24 10:19 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-06-24 10:19 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-06-24 10:19 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-06-24 10:19 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-06-24 10:19 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-06-24 10:19 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-06-24 10:19 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-06-24 10:19 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-06-24 10:19 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-06-24 10:19 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-06-24 10:19 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-06-24 10:19 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-06-24 10:19 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-06-24 10:19 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-06-24 10:19 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-06-24 10:19 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-06-24 10:19 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-06-24 10:19 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-06-24 10:19 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-06-24 10:19 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-06-24 10:19 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-06-24 10:19 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-06-24 10:19 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-06-24 10:19 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-06-24 10:19 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-06-24 10:19 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-06-24 10:19 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-06-24 10:19 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-06-24 10:19 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-06-24 10:19 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-06-24 10:19 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-06-24 10:19 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-06-24 10:19 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-06-24 10:19 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-06-24 10:19 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-06-24 10:19 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-06-24 10:19 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-06-24 10:19 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-06-24 10:19 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-06-24 10:19 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-06-24 10:19 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-06-24 10:19 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-06-24 10:19 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-06-24 10:19 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-06-24 10:19 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-06-24 10:19 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-06-24 10:19 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-06-24 10:19 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-06-24 10:19 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-06-24 10:19 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-06-24 10:19 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-06-24 10:19 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-06-24 10:19 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-06-24 10:19 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-06-24 10:19 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-06-24 10:19 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-06-24 10:19 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-06-24 10:19 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-06-24 10:19 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-06-24 10:19 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-06-24 10:19 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-06-24 10:19 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-06-24 10:19 - 2014-06-28 02:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-06-24 10:19 - 2014-06-28 02:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-06-24 10:16 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-24 10:16 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-24 10:16 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-24 10:16 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-24 10:16 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-24 10:16 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-24 10:16 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-24 10:16 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-24 10:16 - 2015-01-28 01:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-06-24 10:16 - 2013-12-04 04:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2015-06-24 10:16 - 2013-12-04 04:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2015-06-24 10:16 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2015-06-24 10:16 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2015-06-24 10:16 - 2013-12-04 04:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2015-06-24 10:16 - 2013-12-04 04:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2015-06-24 10:16 - 2013-12-04 04:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2015-06-24 10:16 - 2013-12-04 04:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2015-06-24 10:16 - 2013-12-04 04:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2015-06-24 10:16 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2015-06-24 10:16 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2015-06-24 10:16 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2015-06-24 10:16 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2015-06-24 10:16 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2015-06-24 10:16 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2015-06-24 10:16 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2015-06-24 10:16 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2015-06-24 10:16 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2015-06-24 10:13 - 2014-11-11 05:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-06-24 10:13 - 2014-11-11 04:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-06-24 10:12 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-06-24 10:12 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2015-06-24 10:11 - 2013-04-26 01:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2015-06-24 10:11 - 2013-04-01 00:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2015-06-24 10:10 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-24 10:10 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-24 10:10 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-24 10:10 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-24 10:10 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-24 10:10 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-24 10:10 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-24 10:10 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-24 10:10 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-24 10:10 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-24 10:09 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-06-24 10:09 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-06-24 10:09 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-06-24 10:08 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-06-24 10:08 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-06-24 10:08 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-06-24 10:08 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-06-24 10:08 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-06-24 10:08 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-06-24 10:08 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-06-24 10:08 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-06-24 10:08 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-06-24 10:08 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-06-24 10:07 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-24 10:07 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-24 10:07 - 2014-06-19 00:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-06-24 10:07 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-06-24 10:07 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2015-06-24 10:07 - 2014-06-19 00:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-06-24 10:07 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2015-06-24 10:07 - 2014-06-19 00:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-06-24 10:07 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-06-24 10:07 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-06-24 10:06 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-06-24 10:06 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-06-24 10:06 - 2014-12-19 05:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-06-24 10:06 - 2014-10-14 04:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-06-24 10:05 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-06-24 10:05 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-06-24 10:05 - 2014-12-19 03:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-06-24 10:05 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-06-24 10:05 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-06-24 10:05 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-06-24 10:05 - 2013-10-04 04:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2015-06-24 10:05 - 2013-10-04 04:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2015-06-24 10:05 - 2013-10-04 03:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2015-06-24 10:05 - 2013-10-04 03:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2015-06-24 10:03 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2015-06-24 10:03 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2015-06-24 10:02 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-06-24 10:02 - 2013-10-19 04:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2015-06-24 10:02 - 2013-10-19 03:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2015-06-24 10:02 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-06-24 10:02 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-06-24 10:02 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-06-24 10:02 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-06-24 10:01 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-24 10:01 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-06-24 10:01 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-06-24 10:01 - 2014-11-11 03:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-06-24 10:01 - 2014-11-08 05:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-06-24 10:01 - 2014-11-08 04:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-06-24 10:01 - 2014-10-30 04:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-06-24 10:01 - 2014-10-30 03:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-06-24 10:01 - 2014-10-03 04:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-06-24 10:01 - 2014-10-03 04:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-06-24 10:01 - 2014-10-03 04:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-06-24 10:01 - 2014-10-03 04:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-06-24 10:01 - 2014-10-03 04:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-06-24 10:01 - 2014-10-03 03:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-06-24 10:01 - 2014-10-03 03:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-06-24 10:01 - 2014-10-03 03:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-06-24 10:01 - 2014-10-03 03:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-06-24 10:01 - 2014-10-03 03:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-06-24 10:01 - 2013-10-04 04:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2015-06-24 10:01 - 2013-10-04 03:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2015-06-24 10:00 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-06-24 10:00 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-06-24 10:00 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-06-24 10:00 - 2014-11-26 05:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-06-24 10:00 - 2014-11-26 05:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-06-24 10:00 - 2014-09-04 07:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-06-24 10:00 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2015-06-24 10:00 - 2014-08-12 04:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-06-24 10:00 - 2014-08-12 03:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-06-24 10:00 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-06-24 10:00 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2015-06-24 10:00 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2015-06-24 10:00 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2015-06-24 10:00 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2015-06-24 10:00 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2015-06-24 10:00 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2015-06-24 10:00 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2015-06-24 10:00 - 2013-11-27 03:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-06-24 10:00 - 2013-11-27 03:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2015-06-24 10:00 - 2013-11-27 03:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2015-06-24 10:00 - 2013-11-27 03:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2015-06-24 10:00 - 2013-11-27 03:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2015-06-24 10:00 - 2013-11-27 03:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2015-06-24 10:00 - 2013-11-27 03:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2015-06-24 10:00 - 2013-10-30 04:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2015-06-24 10:00 - 2013-10-30 04:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2015-06-24 10:00 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2015-06-24 10:00 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2015-06-24 10:00 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2015-06-24 10:00 - 2013-04-26 07:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-06-24 10:00 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2015-06-24 10:00 - 2013-03-19 07:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2015-06-24 10:00 - 2013-02-12 06:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-06-24 09:52 - 2015-01-09 01:44 - 00419936 _____ C:\Windows\SysWOW64\locale.nls
2015-06-24 09:52 - 2015-01-09 01:43 - 00419936 _____ C:\Windows\system32\locale.nls
2015-06-24 09:49 - 2015-06-24 09:51 - 00000000 ____D C:\Windows\system32\MRT
2015-06-24 09:49 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-24 09:49 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-06-24 09:48 - 2015-06-24 09:48 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2015-06-24 09:47 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-06-24 09:47 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2015-06-24 09:47 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-06-24 09:47 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-06-24 09:47 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-06-24 09:47 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-06-24 09:47 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2015-06-24 09:47 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2015-06-24 09:18 - 2013-05-13 07:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2015-06-24 09:18 - 2013-05-13 05:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2015-06-24 09:18 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2015-06-24 09:18 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2015-06-24 09:17 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-06-24 09:17 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-06-24 09:17 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-06-24 09:17 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-06-24 09:17 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-06-24 09:17 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-06-24 09:17 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-06-24 09:17 - 2014-07-17 04:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-06-24 09:17 - 2014-07-17 04:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-06-24 09:17 - 2014-07-17 04:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-06-24 09:17 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2015-06-24 09:17 - 2014-07-17 03:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-06-24 09:17 - 2014-07-17 03:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-06-24 09:16 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-06-24 09:16 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-06-24 09:16 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-06-24 09:16 - 2014-12-08 05:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-06-24 09:16 - 2014-12-08 04:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-06-24 09:16 - 2014-10-14 04:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-06-24 09:16 - 2014-10-14 03:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-06-24 09:16 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-06-24 09:16 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-06-24 09:16 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-06-24 09:16 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-06-24 09:16 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-06-24 09:16 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2015-06-24 09:16 - 2013-10-12 04:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2015-06-24 09:16 - 2013-10-12 04:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2015-06-24 09:16 - 2013-10-12 04:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2015-06-24 09:16 - 2013-10-12 04:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2015-06-24 09:16 - 2013-10-12 03:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2015-06-24 09:16 - 2013-10-12 03:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2015-06-24 09:16 - 2013-10-12 03:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2015-06-24 09:16 - 2013-10-12 03:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2015-06-24 09:16 - 2013-02-27 07:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-06-24 09:16 - 2013-01-24 08:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2015-06-24 09:15 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-06-24 09:15 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-06-24 09:15 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-06-24 09:15 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-06-24 09:14 - 2013-10-12 04:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-06-24 09:14 - 2013-10-12 04:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-06-24 09:14 - 2013-10-12 04:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-06-24 09:14 - 2013-10-12 04:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-06-24 09:14 - 2013-10-12 04:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-06-23 10:47 - 2015-06-23 10:47 - 02870984 _____ (ESET) C:\Users\admin\Downloads\esetsmartinstaller_deu.exe
2015-06-23 10:30 - 2015-07-05 11:43 - 00002358 _____ C:\Users\admin\Desktop\Rkill.txt
2015-06-23 10:28 - 2015-06-23 10:28 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\admin\Downloads\iexplorer.exe
2015-06-23 10:25 - 2015-06-23 10:25 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\admin\Downloads\rkill.exe
2015-06-23 10:16 - 2015-06-24 13:29 - 00002750 _____ C:\Users\admin\Downloads\FSS.txt
2015-06-23 10:15 - 2015-06-23 10:15 - 00415232 _____ (Farbar) C:\Users\admin\Downloads\FSS.exe
2015-06-18 20:54 - 2015-06-18 20:54 - 00380416 _____ C:\Users\admin\Downloads\Gmer-19357.exe
2015-06-18 20:37 - 2015-07-05 11:48 - 00000000 ____D C:\FRST
2015-06-18 20:24 - 2014-10-25 03:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-06-18 20:24 - 2014-10-25 03:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-06-18 20:24 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-06-18 20:24 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2015-06-18 20:24 - 2013-05-10 07:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2015-06-18 20:24 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2015-06-18 18:27 - 2015-06-18 18:27 - 00000412 _____ C:\Windows\PFRO.log
2015-06-18 16:52 - 2015-06-18 16:52 - 00000748 _____ C:\Users\Public\Desktop\Freelancer Crossfire.lnk
2015-06-18 16:46 - 2015-06-18 16:46 - 00000878 _____ C:\Users\Public\Desktop\Freelancer Mod Manager.lnk
2015-06-18 16:46 - 2015-06-18 16:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freelancer Mod Manager
2015-06-18 16:41 - 2015-06-18 16:41 - 00000828 _____ C:\Users\Public\Desktop\Freelancer.lnk
2015-06-18 16:38 - 2015-06-18 16:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Games
2015-06-18 16:35 - 2015-07-05 11:44 - 00020641 _____ C:\Windows\setupact.log
2015-06-18 16:35 - 2015-06-18 16:35 - 00000000 _____ C:\Windows\setuperr.log
2015-06-18 15:38 - 2015-06-18 15:39 - 00011426 _____ C:\Users\admin\Documents\cc_20150618_153829.reg
2015-06-18 15:34 - 2015-07-05 11:46 - 01153863 _____ C:\Windows\WindowsUpdate.log
2015-06-17 18:30 - 2015-06-17 18:30 - 02167188 _____ C:\Users\admin\Downloads\Release.zip
2015-06-16 09:16 - 2015-06-16 09:16 - 00008086 _____ C:\Users\admin\Desktop\2.0 Crossfire Installation guide extended.txt
2015-06-15 13:41 - 2015-06-18 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossfire 2.0
2015-06-15 10:27 - 2015-06-15 10:59 - 300000000 _____ C:\Users\admin\Downloads\TW2EE_Patch-8.bin
2015-06-15 09:42 - 2015-06-15 10:14 - 300000000 _____ C:\Users\admin\Downloads\TW2EE_Patch-7.bin
2015-06-15 09:04 - 2015-06-15 09:36 - 300000000 _____ C:\Users\admin\Downloads\TW2EE_Patch-6.bin
2015-06-11 11:13 - 2015-06-11 11:45 - 300000000 _____ C:\Users\admin\Downloads\TW2EE_Patch-5.bin
2015-06-11 10:26 - 2015-06-11 10:58 - 300000000 _____ C:\Users\admin\Downloads\TW2EE_Patch-4.bin
2015-06-11 09:04 - 2015-06-11 09:36 - 300000000 _____ C:\Users\admin\Downloads\TW2EE_Patch-3.bin
2015-06-10 15:47 - 2015-06-10 16:20 - 300000000 _____ C:\Users\admin\Downloads\TW2EE_Patch-2.bin
2015-06-10 15:13 - 2015-06-10 15:45 - 298480384 _____ C:\Users\admin\Downloads\TW2EE_Patch-1.bin
2015-06-10 14:51 - 2015-06-10 14:51 - 01519109 _____ (CD Projekt RED ) C:\Users\admin\Downloads\TW2EE_Patch.exe
2015-06-09 21:56 - 2015-06-09 21:57 - 02283035 _____ C:\Users\admin\Downloads\Opportunist Armor - Main-20244-1-0.rar
2015-06-09 21:45 - 2015-06-09 21:45 - 00264902 _____ C:\Users\admin\Downloads\FSR_4-1-36-8886-4-1-36.zip
2015-06-09 21:38 - 2015-06-09 21:38 - 00008320 _____ C:\Users\admin\Downloads\No letterbox Patch-18514-2-0.zip
2015-06-09 21:29 - 2015-06-09 21:29 - 01669906 _____ C:\Users\admin\Downloads\The ENB of the Apocalypse 2.0-18514-2-0.zip
2015-06-09 21:21 - 2015-06-09 21:21 - 01976885 _____ C:\Users\admin\Downloads\enbseries_falloutnv_v0267.zip
2015-06-09 18:25 - 2015-06-09 18:25 - 00000704 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2015-06-09 18:25 - 2015-06-09 18:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2015-06-09 18:04 - 2015-06-09 18:04 - 06141776 _____ (Black Tree Gaming ) C:\Users\admin\Downloads\Nexus Mod Manager-0.55.3.exe
2015-06-09 14:53 - 2015-06-09 14:53 - 00000000 ____D C:\Users\admin\Documents\The Witcher 2
2015-06-09 14:53 - 2015-06-09 14:53 - 00000000 ____D C:\Users\admin\AppData\Local\The Witcher 2
2015-06-09 14:45 - 2015-06-09 14:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher 2
2015-06-09 14:45 - 2015-06-09 14:45 - 00000509 _____ C:\Users\Public\Desktop\Start The Witcher 2.lnk
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-05 11:44 - 2013-01-16 14:40 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-05 11:44 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-05 11:37 - 2013-01-16 14:40 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-05 11:05 - 2014-08-04 15:52 - 00362602 _____ C:\Users\admin\AppData\Local\census.cache
2015-07-05 11:05 - 2014-08-04 15:52 - 00123213 _____ C:\Users\admin\AppData\Local\ars.cache
2015-07-05 10:57 - 2011-04-12 09:43 - 00699416 _____ C:\Windows\system32\perfh007.dat
2015-07-05 10:57 - 2011-04-12 09:43 - 00149556 _____ C:\Windows\system32\perfc007.dat
2015-07-05 10:57 - 2009-07-14 07:13 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-05 10:35 - 2009-07-14 06:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-05 10:35 - 2009-07-14 06:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-29 20:05 - 2014-07-05 14:42 - 00000000 ____D C:\Windows\System32\Tasks\Aufgaben der Ereignisanzeige
2015-06-29 19:30 - 2013-03-24 23:28 - 00007609 _____ C:\Users\admin\AppData\Local\Resmon.ResmonCfg
2015-06-26 15:06 - 2014-01-13 15:29 - 00000000 ____D C:\Users\admin\.gimp-2.8
2015-06-26 10:02 - 2014-12-25 20:24 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-25 17:33 - 2014-04-12 11:43 - 00000000 ____D C:\Users\admin\AppData\Local\NVIDIA Corporation
2015-06-25 17:33 - 2013-01-16 15:20 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-06-25 17:32 - 2015-06-01 09:03 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-25 17:32 - 2013-01-16 15:20 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-06-25 17:32 - 2013-01-16 15:20 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-06-25 17:32 - 2013-01-16 14:45 - 00000000 ____D C:\Temp
2015-06-25 17:29 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Help
2015-06-25 12:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2015-06-24 17:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-24 12:50 - 2009-07-14 06:45 - 00280504 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-24 12:50 - 2009-07-14 05:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-24 12:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2015-06-24 12:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-24 11:26 - 2013-01-16 14:36 - 00001413 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-24 11:25 - 2013-01-16 21:25 - 00000000 ____D C:\Windows\Panther
2015-06-24 11:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2015-06-24 11:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2015-06-24 11:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-06-24 11:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\zh-HK
2015-06-24 11:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\tr-TR
2015-06-24 11:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Dism
2015-06-24 11:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-06-24 10:37 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-24 10:35 - 2011-04-12 09:55 - 00000000 ____D C:\Program Files\Windows Journal
2015-06-24 10:35 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2015-06-24 10:35 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-06-24 10:29 - 2013-09-11 16:30 - 01593956 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-06-23 08:38 - 2013-01-16 14:40 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-21 13:40 - 2015-05-03 00:09 - 00000000 ____D C:\Users\admin\Desktop\Neuer Ordner (3)
2015-06-21 13:39 - 2013-06-25 19:40 - 00000000 ____D C:\Users\admin\Documents\ArmA II Scripts & Tutorials
2015-06-20 16:22 - 2013-01-16 14:36 - 00000000 ____D C:\Users\admin\AppData\Local\VirtualStore
2015-06-18 18:28 - 2013-01-16 14:47 - 00059656 _____ C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-18 16:43 - 2013-03-08 18:48 - 00000000 ____D C:\Users\admin\Documents\My Games
2015-06-18 16:41 - 2013-01-26 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2015-06-18 15:45 - 2013-03-02 19:07 - 00000680 _____ C:\Windows\CAHS1.ini.imi
2015-06-18 15:28 - 2014-12-07 11:47 - 00000000 ____D C:\Program Files (x86)\F-Secure
2015-06-18 15:28 - 2013-01-16 14:36 - 00000000 ____D C:\Users\admin
2015-06-18 15:28 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2015-06-17 11:10 - 2012-10-10 22:23 - 17724600 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-06-17 11:10 - 2012-10-10 22:22 - 00030966 _____ C:\Windows\system32\nvinfo.pb
2015-06-09 18:31 - 2014-02-24 20:35 - 00000000 ____D C:\Users\admin\Documents\Nexus Mod Manager
2015-06-09 18:31 - 2013-06-14 21:14 - 00000000 ____D C:\Users\admin\AppData\Local\Fallout3
2015-06-09 18:28 - 2014-02-24 20:34 - 00000000 ____D C:\Users\admin\AppData\Local\Black_Tree_Gaming
2015-06-09 15:04 - 2015-06-01 12:51 - 00000000 ____D C:\Users\admin\Documents\The Witcher 3
2015-06-09 15:00 - 2015-06-01 10:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-06-09 14:09 - 2013-01-16 14:41 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-08 12:58 - 2015-06-01 12:51 - 00000000 ____D C:\Users\admin\AppData\Local\GalaxyCommunicationService
==================== Files in the root of some directories =======
2014-08-04 15:52 - 2015-07-05 11:05 - 0123213 _____ () C:\Users\admin\AppData\Local\ars.cache
2014-08-04 15:52 - 2015-07-05 11:05 - 0362602 _____ () C:\Users\admin\AppData\Local\census.cache
2014-08-04 15:36 - 2014-08-04 15:36 - 0000036 _____ () C:\Users\admin\AppData\Local\housecall.guid.cache
2015-06-26 14:44 - 2015-06-26 14:44 - 0015143 _____ () C:\Users\admin\AppData\Local\recently-used.xbel
2013-03-24 23:28 - 2015-06-29 19:30 - 0007609 _____ () C:\Users\admin\AppData\Local\Resmon.ResmonCfg
2008-02-05 14:28 - 2008-02-05 14:28 - 0000051 _____ () C:\Users\admin\AppData\Local\setup.txt
2014-08-11 21:37 - 2014-08-11 21:37 - 0000000 _____ () C:\Users\admin\AppData\Local\{F03FCEAC-5973-4679-80EC-0D2464B324BC}
2013-01-26 17:56 - 2013-01-26 17:56 - 0000057 _____ () C:\ProgramData\Ament.ini
Some files in TEMP:
====================
C:\Users\admin\AppData\Local\Temp\{52761052-BE54-439B-B33F-EFED8B3336D6}.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-24 17:26
==================== End of log ============================
|
|
05.07.2015, 11:30
| #2 |
| | Verdächtiges Element: Unknown process 2416 FRST Addition:[CODE]Additional
__________________FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:04-07-2015
Ran by admin at 2015-07-05 11:48:52
Running from C:\Users\admin\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
admin (S-1-5-21-2586655326-3906653631-2063846596-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-2586655326-3906653631-2063846596-500 - Administrator - Disabled)
Gast (S-1-5-21-2586655326-3906653631-2063846596-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2586655326-3906653631-2063846596-1003 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Computer Security (Enabled - Up to date) {15414183-282E-D62C-CA37-EF24860A2F17}
AS: Computer Security (Enabled - Up to date) {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.6.602.180 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Aliens versus Predator 2: Primal Hunt (HKLM-x32\...\{103B6835-DCA0-413F-A99E-ECAD6622726E}) (Version: - )
Aliens vs. Predator 2 (HKLM-x32\...\{3EF79591-BF16-4CF8-8FF0-D8AD968228B1}) (Version: - )
Aliens: Colonial Marines (HKLM-x32\...\Steam App 49540) (Version: - Gearbox Software)
Alternative Look for Yennefer (HKLM-x32\...\Alternative Look for Yennefer_is1) (Version: 1.0.0.0 - GOG.com)
ARMA 2 Operation Arrowhead Uninstall (HKLM-x32\...\ARMA 2 Operation Arrowhead) (Version: - )
ArmA 2 Uninstall (HKLM-x32\...\ArmA 2) (Version: - )
Arma: Gold Edition (HKLM-x32\...\Steam App 65780) (Version: - Bohemia Interactive)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
ASUS Product Register Program (HKLM-x32\...\{49BE9B8A-E858-4533-A74A-64306C13DB59}) (Version: 1.0.014 - ASUS)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23831 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - )
BattlEye Uninstall (HKLM-x32\...\BattlEye for A1) (Version: - )
BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version: - )
BattlEye Uninstall (HKLM-x32\...\BattlEye) (Version: - )
Beard and Hairstyle Set (HKLM-x32\...\Beard and Hairstyle Set_is1) (Version: 1.0.0.0 - GOG.com)
BioShock (HKLM-x32\...\Steam App 7670) (Version: - 2K Boston)
BioShock 2 (HKLM-x32\...\Steam App 8850) (Version: - 2K Marin)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version: - Irrational Games)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.5.3200 - Broadcom Corporation)
Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: 5.100.196.16 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Columbus Tree Mod 1.0 deutsch (HKLM-x32\...\Columbus Tree Mod) (Version: 1.0 deutsch - CycleDogg)
Computer Security 14.106.103.0 (release) (x32 Version: 14.106.103.0 - F-Secure Corporation) Hidden
Corsair USB Headset (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392DDDFB7}) (Version: 1.00.0007 - )
Crossfire 2.0 (HKU\S-1-5-21-2586655326-3906653631-2063846596-1000\...\Crossfire 2.0) (Version: 2.00.00.00 - SWAT-Portal)
Crossfire2.0 (remove only) (HKLM-x32\...\Crossfire) (Version: - )
Crusader Kings II (HKLM-x32\...\Steam App 203770) (Version: - Paradox Development Studio)
Diaspora version 1.0.4 (HKLM-x32\...\{1F5ABAAA-6D61-4FC1-A595-86CBA5517E7A}_is1) (Version: 1.0.4 - Diaspora Development)
Dreamfall Chapters (HKLM-x32\...\Steam App 237850) (Version: - Red Thread Games)
Dreamfall: The Longest Journey (HKLM-x32\...\Steam App 6300) (Version: - Funcom)
Elite Crossbow Set (HKLM-x32\...\Elite Crossbow Set_is1) (Version: 1.0.0.0 - GOG.com)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.05 - Ubisoft)
Freelancer (HKLM-x32\...\Freelancer 1.0) (Version: - )
F-Secure CCF Reputation (x32 Version: 1.1.25.2280 - F-Secure) Hidden
F-Secure CCF Scanning 1.51.111.300 (release) (x32 Version: 1.51.111.300 - F-Secure Corporation) Hidden
F-Secure Network CCF 1.02.136 (x32 Version: 1.02.136 - F-Secure Corporation) Hidden
F-Secure SafeSearch 1.03.146.0 (release) (x32 Version: 1.03.146.0 - F-Secure Corporation) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Grand Theft Auto III (HKLM-x32\...\Steam App 12100) (Version: - Rockstar Games)
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version: - Rockstar North)
Grand Theft Auto: Vice City (HKLM-x32\...\Steam App 12110) (Version: - Rockstar Games)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version: - Valve)
Hitman 2: Silent Assassin (HKLM-x32\...\Hitman 2: Silent Assassin) (Version: - Eidos Interactive)
Hitman Blood Money (HKLM-x32\...\{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}) (Version: 1.00.0000 - Eidos)
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version: - IO Interactive)
Hitman: Codename 47 version 1.2 (HKLM-x32\...\{A16EC86A-55AB-4311-BC72-E02C536AF7A1}_is1) (Version: 1.2 - Square Enix)
Hitman: Contracts (HKLM-x32\...\Hitman: Contracts) (Version: - Eidos)
Hitman: Sniper Challenge (HKLM-x32\...\Steam App 205930) (Version: - IO Interactive)
Homeworld Remastered Collection (HKLM-x32\...\Steam App 244160) (Version: - Gearbox Software)
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version: - Dennaton Games)
HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät (HKLM\...\{0A8BEF69-0DD7-4A8F-9AED-0CB91BEBCB58}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Imperium Galactica 2 (HKLM-x32\...\Imperium Galactica 2) (Version: - )
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) Network Connections 17.0.200.2 (HKLM\...\PROSetDX) (Version: 17.0.200.2 - Intel)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Internet Security (HKLM-x32\...\F-Secure ServiceEnabler 45119) (Version: 2.06.303.0 - F-Secure Corporation)
Internet Security (x32 Version: 2.06.303.0 - F-Secure Corporation) Hidden
Language patch (HKU\S-1-5-21-2586655326-3906653631-2063846596-1000\...\Language patch) (Version: - )
Lost Planet 3 (HKLM-x32\...\Steam App 226720) (Version: - Spark Unlimited)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Max Payne (HKLM-x32\...\Max Payne) (Version: 1.0.4.0 - Rockstar Games)
Max Payne 2 (HKLM-x32\...\Max Payne 2) (Version: 1.1.102.0 - Rockstar Games)
Medieval II Total War (HKLM-x32\...\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}) (Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Teutonic (HKLM-x32\...\{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}) (Version: 1.05.000 - SEGA)
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version: - THQ)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft StarLancer (HKLM-x32\...\StarLancer 1.0) (Version: - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version: - TaleWorlds Entertainment)
Napoleon: Total War (HKLM-x32\...\Steam App 34030) (Version: - The Creative Assembly)
Need for Speed Underground 2 (HKLM-x32\...\{909F8EBC-EC7F-48FF-0085-475D818F0F31}) (Version: - )
Network Addon Mod (HKU\S-1-5-21-2586655326-3906653631-2063846596-1000\...\Network Addon Mod) (Version: 32 - The NAM Team)
New Quest - Contract Missing Miners (HKLM-x32\...\New Quest - Contract Missing Miners_is1) (Version: 1.0.0.0 - GOG.com)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.55.3 - Black Tree Gaming)
Nilfgaardian Armor Set (HKLM-x32\...\Nilfgaardian Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
NVIDIA GeForce Experience 2.4.5.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.44 - NVIDIA Corporation)
NVIDIA Grafiktreiber 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.30 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Online Safety 2.107.2565.1702 (x32 Version: 2.107.2565.1702 - F-Secure Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.1.11.2678 - Electronic Arts, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6636 - Realtek Semiconductor Corp.)
S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005] (HKLM-x32\...\S.T.A.L.K.E.R. - Shadow of Chernobyl_is1) (Version: 1.0005 - THQ)
SC4 Mapper 2013 (HKU\S-1-5-21-2586655326-3906653631-2063846596-1000\...\SC4 Mapper 2013) (Version: - )
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.44 - NVIDIA Corporation) Hidden
SimCity 4 Deluxe (HKLM-x32\...\{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}) (Version: - )
Sins of a Solar Empire: Rebellion (HKLM-x32\...\Steam App 204880) (Version: - )
Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version: - United Front Games)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version: - Valve)
SpaceEngine Version 0.9.7.2 (HKLM-x32\...\{E65FD500-9218-44EC-9586-D39FAB4DFDAF}_is1) (Version: 0.9.7.2 - SpaceEngine)
Stalker Complete 2009 v1.4.4 (HKLM-x32\...\{Stalker Complete 2009 v1.4.4}}_is1) (Version: - )
Star Wars(TM): Knights of the Old Republic (TM) (HKLM-x32\...\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}) (Version: - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
Temerian Armor Set (HKLM-x32\...\Temerian Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
The Banner Saga (HKLM-x32\...\Steam App 237990) (Version: - Stoic)
The Bureau: XCOM Declassified (HKLM-x32\...\Steam App 65930) (Version: - 2K Marin)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Witcher (HKLM-x32\...\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}) (Version: 1.00.0000 - CD Projekt Red)
The Witcher 2 (HKLM-x32\...\{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}) (Version: 1.00.0000 - CD Projekt Red)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.0.4.0 - GOG.com)
Third Age - Total War 3.0 (Part 1of2) (HKU\S-1-5-21-2586655326-3906653631-2063846596-1000\...\Third Age - Total War 3.0 (Part 1of2)) (Version: - )
Third Age - Total War 3.0 (Part 2of2) (HKU\S-1-5-21-2586655326-3906653631-2063846596-1000\...\Third Age - Total War 3.0 (Part 2of2)) (Version: - )
Total War: ATTILA (HKLM-x32\...\Steam App 325610) (Version: - Creative Assembly)
Total War: ROME II (HKLM-x32\...\Steam App 214950) (Version: - Creative Assembly)
Uplay (HKLM-x32\...\Uplay) (Version: 4.5 - Ubisoft)
Vampire: The Masquerade - Bloodlines (HKLM-x32\...\Steam App 2600) (Version: - Troika Games)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WATCH_DOGS (HKLM-x32\...\Uplay Install 274) (Version: - Ubisoft)
WIDCOMM Bluetooth Software (HKLM\...\{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}) (Version: 6.5.0.3200 - Broadcom Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World In Conflict Editor (HKLM-x32\...\{7083067F-42F5-41AF-8422-E22EA391791C}) (Version: 1.2.1.0 - Massive Entertainment AB)
World in Conflict MW Mod 3.5 (HKU\S-1-5-21-2586655326-3906653631-2063846596-1000\...\World in Conflict MW Mod 3.5) (Version: - )
WORLD IN CONFLICT: SOVIET ASSAULT (HKLM-x32\...\{F11ADC64-C89E-47F4-A0B3-3665FF859397}) (Version: 1.0.1.1 - Ubisoft Entertainment)
X Rebirth (HKLM-x32\...\Steam App 2870) (Version: - Egosoft)
X3 Terran Conflict v3.2 (HKLM-x32\...\X3TerranConflict_is1) (Version: - EGOSOFT)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version: - Firaxis Games)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
18-06-2015 22:59:20 Windows Update
24-06-2015 09:47:36 Windows Update
24-06-2015 10:23:07 Windows Update
24-06-2015 11:12:51 Windows Update
24-06-2015 11:39:16 Windows Update
24-06-2015 12:35:35 Windows Update
24-06-2015 12:48:17 Windows Update
24-06-2015 12:55:48 Windows Update
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0644E23C-826E-452B-9D79-D71759E7C9D9} - System32\Tasks\{51F7C50E-DB2A-478C-87D0-2DC4A7177004} => pcalua.exe -a C:\Users\admin\Desktop\SC4\NetworkAddonMod_Setup_32_SFX.exe -d C:\Users\admin\Desktop\SC4
Task: {0E0BE1F8-3C3E-45C1-89B5-68DCF33023A6} - System32\Tasks\{F6EC153B-D534-43D7-8580-5B7C28A18BD7} => pcalua.exe -a "E:\Steam\SteamApps\common\Morrowind\Installer Files\MGSOOptionsAfterInstall.exe" -d "E:\Steam\SteamApps\common\Morrowind\Installer Files"
Task: {1174246C-C30D-4887-B015-71970760D2D4} - System32\Tasks\{4E4FF085-2174-4810-87A1-6F3779F30147} => pcalua.exe -a "G:\Game Patches and Zips\S.T.A.L.K.E.R. - Shadow of Chernobyl\stk-ww-1-3.exe" -d "G:\Game Patches and Zips\S.T.A.L.K.E.R. - Shadow of Chernobyl"
Task: {198340D4-8162-47AC-9684-D8DCD97800DE} - System32\Tasks\{03B42F16-413B-4440-9DF8-0F2DAD33618C} => pcalua.exe -a C:\Users\admin\Desktop\WiC\world_in_conflict_1.000_to_1.010_de.exe -d C:\Users\admin\Desktop\WiC
Task: {20416793-181D-4F53-863C-7AA49CF11AC6} - System32\Tasks\{B6FD0BC7-4E2A-4743-8CD8-62B7FE1B35EA} => pcalua.exe -a "G:\Game Patches and Zips\S.T.A.L.K.E.R. - Shadow of Chernobyl\stk_ww_10004.exe" -d "G:\Game Patches and Zips\S.T.A.L.K.E.R. - Shadow of Chernobyl"
Task: {364EA5DB-15D9-4634-84B2-DE9D770A2ADD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {43B2E5EB-5491-4A04-A5F5-CF9B6106E6DB} - System32\Tasks\{EACE7BC1-CB24-44A2-B937-B703F4FC8F8B} => pcalua.exe -a "C:\Program Files (x86)\Overwolf\OWUninstallMenu.exe" -d "C:\Program Files (x86)\Overwolf"
Task: {4C4B6E98-5A01-4E90-8A8B-DE729E75BA7E} - System32\Tasks\{F9339031-2AF0-4648-8904-36A585EB0C05} => E:\Spiele\Fallout New Vegas\FalloutNVLauncher.exe
Task: {4DB60BFB-04E2-4011-A6A3-5DF8D5ABD33F} - System32\Tasks\{CB84D875-58A7-40AF-953C-B807553D45D9} => pcalua.exe -a "E:\Spiele\SimCity 4 Deluxe\ExtraTransportation.exe" -d "E:\Spiele\SimCity 4 Deluxe"
Task: {53344E62-42CA-4D66-B818-2D3619F3665C} - System32\Tasks\{F87DB02F-F448-4295-9F9D-5B7377E127DE} => pcalua.exe -a "C:\Users\admin\Desktop\Nero MD5 Verifier.exe" -d C:\Users\admin\Desktop
Task: {54A5530F-F9D2-414F-ABFB-974AEC7C61D0} - System32\Tasks\{8259FA1E-BDDB-457C-99FC-695E26DB0795} => pcalua.exe -a C:\Users\admin\Downloads\FLMM1.5beta1Installer.exe -d C:\Users\admin\Downloads
Task: {742BA1A2-F64F-4640-A5E2-9C3E0ABC1195} - System32\Tasks\{690C34E6-C2A1-416C-B081-1084BF080BC5} => pcalua.exe -a "G:\Game Patches and Zips\S.T.A.L.K.E.R. - Shadow of Chernobyl\stk-WW-10001.exe" -d "G:\Game Patches and Zips\S.T.A.L.K.E.R. - Shadow of Chernobyl"
Task: {77B4D8F8-F1D6-4FA7-8DA7-4A8220484852} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {94281824-7BDA-4172-9556-424B9BCA8B9A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {98A83768-6F9F-4FDA-8EB4-C9768FB01C5A} - System32\Tasks\{6FD1609D-032F-46A5-9C35-B66A7FF59411} => pcalua.exe -a "G:\Game Patches and Zips\S.T.A.L.K.E.R. - Shadow of Chernobyl\stk-ww-10005.exe" -d "G:\Game Patches and Zips\S.T.A.L.K.E.R. - Shadow of Chernobyl"
Task: {99BBE345-947D-4B7D-A953-6613B61B2D9F} - System32\Tasks\{D08D2970-0037-442C-9C17-BCB61CF9E816} => pcalua.exe -a C:\Users\admin\Desktop\Total_War_Kingdoms_EnFrItGeSp\setup.exe -d C:\Users\admin\Desktop\Total_War_Kingdoms_EnFrItGeSp
Task: {AA853BA5-3D12-47B8-B435-3EC765803E4B} - System32\Tasks\{842F7716-5A7F-4C58-B4BD-45897CC70F2A} => pcalua.exe -a C:\Users\admin\Desktop\WiC\world_in_conflict_1.010_to_1.011_de.exe -d C:\Users\admin\Desktop\WiC
Task: {B1265437-CD33-496C-82C8-94A07F8B38A0} - System32\Tasks\{200AC437-EC38-410B-8C16-C503460609D9} => pcalua.exe -a D:\DE_Austria_Fallout_3_DLC.EXE -d D:\
Task: {B29433EF-F5A3-4614-B910-43E6E9A5F6F3} - System32\Tasks\{3D9D0E11-88EE-4BF4-B8CE-1889272CFEE6} => E:\Spiele\WORLD IN CONFLICT\wic.exe [2009-06-10] (Massive Entertainment)
Task: {B84523C1-128A-43A3-9889-66EDD7933C24} - System32\Tasks\{7ECBEFAF-6BF8-45E8-8D83-9153F25D8504} => pcalua.exe -a "F:\LaCie Setup\LaCie Setup.exe" -d "F:\LaCie Setup"
Task: {CD0C38D9-6D1E-44FD-9DD4-54D6F4AE3214} - System32\Tasks\{5CC5A032-4AF4-42DA-A45B-106CDED99685} => pcalua.exe -a C:\Users\admin\Desktop\TWEE_Upgrade\TWEE_Upgrade.exe -d C:\Users\admin\Desktop\TWEE_Upgrade
Task: {CDBBC71D-36D7-4647-A6A3-2A092613BFCE} - System32\Tasks\{F76C8011-6838-4890-9B7F-536691BABCC3} => pcalua.exe -a C:\Users\admin\Downloads\flmminstaller_v1.31.exe -d C:\Users\admin\Downloads
Task: {DA93C434-75D8-4F59-81B5-C918F1E2BEE4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {E85A486C-B79E-4F13-8D01-7EA7E27120A6} - System32\Tasks\{E9F2113F-B696-44C2-8D39-1AF8BAFDE507} => pcalua.exe -a C:\Users\admin\Desktop\TWEE_Upgrade\TWEE_German_language_pack.exe -d C:\Users\admin\Desktop\TWEE_Upgrade
Task: {F1B75800-1749-4646-BE28-B3C618FF4353} - System32\Tasks\{A1802F05-8587-442B-ADE3-7E188F7A24AB} => E:\Spiele\WORLD IN CONFLICT\wic.exe [2009-06-10] (Massive Entertainment)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2015-06-25 17:29 - 2015-06-17 08:48 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-29 16:31 - 2015-01-29 16:31 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2013-03-02 19:08 - 2011-09-28 17:29 - 00905216 ____N () C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE
2014-12-07 11:54 - 2014-10-14 17:33 - 00045608 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\FSAVHRES.eng
2014-02-19 14:56 - 2014-02-19 14:56 - 00220200 _____ () C:\Program Files (x86)\F-Secure\daas2.dll
2014-12-07 11:57 - 2014-12-07 11:57 - 00029224 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\hashlib_x86.dll
2014-12-07 11:54 - 2015-04-18 13:38 - 00175144 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Gemini\fsgem.dll
2015-06-25 17:32 - 2015-06-17 11:10 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2013-03-02 19:08 - 2011-04-19 15:56 - 00143360 ____N () C:\Program Files\Corsair USB Headset\customapp\program\VmixHS.dll
2014-12-07 11:54 - 2014-10-14 17:33 - 00056360 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FSGUI\fsavures.eng
2015-06-24 13:43 - 2015-06-24 13:43 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll
2013-01-16 14:50 - 2012-02-01 17:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-01-16 14:44 - 2012-02-07 18:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-12-07 11:47 - 2014-12-07 11:47 - 00592936 _____ () C:\Windows\WinSxS\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.482.79_none_b59ec33311fcd586\QtMultimediaKit1.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\51899850.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\52636247.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\84467776.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\51899850.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\52636247.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\84467776.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2586655326-3906653631-2063846596-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{4D188411-8434-4D08-8856-5A54798C4CF8}] => (Allow) C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Backgammon.exe
FirewallRules: [{A56922A6-A47D-4D02-9202-D58E289D1860}] => (Allow) C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Checkers.exe
FirewallRules: [{E1C4F4E9-70EA-44FF-9FD2-7DF85BFB07BB}] => (Allow) C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\Chess.exe
FirewallRules: [{49C9D6EE-D7BE-49F2-A5A3-EB164B9BE2E3}] => (Allow) C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\EasyChat.exe
FirewallRules: [{3DE13D86-13A4-428D-AEA1-D29E1D4F6A94}] => (Allow) C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\SeaBattle.exe
FirewallRules: [{051C2147-669D-4D5F-9CE6-AB163B096B08}] => (Allow) C:\Program Files\WIDCOMM\Bluetooth Software\EasyBits Games\TicTacToe.exe
FirewallRules: [TCP Query User{5611B4A0-2E4F-4128-B632-F0FF25F109D1}E:\spiele\world in conflict\wic.exe] => (Allow) E:\spiele\world in conflict\wic.exe
FirewallRules: [UDP Query User{408E368A-BEEB-424F-A86C-F4EBF587207D}E:\spiele\world in conflict\wic.exe] => (Allow) E:\spiele\world in conflict\wic.exe
FirewallRules: [TCP Query User{D8CB34D5-A793-4562-9ED9-AEAD1BBE44A3}E:\spiele\homeworld2\bin\release\homeworld2.exe] => (Allow) E:\spiele\homeworld2\bin\release\homeworld2.exe
FirewallRules: [UDP Query User{3230BBB3-B5FA-4D0D-B308-AEAF4BFB2E3A}E:\spiele\homeworld2\bin\release\homeworld2.exe] => (Allow) E:\spiele\homeworld2\bin\release\homeworld2.exe
FirewallRules: [TCP Query User{BD61C46F-0F26-43D9-B7AE-85BA265CCFCA}C:\windows\syswow64\dpnsvr.exe] => (Allow) C:\windows\syswow64\dpnsvr.exe
FirewallRules: [UDP Query User{ED3AACB6-FBD0-4864-B6AA-5B96039C0F73}C:\windows\syswow64\dpnsvr.exe] => (Allow) C:\windows\syswow64\dpnsvr.exe
FirewallRules: [{4549AC62-615E-4F27-A2E4-616BDB6CB0A9}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\FaxApplications.exe
FirewallRules: [{33A014C0-EE10-436B-BBC7-8B27F2C6BA18}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\DigitalWizards.exe
FirewallRules: [{D74D5FBD-660E-44C1-9B65-EDF16EBD8358}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\SendAFax.exe
FirewallRules: [{96C31739-7CDA-4A60-9ABC-1A24A4BCC8F9}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe
FirewallRules: [{B569FE17-E68D-4869-8ABC-2D52D726A180}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe
FirewallRules: [{7D483F62-BA16-4A07-BD8A-5533DD874CAD}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{D00FC6FE-B59B-4F2D-BE5D-0C64436E88A4}E:\spiele\sins of a solar empire\sins of a solar empire diplomacy.exe] => (Allow) E:\spiele\sins of a solar empire\sins of a solar empire diplomacy.exe
FirewallRules: [UDP Query User{6B24B2CF-DA22-40A1-A983-7F06B58318DD}E:\spiele\sins of a solar empire\sins of a solar empire diplomacy.exe] => (Allow) E:\spiele\sins of a solar empire\sins of a solar empire diplomacy.exe
FirewallRules: [TCP Query User{B7AE87EA-BB46-48B4-B7E7-2847D4FF9056}C:\program files (x86)\origin games\battlefield 3\bf3.exe] => (Allow) C:\program files (x86)\origin games\battlefield 3\bf3.exe
FirewallRules: [UDP Query User{FCDBC458-78E8-45D9-877E-143CD4C81697}C:\program files (x86)\origin games\battlefield 3\bf3.exe] => (Allow) C:\program files (x86)\origin games\battlefield 3\bf3.exe
FirewallRules: [TCP Query User{EBB5312B-C3D6-4223-9DD5-FD831ECB4469}E:\spiele\diaspora\fs2_open_diaspora_r1_debug.exe] => (Allow) E:\spiele\diaspora\fs2_open_diaspora_r1_debug.exe
FirewallRules: [UDP Query User{E382DC59-AEA6-429E-BC12-E51670124F0E}E:\spiele\diaspora\fs2_open_diaspora_r1_debug.exe] => (Allow) E:\spiele\diaspora\fs2_open_diaspora_r1_debug.exe
FirewallRules: [{944E703B-5C74-401B-A8F9-2800545E62C9}] => (Allow) E:\Spiele\WORLD IN CONFLICT\wic.exe
FirewallRules: [{C02459F8-E414-41DE-A35D-455C12A4F021}] => (Allow) E:\Spiele\WORLD IN CONFLICT\wic.exe
FirewallRules: [{D9B79652-83FD-4998-A95B-D8C0F0A29DD8}] => (Allow) E:\Spiele\WORLD IN CONFLICT\wic_online.exe
FirewallRules: [{CCB90544-B5B1-4267-9414-22FCD8C373DB}] => (Allow) E:\Spiele\WORLD IN CONFLICT\wic_online.exe
FirewallRules: [{A2A874B2-46A2-42DE-81FF-E4C21FF452A4}] => (Allow) E:\Spiele\WORLD IN CONFLICT\wic_ds.exe
FirewallRules: [{88A64DE1-2F2D-46C6-B547-C0E7BB1BABA6}] => (Allow) E:\Spiele\WORLD IN CONFLICT\wic_ds.exe
FirewallRules: [{C3C87A2C-D4A7-4E88-9EF9-1A0EA3996FCD}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{86F757AB-2E69-4581-9124-ADC534B16359}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [TCP Query User{7E0EB0B4-C3FF-4661-BB7A-1278D4CE1FE8}E:\spiele\diaspora\fs2_open_diaspora_r1.exe] => (Allow) E:\spiele\diaspora\fs2_open_diaspora_r1.exe
FirewallRules: [UDP Query User{10A955A1-3853-4424-8411-871B20597821}E:\spiele\diaspora\fs2_open_diaspora_r1.exe] => (Allow) E:\spiele\diaspora\fs2_open_diaspora_r1.exe
FirewallRules: [TCP Query User{F74E0154-A3E7-42A9-9246-4AB42CA19F97}E:\spiele\bethesda softworks\fallout 3\fallout3.exe] => (Allow) E:\spiele\bethesda softworks\fallout 3\fallout3.exe
FirewallRules: [UDP Query User{4455DCB7-E39C-4649-BB75-322D2E3B9DE1}E:\spiele\bethesda softworks\fallout 3\fallout3.exe] => (Allow) E:\spiele\bethesda softworks\fallout 3\fallout3.exe
FirewallRules: [{E606BB11-6256-4DA3-8E13-6A51426645C9}] => (Allow) E:\Spiele\Bohemia Interactive\ArmA 2\arma2.exe
FirewallRules: [{45D5DABD-ACF5-4B2E-8F25-6AE9E7896377}] => (Allow) E:\Spiele\Bohemia Interactive\ArmA 2\arma2.exe
FirewallRules: [{8C8A4D61-EA03-4C13-AEC2-747861D00769}] => (Allow) E:\Spiele\Bohemia Interactive\ArmA 2\arma2OA.exe
FirewallRules: [{8508C09B-5C65-40A8-B8B1-F4644557D11D}] => (Allow) E:\Spiele\Bohemia Interactive\ArmA 2\arma2OA.exe
FirewallRules: [{FDC80AB7-B777-446D-A8FD-53A2E7DFDC03}] => (Allow) E:\Steam\SteamApps\common\Sins of a Solar Empire Rebellion\Sins of a Solar Empire Rebellion.exe
FirewallRules: [{B2829E2C-FC25-4A2F-BAF8-2381E94B0BD2}] => (Allow) E:\Steam\SteamApps\common\Sins of a Solar Empire Rebellion\Sins of a Solar Empire Rebellion.exe
FirewallRules: [{1C0DC8D1-58D0-4C13-84DB-072EAA8E8DA0}] => (Allow) E:\Steam\SteamApps\common\Grand Theft Auto 3\gta3.exe
FirewallRules: [{6FCAEEB7-25C1-4BF1-AB42-4D32B64AC329}] => (Allow) E:\Steam\SteamApps\common\Grand Theft Auto 3\gta3.exe
FirewallRules: [{42C403AA-4387-4E44-870C-06457F8582E7}] => (Allow) E:\Steam\SteamApps\common\Grand Theft Auto Vice City\gta-vc.exe
FirewallRules: [{F736F50C-2093-4CC5-BB95-E65E4506CEB7}] => (Allow) E:\Steam\SteamApps\common\Grand Theft Auto Vice City\gta-vc.exe
FirewallRules: [{28357D1F-C72D-4F07-A59E-912FC4990C57}] => (Allow) E:\Steam\SteamApps\common\ARMA Gold\arma.exe
FirewallRules: [{C4545E36-2361-41B8-A5FF-197360091CE0}] => (Allow) E:\Steam\SteamApps\common\ARMA Gold\arma.exe
FirewallRules: [{822B772B-E6C8-4CF8-B133-8DF423EDF4C1}] => (Allow) E:\Spiele\Bethesda Softworks\Hunted\BINARIES\WIN32\P4DFTRE.DLL
FirewallRules: [{F5A67095-71BF-43E9-A914-5F7BDA773EEE}] => (Allow) E:\Spiele\Bethesda Softworks\Hunted\BINARIES\WIN32\P4DFTRE.DLL
FirewallRules: [TCP Query User{204C0633-D55B-455D-A577-7926BCC7DF7B}E:\lan2013\call of duty\codmp.exe] => (Allow) E:\lan2013\call of duty\codmp.exe
FirewallRules: [UDP Query User{A9371CC2-AC62-473D-BF2E-8AA6725250CA}E:\lan2013\call of duty\codmp.exe] => (Allow) E:\lan2013\call of duty\codmp.exe
FirewallRules: [TCP Query User{E905E5CD-343C-40DE-8E7C-CE12D1612DAA}E:\lan2013\call of duty\codmp.exe] => (Block) E:\lan2013\call of duty\codmp.exe
FirewallRules: [UDP Query User{F86CF155-3A5E-4394-8107-1640C9C21582}E:\lan2013\call of duty\codmp.exe] => (Block) E:\lan2013\call of duty\codmp.exe
FirewallRules: [TCP Query User{D2E0D858-4998-46A6-914E-2D58D17B1D20}E:\lan2013\call of duty modern warfare\setup\data\iw3mp.exe] => (Allow) E:\lan2013\call of duty modern warfare\setup\data\iw3mp.exe
FirewallRules: [UDP Query User{E4C558EF-483A-45F8-9C16-A7BAE142B803}E:\lan2013\call of duty modern warfare\setup\data\iw3mp.exe] => (Allow) E:\lan2013\call of duty modern warfare\setup\data\iw3mp.exe
FirewallRules: [{520D1DC9-618F-4E98-B438-8A6714090D2B}] => (Block) E:\lan2013\call of duty modern warfare\setup\data\iw3mp.exe
FirewallRules: [{565D3023-B4AF-4A48-8FB8-22D2C7DE47AE}] => (Block) E:\lan2013\call of duty modern warfare\setup\data\iw3mp.exe
FirewallRules: [TCP Query User{73655DD9-2390-4B89-B5C6-18EF29ED7F7D}E:\lan2013\killing floor\system\killingfloor.exe] => (Allow) E:\lan2013\killing floor\system\killingfloor.exe
FirewallRules: [UDP Query User{7D6384D6-7A47-4EB4-9F56-E2913D18B041}E:\lan2013\killing floor\system\killingfloor.exe] => (Allow) E:\lan2013\killing floor\system\killingfloor.exe
FirewallRules: [{24668E98-7B09-4C3E-AA0C-7C032F7A0EF4}] => (Block) E:\lan2013\killing floor\system\killingfloor.exe
FirewallRules: [{8F1D7106-5672-45FA-AF2B-5C0BFED1FF5C}] => (Block) E:\lan2013\killing floor\system\killingfloor.exe
FirewallRules: [TCP Query User{14D9C6B2-D2B2-4BCF-9F81-2586B3D9518C}E:\lan2013\age of empires\empires2.exe] => (Allow) E:\lan2013\age of empires\empires2.exe
FirewallRules: [UDP Query User{89A32DF7-630B-497A-95BE-A0315AB6EB87}E:\lan2013\age of empires\empires2.exe] => (Allow) E:\lan2013\age of empires\empires2.exe
FirewallRules: [{7D5E23BE-D02D-41E7-8202-50D678D53DDE}] => (Block) E:\lan2013\age of empires\empires2.exe
FirewallRules: [{FA6626B0-E798-4207-86AC-9777851DE24F}] => (Block) E:\lan2013\age of empires\empires2.exe
FirewallRules: [TCP Query User{B89CEFE6-1DBE-47E7-8B86-D918217705CD}E:\lan2013\age of empires\age2_x1\age2_x1.exe] => (Allow) E:\lan2013\age of empires\age2_x1\age2_x1.exe
FirewallRules: [UDP Query User{91F488EF-A19D-4360-BFA5-BFEC226FE80E}E:\lan2013\age of empires\age2_x1\age2_x1.exe] => (Allow) E:\lan2013\age of empires\age2_x1\age2_x1.exe
FirewallRules: [TCP Query User{25235F8E-2BA6-455F-A64A-2042CC1BBAB9}E:\lan2013\unreal tournament 3\binaries\ut3.exe] => (Allow) E:\lan2013\unreal tournament 3\binaries\ut3.exe
FirewallRules: [UDP Query User{B170BCA5-7B20-4E6B-910B-901D7AF32B46}E:\lan2013\unreal tournament 3\binaries\ut3.exe] => (Allow) E:\lan2013\unreal tournament 3\binaries\ut3.exe
FirewallRules: [TCP Query User{8E135139-8941-434A-B7E8-3A377C5F204D}E:\lan2013\call of duty world at war\codwawmp.exe] => (Allow) E:\lan2013\call of duty world at war\codwawmp.exe
FirewallRules: [UDP Query User{CABAC4F7-86CB-4458-A0C6-2B965863764D}E:\lan2013\call of duty world at war\codwawmp.exe] => (Allow) E:\lan2013\call of duty world at war\codwawmp.exe
FirewallRules: [TCP Query User{5D79D48C-2D97-468C-B123-6B9393F2F795}E:\lan2013\call of duty 2\cod2mp_s.exe] => (Allow) E:\lan2013\call of duty 2\cod2mp_s.exe
FirewallRules: [UDP Query User{86CF2504-F83D-4931-86E7-998ED5C30B7E}E:\lan2013\call of duty 2\cod2mp_s.exe] => (Allow) E:\lan2013\call of duty 2\cod2mp_s.exe
FirewallRules: [TCP Query User{EE42E452-BF48-4BDE-B42B-2A2E2C5B1154}E:\lan2013\unreal tournament 3\binaries\ut3.exe] => (Block) E:\lan2013\unreal tournament 3\binaries\ut3.exe
FirewallRules: [UDP Query User{BF2CEC2C-2FD7-4658-AC0C-86DE6231867D}E:\lan2013\unreal tournament 3\binaries\ut3.exe] => (Block) E:\lan2013\unreal tournament 3\binaries\ut3.exe
FirewallRules: [{2CEA7319-0FF0-4114-8F68-E38AD5A1A01E}] => (Allow) E:\Steam\SteamApps\common\Metro 2033\metro2033.exe
FirewallRules: [{28DB0AC6-A28C-487C-BCDD-898D58BBB0BA}] => (Allow) E:\Steam\SteamApps\common\Metro 2033\metro2033.exe
FirewallRules: [{09DFCBCA-A9E0-4B37-B807-1966EAC95B6E}] => (Allow) E:\Steam\SteamApps\common\SleepingDogs\HKShip.exe
FirewallRules: [{8C73AE79-D329-4111-892E-1147CF178A64}] => (Allow) E:\Steam\SteamApps\common\SleepingDogs\HKShip.exe
FirewallRules: [TCP Query User{2DD9358F-EFD0-4FD2-8E79-FE8591D67D18}E:\spiele\quake\darkplaces.exe] => (Allow) E:\spiele\quake\darkplaces.exe
FirewallRules: [UDP Query User{309BA90E-6A6C-4DF8-A16D-2C93A519183F}E:\spiele\quake\darkplaces.exe] => (Allow) E:\spiele\quake\darkplaces.exe
FirewallRules: [{B712DD18-271C-468D-8ED9-51923B4F454A}] => (Block) E:\spiele\quake\darkplaces.exe
FirewallRules: [{C7E320A9-6FF0-4E5E-A45A-491664AD08AA}] => (Block) E:\spiele\quake\darkplaces.exe
FirewallRules: [TCP Query User{44A2D0E7-E2FC-4AA7-8371-393DCCE4C409}E:\spiele\scourge of armagon\darkplaces.exe] => (Allow) E:\spiele\scourge of armagon\darkplaces.exe
FirewallRules: [UDP Query User{8348DBE9-CC39-46D8-9E4F-90C304760387}E:\spiele\scourge of armagon\darkplaces.exe] => (Allow) E:\spiele\scourge of armagon\darkplaces.exe
FirewallRules: [{A1F98FD0-DBE3-4B8E-8C59-095B1228CA37}] => (Block) E:\spiele\scourge of armagon\darkplaces.exe
FirewallRules: [{B58DE445-C569-4187-A509-6B7A42D3DB20}] => (Block) E:\spiele\scourge of armagon\darkplaces.exe
FirewallRules: [TCP Query User{B40AE834-1EA1-4E42-B8FA-C25E83CF3F38}E:\spiele\dissolution of eternity\darkplaces.exe] => (Allow) E:\spiele\dissolution of eternity\darkplaces.exe
FirewallRules: [UDP Query User{65FA332F-4274-44D6-AABA-FCD76AAD7D0A}E:\spiele\dissolution of eternity\darkplaces.exe] => (Allow) E:\spiele\dissolution of eternity\darkplaces.exe
FirewallRules: [{C72200CE-8934-4DB5-9C83-F8242A6C6D63}] => (Block) E:\spiele\dissolution of eternity\darkplaces.exe
FirewallRules: [{EE635B24-0474-45E7-9C63-DFCFEC8B2BCF}] => (Block) E:\spiele\dissolution of eternity\darkplaces.exe
FirewallRules: [TCP Query User{B15CF4CE-2743-4B88-95FB-2B7DCBF87650}E:\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) E:\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [UDP Query User{0ACDA73A-244D-4ECB-9F38-39C2AF961250}E:\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) E:\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [{B7C404C1-C5C8-42E1-B614-CFC9AAA402F8}] => (Block) E:\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [{96782428-FF87-4229-BF7F-5259FF115DDE}] => (Block) E:\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [{AC75C2D1-6AAF-4989-96E6-B677C1F53814}] => (Allow) E:\Steam\SteamApps\common\skyrim\SkyrimLauncher.exe
FirewallRules: [{9610BA2C-23CC-473E-8A5E-D4B71FB05620}] => (Allow) E:\Steam\SteamApps\common\skyrim\SkyrimLauncher.exe
FirewallRules: [{AE197F3C-DF47-43A4-92C3-5EE60638605D}] => (Allow) E:\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [{EB27D62A-C21D-4012-8CC9-CB411BD1F7F9}] => (Allow) E:\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [TCP Query User{718434AF-6CF1-435E-9AC4-9A75221BD9C1}E:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) E:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [UDP Query User{A3DEA739-D566-4C45-9B1A-674ABF796125}E:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) E:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [{0E742F51-F32B-4D35-83A6-5DB7984A4428}] => (Block) E:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [{1B558A2B-DA4F-4A15-B167-4C35721358F0}] => (Block) E:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [{3F437E73-B41C-42D6-A921-5D7097598F40}] => (Allow) E:\Steam\SteamApps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{1E37599E-427C-4FCD-9BA6-912B397665D7}] => (Allow) E:\Steam\SteamApps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{B1342DFC-CA43-4E0B-B489-CBE0F1214BCA}] => (Allow) E:\Steam\SteamApps\common\Napoleon Total War\Napoleon.exe
FirewallRules: [{832A9494-B881-47B1-B519-F4E570EF97CB}] => (Allow) E:\Steam\SteamApps\common\Napoleon Total War\Napoleon.exe
FirewallRules: [{48477A43-2BFD-407A-B6A2-5A77AB2FAF4B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{EBE7945C-6E7C-4B29-864F-155623CE1954}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{05E8364C-D00C-49EB-830B-51F450EEB199}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{E77F2A77-E482-4EAC-82F0-449FEEA34CFB}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{61F66536-AE0E-4710-A31F-9255D614F735}] => (Allow) E:\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{F0C1EFAE-7177-4A95-9D67-289CF4307054}] => (Allow) E:\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [TCP Query User{993FCC5A-3DD6-44D3-95DD-5B7BBF43735D}E:\spiele\need for speed underground 2\speed2.exe] => (Allow) E:\spiele\need for speed underground 2\speed2.exe
FirewallRules: [UDP Query User{504EA1AD-5264-4E0A-9C2D-F5684F445590}E:\spiele\need for speed underground 2\speed2.exe] => (Allow) E:\spiele\need for speed underground 2\speed2.exe
FirewallRules: [{01135025-EB95-40D1-9A24-C66CAA1C5991}] => (Allow) E:\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{D8446F86-EFBF-4A06-BCFC-22653D08EE02}] => (Allow) E:\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [TCP Query User{A5388CCB-6EAC-445E-B39A-E518F0970FFC}E:\spiele\dead space\dead space.exe] => (Block) E:\spiele\dead space\dead space.exe
FirewallRules: [UDP Query User{9EF5EFDF-54C5-4E3A-B7D1-78DC443FAC78}E:\spiele\dead space\dead space.exe] => (Block) E:\spiele\dead space\dead space.exe
FirewallRules: [{7EA91F79-C145-4AF3-99EA-B49E39043FBE}] => (Allow) E:\Spiele\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{CDA36429-5FD6-4609-A40F-9679A14A41CB}] => (Allow) E:\Spiele\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{FF4B19D1-29E7-4AC5-883F-D10760BB70F2}] => (Allow) E:\Spiele\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe
FirewallRules: [{DE0B0CD1-5173-45DD-9736-7FEC8AE18474}] => (Allow) E:\Spiele\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe
FirewallRules: [{488CAFB2-B699-4B71-882C-6E385C090BA0}] => (Allow) E:\Steam\SteamApps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{BB266F74-B5C3-4205-9C5F-354B54889ED3}] => (Allow) E:\Steam\SteamApps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{863D6E48-BAAB-4A74-9C97-389338B3575E}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{BE3F7EFE-4DF0-4D21-B77A-F0E741A8CAE4}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{C9B31096-A1C8-4CE7-AB80-A5C1F0045B36}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{383B8001-DC9E-440A-985C-8271B8682618}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{8D1CED1D-DAB6-4E40-BBAF-B23883FC687C}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{456CA449-7050-40AD-9041-5B8C2763FBF7}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{58BCE217-78A0-4DCB-8BA9-07595368464A}] => (Allow) E:\Spiele\Ubisoft\WATCH_DOGS\bin\Watch_Dogs.exe
FirewallRules: [{205726D9-A103-410D-B84D-70D391A5E0E0}] => (Allow) E:\Spiele\Ubisoft\WATCH_DOGS\bin\Watch_Dogs.exe
FirewallRules: [{0CD8ED60-7C76-4813-8D3D-9013A1DAE7EB}] => (Allow) E:\Steam\SteamApps\common\Hitman Absolution\HMA.exe
FirewallRules: [{6104F9D2-CC14-4580-B008-246FA82F173A}] => (Allow) E:\Steam\SteamApps\common\Hitman Absolution\HMA.exe
FirewallRules: [{8F1D5E30-90EE-46F4-85CB-C6FA7DB4BECE}] => (Allow) E:\Steam\SteamApps\common\Hitman Sniper Challenge\HMSC.exe
FirewallRules: [{4D761A24-3447-4B2A-993D-DCBA690DD5D1}] => (Allow) E:\Steam\SteamApps\common\Hitman Sniper Challenge\HMSC.exe
FirewallRules: [TCP Query User{EE8DCF23-8F1C-4B86-8485-D996CF8154C2}E:\spiele\ubisoft\watch_dogs\bin\watch_dogs.exe] => (Allow) E:\spiele\ubisoft\watch_dogs\bin\watch_dogs.exe
FirewallRules: [UDP Query User{5D27467F-96A8-44D3-9498-6C23C187EDAF}E:\spiele\ubisoft\watch_dogs\bin\watch_dogs.exe] => (Allow) E:\spiele\ubisoft\watch_dogs\bin\watch_dogs.exe
FirewallRules: [{AB484F96-8C3F-443E-A1DA-BEBFE0A2F402}] => (Allow) E:\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [{7CFA7A8F-4AD7-4A54-8ADD-B1E2166CE874}] => (Allow) E:\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [{460D593D-C39D-41A0-AA0E-C9230848F1E9}] => (Allow) E:\Steam\SteamApps\common\Vampire The Masquerade - Bloodlines\vampire.exe
FirewallRules: [{7C26FD73-42F6-4ED1-AED9-435708DF2B16}] => (Allow) E:\Steam\SteamApps\common\Vampire The Masquerade - Bloodlines\vampire.exe
FirewallRules: [{0F24179B-1AAE-4894-A6D9-81AD1A76964A}] => (Allow) E:\Steam\SteamApps\common\Metro 2033\metro2033.exe
FirewallRules: [{2D1550C5-E6B3-445A-96D6-7E9401F6E175}] => (Allow) E:\Steam\SteamApps\common\Metro 2033\metro2033.exe
FirewallRules: [{BF2D63D0-E40D-4A2C-90F5-CDED0C266924}] => (Allow) E:\Steam\SteamApps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{16CF4806-4C29-4290-B8BC-CAA0F06EC335}] => (Allow) E:\Steam\SteamApps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{C9697FC5-D208-4287-8F4D-E62649D21526}] => (Allow) E:\Steam\SteamApps\common\Sins of a Solar Empire Rebellion\Sins of a Solar Empire Rebellion.exe
FirewallRules: [{9DC4A298-0961-4664-9E90-E9C5DE87FD4B}] => (Allow) E:\Steam\SteamApps\common\Sins of a Solar Empire Rebellion\Sins of a Solar Empire Rebellion.exe
FirewallRules: [{10790F07-6C55-4789-81EF-D7315129894B}] => (Allow) E:\Steam\SteamApps\common\tbs\win32\The Banner Saga.exe
FirewallRules: [{FE6F474A-D0E5-4D4B-B091-0582FE7B3BF4}] => (Allow) E:\Steam\SteamApps\common\tbs\win32\The Banner Saga.exe
FirewallRules: [{4C70EC3F-9611-4A23-B7E0-7FDF9D16A19C}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{C3A647DD-B973-4605-85AD-0BD4FD19B84F}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{5DC6D51C-7D55-4170-AF77-B4CF9E36BBFF}] => (Allow) E:\Steam\SteamApps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{696F42DA-5A66-45F8-9746-E1CAA2798F35}] => (Allow) E:\Steam\SteamApps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{AAF962CA-95C1-48B9-B4B5-FBCDE0BAD463}] => (Allow) E:\Steam\SteamApps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{1ADD51C8-2BF0-4F73-AD6A-08321E8043F6}] => (Allow) E:\Steam\SteamApps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{E10BC519-8925-42DA-AD12-002DCBCAFD7F}] => (Allow) E:\Steam\SteamApps\common\BioShock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{9950ECEA-C033-41E5-A3D6-E1C4CEFBFCE1}] => (Allow) E:\Steam\SteamApps\common\BioShock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{245E7342-2A13-4EEA-92B3-D0A693A90E91}] => (Allow) E:\Steam\SteamApps\common\BioShock 2\MP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{675C7F24-2F1C-4620-9D11-ACA41559FCC8}] => (Allow) E:\Steam\SteamApps\common\BioShock 2\MP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{5C7FDEE3-7C1A-499E-BD09-CF2920A966D3}] => (Allow) E:\Steam\SteamApps\common\X Rebirth\XRebirth.exe
FirewallRules: [{B2606003-B0FA-4578-99CB-72EC8EEAA97D}] => (Allow) E:\Steam\SteamApps\common\X Rebirth\XRebirth.exe
FirewallRules: [{64579A3F-A371-472E-947C-5F4F9D005642}] => (Allow) E:\Steam\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{BDD86AAE-57C6-4450-93F0-F1CC86AAA0F8}] => (Allow) E:\Steam\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{E2C40D83-BB17-4EE0-8108-03932B05A9B3}] => (Allow) E:\Steam\SteamApps\common\Lost Planet 3\Binaries\Win32\LP3Launcher.exe
FirewallRules: [{5D20664F-65E6-46A1-A043-7BD169E2D673}] => (Allow) E:\Steam\SteamApps\common\Lost Planet 3\Binaries\Win32\LP3Launcher.exe
FirewallRules: [{D816A02E-1F61-4B03-8BAB-7DF1754508A3}] => (Allow) E:\Steam\SteamApps\common\Dreamfall The Longest Journey\dreamfall.exe
FirewallRules: [{20EC33EE-1281-4FF0-95C9-DC10DBF9509D}] => (Allow) E:\Steam\SteamApps\common\Dreamfall The Longest Journey\dreamfall.exe
FirewallRules: [{A1A6BC57-CB02-4713-B851-9FBBDEDFC488}] => (Allow) E:\Steam\SteamApps\common\Dreamfall Chapters\Dreamfall Chapters.exe
FirewallRules: [{4B182972-2F32-4632-B72C-08556466CB51}] => (Allow) E:\Steam\SteamApps\common\Dreamfall Chapters\Dreamfall Chapters.exe
FirewallRules: [{7DE7A922-B6BD-404A-95B3-2E39BDB40ACD}] => (Allow) E:\Steam\SteamApps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [{EAF12CBD-A812-49ED-8A66-A9BF75222A62}] => (Allow) E:\Steam\SteamApps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [{D6B95E04-6C57-4A36-BD13-FB5EA0E0B30A}] => (Allow) E:\Spiele\Ubisoft\FarCry 3\bin\farcry3.exe
FirewallRules: [{4DDFBD18-EBAA-4BE3-8208-E526E01B092B}] => (Allow) E:\Spiele\Ubisoft\FarCry 3\bin\farcry3.exe
FirewallRules: [{D6A278C4-96E9-4DD2-A3E5-FC59695D231D}] => (Allow) E:\Spiele\Ubisoft\FarCry 3\bin\farcry3_d3d11.exe
FirewallRules: [{06F1F0F8-71BE-4E38-8FE9-D52763FB500E}] => (Allow) E:\Spiele\Ubisoft\FarCry 3\bin\farcry3_d3d11.exe
FirewallRules: [{C32DEC6B-8C7A-4832-A678-C525DDA67F5E}] => (Allow) E:\Spiele\Ubisoft\FarCry 3\bin\FC3Updater.exe
FirewallRules: [{FB82F5AA-2768-40EE-98C4-69A01909CC5D}] => (Allow) E:\Spiele\Ubisoft\FarCry 3\bin\FC3Updater.exe
FirewallRules: [{23B8B841-5C11-401E-AFD4-4848C79CEF01}] => (Allow) E:\Spiele\Ubisoft\FarCry 3\bin\FC3Editor.exe
FirewallRules: [{92F3ADD5-F674-42FE-A1FB-6D4C6B3A96C4}] => (Allow) E:\Spiele\Ubisoft\FarCry 3\bin\FC3Editor.exe
FirewallRules: [{2F60E90B-6D1E-49AC-8099-4BD497A85BA1}] => (Allow) E:\Steam\SteamApps\common\Aliens Colonial Marines\Binaries\Win32\ACM.exe
FirewallRules: [{2BCCCC7D-C1B2-4D2C-89B4-0E9BB30AD5DF}] => (Allow) E:\Steam\SteamApps\common\Aliens Colonial Marines\Binaries\Win32\ACM.exe
FirewallRules: [{88A56E93-C15F-4E14-95AA-F2926B813DB2}] => (Allow) E:\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{B4CEDC61-647C-4499-BBD7-0A70795D6746}] => (Allow) E:\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{9A77AC35-A1FA-4D57-A214-39DAC14A0FD0}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{FBEACBD2-788D-42C9-B54D-1270A72BC6D5}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{9D14F8F4-D62E-43D4-AB7C-FF8323646FE7}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{15E01909-ADAF-46DD-A083-135A2AB4E11C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{3D87EA02-E5DB-488D-B6B6-5DEEE69ADEAB}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{FD3780F6-4F37-4CA2-B537-31A43FAA303C}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{9AE1D9B7-B61E-4C5D-B28B-DC8296F6CD87}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{5BB4B525-85A5-41C0-9BBD-823F32429841}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [TCP Query User{E687E793-05F6-481A-99A6-7FC58C458B0B}E:\steam\steamapps\common\total war attila\attila.exe] => (Allow) E:\steam\steamapps\common\total war attila\attila.exe
FirewallRules: [UDP Query User{7FB8CCD9-9C96-45F1-9849-A08C21C4A962}E:\steam\steamapps\common\total war attila\attila.exe] => (Allow) E:\steam\steamapps\common\total war attila\attila.exe
FirewallRules: [{A36E972D-856D-4F31-A390-DB0B5974EFA4}] => (Allow) E:\Steam\SteamApps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{8357872D-7DDF-4E8C-A815-0BC7E60D868C}] => (Allow) E:\Steam\SteamApps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [TCP Query User{4F3C7A7C-5BB1-43CC-A995-541246191AD8}E:\steam\steamapps\common\total war attila\attila.exe] => (Allow) E:\steam\steamapps\common\total war attila\attila.exe
FirewallRules: [UDP Query User{C28AF210-881E-44B0-9B58-480585E7650A}E:\steam\steamapps\common\total war attila\attila.exe] => (Allow) E:\steam\steamapps\common\total war attila\attila.exe
FirewallRules: [{E4D768A8-1423-4345-9358-C392705D7E4D}] => (Allow) E:\Steam\SteamApps\common\Homeworld\HWLauncher\Launcher.exe
FirewallRules: [{8D4EA571-DD51-41F3-BCC1-AF5EE31F4B21}] => (Allow) E:\Steam\SteamApps\common\Homeworld\HWLauncher\Launcher.exe
FirewallRules: [{FE1F87FF-C0BE-4577-ABFC-49D0987B1CED}] => (Allow) E:\Steam\SteamApps\common\The Bureau\Binaries\Win32\TheBureau.exe
FirewallRules: [{B6F9B7D6-C6DD-4EB1-B5BF-0AA1B1F2DA20}] => (Allow) E:\Steam\SteamApps\common\The Bureau\Binaries\Win32\TheBureau.exe
FirewallRules: [{6FF0D883-064F-42D2-8D57-3302FAF9001C}] => (Allow) E:\Steam\SteamApps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{2F7E6EBC-C207-481F-A8D6-33E5E84F1033}] => (Allow) E:\Steam\SteamApps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [TCP Query User{AB56A44F-437B-40AA-9799-D7A5C2EBA2FE}E:\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) E:\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [UDP Query User{A98BD680-4577-45A4-B695-9E30C02F4CC9}E:\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) E:\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [{CADC90D9-03E1-4892-9073-7745E8764E3E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{378F3841-3456-4482-846E-6E6AC4FE93F2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DE9E2076-53A3-4527-ABD4-7980CF7600A7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{94EE52D7-B69A-4AA9-B93C-9563225ED558}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{666F0EBF-79B9-4167-A487-A49656F4EE08}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{58E6C611-E502-45AB-B84B-D4CFB8F4EA92}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{46EDCD9D-1975-4B07-8E00-3A487E14D526}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A6CA4226-1704-4C7C-AEE9-ADCA95D7307A}] => (Allow) E:\Steam\SteamApps\common\Total War Attila\launcher\launcher.exe
FirewallRules: [{DD1F24A3-570B-47DB-87E6-D0997223AE09}] => (Allow) E:\Steam\SteamApps\common\Total War Attila\launcher\launcher.exe
==================== Faulty Device Manager Devices =============
Name: Bluetooth module
Description: Bluetooth module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Broadcom Virtual Wireless Adapter
Description: Broadcom Virtual Wireless Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BcmVWL
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/05/2015 11:46:26 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm fshoster32.exe, Version 1.5.484.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 15b8
Startzeit: 01d0b70743d45fae
Endzeit: 4
Anwendungspfad: C:\Program Files (x86)\F-Secure\fshoster32.exe
Berichts-ID: b2238192-22fa-11e5-975d-3085a98ebaca
Error: (07/05/2015 11:45:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/05/2015 10:31:09 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (07/05/2015 10:26:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/05/2015 10:24:29 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: An error has occurred (NvVAD initialization failed [183]).
Error: (07/05/2015 10:24:29 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: An error has occurred (Failed to set NvVAD endpoint as default Audio endpoint [0]).
Error: (07/05/2015 10:24:29 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: An error has occurred (NvVAD endpoint registration failed [0]).
Error: (07/05/2015 10:24:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: bcmwltry.exe, Version: 5.100.196.16, Zeitstempel: 0x4f434ab4
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000007ff0047da58
ID des fehlerhaften Prozesses: 0x5d4
Startzeit der fehlerhaften Anwendung: 0xbcmwltry.exe0
Pfad der fehlerhaften Anwendung: bcmwltry.exe1
Pfad des fehlerhaften Moduls: bcmwltry.exe2
Berichtskennung: bcmwltry.exe3
Error: (07/04/2015 07:26:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/04/2015 07:24:39 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: An error has occurred (NvVAD initialization failed [183]).
System errors:
=============
Error: (07/04/2015 07:22:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (07/04/2015 07:22:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (07/04/2015 07:22:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (07/04/2015 07:22:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (07/04/2015 07:22:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (07/04/2015 07:22:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (07/04/2015 07:22:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (07/04/2015 07:22:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (07/04/2015 07:22:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (07/04/2015 07:22:06 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}
Microsoft Office:
=========================
Error: (07/05/2015 11:46:26 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: fshoster32.exe1.5.484.015b801d0b70743d45fae4C:\Program Files (x86)\F-Secure\fshoster32.exeb2238192-22fa-11e5-975d-3085a98ebaca
Error: (07/05/2015 11:45:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/05/2015 10:31:09 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\admin\Downloads\esetsmartinstaller_deu.exe
Error: (07/05/2015 10:26:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/05/2015 10:24:29 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD initialization failed [183]
Error: (07/05/2015 10:24:29 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
Error: (07/05/2015 10:24:29 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]
Error: (07/05/2015 10:24:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: bcmwltry.exe5.100.196.164f434ab4unknown0.0.0.000000000c0000005000007ff0047da585d401d0b6fc01442049C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exeunknown40a60189-22ef-11e5-a163-3085a98ebaca
Error: (07/04/2015 07:26:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/04/2015 07:24:39 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD initialization failed [183]
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz
Percentage of memory in use: 13%
Total physical RAM: 16332.07 MB
Available physical RAM: 14079.4 MB
Total Virtual: 32662.35 MB
Available Virtual: 30186.2 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:223.57 GB) (Free:120.17 GB) NTFS
Drive e: (Daten) (Fixed) (Total:931.41 GB) (Free:265.6 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C72F980C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: C72F9874)
Partition 1: (Not Active) - (Size=223.6 GB) - (Type=07 NTFS)
==================== End of log ============================
|
|
05.07.2015, 11:32
| #3 |
| | Verdächtiges Element: Unknown process 2416 GMER:
__________________Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-07-05 11:53:58
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2 INTEL_SS rev.300i 223.57GB
Running: Gmer-19357 (1).exe; Driver: C:\Users\admin\AppData\Local\Temp\aglorpod.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077afe080 5 bytes JMP 0000000100351018
.text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077afe5d0 5 bytes JMP 0000000100350018
.text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077afe680 5 bytes JMP 0000000100352018
.text C:\Windows\system32\winlogon.exe[808] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000779927e0 5 bytes JMP 0000000100355018
.text C:\Windows\system32\winlogon.exe[808] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000779a1870 5 bytes JMP 0000000100356018
.text C:\Windows\system32\winlogon.exe[808] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077a19100 5 bytes JMP 0000000100357018
.text C:\Windows\system32\winlogon.exe[808] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefdba57b0 5 bytes JMP 000007ff7e769018
.text C:\Windows\system32\winlogon.exe[808] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefdba8770 5 bytes JMP 000007ff7e768018
.text C:\Windows\system32\winlogon.exe[808] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefdba8e80 5 bytes JMP 000007ff7e766018
.text C:\Windows\system32\winlogon.exe[808] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefdba99f0 5 bytes JMP 000007ff7e76c018
.text C:\Windows\system32\winlogon.exe[808] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefdbaceb0 5 bytes JMP 000007ff7e76d018
.text C:\Windows\system32\winlogon.exe[808] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefdbb37d0 5 bytes JMP 000007ff7e767018
.text C:\Windows\system32\winlogon.exe[808] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefdbb6190 5 bytes JMP 000007ff7e76a018
.text C:\Windows\system32\winlogon.exe[808] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdbd4310 5 bytes JMP 000007ff7e76b018
.text C:\Windows\system32\winlogon.exe[808] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000000007789f874 5 bytes JMP 0000000100354018
.text C:\Windows\system32\winlogon.exe[808] C:\Windows\system32\USER32.dll!SetWindowsHookExA 00000000778b8c20 5 bytes JMP 0000000100353018
.text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefe75642c 5 bytes JMP 000007ff7e763018
.text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe756484 5 bytes JMP 000007ff7e760018
.text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefe756518 5 bytes JMP 000007ff7e762018
.text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe756c34 5 bytes JMP 000007ff7e761018
.text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe7575e8 5 bytes JMP 000007ff7e765018
.text C:\Windows\system32\winlogon.exe[808] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe75790c 5 bytes JMP 000007ff7e764018
.text C:\Windows\system32\lsm.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077afe080 5 bytes JMP 00000001000f1018
.text C:\Windows\system32\lsm.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077afe5d0 5 bytes JMP 00000001000f0018
.text C:\Windows\system32\lsm.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077afe680 5 bytes JMP 00000001000f2018
.text C:\Windows\system32\lsm.exe[828] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000779927e0 5 bytes JMP 00000001000f3018
.text C:\Windows\system32\lsm.exe[828] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000779a1870 5 bytes JMP 00000001000f4018
.text C:\Windows\system32\lsm.exe[828] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077a19100 5 bytes JMP 00000001000f5018
.text C:\Windows\system32\lsm.exe[828] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefdba57b0 5 bytes JMP 000007ff7e769018
.text C:\Windows\system32\lsm.exe[828] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefdba8770 5 bytes JMP 000007ff7e768018
.text C:\Windows\system32\lsm.exe[828] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefdba8e80 5 bytes JMP 000007ff7e766018
.text C:\Windows\system32\lsm.exe[828] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefdba99f0 5 bytes JMP 000007ff7e76c018
.text C:\Windows\system32\lsm.exe[828] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefdbaceb0 5 bytes JMP 000007ff7e76d018
.text C:\Windows\system32\lsm.exe[828] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefdbb37d0 5 bytes JMP 000007ff7e767018
.text C:\Windows\system32\lsm.exe[828] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefdbb6190 5 bytes JMP 000007ff7e76a018
.text C:\Windows\system32\lsm.exe[828] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdbd4310 5 bytes JMP 000007ff7e76b018
.text C:\Windows\system32\lsm.exe[828] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefe75642c 5 bytes JMP 000007ff7e763018
.text C:\Windows\system32\lsm.exe[828] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe756484 5 bytes JMP 000007ff7e760018
.text C:\Windows\system32\lsm.exe[828] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefe756518 5 bytes JMP 000007ff7e762018
.text C:\Windows\system32\lsm.exe[828] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe756c34 5 bytes JMP 000007ff7e761018
.text C:\Windows\system32\lsm.exe[828] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe7575e8 5 bytes JMP 000007ff7e765018
.text C:\Windows\system32\lsm.exe[828] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe75790c 5 bytes JMP 000007ff7e764018
.text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077afe080 5 bytes JMP 00000001004b1018
.text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077afe5d0 5 bytes JMP 00000001004b0018
.text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077afe680 5 bytes JMP 00000001004b2018
.text C:\Windows\system32\svchost.exe[940] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000779927e0 5 bytes JMP 00000001004b5018
.text C:\Windows\system32\svchost.exe[940] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000779a1870 5 bytes JMP 00000001004b6018
.text C:\Windows\system32\svchost.exe[940] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077a19100 5 bytes JMP 00000001004b7018
.text C:\Windows\system32\svchost.exe[940] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefdba57b0 5 bytes JMP 000007ff7e769018
.text C:\Windows\system32\svchost.exe[940] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefdba8770 5 bytes JMP 000007ff7e768018
.text C:\Windows\system32\svchost.exe[940] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefdba8e80 5 bytes JMP 000007ff7e766018
.text C:\Windows\system32\svchost.exe[940] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefdba99f0 5 bytes JMP 000007ff7e76c018
.text C:\Windows\system32\svchost.exe[940] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefdbaceb0 5 bytes JMP 000007ff7e76d018
.text C:\Windows\system32\svchost.exe[940] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefdbb37d0 5 bytes JMP 000007ff7e767018
.text C:\Windows\system32\svchost.exe[940] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefdbb6190 5 bytes JMP 000007ff7e76a018
.text C:\Windows\system32\svchost.exe[940] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdbd4310 5 bytes JMP 000007ff7e76b018
.text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefe75642c 5 bytes JMP 000007ff7e763018
.text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe756484 5 bytes JMP 000007ff7e760018
.text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefe756518 5 bytes JMP 000007ff7e762018
.text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe756c34 5 bytes JMP 000007ff7e761018
.text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe7575e8 5 bytes JMP 000007ff7e765018
.text C:\Windows\system32\svchost.exe[940] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe75790c 5 bytes JMP 000007ff7e764018
.text C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077afe080 5 bytes JMP 0000000100411018
.text C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077afe5d0 5 bytes JMP 0000000100410018
.text C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077afe680 5 bytes JMP 0000000100412018
.text C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000779927e0 5 bytes JMP 0000000100415018
.text C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000779a1870 5 bytes JMP 0000000100416018
.text C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077a19100 5 bytes JMP 0000000100417018
.text C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefdba57b0 5 bytes JMP 000007ff7e769018
.text C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefdba8770 5 bytes JMP 000007ff7e768018
.text C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefdba8e80 5 bytes JMP 000007ff7e766018
.text C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefdba99f0 5 bytes JMP 000007ff7e76c018
.text C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefdbaceb0 5 bytes JMP 000007ff7e76d018
.text C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefdbb37d0 5 bytes JMP 000007ff7e767018
.text C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefdbb6190 5 bytes JMP 000007ff7e76a018
.text C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdbd4310 5 bytes JMP 000007ff7e76b018
.text C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefe75642c 5 bytes JMP 000007ff7e763018
.text C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe756484 5 bytes JMP 000007ff7e760018
.text C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefe756518 5 bytes JMP 000007ff7e762018
.text C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe756c34 5 bytes JMP 000007ff7e761018
.text C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe7575e8 5 bytes JMP 000007ff7e765018
.text C:\Windows\system32\nvvsvc.exe[1004] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe75790c 5 bytes JMP 000007ff7e764018
.text C:\Windows\system32\svchost.exe[200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077afe080 5 bytes JMP 00000001001b1018
.text C:\Windows\system32\svchost.exe[200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077afe5d0 5 bytes JMP 00000001001b0018
.text C:\Windows\system32\svchost.exe[200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077afe680 5 bytes JMP 00000001001b2018
.text C:\Windows\system32\svchost.exe[200] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000779927e0 5 bytes JMP 00000001001b5018
.text C:\Windows\system32\svchost.exe[200] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000779a1870 5 bytes JMP 00000001001b6018
.text C:\Windows\system32\svchost.exe[200] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077a19100 5 bytes JMP 00000001001b7018
.text C:\Windows\system32\svchost.exe[200] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefdba57b0 5 bytes JMP 000007ff7e769018
.text C:\Windows\system32\svchost.exe[200] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefdba8770 5 bytes JMP 000007ff7e768018
.text C:\Windows\system32\svchost.exe[200] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefdba8e80 5 bytes JMP 000007ff7e766018
.text C:\Windows\system32\svchost.exe[200] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefdba99f0 5 bytes JMP 000007ff7e76c018
.text C:\Windows\system32\svchost.exe[200] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefdbaceb0 5 bytes JMP 000007ff7e76d018
.text C:\Windows\system32\svchost.exe[200] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefdbb37d0 5 bytes JMP 000007ff7e767018
.text C:\Windows\system32\svchost.exe[200] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefdbb6190 5 bytes JMP 000007ff7e76a018
.text C:\Windows\system32\svchost.exe[200] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdbd4310 5 bytes JMP 000007ff7e76b018
.text C:\Windows\system32\svchost.exe[200] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefe75642c 5 bytes JMP 000007ff7e763018
.text C:\Windows\system32\svchost.exe[200] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe756484 5 bytes JMP 000007ff7e760018
.text C:\Windows\system32\svchost.exe[200] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefe756518 5 bytes JMP 000007ff7e762018
.text C:\Windows\system32\svchost.exe[200] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe756c34 5 bytes JMP 000007ff7e761018
.text C:\Windows\system32\svchost.exe[200] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe7575e8 5 bytes JMP 000007ff7e765018
.text C:\Windows\system32\svchost.exe[200] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe75790c 5 bytes JMP 000007ff7e764018
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077afe080 5 bytes JMP 0000000100d01018
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077afe5d0 5 bytes JMP 0000000100d00018
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077afe680 5 bytes JMP 0000000100d02018
.text C:\Windows\System32\svchost.exe[660] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000779927e0 5 bytes JMP 0000000100d05018
.text C:\Windows\System32\svchost.exe[660] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000779a1870 5 bytes JMP 0000000100d06018
.text C:\Windows\System32\svchost.exe[660] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077a19100 4 bytes JMP 0000000100d07018
.text C:\Windows\System32\svchost.exe[660] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefdba57b0 5 bytes JMP 000007ff7e769018
.text C:\Windows\System32\svchost.exe[660] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefdba8770 5 bytes JMP 000007ff7e768018
.text C:\Windows\System32\svchost.exe[660] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefdba8e80 5 bytes JMP 000007ff7e766018
.text C:\Windows\System32\svchost.exe[660] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefdba99f0 5 bytes JMP 000007ff7e76c018
.text C:\Windows\System32\svchost.exe[660] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefdbaceb0 5 bytes JMP 000007ff7e76d018
.text C:\Windows\System32\svchost.exe[660] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefdbb37d0 5 bytes JMP 000007ff7e767018
.text C:\Windows\System32\svchost.exe[660] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefdbb6190 5 bytes JMP 000007ff7e76a018
.text C:\Windows\System32\svchost.exe[660] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdbd4310 5 bytes JMP 000007ff7e76b018
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefe75642c 5 bytes JMP 000007ff7e763018
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe756484 5 bytes JMP 000007ff7e760018
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefe756518 5 bytes JMP 000007ff7e762018
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe756c34 5 bytes JMP 000007ff7e761018
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe7575e8 5 bytes JMP 000007ff7e765018
.text C:\Windows\System32\svchost.exe[660] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe75790c 5 bytes JMP 000007ff7e764018
.text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077afe080 3 bytes JMP 0000000100681018
.text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 4 0000000077afe084 1 byte [88]
.text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077afe5d0 3 bytes JMP 0000000100680018
.text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 4 0000000077afe5d4 1 byte [88]
.text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077afe680 3 bytes JMP 0000000100682018
.text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess + 4 0000000077afe684 1 byte [88]
.text C:\Windows\System32\svchost.exe[452] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000779927e0 5 bytes JMP 0000000100685018
.text C:\Windows\System32\svchost.exe[452] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000779a1870 5 bytes JMP 0000000100686018
.text C:\Windows\System32\svchost.exe[452] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077a19100 5 bytes JMP 0000000100687018
.text C:\Windows\System32\svchost.exe[452] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefdba57b0 5 bytes JMP 000007ff7e769018
.text C:\Windows\System32\svchost.exe[452] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefdba8770 5 bytes JMP 000007ff7e768018
.text C:\Windows\System32\svchost.exe[452] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefdba8e80 5 bytes JMP 000007ff7e766018
.text C:\Windows\System32\svchost.exe[452] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefdba99f0 5 bytes JMP 000007ff7e76c018
.text C:\Windows\System32\svchost.exe[452] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefdbaceb0 5 bytes JMP 000007ff7e76d018
.text C:\Windows\System32\svchost.exe[452] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefdbb37d0 5 bytes JMP 000007ff7e767018
.text C:\Windows\System32\svchost.exe[452] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefdbb6190 5 bytes JMP 000007ff7e76a018
.text C:\Windows\System32\svchost.exe[452] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdbd4310 5 bytes JMP 000007ff7e76b018
.text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefe75642c 5 bytes JMP 000007ff7e763018
.text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe756484 5 bytes JMP 000007ff7e760018
.text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefe756518 5 bytes JMP 000007ff7e762018
.text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe756c34 5 bytes JMP 000007ff7e761018
.text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe7575e8 5 bytes JMP 000007ff7e765018
.text C:\Windows\System32\svchost.exe[452] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe75790c 5 bytes JMP 000007ff7e764018
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077afe080 5 bytes JMP 0000000100441018
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077afe5d0 5 bytes JMP 0000000100440018
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077afe680 5 bytes JMP 0000000100442018
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000779927e0 5 bytes JMP 0000000100445018
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000779a1870 5 bytes JMP 0000000100446018
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077a19100 5 bytes JMP 0000000100447018
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefdba57b0 5 bytes JMP 000007ff7e769018
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefdba8770 5 bytes JMP 000007ff7e768018
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefdba8e80 5 bytes JMP 000007ff7e766018
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefdba99f0 5 bytes JMP 000007ff7e76c018
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefdbaceb0 5 bytes JMP 000007ff7e76d018
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefdbb37d0 5 bytes JMP 000007ff7e767018
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefdbb6190 5 bytes JMP 000007ff7e76a018
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdbd4310 5 bytes JMP 000007ff7e76b018
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefe75642c 5 bytes JMP 000007ff7e763018
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe756484 5 bytes JMP 000007ff7e760018
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefe756518 5 bytes JMP 000007ff7e762018
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe756c34 5 bytes JMP 000007ff7e761018
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe7575e8 5 bytes JMP 000007ff7e765018
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe75790c 5 bytes JMP 000007ff7e764018
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077afe080 5 bytes JMP 0000000100d51018
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077afe5d0 5 bytes JMP 0000000100d50018
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077afe680 5 bytes JMP 0000000100d52018
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000779927e0 5 bytes JMP 0000000100d55018
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000779a1870 5 bytes JMP 0000000100d56018
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077a19100 4 bytes JMP 0000000100d57018
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefdba57b0 5 bytes JMP 000007ff7e769018
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefdba8770 5 bytes JMP 000007ff7e768018
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefdba8e80 5 bytes JMP 000007ff7e766018
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefdba99f0 5 bytes JMP 000007ff7e76c018
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefdbaceb0 5 bytes JMP 000007ff7e76d018
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefdbb37d0 5 bytes JMP 000007ff7e767018
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefdbb6190 5 bytes JMP 000007ff7e76a018
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdbd4310 5 bytes JMP 000007ff7e76b018
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefe75642c 5 bytes JMP 000007ff7e763018
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe756484 5 bytes JMP 000007ff7e760018
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefe756518 5 bytes JMP 000007ff7e762018
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe756c34 5 bytes JMP 000007ff7e761018
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe7575e8 5 bytes JMP 000007ff7e765018
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe75790c 5 bytes JMP 000007ff7e764018
.text C:\Windows\system32\svchost.exe[1188] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000779927e0 5 bytes JMP 0000000100215018
.text C:\Windows\system32\svchost.exe[1188] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000779a1870 5 bytes JMP 0000000100216018
.text C:\Windows\system32\svchost.exe[1188] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077a19100 5 bytes JMP 0000000100217018
.text C:\Windows\system32\svchost.exe[1188] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefdba57b0 5 bytes JMP 000007ff7e769018
.text C:\Windows\system32\svchost.exe[1188] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefdba8770 5 bytes JMP 000007ff7e768018
.text C:\Windows\system32\svchost.exe[1188] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefdba8e80 5 bytes JMP 000007ff7e766018
.text C:\Windows\system32\svchost.exe[1188] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefdba99f0 5 bytes JMP 000007ff7e76c018
.text C:\Windows\system32\svchost.exe[1188] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefdbaceb0 5 bytes JMP 000007ff7e76d018
.text C:\Windows\system32\svchost.exe[1188] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefdbb37d0 5 bytes JMP 000007ff7e767018
.text C:\Windows\system32\svchost.exe[1188] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefdbb6190 5 bytes JMP 000007ff7e76a018
.text C:\Windows\system32\svchost.exe[1188] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdbd4310 5 bytes JMP 000007ff7e76b018
.text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefe75642c 5 bytes JMP 000007ff7e763018
.text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe756484 5 bytes JMP 000007ff7e760018
.text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefe756518 5 bytes JMP 000007ff7e762018
.text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe756c34 5 bytes JMP 000007ff7e761018
.text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe7575e8 5 bytes JMP 000007ff7e765018
.text C:\Windows\system32\svchost.exe[1188] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe75790c 5 bytes JMP 000007ff7e764018
.text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077afe080 5 bytes JMP 0000000100c31018
.text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077afe5d0 5 bytes JMP 0000000100c30018
.text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077afe680 5 bytes JMP 0000000100c32018
.text C:\Windows\system32\svchost.exe[1300] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000779927e0 5 bytes JMP 0000000100c35018
.text C:\Windows\system32\svchost.exe[1300] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000779a1870 5 bytes JMP 0000000100c36018
.text C:\Windows\system32\svchost.exe[1300] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077a19100 4 bytes JMP 0000000100c37018
.text C:\Windows\system32\svchost.exe[1300] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefdba57b0 5 bytes JMP 000007ff7e769018
.text C:\Windows\system32\svchost.exe[1300] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefdba8770 5 bytes JMP 000007ff7e768018
.text C:\Windows\system32\svchost.exe[1300] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefdba8e80 5 bytes JMP 000007ff7e766018
.text C:\Windows\system32\svchost.exe[1300] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefdba99f0 5 bytes JMP 000007ff7e76c018
.text C:\Windows\system32\svchost.exe[1300] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefdbaceb0 5 bytes JMP 000007ff7e76d018
.text C:\Windows\system32\svchost.exe[1300] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefdbb37d0 5 bytes JMP 000007ff7e767018
.text C:\Windows\system32\svchost.exe[1300] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefdbb6190 5 bytes JMP 000007ff7e76a018
.text C:\Windows\system32\svchost.exe[1300] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdbd4310 5 bytes JMP 000007ff7e76b018
.text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefe75642c 5 bytes JMP 000007ff7e763018
.text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe756484 5 bytes JMP 000007ff7e760018
.text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefe756518 5 bytes JMP 000007ff7e762018
.text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe756c34 5 bytes JMP 000007ff7e761018
.text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe7575e8 5 bytes JMP 000007ff7e765018
.text C:\Windows\system32\svchost.exe[1300] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe75790c 5 bytes JMP 000007ff7e764018
.text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE[1504] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000779927e0 5 bytes JMP 00000001001f5018
.text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE[1504] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000779a1870 5 bytes JMP 00000001001f6018
.text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE[1504] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077a19100 5 bytes JMP 00000001001f7018
.text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE[1504] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefdba57b0 5 bytes JMP 000007ff7e769018
.text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE[1504] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefdba8770 5 bytes JMP 000007ff7e768018
.text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE[1504] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefdba8e80 5 bytes JMP 000007ff7e766018
.text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE[1504] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefdba99f0 5 bytes JMP 000007ff7e76c018
.text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE[1504] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefdbaceb0 5 bytes JMP 000007ff7e76d018
.text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE[1504] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefdbb37d0 5 bytes JMP 000007ff7e767018
.text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE[1504] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefdbb6190 5 bytes JMP 000007ff7e76a018
.text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE[1504] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdbd4310 5 bytes JMP 000007ff7e76b018
.text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE[1504] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefe75642c 5 bytes JMP 000007ff7e763018
.text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE[1504] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe756484 5 bytes JMP 000007ff7e760018
.text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE[1504] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefe756518 5 bytes JMP 000007ff7e762018
.text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE[1504] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe756c34 5 bytes JMP 000007ff7e761018
.text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE[1504] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe7575e8 5 bytes JMP 000007ff7e765018
.text C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE[1504] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe75790c 5 bytes JMP 000007ff7e764018
.text C:\Windows\system32\WLANExt.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077afe080 5 bytes JMP 00000001001d1018
.text C:\Windows\system32\WLANExt.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077afe5d0 5 bytes JMP 00000001001d0018
.text C:\Windows\system32\WLANExt.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077afe680 5 bytes JMP 00000001001d2018
.text C:\Windows\system32\WLANExt.exe[1512] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000779927e0 5 bytes JMP 00000001001d5018
.text C:\Windows\system32\WLANExt.exe[1512] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000779a1870 5 bytes JMP 00000001001d6018
.text C:\Windows\system32\WLANExt.exe[1512] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077a19100 5 bytes JMP 00000001001d7018
.text C:\Windows\system32\WLANExt.exe[1512] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefdba57b0 5 bytes JMP 000007ff7e769018
.text C:\Windows\system32\WLANExt.exe[1512] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefdba8770 5 bytes JMP 000007ff7e768018
.text C:\Windows\system32\WLANExt.exe[1512] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefdba8e80 5 bytes JMP 000007ff7e766018
.text C:\Windows\system32\WLANExt.exe[1512] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefdba99f0 5 bytes JMP 000007ff7e76c018
.text C:\Windows\system32\WLANExt.exe[1512] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefdbaceb0 5 bytes JMP 000007ff7e76d018
.text C:\Windows\system32\WLANExt.exe[1512] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefdbb37d0 5 bytes JMP 000007ff7e767018
.text C:\Windows\system32\WLANExt.exe[1512] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefdbb6190 5 bytes JMP 000007ff7e76a018
.text C:\Windows\system32\WLANExt.exe[1512] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdbd4310 5 bytes JMP 000007ff7e76b018
.text C:\Windows\system32\WLANExt.exe[1512] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefe75642c 5 bytes JMP 000007ff7e763018
.text C:\Windows\system32\WLANExt.exe[1512] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe756484 5 bytes JMP 000007ff7e760018
.text C:\Windows\system32\WLANExt.exe[1512] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefe756518 5 bytes JMP 000007ff7e762018
.text C:\Windows\system32\WLANExt.exe[1512] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe756c34 5 bytes JMP 000007ff7e761018
.text C:\Windows\system32\WLANExt.exe[1512] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe7575e8 5 bytes JMP 000007ff7e765018
.text C:\Windows\system32\WLANExt.exe[1512] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe75790c 5 bytes JMP 000007ff7e764018
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077afe080 5 bytes JMP 0000000100b31018
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077afe5d0 5 bytes JMP 0000000100b30018
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077afe680 5 bytes JMP 0000000100b32018
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000779927e0 5 bytes JMP 0000000100b35018
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000779a1870 5 bytes JMP 0000000100b36018
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077a19100 4 bytes JMP 0000000100b37018
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefdba57b0 5 bytes JMP 000007ff7e769018
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefdba8770 5 bytes JMP 000007ff7e768018
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefdba8e80 5 bytes JMP 000007ff7e766018
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefdba99f0 5 bytes JMP 000007ff7e76c018
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefdbaceb0 5 bytes JMP 000007ff7e76d018
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefdbb37d0 5 bytes JMP 000007ff7e767018
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefdbb6190 5 bytes JMP 000007ff7e76a018
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdbd4310 5 bytes JMP 000007ff7e76b018
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefe75642c 5 bytes JMP 000007ff7e763018
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe756484 5 bytes JMP 000007ff7e760018
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefe756518 5 bytes JMP 000007ff7e762018
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe756c34 5 bytes JMP 000007ff7e761018
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe7575e8 5 bytes JMP 000007ff7e765018
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe75790c 5 bytes JMP 000007ff7e764018
.text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077afe080 5 bytes JMP 0000000100de1018
.text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077afe5d0 5 bytes JMP 0000000100de0018
.text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077afe680 5 bytes JMP 0000000100de2018
.text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000779927e0 5 bytes JMP 0000000100de5018
.text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000779a1870 5 bytes JMP 0000000100de6018
.text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077a19100 4 bytes JMP 0000000100de7018
.text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefdba57b0 5 bytes JMP 000007ff7e769018
.text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefdba8770 5 bytes JMP 000007ff7e768018
.text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefdba8e80 5 bytes JMP 000007ff7e766018
.text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefdba99f0 5 bytes JMP 000007ff7e76c018
.text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefdbaceb0 5 bytes JMP 000007ff7e76d018
.text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefdbb37d0 5 bytes JMP 000007ff7e767018
.text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefdbb6190 5 bytes JMP 000007ff7e76a018
.text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdbd4310 5 bytes JMP 000007ff7e76b018
.text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefe75642c 5 bytes JMP 000007ff7e763018
.text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe756484 5 bytes JMP 000007ff7e760018
.text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefe756518 5 bytes JMP 000007ff7e762018
.text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe756c34 5 bytes JMP 000007ff7e761018
.text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe7575e8 5 bytes JMP 000007ff7e765018
.text C:\Windows\system32\nvvsvc.exe[1564] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe75790c 5 bytes JMP 000007ff7e764018
.text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077afe080 5 bytes JMP 0000000100c01018
.text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077afe5d0 5 bytes JMP 0000000100c00018
.text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077afe680 5 bytes JMP 0000000100c02018
.text C:\Windows\system32\svchost.exe[1772] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000779927e0 5 bytes JMP 0000000100c05018
.text C:\Windows\system32\svchost.exe[1772] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000779a1870 5 bytes JMP 0000000100c06018
.text C:\Windows\system32\svchost.exe[1772] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077a19100 4 bytes JMP 0000000100c07018
.text C:\Windows\system32\svchost.exe[1772] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefdba57b0 5 bytes JMP 000007ff7e769018
.text C:\Windows\system32\svchost.exe[1772] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefdba8770 5 bytes JMP 000007ff7e768018
.text C:\Windows\system32\svchost.exe[1772] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefdba8e80 5 bytes JMP 000007ff7e766018
.text C:\Windows\system32\svchost.exe[1772] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefdba99f0 5 bytes JMP 000007ff7e76c018
.text C:\Windows\system32\svchost.exe[1772] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefdbaceb0 5 bytes JMP 000007ff7e76d018
.text C:\Windows\system32\svchost.exe[1772] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefdbb37d0 5 bytes JMP 000007ff7e767018
.text C:\Windows\system32\svchost.exe[1772] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefdbb6190 5 bytes JMP 000007ff7e76a018
.text C:\Windows\system32\svchost.exe[1772] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdbd4310 5 bytes JMP 000007ff7e76b018
.text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefe75642c 5 bytes JMP 000007ff7e763018
.text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe756484 5 bytes JMP 000007ff7e760018
.text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefe756518 5 bytes JMP 000007ff7e762018
.text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe756c34 5 bytes JMP 000007ff7e761018
.text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe7575e8 5 bytes JMP 000007ff7e765018
.text C:\Windows\system32\svchost.exe[1772] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe75790c 5 bytes JMP 000007ff7e764018
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1860] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077cb0038 5 bytes JMP 000000010016100c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1860] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077cb0860 5 bytes JMP 000000010016000c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1860] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077cb0968 5 bytes JMP 000000010016200c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1860] C:\Windows\syswow64\kernel32.dll!OpenMutexA 0000000075a1ec3f 5 bytes JMP 000000010016c00c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1860] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075a23b62 5 bytes JMP 000000010016e00c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1860] C:\Windows\syswow64\kernel32.dll!CreateDirectoryExW 0000000075a78a31 5 bytes JMP 000000010016f00c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1860] C:\Windows\syswow64\KERNELBASE.dll!GetFileSizeEx 0000000075b0ce53 5 bytes JMP 00000001003e200c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1860] C:\Windows\syswow64\KERNELBASE.dll!GetFileSize 0000000075b0dff8 5 bytes JMP 00000001003e100c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1860] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075b0eca6 5 bytes JMP 00000001003e300c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1860] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexExW 0000000075b10f0a 5 bytes JMP 000000010016b00c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1860] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075b1137f 5 bytes JMP 000000010016d00c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1860] C:\Windows\syswow64\KERNELBASE.dll!TerminateThread 0000000075b13999 5 bytes JMP 00000001003e500c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1860] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 0000000075b13e7e 2 bytes JMP 00000001003e400c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1860] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx + 3 0000000075b13e81 2 bytes [8D, 8A]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1860] C:\Windows\syswow64\KERNELBASE.dll!CreateDirectoryW 0000000075b1924e 5 bytes JMP 00000001003e000c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1860] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075e97603 5 bytes JMP 000000010016400c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1860] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075e9835c 5 bytes JMP 000000010016300c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1860] C:\Windows\SysWOW64\sechost.dll!ControlService 0000000075d24d5c 5 bytes JMP 000000010016800c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1860] C:\Windows\SysWOW64\sechost.dll!CloseServiceHandle 0000000075d24dc3 5 bytes JMP 000000010016700c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1860] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075d2567c 5 bytes JMP 000000010016a00c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1860] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075d2589f 5 bytes JMP 000000010016900c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1860] C:\Windows\SysWOW64\sechost.dll!OpenServiceW 0000000075d2714b 5 bytes JMP 000000010016500c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1860] C:\Windows\SysWOW64\sechost.dll!OpenServiceA 0000000075d27245 5 bytes JMP 000000010016600c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075d01401 2 bytes JMP 75a2b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1860] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075d01419 2 bytes JMP 75a2b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075d01431 2 bytes JMP 75aa8f29 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075d0144a 2 bytes CALL 75a0489d C:\Windows\syswow64\kernel32.dll
.text ...
|
|
05.07.2015, 11:33
| #4 |
| | Verdächtiges Element: Unknown process 2416 GMER Part 2 Code:
ATTFilter .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1860] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075d014dd 2 bytes JMP 75aa8822 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075d014f5 2 bytes JMP 75aa89f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1860] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075d0150d 2 bytes JMP 75aa8718 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075d01525 2 bytes JMP 75aa8ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075d0153d 2 bytes JMP 75a1fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1860] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075d01555 2 bytes JMP 75a268ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075d0156d 2 bytes JMP 75aa8fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075d01585 2 bytes JMP 75aa8b42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1860] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075d0159d 2 bytes JMP 75aa86dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075d015b5 2 bytes JMP 75a1fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075d015cd 2 bytes JMP 75a2b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075d016b2 2 bytes JMP 75aa8ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075d016bd 2 bytes JMP 75aa8671 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077afe080 5 bytes JMP 00000001003f1018
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077afe5d0 5 bytes JMP 00000001003f0018
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077afe680 5 bytes JMP 00000001003f2018
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1980] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000779927e0 5 bytes JMP 00000001003f5018
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1980] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000779a1870 5 bytes JMP 00000001003f6018
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1980] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077a19100 5 bytes JMP 00000001003f7018
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1980] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefdba57b0 5 bytes JMP 000007ff7e769018
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1980] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefdba8770 5 bytes JMP 000007ff7e768018
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1980] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefdba8e80 5 bytes JMP 000007ff7e766018
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1980] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefdba99f0 5 bytes JMP 000007ff7e76c018
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1980] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefdbaceb0 5 bytes JMP 000007ff7e76d018
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1980] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefdbb37d0 5 bytes JMP 000007ff7e767018
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1980] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefdbb6190 5 bytes JMP 000007ff7e76a018
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1980] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdbd4310 5 bytes JMP 000007ff7e76b018
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1980] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefe75642c 5 bytes JMP 000007ff7e763018
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1980] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe756484 5 bytes JMP 000007ff7e760018
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1980] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefe756518 5 bytes JMP 000007ff7e762018
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1980] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe756c34 5 bytes JMP 000007ff7e761018
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1980] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe7575e8 5 bytes JMP 000007ff7e765018
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1980] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe75790c 5 bytes JMP 000007ff7e764018
.text C:\Windows\System32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077afe080 5 bytes JMP 0000000100d71018
.text C:\Windows\System32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077afe5d0 5 bytes JMP 0000000100d70018
.text C:\Windows\System32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077afe680 5 bytes JMP 0000000100d72018
.text C:\Windows\System32\svchost.exe[2016] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000779927e0 5 bytes JMP 0000000100d75018
.text C:\Windows\System32\svchost.exe[2016] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000779a1870 5 bytes JMP 0000000100d76018
.text C:\Windows\System32\svchost.exe[2016] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077a19100 4 bytes JMP 0000000100d77018
.text C:\Windows\System32\svchost.exe[2016] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefdba57b0 5 bytes JMP 000007ff7e769018
.text C:\Windows\System32\svchost.exe[2016] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefdba8770 5 bytes JMP 000007ff7e768018
.text C:\Windows\System32\svchost.exe[2016] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefdba8e80 5 bytes JMP 000007ff7e766018
.text C:\Windows\System32\svchost.exe[2016] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefdba99f0 5 bytes JMP 000007ff7e76c018
.text C:\Windows\System32\svchost.exe[2016] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefdbaceb0 5 bytes JMP 000007ff7e76d018
.text C:\Windows\System32\svchost.exe[2016] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefdbb37d0 5 bytes JMP 000007ff7e767018
.text C:\Windows\System32\svchost.exe[2016] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefdbb6190 5 bytes JMP 000007ff7e76a018
.text C:\Windows\System32\svchost.exe[2016] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdbd4310 5 bytes JMP 000007ff7e76b018
.text C:\Windows\System32\svchost.exe[2016] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefe75642c 5 bytes JMP 000007ff7e763018
.text C:\Windows\System32\svchost.exe[2016] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe756484 5 bytes JMP 000007ff7e760018
.text C:\Windows\System32\svchost.exe[2016] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefe756518 5 bytes JMP 000007ff7e762018
.text C:\Windows\System32\svchost.exe[2016] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe756c34 5 bytes JMP 000007ff7e761018
.text C:\Windows\System32\svchost.exe[2016] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe7575e8 5 bytes JMP 000007ff7e765018
.text C:\Windows\System32\svchost.exe[2016] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe75790c 5 bytes JMP 000007ff7e764018
.text C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[1208] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000779927e0 5 bytes JMP 00000001008b5018
.text C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[1208] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000779a1870 5 bytes JMP 00000001008b6018
.text C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[1208] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077a19100 5 bytes JMP 00000001008b7018
.text C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[1208] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefdba57b0 5 bytes JMP 000007ff7e769018
.text C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[1208] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefdba8770 5 bytes JMP 000007ff7e768018
.text C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[1208] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefdba8e80 5 bytes JMP 000007ff7e766018
.text C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[1208] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefdba99f0 5 bytes JMP 000007ff7e76c018
.text C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[1208] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefdbaceb0 5 bytes JMP 000007ff7e76d018
.text C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[1208] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefdbb37d0 5 bytes JMP 000007ff7e767018
.text C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[1208] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefdbb6190 5 bytes JMP 000007ff7e76a018
.text C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[1208] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdbd4310 5 bytes JMP 000007ff7e76b018
.text C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[1208] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefe75642c 5 bytes JMP 000007ff7e763018
.text C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[1208] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe756484 5 bytes JMP 000007ff7e760018
.text C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[1208] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefe756518 5 bytes JMP 000007ff7e762018
.text C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[1208] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe756c34 5 bytes JMP 000007ff7e761018
.text C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[1208] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe7575e8 5 bytes JMP 000007ff7e765018
.text C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[1208] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe75790c 5 bytes JMP 000007ff7e764018
.text C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075d01401 2 bytes JMP 75a2b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe[2112] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075d01419 2 bytes JMP 75a2b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075d01431 2 bytes JMP 75aa8f29 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075d0144a 2 bytes CALL 75a0489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe[2112] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075d014dd 2 bytes JMP 75aa8822 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075d014f5 2 bytes JMP 75aa89f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe[2112] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075d0150d 2 bytes JMP 75aa8718 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075d01525 2 bytes JMP 75aa8ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075d0153d 2 bytes JMP 75a1fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe[2112] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075d01555 2 bytes JMP 75a268ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075d0156d 2 bytes JMP 75aa8fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075d01585 2 bytes JMP 75aa8b42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe[2112] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075d0159d 2 bytes JMP 75aa86dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075d015b5 2 bytes JMP 75a1fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075d015cd 2 bytes JMP 75a2b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075d016b2 2 bytes JMP 75aa8ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe[2112] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075d016bd 2 bytes JMP 75aa8671 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077afe080 5 bytes JMP 0000000100211018
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077afe5d0 5 bytes JMP 0000000100210018
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077afe680 5 bytes JMP 0000000100212018
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2132] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000779927e0 5 bytes JMP 0000000100215018
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2132] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000779a1870 5 bytes JMP 0000000100216018
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2132] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077a19100 5 bytes JMP 0000000100217018
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2132] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefdba57b0 5 bytes JMP 000007ff7e769018
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2132] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefdba8770 5 bytes JMP 000007ff7e768018
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2132] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefdba8e80 5 bytes JMP 000007ff7e766018
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2132] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefdba99f0 5 bytes JMP 000007ff7e76c018
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2132] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefdbaceb0 5 bytes JMP 000007ff7e76d018
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2132] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefdbb37d0 5 bytes JMP 000007ff7e767018
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2132] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefdbb6190 5 bytes JMP 000007ff7e76a018
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2132] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdbd4310 5 bytes JMP 000007ff7e76b018
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2132] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefe75642c 5 bytes JMP 000007ff7e763018
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2132] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe756484 5 bytes JMP 000007ff7e760018
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2132] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefe756518 5 bytes JMP 000007ff7e762018
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2132] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe756c34 5 bytes JMP 000007ff7e761018
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2132] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe7575e8 5 bytes JMP 000007ff7e765018
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[2132] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe75790c 5 bytes JMP 000007ff7e764018
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077afe080 5 bytes JMP 0000000100121018
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077afe5d0 5 bytes JMP 0000000100120018
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077afe680 5 bytes JMP 0000000100122018
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2212] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000779927e0 5 bytes JMP 0000000100125018
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2212] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000779a1870 5 bytes JMP 0000000100126018
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2212] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077a19100 5 bytes JMP 0000000100127018
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2212] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefdba57b0 5 bytes JMP 000007ff7e769018
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2212] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefdba8770 5 bytes JMP 000007ff7e768018
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2212] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefdba8e80 5 bytes JMP 000007ff7e766018
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2212] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefdba99f0 5 bytes JMP 000007ff7e76c018
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2212] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefdbaceb0 5 bytes JMP 000007ff7e76d018
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2212] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefdbb37d0 5 bytes JMP 000007ff7e767018
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2212] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefdbb6190 5 bytes JMP 000007ff7e76a018
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2212] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdbd4310 5 bytes JMP 000007ff7e76b018
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2212] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefe75642c 5 bytes JMP 000007ff7e763018
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2212] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe756484 5 bytes JMP 000007ff7e760018
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2212] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefe756518 5 bytes JMP 000007ff7e762018
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2212] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe756c34 5 bytes JMP 000007ff7e761018
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2212] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe7575e8 5 bytes JMP 000007ff7e765018
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2212] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe75790c 5 bytes JMP 000007ff7e764018
.text C:\Windows\system32\IProsetMonitor.exe[2260] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000779927e0 5 bytes JMP 0000000100205018
.text C:\Windows\system32\IProsetMonitor.exe[2260] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000779a1870 5 bytes JMP 0000000100206018
.text C:\Windows\system32\IProsetMonitor.exe[2260] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077a19100 5 bytes JMP 0000000100207018
.text C:\Windows\system32\IProsetMonitor.exe[2260] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefdba57b0 5 bytes JMP 000007ff7e769018
.text C:\Windows\system32\IProsetMonitor.exe[2260] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefdba8770 5 bytes JMP 000007ff7e768018
.text C:\Windows\system32\IProsetMonitor.exe[2260] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefdba8e80 5 bytes JMP 000007ff7e766018
.text C:\Windows\system32\IProsetMonitor.exe[2260] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefdba99f0 5 bytes JMP 000007ff7e76c018
.text C:\Windows\system32\IProsetMonitor.exe[2260] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefdbaceb0 5 bytes JMP 000007ff7e76d018
.text C:\Windows\system32\IProsetMonitor.exe[2260] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefdbb37d0 5 bytes JMP 000007ff7e767018
.text C:\Windows\system32\IProsetMonitor.exe[2260] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefdbb6190 5 bytes JMP 000007ff7e76a018
.text C:\Windows\system32\IProsetMonitor.exe[2260] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdbd4310 5 bytes JMP 000007ff7e76b018
.text C:\Windows\system32\IProsetMonitor.exe[2260] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefe75642c 5 bytes JMP 000007ff7e763018
.text C:\Windows\system32\IProsetMonitor.exe[2260] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe756484 5 bytes JMP 000007ff7e760018
.text C:\Windows\system32\IProsetMonitor.exe[2260] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefe756518 5 bytes JMP 000007ff7e762018
.text C:\Windows\system32\IProsetMonitor.exe[2260] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe756c34 5 bytes JMP 000007ff7e761018
.text C:\Windows\system32\IProsetMonitor.exe[2260] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe7575e8 5 bytes JMP 000007ff7e765018
.text C:\Windows\system32\IProsetMonitor.exe[2260] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe75790c 5 bytes JMP 000007ff7e764018
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077cb0038 5 bytes JMP 00000001000f100c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077cb0860 5 bytes JMP 00000001000f000c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2344] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077cb0968 5 bytes JMP 00000001000f200c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2344] C:\Windows\syswow64\kernel32.dll!OpenMutexA 0000000075a1ec3f 5 bytes JMP 00000001000fc00c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2344] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075a23b62 5 bytes JMP 00000001000fe00c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2344] C:\Windows\syswow64\kernel32.dll!CreateDirectoryExW 0000000075a78a31 5 bytes JMP 00000001000ff00c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2344] C:\Windows\syswow64\KERNELBASE.dll!GetFileSizeEx 0000000075b0ce53 5 bytes JMP 000000010010200c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2344] C:\Windows\syswow64\KERNELBASE.dll!GetFileSize 0000000075b0dff8 5 bytes JMP 000000010010100c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2344] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075b0eca6 5 bytes JMP 000000010010300c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2344] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexExW 0000000075b10f0a 5 bytes JMP 00000001000fb00c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2344] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075b1137f 5 bytes JMP 00000001000fd00c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2344] C:\Windows\syswow64\KERNELBASE.dll!TerminateThread 0000000075b13999 5 bytes JMP 000000010010500c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2344] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 0000000075b13e7e 2 bytes JMP 000000010010400c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2344] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx + 3 0000000075b13e81 2 bytes [5F, 8A]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2344] C:\Windows\syswow64\KERNELBASE.dll!CreateDirectoryW 0000000075b1924e 5 bytes JMP 000000010010000c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2344] C:\Windows\SysWOW64\sechost.dll!ControlService 0000000075d24d5c 5 bytes JMP 00000001000f800c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2344] C:\Windows\SysWOW64\sechost.dll!CloseServiceHandle 0000000075d24dc3 5 bytes JMP 00000001000f700c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2344] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075d2567c 5 bytes JMP 00000001000fa00c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2344] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075d2589f 5 bytes JMP 00000001000f900c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2344] C:\Windows\SysWOW64\sechost.dll!OpenServiceW 0000000075d2714b 5 bytes JMP 00000001000f500c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2344] C:\Windows\SysWOW64\sechost.dll!OpenServiceA 0000000075d27245 5 bytes JMP 00000001000f600c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2344] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075e97603 5 bytes JMP 00000001000f400c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2344] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075e9835c 5 bytes JMP 00000001000f300c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075d01401 2 bytes JMP 75a2b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2344] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075d01419 2 bytes JMP 75a2b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075d01431 2 bytes JMP 75aa8f29 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075d0144a 2 bytes CALL 75a0489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2344] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075d014dd 2 bytes JMP 75aa8822 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075d014f5 2 bytes JMP 75aa89f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2344] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075d0150d 2 bytes JMP 75aa8718 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075d01525 2 bytes JMP 75aa8ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075d0153d 2 bytes JMP 75a1fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2344] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075d01555 2 bytes JMP 75a268ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075d0156d 2 bytes JMP 75aa8fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075d01585 2 bytes JMP 75aa8b42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2344] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075d0159d 2 bytes JMP 75aa86dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075d015b5 2 bytes JMP 75a1fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075d015cd 2 bytes JMP 75a2b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075d016b2 2 bytes JMP 75aa8ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075d016bd 2 bytes JMP 75aa8671 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2480] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077cb0038 5 bytes JMP 000000010053100c
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2480] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077cb0860 5 bytes JMP 000000010053000c
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2480] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077cb0968 5 bytes JMP 000000010053200c
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2480] C:\Windows\syswow64\kernel32.dll!OpenMutexA 0000000075a1ec3f 5 bytes JMP 000000010053c00c
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2480] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075a23b62 5 bytes JMP 000000010053e00c
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2480] C:\Windows\syswow64\kernel32.dll!CreateDirectoryExW 0000000075a78a31 5 bytes JMP 000000010053f00c
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2480] C:\Windows\syswow64\KERNELBASE.dll!GetFileSizeEx 0000000075b0ce53 5 bytes JMP 000000010009200c
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2480] C:\Windows\syswow64\KERNELBASE.dll!GetFileSize 0000000075b0dff8 5 bytes JMP 000000010009100c
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2480] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075b0eca6 5 bytes JMP 000000010009300c
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2480] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexExW 0000000075b10f0a 5 bytes JMP 000000010053b00c
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2480] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075b1137f 5 bytes JMP 000000010053d00c
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2480] C:\Windows\syswow64\KERNELBASE.dll!TerminateThread 0000000075b13999 5 bytes JMP 000000010009500c
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2480] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 0000000075b13e7e 2 bytes JMP 000000010009400c
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2480] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx + 3 0000000075b13e81 2 bytes [58, 8A]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2480] C:\Windows\syswow64\KERNELBASE.dll!CreateDirectoryW 0000000075b1924e 5 bytes JMP 000000010009000c
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2480] C:\Windows\SysWOW64\sechost.dll!ControlService 0000000075d24d5c 5 bytes JMP 000000010053800c
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2480] C:\Windows\SysWOW64\sechost.dll!CloseServiceHandle 0000000075d24dc3 5 bytes JMP 000000010053700c
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2480] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075d2567c 5 bytes JMP 000000010053a00c
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2480] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075d2589f 5 bytes JMP 000000010053900c
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2480] C:\Windows\SysWOW64\sechost.dll!OpenServiceW 0000000075d2714b 5 bytes JMP 000000010053500c
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2480] C:\Windows\SysWOW64\sechost.dll!OpenServiceA 0000000075d27245 5 bytes JMP 000000010053600c
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2480] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075e97603 5 bytes JMP 000000010053400c
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2480] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075e9835c 5 bytes JMP 000000010053300c
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2480] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075d01401 2 bytes JMP 75a2b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2480] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075d01419 2 bytes JMP 75a2b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075d01431 2 bytes JMP 75aa8f29 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075d0144a 2 bytes CALL 75a0489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2480] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075d014dd 2 bytes JMP 75aa8822 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2480] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075d014f5 2 bytes JMP 75aa89f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2480] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075d0150d 2 bytes JMP 75aa8718 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2480] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075d01525 2 bytes JMP 75aa8ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2480] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075d0153d 2 bytes JMP 75a1fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2480] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075d01555 2 bytes JMP 75a268ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2480] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075d0156d 2 bytes JMP 75aa8fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2480] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075d01585 2 bytes JMP 75aa8b42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2480] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075d0159d 2 bytes JMP 75aa86dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2480] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075d015b5 2 bytes JMP 75a1fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2480] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075d015cd 2 bytes JMP 75a2b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2480] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075d016b2 2 bytes JMP 75aa8ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2480] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075d016bd 2 bytes JMP 75aa8671 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2808] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077cb0038 5 bytes JMP 00000001003e100c
.text C:\Windows\system32\PnkBstrA.exe[2808] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077cb0860 5 bytes JMP 00000001003e000c
.text C:\Windows\system32\PnkBstrA.exe[2808] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077cb0968 5 bytes JMP 00000001003e200c
.text C:\Windows\system32\PnkBstrA.exe[2808] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075d01401 2 bytes JMP 75a2b21b C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2808] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075d01419 2 bytes JMP 75a2b346 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075d01431 2 bytes JMP 75aa8f29 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075d0144a 2 bytes CALL 75a0489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Windows\system32\PnkBstrA.exe[2808] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075d014dd 2 bytes JMP 75aa8822 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2808] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075d014f5 2 bytes JMP 75aa89f8 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2808] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075d0150d 2 bytes JMP 75aa8718 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2808] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075d01525 2 bytes JMP 75aa8ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2808] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075d0153d 2 bytes JMP 75a1fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2808] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075d01555 2 bytes JMP 75a268ef C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2808] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075d0156d 2 bytes JMP 75aa8fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2808] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075d01585 2 bytes JMP 75aa8b42 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2808] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075d0159d 2 bytes JMP 75aa86dc C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2808] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075d015b5 2 bytes JMP 75a1fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2808] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075d015cd 2 bytes JMP 75a2b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2808] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075d016b2 2 bytes JMP 75aa8ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2808] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075d016bd 2 bytes JMP 75aa8671 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\svchost.exe[2832] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000779927e0 5 bytes JMP 0000000100135018
.text C:\Windows\system32\svchost.exe[2832] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000779a1870 5 bytes JMP 0000000100136018
.text C:\Windows\system32\svchost.exe[2832] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077a19100 5 bytes JMP 0000000100137018
.text C:\Windows\system32\svchost.exe[2832] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefdba57b0 5 bytes JMP 000007ff7e769018
.text C:\Windows\system32\svchost.exe[2832] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefdba8770 5 bytes JMP 000007ff7e768018
.text C:\Windows\system32\svchost.exe[2832] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefdba8e80 5 bytes JMP 000007ff7e766018
.text C:\Windows\system32\svchost.exe[2832] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefdba99f0 5 bytes JMP 000007ff7e76c018
.text C:\Windows\system32\svchost.exe[2832] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefdbaceb0 5 bytes JMP 000007ff7e76d018
.text C:\Windows\system32\svchost.exe[2832] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefdbb37d0 5 bytes JMP 000007ff7e767018
.text C:\Windows\system32\svchost.exe[2832] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefdbb6190 5 bytes JMP 000007ff7e76a018
.text C:\Windows\system32\svchost.exe[2832] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdbd4310 5 bytes JMP 000007ff7e76b018
.text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefe75642c 5 bytes JMP 000007ff7e763018
.text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe756484 5 bytes JMP 000007ff7e760018
.text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefe756518 5 bytes JMP 000007ff7e762018
.text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe756c34 5 bytes JMP 000007ff7e761018
.text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe7575e8 5 bytes JMP 000007ff7e765018
.text C:\Windows\system32\svchost.exe[2832] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe75790c 5 bytes JMP 000007ff7e764018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077afe080 5 bytes JMP 0000000100251018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077afe5d0 5 bytes JMP 0000000100250018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077afe680 5 bytes JMP 0000000100252018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3172] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000779927e0 5 bytes JMP 0000000100255018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3172] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000779a1870 5 bytes JMP 0000000100256018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3172] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077a19100 5 bytes JMP 0000000100257018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3172] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefdba57b0 5 bytes JMP 000007ff7e769018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3172] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefdba8770 5 bytes JMP 000007ff7e768018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3172] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefdba8e80 5 bytes JMP 000007ff7e766018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3172] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefdba99f0 5 bytes JMP 000007ff7e76c018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3172] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefdbaceb0 5 bytes JMP 000007ff7e76d018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3172] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefdbb37d0 5 bytes JMP 000007ff7e767018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3172] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefdbb6190 5 bytes JMP 000007ff7e76a018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3172] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdbd4310 5 bytes JMP 000007ff7e76b018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3172] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefe75642c 5 bytes JMP 000007ff7e763018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3172] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe756484 5 bytes JMP 000007ff7e760018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3172] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefe756518 5 bytes JMP 000007ff7e762018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3172] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe756c34 5 bytes JMP 000007ff7e761018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3172] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe7575e8 5 bytes JMP 000007ff7e765018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe[3172] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe75790c 5 bytes JMP 000007ff7e764018
.text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077afe080 5 bytes JMP 0000000100101018
.text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077afe5d0 5 bytes JMP 0000000100100018
.text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077afe680 5 bytes JMP 0000000100102018
.text C:\Windows\system32\svchost.exe[3564] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000779927e0 5 bytes JMP 0000000100105018
.text C:\Windows\system32\svchost.exe[3564] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000779a1870 5 bytes JMP 0000000100106018
.text C:\Windows\system32\svchost.exe[3564] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077a19100 5 bytes JMP 0000000100107018
.text C:\Windows\system32\svchost.exe[3564] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefdba57b0 5 bytes JMP 000007ff7e769018
.text C:\Windows\system32\svchost.exe[3564] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefdba8770 5 bytes JMP 000007ff7e768018
.text C:\Windows\system32\svchost.exe[3564] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefdba8e80 5 bytes JMP 000007ff7e766018
.text C:\Windows\system32\svchost.exe[3564] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefdba99f0 5 bytes JMP 000007ff7e76c018
.text C:\Windows\system32\svchost.exe[3564] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefdbaceb0 5 bytes JMP 000007ff7e76d018
.text C:\Windows\system32\svchost.exe[3564] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefdbb37d0 5 bytes JMP 000007ff7e767018
.text C:\Windows\system32\svchost.exe[3564] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefdbb6190 5 bytes JMP 000007ff7e76a018
.text C:\Windows\system32\svchost.exe[3564] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdbd4310 5 bytes JMP 000007ff7e76b018
.text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefe75642c 5 bytes JMP 000007ff7e763018
.text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe756484 5 bytes JMP 000007ff7e760018
.text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefe756518 5 bytes JMP 000007ff7e762018
.text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe756c34 5 bytes JMP 000007ff7e761018
.text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe7575e8 5 bytes JMP 000007ff7e765018
.text C:\Windows\system32\svchost.exe[3564] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe75790c 5 bytes JMP 000007ff7e764018
.text C:\Windows\system32\Dwm.exe[3500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077afe080 5 bytes JMP 0000000100111018
.text C:\Windows\system32\Dwm.exe[3500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077afe5d0 5 bytes JMP 0000000100110018
.text C:\Windows\system32\Dwm.exe[3500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077afe680 5 bytes JMP 0000000100112018
.text C:\Windows\system32\Dwm.exe[3500] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000779927e0 5 bytes JMP 0000000100115018
.text C:\Windows\system32\Dwm.exe[3500] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000779a1870 5 bytes JMP 0000000100116018
.text C:\Windows\system32\Dwm.exe[3500] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077a19100 5 bytes JMP 0000000100117018
.text C:\Windows\system32\Dwm.exe[3500] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefdba57b0 5 bytes JMP 000007ff7e769018
.text C:\Windows\system32\Dwm.exe[3500] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefdba8770 5 bytes JMP 000007ff7e768018
.text C:\Windows\system32\Dwm.exe[3500] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefdba8e80 5 bytes JMP 000007ff7e766018
.text C:\Windows\system32\Dwm.exe[3500] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefdba99f0 5 bytes JMP 000007ff7e76c018
.text C:\Windows\system32\Dwm.exe[3500] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefdbaceb0 5 bytes JMP 000007ff7e76d018
.text C:\Windows\system32\Dwm.exe[3500] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefdbb37d0 5 bytes JMP 000007ff7e767018
.text C:\Windows\system32\Dwm.exe[3500] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefdbb6190 5 bytes JMP 000007ff7e76a018
.text C:\Windows\system32\Dwm.exe[3500] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdbd4310 5 bytes JMP 000007ff7e76b018
.text C:\Windows\system32\Dwm.exe[3500] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007fefe75642c 5 bytes JMP 000007ff7e763018
.text C:\Windows\system32\Dwm.exe[3500] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefe756484 5 bytes JMP 000007ff7e760018
.text C:\Windows\system32\Dwm.exe[3500] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007fefe756518 5 bytes JMP 000007ff7e762018
.text C:\Windows\system32\Dwm.exe[3500] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefe756c34 5 bytes JMP 000007ff7e761018
.text C:\Windows\system32\Dwm.exe[3500] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe7575e8 5 bytes JMP 000007ff7e765018
.text C:\Windows\system32\Dwm.exe[3500] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe75790c 5 bytes JMP 000007ff7e764018
.text C:\Windows\Explorer.EXE[2320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077afe080 5 bytes JMP 00000001002d1018
.text C:\Windows\Explorer.EXE[2320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077afe5d0 5 bytes JMP 00000001002d0018
.text C:\Windows\Explorer.EXE[2320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077afe680 5 bytes JMP 00000001002d2018
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4476] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075b12ab1 5 bytes JMP 000000010016f046
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075d01401 2 bytes JMP 75a2b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4476] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075d01419 2 bytes JMP 75a2b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075d01431 2 bytes JMP 75aa8f29 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075d0144a 2 bytes CALL 75a0489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4476] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075d014dd 2 bytes JMP 75aa8822 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075d014f5 2 bytes JMP 75aa89f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4476] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075d0150d 2 bytes JMP 75aa8718 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075d01525 2 bytes JMP 75aa8ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075d0153d 2 bytes JMP 75a1fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4476] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075d01555 2 bytes JMP 75a268ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075d0156d 2 bytes JMP 75aa8fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075d01585 2 bytes JMP 75aa8b42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4476] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075d0159d 2 bytes JMP 75aa86dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075d015b5 2 bytes JMP 75a1fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075d015cd 2 bytes JMP 75a2b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075d016b2 2 bytes JMP 75aa8ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4476] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075d016bd 2 bytes JMP 75aa8671 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077afe080 5 bytes JMP 0000000101b41018
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077afe5d0 5 bytes JMP 0000000101b40018
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077afe680 5 bytes JMP 0000000101b42018
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077afe080 5 bytes JMP 0000000100201018
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077afe5d0 5 bytes JMP 0000000100200018
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077afe680 5 bytes JMP 0000000100202018
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077afe080 5 bytes JMP 0000000100201018
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077afe5d0 5 bytes JMP 0000000100200018
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077afe680 5 bytes JMP 0000000100202018
.text C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE[4752] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077cb0038 5 bytes JMP 00000001003c100c
.text C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE[4752] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077cb0860 5 bytes JMP 00000001003c000c
.text C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE[4752] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077cb0968 5 bytes JMP 00000001003c200c
.text C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE[4752] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075d01401 2 bytes JMP 75a2b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE[4752] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075d01419 2 bytes JMP 75a2b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE[4752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075d01431 2 bytes JMP 75aa8f29 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE[4752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075d0144a 2 bytes CALL 75a0489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE[4752] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075d014dd 2 bytes JMP 75aa8822 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE[4752] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075d014f5 2 bytes JMP 75aa89f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE[4752] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075d0150d 2 bytes JMP 75aa8718 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE[4752] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075d01525 2 bytes JMP 75aa8ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE[4752] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075d0153d 2 bytes JMP 75a1fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE[4752] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075d01555 2 bytes JMP 75a268ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE[4752] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075d0156d 2 bytes JMP 75aa8fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE[4752] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075d01585 2 bytes JMP 75aa8b42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE[4752] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075d0159d 2 bytes JMP 75aa86dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE[4752] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075d015b5 2 bytes JMP 75a1fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE[4752] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075d015cd 2 bytes JMP 75a2b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE[4752] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075d016b2 2 bytes JMP 75aa8ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE[4752] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075d016bd 2 bytes JMP 75aa8671 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE[4384] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077cb0038 5 bytes JMP 000000010034100c
.text C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE[4384] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077cb0860 5 bytes JMP 000000010034000c
.text C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE[4384] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077cb0968 5 bytes JMP 000000010034200c
.text C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE[4384] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075d01401 2 bytes JMP 75a2b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE[4384] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075d01419 2 bytes JMP 75a2b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE[4384] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075d01431 2 bytes JMP 75aa8f29 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE[4384] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075d0144a 2 bytes CALL 75a0489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE[4384] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075d014dd 2 bytes JMP 75aa8822 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE[4384] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075d014f5 2 bytes JMP 75aa89f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE[4384] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075d0150d 2 bytes JMP 75aa8718 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE[4384] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075d01525 2 bytes JMP 75aa8ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE[4384] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075d0153d 2 bytes JMP 75a1fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE[4384] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075d01555 2 bytes JMP 75a268ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE[4384] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075d0156d 2 bytes JMP 75aa8fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE[4384] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075d01585 2 bytes JMP 75aa8b42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE[4384] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075d0159d 2 bytes JMP 75aa86dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE[4384] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075d015b5 2 bytes JMP 75a1fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE[4384] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075d015cd 2 bytes JMP 75a2b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE[4384] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075d016b2 2 bytes JMP 75aa8ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE[4384] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075d016bd 2 bytes JMP 75aa8671 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\System32\StikyNot.exe[5096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077afe080 5 bytes JMP 00000001002a1018
.text C:\Windows\System32\StikyNot.exe[5096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077afe5d0 5 bytes JMP 00000001002a0018
.text C:\Windows\System32\StikyNot.exe[5096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077afe680 5 bytes JMP 00000001002a2018
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077afe080 5 bytes JMP 00000001007b1018
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077afe5d0 5 bytes JMP 00000001007b0018
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077afe680 5 bytes JMP 00000001007b2018
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5336] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077cb0038 5 bytes JMP 00000001001c100c
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5336] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077cb0860 5 bytes JMP 00000001001c000c
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5336] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077cb0968 5 bytes JMP 00000001001c200c
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5336] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075d01401 2 bytes JMP 75a2b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5336] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075d01419 2 bytes JMP 75a2b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075d01431 2 bytes JMP 75aa8f29 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075d0144a 2 bytes CALL 75a0489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5336] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075d014dd 2 bytes JMP 75aa8822 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5336] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075d014f5 2 bytes JMP 75aa89f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5336] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075d0150d 2 bytes JMP 75aa8718 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5336] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075d01525 2 bytes JMP 75aa8ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5336] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075d0153d 2 bytes JMP 75a1fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5336] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075d01555 2 bytes JMP 75a268ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5336] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075d0156d 2 bytes JMP 75aa8fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5336] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075d01585 2 bytes JMP 75aa8b42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5336] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075d0159d 2 bytes JMP 75aa86dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5336] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075d015b5 2 bytes JMP 75a1fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5336] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075d015cd 2 bytes JMP 75a2b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5336] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075d016b2 2 bytes JMP 75aa8ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5336] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075d016bd 2 bytes JMP 75aa8671 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\RunDll32.exe[5960] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077cb0038 5 bytes JMP 00000001001b100c
.text C:\Windows\SysWOW64\RunDll32.exe[5960] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077cb0860 5 bytes JMP 00000001001b000c
.text C:\Windows\SysWOW64\RunDll32.exe[5960] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077cb0968 5 bytes JMP 00000001001b200c
.text C:\Windows\SysWOW64\RunDll32.exe[5960] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075d01401 2 bytes JMP 75a2b21b C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\RunDll32.exe[5960] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075d01419 2 bytes JMP 75a2b346 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\RunDll32.exe[5960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075d01431 2 bytes JMP 75aa8f29 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\RunDll32.exe[5960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075d0144a 2 bytes CALL 75a0489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Windows\SysWOW64\RunDll32.exe[5960] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075d014dd 2 bytes JMP 75aa8822 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\RunDll32.exe[5960] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075d014f5 2 bytes JMP 75aa89f8 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\RunDll32.exe[5960] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075d0150d 2 bytes JMP 75aa8718 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\RunDll32.exe[5960] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075d01525 2 bytes JMP 75aa8ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\RunDll32.exe[5960] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075d0153d 2 bytes JMP 75a1fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\RunDll32.exe[5960] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075d01555 2 bytes JMP 75a268ef C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\RunDll32.exe[5960] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075d0156d 2 bytes JMP 75aa8fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\RunDll32.exe[5960] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075d01585 2 bytes JMP 75aa8b42 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\RunDll32.exe[5960] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075d0159d 2 bytes JMP 75aa86dc C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\RunDll32.exe[5960] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075d015b5 2 bytes JMP 75a1fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\RunDll32.exe[5960] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075d015cd 2 bytes JMP 75a2b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\RunDll32.exe[5960] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075d016b2 2 bytes JMP 75aa8ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\RunDll32.exe[5960] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075d016bd 2 bytes JMP 75aa8671 C:\Windows\syswow64\kernel32.dll
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\94dbc9e2f3fb
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\94dbc9e2f3fb (not active ControlSet)
---- EOF - GMER 2.1 ----
|
|
07.07.2015, 14:08
| #5 |
| /// the machine /// TB-Ausbilder    | Verdächtiges Element: Unknown process 2416 hi, Logfile von dem Fund? Oder ein Screenshot?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.07.2015, 18:00
| #6 |
| | Verdächtiges Element: Unknown process 2416 Hallo schrauber, Screenshot habe ich keinen und F-Secure speichert leider immer nur das Logfile vom letzten Scan. |
|
08.07.2015, 06:33
| #7 |
| /// the machine /// TB-Ausbilder | Verdächtiges Element: Unknown process 2416 Also jedes AV Programm speichert alle Logs irgendwo, ausserdem sollte es ne Gesamtübersicht der Funde und der Quarantäne geben. Ansonsten kann ich null Aussage treffen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.07.2015, 13:56
| #8 |
| | Verdächtiges Element: Unknown process 2416 Habe mich jetzt einmal durch die Ordner und das Internet geklickt, F-Secure speichert wirklich nur das Log des letzten Scans und die Quarantäne ist leer. Das Log vom Fund habe ich also nicht mehr. Geändert von Jerot (08.07.2015 um 14:05 Uhr) |
|
08.07.2015, 17:56
| #9 |
| /// the machine /// TB-Ausbilder | Verdächtiges Element: Unknown process 2416 Dann kann ich dir nur sagen dass die andern Logs gut aussehen 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.07.2015, 18:54
| #10 |
| | Verdächtiges Element: Unknown process 2416 Hallo schrauber, das ist schön zu hören. Heute Nachmittag habe ich noch mit Malwarebytes Antirootkit und Avast Antirootkit Scans laufen lassen. Nichts. Allerdings fand dann MBAM später einen Trojaner. Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2015.07.08.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.17843 admin :: ADMIN-PC [Administrator] 08.07.2015 18:39:56 MBAM-log-2015-07-08 (19-33-11).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P Deaktivierte Suchlaufeinstellungen: Durchsuchte Objekte: 734584 Laufzeit: 50 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 E:\Spiele\SimCity 4 Deluxe\Support\SimCity 4 Deluxe_eReg.exe (Trojan.Agent) -> Keine Aktion durchgeführt. (Ende) |
|
09.07.2015, 08:33
| #11 |
| /// the machine /// TB-Ausbilder | Verdächtiges Element: Unknown process 2416 das ist denke ich ein Fehlalarm
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.07.2015, 09:18
| #12 |
| | Verdächtiges Element: Unknown process 2416 Hallo schrauber, das habe ich mir auch schon gedacht. Dann müsste mein System wohl sauber sein, auch wenn ich immer noch nicht verstehe was es mit diesem unbekannten Prozess auf sich hatte. Trotzdem vielen Dank für deine Hilfe. Gruss Jerot |
|
09.07.2015, 13:14
| #13 |
| /// the machine /// TB-Ausbilder | Verdächtiges Element: Unknown process 2416 Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Verdächtiges Element: Unknown process 2416 |
| .dll, adapter, administrator, adobe, antivirus, browser, defender, explorer, geforce, helper, home, installation, kaspersky, microsoft, nvidia, ordner, realtek, registry, rundll, scan, software, svchost.exe, system, usb, windows |
Linear-Darstellung
