Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7: Internetprobleme nach VPN Verbindung mit Uni-Server (https://www.trojaner-board.de/167039-windows-7-internetprobleme-vpn-verbindung-uni-server.html)

Tim Herrmann 19.05.2015 13:46
Windows 7: Internetprobleme nach VPN Verbindung mit Uni-Server
 
Hallo Liebe Trojaner-Board-Helfer,
Seit ich eine VPN-Verbindung zur Uni Koblenz vor einigen Tagen hergestellt habe, treten folgende Erscheinungen auf:
Nach klick auf meinen Webbrowser (Chrome) beginnt als erstes ca. 15 sek. lang ein Ladevorgang bevor die Seite tatsächlich anfängt zu laden. Mit meiner Dropbox kann ich überhaupt keine Internetverbindung herstellen ("Keine Internet-Verbindung. Ihr Computer ist offline. ..."). Nachdem ich Chrome und Dropbox wieder neu installiert habe und keinerlei Besserung zu verbuchen war, habe ich eine Systemwiederherstellung versucht. Diese jedoch brachte nach Systemneustart lediglich folgende Fehlermeldung: "Die Systemherstellung wurde nicht erfolgreich ausgeführt. Die Systemdatei und Einstellungen des Computers wurden nicht geändert."
Jetzt bin ich der Überzeugung das ich mir vermutlich einen Schädling eingefangen habe.
Danke schon einmal im Voraus
Liebe Grüße Tim

schrauber 19.05.2015 15:04
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Tim Herrmann 19.05.2015 17:21
Windows 7: Internetprobleme nach VPN Verbindung mit Uni-Server
 
Hallo Liebe Trojaner-Board-Helfer,
Seit ich eine VPN-Verbindung zur Uni Koblenz vor einigen Tagen hergestellt habe, treten folgende Erscheinungen auf:
Nach klick auf meinen Webbrowser (Chrome) beginnt als erstes ca. 15 sek. lang ein Ladevorgang bevor die Seite tatsächlich anfängt zu laden. Mit meiner Dropbox kann ich überhaupt keine Internetverbindung herstellen ("Keine Internet-Verbindung. Ihr Computer ist offline. ..."). Nachdem ich Chrome und Dropbox wieder neu installiert habe und keinerlei Besserung zu verbuchen war, habe ich eine Systemwiederherstellung versucht. Diese jedoch brachte nach Systemneustart lediglich folgende Fehlermeldung: "Die Systemherstellung wurde nicht erfolgreich ausgeführt. Die Systemdatei und Einstellungen des Computers wurden nicht geändert."
Jetzt bin ich der Überzeugung das ich mir vermutlich einen Schädling eingefangen habe.
Danke schon einmal im Voraus
Liebe Grüße Tim
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-05-2015 02
Ran by Tim at 2015-05-19 13:27:00
Running from D:\Users\Tim\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2530768674-2421857465-2161656677-500 - Administrator - Disabled)
Gast (S-1-5-21-2530768674-2421857465-2161656677-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2530768674-2421857465-2161656677-1004 - Limited - Enabled)
Tim (S-1-5-21-2530768674-2421857465-2161656677-1000 - Administrator - Enabled) => C:\Users\Tim

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3Dconnexion 3DxWare 10 (64-bit) (HKLM-x32\...\{BAFCA6AC-8B37-405B-B57E-C1D45DE70ACC}) (Version:  - )
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Autodesk 360 (HKLM\...\{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}) (Version: 4.0.27.1 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{C8125548-F2D5-4059-823F-1F3C5BBD9F19}) (Version: 1.2.0 - Autodesk)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 3.0.159.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2015 Add-in 64 bit (HKLM\...\{9D589081-AFC2-4932-9071-AC585AC1EA83}) (Version: 3.32.3004 - Autodesk)
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Design Review 2013 (HKLM-x32\...\Autodesk Design Review 2013) (Version: 13.0.0.82 - Autodesk, Inc.)
Autodesk Design Review 2013 (x32 Version: 13.0.0.82 - Autodesk, Inc.) Hidden
Autodesk DWG TrueView 2014 (HKLM\...\DWG TrueView 2014) (Version: 19.1.18.0 - Autodesk)
Autodesk Inventor Content Center Libraries 2014 (Desktop Content) (HKLM\...\{B46DECD1-1864-4EF1-0000-22D71E81877C}) (Version: 18.0.17000.0000 - Autodesk)
Autodesk Inventor Professional 2014 - Deutsch (German) (HKLM\...\Autodesk Inventor Professional 2014) (Version: 18.0.17000.0000 - Autodesk)
Autodesk Inventor Professional 2014 (Version: 18.0.17000.0000 - Autodesk) Hidden
Autodesk Inventor Professional 2014 Language Pack - Deutsch (German) (Version: 18.0.17000.0000 - Autodesk) Hidden
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2014 (HKLM-x32\...\{5C29CC1F-218F-4C30-948A-11066CAC59FB}) (Version: 4.0.19.0 - Autodesk)
Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.0.43.27 - Autodesk)
Autodesk ReCap (Version: 1.0.43.27 - Autodesk) Hidden
Autodesk ReCap Language Pack-English (Version: 1.0.43.27 - Autodesk) Hidden
Autodesk Revit Interoperability for Inventor 2014 (HKLM\...\Autodesk Revit Interoperability for Inventor 2014) (Version: 13.02.15161 - Autodesk)
Autodesk Revit Interoperability for Inventor 2014 (Version: 13.02.15161 - Autodesk) Hidden
Autodesk Vault Basic 2014 (Client) (HKLM\...\Autodesk Vault Basic 2014 (Client)) (Version: 18.0.86.0 - Autodesk)
Autodesk Vault Basic 2014 (Client) (Version: 18.0.86.0 - Autodesk) Hidden
Autodesk Vault Basic 2014 (Client) German Language Pack (Version: 18.0.86.0 - Autodesk) Hidden
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.25648 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Clover 3.0 (HKLM-x32\...\Clover) (Version: 3.0 - EJIE Technology)
Dassault Systemes Doc German CATIA P3 B19 (HKLM-x32\...\Dassault Systemes Doc German B19) (Version:  - )
Dassault Systemes Software B19 (HKLM\...\Dassault Systemes B19_0) (Version:  - )
Dassault Systemes Software Prerequisites x86-x64 (HKLM\...\{CF1EB598-B424-436A-B15F-B763846BA970}) (Version: 8.1.3 - Dassault Systemes)
Dead Space™ 3 (HKLM-x32\...\{D4329609-4102-4F8C-B83F-7FE024EEA314}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Dropbox (HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
DWG TrueView 2014 (Version: 19.1.18.0 - Autodesk) Hidden
Eco Materials Adviser for Autodesk Inventor 2014 (64-bit) (HKLM\...\{530B8614-C5DE-475B-AF6F-71BED461552C}) (Version: 4.4.1.0 - Granta Design Limited)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
Hotkey 7.0028 (HKLM-x32\...\InstallShield_{164714B6-46BC-4649-9A30-A6ED32F03B5A}) (Version: 7.0028 - NoteBook)
Hotkey 7.0028 (x32 Version: 7.0028 - NoteBook) Hidden
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.13.1402 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3220 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{1e9b4847-4e73-4d00-91f5-96e0f6ce3e5a}) (Version: 16.1.1 - Intel Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Nitro Reader 3 (HKLM\...\{4756C731-B54E-451A-9AF1-86E8AB1BEBBB}) (Version: 3.5.6.5 - Nitro)
NVIDIA Grafiktreiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Radio.fx (HKLM-x32\...\Tobit Radio.fx Server) (Version:  - Tobit.Software)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.27035 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
SketchUp-Import (HKLM-x32\...\{C403E867-FCF1-432B-BCC1-8FFD40A10A6E}) (Version: 1.2.0 - Autodesk)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Sony PC Companion 2.10.259 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.259 - Sony)
Sound Blaster Cinema (HKLM-x32\...\{8801CA65-921A-4CCC-9D63-879D1D0BAA97}) (Version: 1.00.01 - Creative Technology Limited)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.0 - Synaptics Incorporated)
VBA (3821b) (x32 Version: 6.01.00.1234 - Microsoft Corporation) Hidden
Verfügbare Autodesk-Apps (HKLM-x32\...\{EDDEE94B-214D-4B07-9727-A3E46F3E379A}) (Version: 1.2.0 - Autodesk)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tim\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{00F064D8-FEC3-48ac-B07D-39C314D1727B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{0215A4C0-5431-4FD0-9B06-46589B5C4939}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{048ED0E0-12CF-4C0F-9FFA-947C2FBE8C8E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{071339A1-1946-44B2-B63E-50459B15DB86}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\TestServer.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{08A60FF7-BB37-44F4-9759-0ADA6C7B9CC9}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{0B38CACA-3D3C-48EA-BEB5-7D95F4F6EE15}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{0C3393F8-94F5-4B79-8C01-49A2D0CC0FE9}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{0D555CE0-304A-47A6-858B-B145209A3982}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{1029ABC3-2457-11D5-8E9D-0010B541CD80}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Compatibility\Bin\DbxBridge.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{12545889-6D32-4424-9967-1E1D7BD1F809}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{13009989-EFB5-48C9-8BD2-943E0392BD71}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\RxAppCtrl.Ocx (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{14679E3B-C952-4998-8E13-4B1286E6DD99}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{1481B385-759A-4B00-9257-E96357563999}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{162EF0A1-5A33-46F2-ACCF-CA388B084A09}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{18A21864-E37B-42b9-9612-2C1E8C450A29}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{1D625598-C876-4C51-8EF5-F9D8F96F62AA}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{1D6DFD6A-9E16-435A-9327-6FFEC6BA372F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{1E5724EA-3423-4BD3-ABD6-46E650D2DC66}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{1E8A29BA-827D-4031-A4A3-AE7999B402F6}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{1EA072EE-57FD-495E-889C-8243C3BDBDBC}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{1FD7F53F-7ED5-439C-9A77-A3821CD09E98}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{20E47D5B-529A-45BD-8E77-BF1A3064A008}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{21DB88B0-BFBF-11D4-8DE6-0010B541CAA8}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\iDrop.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{244298EC-E661-11d4-BC13-0010B5891E89}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\TI.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{2709544A-5B24-4F9F-A5DA-CEC7297D3A4E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{2BCA857B-A18B-4AFA-B183-CC0E49C12058}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{2C74F89E-7421-46B4-BA54-F86F1BD9F237}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{2C7D1157-7D50-4A88-9777-5EBBA3189AB8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{2F8377FC-50C1-44EF-AB7A-8FF1BB8EA277}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{3497C2EC-5684-4B21-AF74-F6760E0221DC}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{3897B445-D5B8-410d-899A-9789B8ADB643}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Compatibility\Bin\DbxBridge.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{38C8B14E-7879-4DA9-8C3F-8CAAC359293A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{3C3F63EA-C7BA-11d4-8E60-0010B541CD80}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Compatibility\Bin\DbxBridge.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2014\en-US\dwgviewrficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{3FC94EB5-AEBD-4f3f-A2A4-B6CE57113C01}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\RxAppDocView.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{3FCEB42C-9B98-486A-BED7-FD7F3ADB7291}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{40770568-0D5E-49D4-BE47-BC47A4F0B0A4}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{44A52280-AE56-490D-890C-89FB7279ED6B}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{45122C53-8483-4b62-B15A-EAA9FE5FC3D5}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{46C56738-39C6-4240-8B9B-008CCD769A84}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{47179DDE-10AC-4737-97C9-8CE5379343EA}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{475C7B4A-6964-4F9E-9708-05A16EAC31D0}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{48270F9E-CCF6-4C79-B6FF-267C960E6425}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{48FEFCD7-5D7C-4E4A-9F11-60E69A31D4B1}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{49998808-648A-4A9C-A7A5-B1672775D9AB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{4A756F5F-CBA4-428B-B17F-AF80C0C8502D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{4B40437B-8972-4444-BBE3-1588FF55F203}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{4BD03680-3C0F-4501-AFF7-3D008586917F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{4C80573A-9150-11d2-B772-0060B0F159EF}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\RxAppDocView.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{4D29B490-49B2-11D0-93C3-7E0706000000}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\Inventor.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{4E6F2E83-E7F0-4333-9772-875EB733C820}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\RxTest.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{5544903C-2CCC-487C-91BB-F310B72A8E9B}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{59A224A2-BEF8-4C89-96E0-83A5411ABB6C}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{622F6193-E4DD-46E6-BC66-2ED88E9FD28D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{62FBB030-24C7-11D3-B78D-0060B0F159EF}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\Inventor.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{644190AE-BD8F-493F-B63D-C79404AC5E07}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{6451051B-AD22-4C6A-ACCE-013A0E1DDBC3}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{64B99FDB-1D85-447F-98C7-569DBDA723DB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2014\dwgviewr.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{6BCE6F6E-C050-4F39-BD98-E2743949F724}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{6F56D7C9-18DD-4C15-9FA8-C54E3610EC40}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{6FDE7A70-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtBridge.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{6FDE7A71-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtBridge.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{6FDE7A72-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtBridge.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{6FDE7A73-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtBridge.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{6FDE7A74-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtBridge.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{6FDE7A77-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtCp.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{70DBCAE8-8C2B-450C-9E1D-43E4686C6512}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{713C0E8A-5AE8-4695-B442-5ED6C4FE5C42}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{7293E009-3015-4AD3-96EC-D42C36B5FCE3}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{72EC5CC5-88F3-45B1-A865-0A327DF58CC8}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{72EFC580-D085-4B81-8C55-26A79E445338}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{750AEC19-2E4C-4ED9-9B9F-F9CAFCD060F3}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{76283A80-50DD-11D3-A7E3-00C04F79D7BC}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\Inventor.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{794199C5-827C-41C8-8CB2-3A1EA056AF5E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{798391FE-4AF2-4851-9DDA-1F0D70C02A9E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{7BA16B3F-1AB3-4BD7-B959-52C4B8504EE9}\InprocServer32 -> AcInetUI.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{7C239DAB-BC87-45F3-B7B1-FCC1541A235B}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{81D07C3D-0350-11D3-B7C2-0060B0EC020B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\RxAppCtrl.Ocx (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{834CE679-2E47-49DE-9E41-FEC87E9192EB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{8421A29C-54B8-11D1-9837-0060B03C43C8}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\SolidObject.Dll ()
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{846217D0-8954-11D2-8DCD-0060B0C32531}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\UCxTextBtn.Ocx (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{846217D1-8954-11D2-8DCD-0060B0C32531}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\UCxTextBtn.Ocx (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{849AFB5B-D6C9-4924-A712-F7118FF9611F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{85452F88-5071-492E-B850-2E3C586DCBD8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{87F5CF8F-A06D-498F-A05F-E520E6B570DB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{89F0FC31-3B1D-494B-A75B-6BD4FA527B8A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{8AA16DFC-DFC6-4B51-8FA2-A5D812BE33BF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{8B0E6BD9-610C-11D1-9842-0060B03C43C8}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\SolidObject.Dll ()
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\TestServer.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{8ED07FEF-E1B0-4CC3-B2BA-D354828AB952}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{97E17F04-17DF-11d5-BC38-0010B5891E89}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\BodyReceiver.dll ()
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{988F4102-E6E3-4282-ACAC-55270827F2A8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{9906CDFC-DB2C-4126-9422-13139B148495}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{9A21C6C5-27FC-4442-8590-575E7AFD73BB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{9ECF83FB-23C5-43B6-83DE-93CFBDD74D4A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{A58F47CC-FF65-4152-B0B1-666C643A5BFC}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{A6A3D586-44CF-44C2-A92C-620BB713B4F2}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{ABBE3F83-D585-4A50-9B69-198B0F566F2E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{AC5CECFA-F03A-41D2-A89C-704C44935941}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{B1560245-190E-4BBD-81DF-9B642D0E5325}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{B2A579E0-A797-40B1-8AEE-A8F6404719F8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{B47196BC-D4AB-41BB-A771-543D67CFC9F5}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{B53CEF4B-1A13-49DE-BBC5-A7100FB2F38C}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{B5EE2B68-9A23-4BCD-BB77-FEA6DFB24DD6}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{B6B5DC40-96E3-11d2-B774-0060B0F159EF}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\Inventor.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{B80687F9-FA4C-4735-9DC4-E5715F2BC698}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{B8E7214B-25CA-4116-84CB-E86FB9625B36}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{BAE5802A-CF21-4F9C-AE04-D98F4036AC31}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{BBF6A206-CB04-479D-96AE-349E1E83319A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{BBF9FDF1-52DC-11D0-8C04-0800090BE8EC}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\Inventor.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{BC71DEA1-D6FB-48B8-AB06-D151C81BBCDD}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{BE54741D-E02B-4572-93D6-105AF4EDE777}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{BF224DC3-B602-4EEE-BFE9-9E4E0AED6837}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{BF4CC07E-E9BB-40D6-873F-855B211033B9}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{C061C82C-D041-4214-BB07-B608107CEFCB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{C2D4ACCC-A3D1-4A0A-AD59-0DD8BA3D5EE1}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{C343ED84-A129-11d3-B799-0060B0F159EF}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\RxApprenticeServer.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{C8C18F89-794D-466B-8B97-95634D9890EF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{C8EC7647-1E79-4F13-81D7-2EED803D0D22}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{C92F8F8C-8B2C-11d4-B872-0060B0EC020B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtBridge.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{CC23CA32-9892-4FBA-A108-FE31CA0F35A6}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{CD865713-70D6-4E15-BB7B-9B99AD9DEB85}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{CFEE2BAF-14F9-4D23-853D-B6E2BCC14263}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{D56F5AB3-9C4D-4F1A-A851-A671D9FE8C22}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{D66873EA-AAE5-41CC-8DD2-8CE3228E9F89}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{D7A1987D-4A73-11D1-9A4B-080009DCE505}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ColorButton.Ocx (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{D7A1987E-4A73-11D1-9A4B-080009DCE505}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ColorButton.Ocx (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{D86B6C47-11F2-4D95-B635-EA575F0892FC}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{DA1F437C-9BD9-11d4-B87C-0060B0EC020B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\DtBridge.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{DB207560-8449-4FAF-BDC2-61676EB012D4}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{DB5D476B-3FF4-4E9D-A606-1E2B473BE571}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\AcInetUI.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{DCA7356C-FF94-4b20-AE04-7AA6A8E14117}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{DDA9A20F-5B56-49F5-9465-CE82FC199352}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{DE6B563C-B074-4BF1-A8A0-B3FED8703E99}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{DE74F5AD-DA2F-429F-BAF9-850A2808D585}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{DF6525C2-6358-4B07-813D-708120C5FE1A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{E177A457-9EAA-43C3-A3CE-84874A28F6CA}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{E1C85E9F-60B2-4007-80C3-2C5E09474C3B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\RxInventorUtilities.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{E29F6C45-6927-4508-8F3F-34105FD3FC5F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{E4222C78-3670-4BB1-9AD4-7D8F3E581F2D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\TestServer.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{E60F81E1-49B3-11D0-93C3-7E0706000000}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\Inventor.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{E70DE962-842A-4488-9481-1D0FD72A020F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{E9C07CEC-7B82-49E4-BBA2-7533B88E9D64}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{EA34A0C0-5CE7-4701-A6FA-117D25CD5EBB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{EF01D98A-747B-4522-AD70-991B90855DBF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{F13E75B9-6AF6-49CB-80B3-6D2FF6E09932}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{F196F03F-651A-43AF-BE34-D11942F24445}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{F2DB0EE3-7137-4CB0-8349-483C4FF2143A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{F40E2FF0-4D77-40B2-9A44-A3AEECCE8EFF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{F5522F0C-962A-48AC-9992-E81B07628F1F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{F61064CC-DBFB-47ee-9BC8-CA5A1CBDF0DA}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\InvResc.dll (Autodesk)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{F78DCF7C-043D-45FC-9D21-676FC307BA3F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{F868EAEC-1B73-4F5E-BA73-90EBA94E75BE}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{FA62F626-EBD5-4dc5-B970-D9E81E0E20E0}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\ServiceModule.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{FA97F7A7-FD19-4D55-ABF2-CFEFFF777426}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{FB469644-3F14-4403-ACCA-6B13486FF7BD}\localserver32 -> C:\Program Files\Autodesk\Inventor 2014\Bin\InvTXTStack.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{FD51ED8A-D518-4554-B236-B6E9D234FD03}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{FE054BB2-AF94-40AC-88AA-2F59F7018B1D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{FE317223-8EDE-4684-B424-E48B9EA90220}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000_Classes\CLSID\{FE718E8F-C3AA-4F30-9103-432450CF1DA1}\InprocServer32 -> axdb.dll No File

==================== Restore Points  =========================

08-05-2015 14:42:11 Geplanter Prüfpunkt
18-05-2015 07:33:19 Sony PC Companion
18-05-2015 11:57:15 Systemwiederhertstelungspunkt
18-05-2015 11:57:38 Systemwiederherstellungspunkt
18-05-2015 11:57:57 Removed MSXML 4.0 SP2 (KB954430)
18-05-2015 11:58:14 Removed MSXML 4.0 SP2 (KB973688)
18-05-2015 12:19:12 Windows Modules Installer
19-05-2015 11:08:00 Wiederherstellungsvorgang
19-05-2015 12:00:00 Entfernt 3Dconnexion 3DxWare 10
19-05-2015 12:05:35 Removed FARO LS 1.1.501.0 (64bit)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0651E0EF-D474-4094-8936-9D151B0EE6D5} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {287EEE84-0384-4C5C-8F68-781991A6264B} - System32\Tasks\3DconnexionCreateProcess_3DxService.exe => D:\Programme\Treiber\3DxWinCore64\3DxService.exe
Task: {41F41157-4BBE-4484-8C5C-D7CF609D5A95} - System32\Tasks\{781AD828-8A0D-4EEC-A258-B6E8B3D1E2AC} => pcalua.exe -a E:\08_Audio\01\INSTMSIW.EXE -d E:\08_Audio\01
Task: {4B9AB634-D309-406C-91C2-8D80D2B9FB33} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-18] (Google Inc.)
Task: {8B14056B-DCA1-4A4C-ABB4-1519EA280D0E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd)
Task: {9687FAE5-D5A5-4E87-A626-12C10B9D3E37} - System32\Tasks\{53F5DBCB-EA61-4285-8B5B-C1753580C36D} => pcalua.exe -a E:\05_Touchpad\05_Touchpad\ELAN\Setup.exe -d E:\05_Touchpad\05_Touchpad\ELAN
Task: {BF4DE4FA-1024-473B-9592-64B78A906168} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-18] (Google Inc.)
Task: {E5BAF3E3-45EA-47DE-A0A2-3037F6AC28C9} - System32\Tasks\{72121E57-39FD-429D-882A-2F756D2B3E3A} => pcalua.exe -a "D:\Programme\EA\Spiele\Battlefield 3\Punkbuster\pbsetup.exe" -d "D:\Programme\EA\Spiele\Battlefield 3\Punkbuster"
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-12-03 11:20 - 2014-11-13 02:20 - 00013120 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-03-19 20:17 - 2012-11-14 01:22 - 00078456 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2014-03-19 20:17 - 2012-11-14 01:22 - 00386168 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2014-03-19 20:21 - 2012-11-01 12:21 - 00325120 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2013-02-05 00:21 - 2013-02-05 00:21 - 00056352 _____ () C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00937504 _____ () C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00124448 _____ () C:\Program Files\Autodesk\Autodesk Sync\QJson.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00045088 _____ () C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll
2013-08-01 10:21 - 2013-08-01 10:21 - 04912120 _____ () C:\Program Files (x86)\Hotkey\Hotkey.exe
2015-05-18 07:33 - 2014-06-23 09:07 - 00113376 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2014-10-23 21:19 - 2014-10-23 21:19 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-12-14 18:19 - 2015-01-13 15:49 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-05-29 18:50 - 2013-05-29 18:50 - 00046592 _____ () C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
2015-01-20 08:36 - 2013-06-03 14:06 - 03999512 _____ () D:\Tobit Radio.fx\Server\rfx-server.exe
2014-03-19 20:03 - 2014-11-12 23:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-09-29 08:42 - 2014-09-04 05:41 - 00047496 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2014-09-29 08:42 - 2014-09-04 05:41 - 00104328 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
2014-03-06 15:00 - 2014-03-06 15:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
2014-12-03 11:20 - 2014-11-13 02:20 - 00010952 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2015-01-20 08:36 - 2013-06-03 14:06 - 09907712 _____ () D:\Tobit Radio.fx\Client\TOBITCLT.dll
2015-01-20 08:36 - 2013-05-16 15:28 - 00242688 _____ () D:\Tobit Radio.fx\Client\rfx-client$.ger
2015-05-18 07:33 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2015-05-18 07:33 - 2014-12-04 15:18 - 00241152 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2015-05-18 07:33 - 2013-05-20 12:58 - 00620718 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll
2015-03-23 19:19 - 2015-03-23 19:19 - 02620416 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\libxt.dll
2015-05-18 07:33 - 2010-01-11 16:44 - 00053248 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll
2015-04-10 11:26 - 2015-04-10 11:26 - 00669696 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
2009-06-06 15:50 - 2009-06-06 15:50 - 00019968 _____ () C:\Program Files (x86)\Hotkey\Audiodll.dll
2014-03-19 20:21 - 2012-10-31 16:00 - 00991232 ____N () D:\Programme\Treiber\Sound Blaster Cinema\de-DE\SBCinema.resources.dll
2015-05-19 13:12 - 2014-09-04 05:41 - 00104328 _____ () C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\qjson0.dll
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-05-18 12:46 - 2015-05-05 06:06 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\libglesv2.dll
2015-05-18 12:46 - 2015-05-05 06:06 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\libegl.dll
2014-03-19 19:52 - 2013-07-16 16:39 - 01199576 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 172.18.240.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{4AE61BD5-3E3D-46F2-A66B-F6BF58CF13BD}] => (Allow) D:\Programme\Microsoft Office\Office14\GROOVE.EXE
FirewallRules: [{6540BA9B-A954-445E-8AE9-35A17248A735}] => (Allow) D:\Programme\Microsoft Office\Office14\GROOVE.EXE
FirewallRules: [{08F54F87-1E86-49C7-8A23-FF1B53E8E8D5}] => (Allow) D:\Programme\Microsoft Office\Office14\ONENOTE.EXE
FirewallRules: [{743407A4-4676-442A-94A0-DB5DFEFECD3A}] => (Allow) D:\Programme\Microsoft Office\Office14\ONENOTE.EXE
FirewallRules: [{01B91402-8B91-4C8C-A8EB-AE8C7EB3E399}] => (Allow) D:\Programme\Microsoft Office\Office14\outlook.exe
FirewallRules: [{74E9C924-E6C3-4939-A20F-7C1D597317E9}] => (Allow) D:\Programme\EA\Spiele\Battlefield 3\bf3.exe
FirewallRules: [{B66D5F9F-62AB-452A-8B04-47DD3A7CDE4E}] => (Allow) D:\Programme\EA\Spiele\Battlefield 3\bf3.exe
FirewallRules: [{37F31AB4-FC5E-4EF1-8111-E4917494D6FD}] => (Allow) LPort=50248
FirewallRules: [{43C417FA-23D6-4CDA-9FE7-D44662024DA8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{67F2F93A-B858-4F09-A9B9-183B81CB1613}C:\users\tim\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\tim\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{90305D01-109F-461F-987E-117BDAB572A6}C:\users\tim\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\tim\appdata\local\akamai\netsession_win.exe
FirewallRules: [{C39FC637-4364-453E-8B57-A7C0CD088B1C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{506CE219-D4ED-4A36-9520-D2C0657CFE1C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{03198B2A-5E22-463A-8D49-D32AE6F9C22E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{934931E5-A760-483E-B3EC-E26BBD6C6C6C}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{28FA894B-04B0-4772-9C53-9C0617AFAE6E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{9987A81B-20CF-4ACE-99DA-B87109268E7A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{DAD84685-A779-4C4C-B223-7D9B5DEA42F9}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{DB1F565D-D3CE-4857-900C-5E6C7002CBA9}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{75F6893D-F50E-4E6F-B1B9-2825CFC3DE2F}] => (Allow) D:\Programme\EA\Spiele\Battlefield 4\bf4_x86.exe
FirewallRules: [{54F1340F-BF57-4EFC-BC50-B91E1B0CA56E}] => (Allow) D:\Programme\EA\Spiele\Battlefield 4\bf4_x86.exe
FirewallRules: [{5AA07E85-F62F-477F-8788-D6B13520FC15}] => (Allow) D:\Programme\EA\Spiele\Battlefield 4\bf4.exe
FirewallRules: [{CA7CAFC4-A47B-4D8C-8337-35F0E658AC57}] => (Allow) D:\Programme\EA\Spiele\Battlefield 4\bf4.exe
FirewallRules: [{76A53D91-7273-48F5-9AED-1F4E309AB1BA}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{14B24896-B6E6-4D48-81B7-5C2B48AF2800}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A3B67A19-9082-4E8F-BF0D-2E1B1990D28B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{D9E81151-3B72-46A9-BCC0-A7FCFBB8A794}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{A1F3B545-C5D8-47AE-ACCF-91C7DFB90702}] => (Allow) D:\Tobit Radio.fx\Server\rfx-server.exe
FirewallRules: [{C8F9AEF5-0A89-4234-994D-413E85EA364C}] => (Allow) D:\Tobit Radio.fx\Server\rfx-server.exe
FirewallRules: [{E8CA61B8-1090-47E5-BA4B-17DD21FE18AB}] => (Allow) D:\Tobit Radio.fx\Client\rfx-client.exe
FirewallRules: [{987459BB-EA15-4227-8942-4F4B953C0BFA}] => (Allow) D:\Tobit Radio.fx\Client\rfx-client.exe
FirewallRules: [{D840BA2A-4BDE-4076-9AC3-A5BA0051B499}] => (Allow) D:\Programme\EA\Spiele\Battlefield 4\bf4_x86.exe
FirewallRules: [{BAA96BBC-529E-44E9-BB23-0ADD9E428B03}] => (Allow) D:\Programme\EA\Spiele\Battlefield 4\bf4_x86.exe
FirewallRules: [{431CAD55-5B69-4264-99C4-225D9700039D}] => (Allow) D:\Programme\EA\Spiele\Battlefield 4\bf4.exe
FirewallRules: [{73D3CB92-C92E-414E-B4CC-BC8914A362BC}] => (Allow) D:\Programme\EA\Spiele\Battlefield 4\bf4.exe
FirewallRules: [{7F3E20F8-B539-455C-8338-C8E7499B0952}] => (Allow) D:\Programme\EA\Spiele\Dead Space 3\deadspace3.exe
FirewallRules: [{A82FD07C-C15D-4D22-AF0A-1F07529DBFEF}] => (Allow) D:\Programme\EA\Spiele\Dead Space 3\deadspace3.exe
FirewallRules: [{14978EFD-8051-4D1C-B9A3-153065CA97C5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C5108C37-F329-4400-BB85-C8B667FC62C4}] => (Allow) C:\Users\Tim\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{737D78B8-8B06-490C-81AB-4D78353D5A0F}] => (Allow) C:\Users\Tim\AppData\Roaming\Dropbox\bin\Dropbox.exe

==================== Faulty Device Manager Devices =============

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/19/2015 01:12:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2015 01:12:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: HeciServer.exe, Version: 1.28.487.1, Zeitstempel: 0x518e67a1
Name des fehlerhaften Moduls: HeciServer.exe, Version: 1.28.487.1, Zeitstempel: 0x518e67a1
Ausnahmecode: 0x40000015
Fehleroffset: 0x000000000005d239
ID des fehlerhaften Prozesses: 0x414
Startzeit der fehlerhaften Anwendung: 0xHeciServer.exe0
Pfad der fehlerhaften Anwendung: HeciServer.exe1
Pfad des fehlerhaften Moduls: HeciServer.exe2
Berichtskennung: HeciServer.exe3

Error: (05/19/2015 01:12:09 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path name Fehler bei der Überprüfung. Fehler: Type-ID=23, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0

Error: (05/19/2015 01:12:09 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path name Fehler bei der Überprüfung. Fehler: Type-ID=21, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0

Error: (05/19/2015 01:12:09 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path name Fehler bei der Überprüfung. Fehler: Type-ID=18, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0

Error: (05/19/2015 01:00:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats von <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crt>. Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben.
.

Error: (05/19/2015 00:22:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats von <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crt>. Fehler: Der angegebene Server kann den angeforderten Vorgang nicht ausführen.
.

Error: (05/19/2015 00:22:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats von <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crt>. Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben.
.

Error: (05/19/2015 00:06:43 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Tim-PC)
Description: Die Anwendung oder der Dienst "PDF Architect 3 Creator" konnte nicht neu gestartet werden.

Error: (05/19/2015 00:00:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Mgl3DCtlrRPCService.exe, Version: 2.0.14317.11011, Zeitstempel: 0x5464fd73
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b864
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000bf922
ID des fehlerhaften Prozesses: 0x86c
Startzeit der fehlerhaften Anwendung: 0xMgl3DCtlrRPCService.exe0
Pfad der fehlerhaften Anwendung: Mgl3DCtlrRPCService.exe1
Pfad des fehlerhaften Moduls: Mgl3DCtlrRPCService.exe2
Berichtskennung: Mgl3DCtlrRPCService.exe3


System errors:
=============
Error: (05/19/2015 01:12:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (05/19/2015 01:12:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Intel(R) Capability Licensing Service Interface erreicht.

Error: (05/19/2015 00:52:59 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (05/19/2015 00:00:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "3Dconnexion Broker Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/19/2015 11:30:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (05/19/2015 11:30:33 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Intel(R) Capability Licensing Service Interface erreicht.

Error: (05/19/2015 11:27:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (05/19/2015 11:27:22 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Intel(R) Capability Licensing Service Interface erreicht.

Error: (05/19/2015 11:24:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (05/19/2015 11:24:38 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Intel(R) Capability Licensing Service Interface erreicht.


Microsoft Office Sessions:
=========================
Error: (05/19/2015 01:12:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2015 01:12:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HeciServer.exe1.28.487.1518e67a1HeciServer.exe1.28.487.1518e67a140000015000000000005d23941401d09224a687ecacC:\Program Files\Intel\iCLS Client\HeciServer.exeC:\Program Files\Intel\iCLS Client\HeciServer.exeed2cf958-fe17-11e4-8278-0cd292b85460

Error: (05/19/2015 01:12:09 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path name23808600

Error: (05/19/2015 01:12:09 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path name21808600

Error: (05/19/2015 01:12:09 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path name18808600

Error: (05/19/2015 01:00:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crtDieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben.

Error: (05/19/2015 00:22:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crtDer angegebene Server kann den angeforderten Vorgang nicht ausführen.

Error: (05/19/2015 00:22:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crtDieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben.

Error: (05/19/2015 00:06:43 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Tim-PC)
Description: 0creator-ws.exePDF Architect 3 Creator03026217829400

Error: (05/19/2015 00:00:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Mgl3DCtlrRPCService.exe2.0.14317.110115464fd73ntdll.dll6.1.7601.187985507b864c000037400000000000bf92286c01d092167463d724D:\Programme\Treiber\3DxWinCore64\Mgl3DCtlrRPCService.exeC:\Windows\SYSTEM32\ntdll.dlle07e0045-fe0d-11e4-8504-0cd292b85460


CodeIntegrity Errors:
===================================
  Date: 2015-04-07 22:39:37.814
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-07 22:39:37.811
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-07 22:39:11.628
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-07 22:39:11.625
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-07 22:39:10.722
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-07 22:39:10.719
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-07 22:39:10.587
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-07 22:39:10.585
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-07 22:37:48.226
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-07 22:37:48.226
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 17%
Total physical RAM: 16304.21 MB
Available physical RAM: 13427.8 MB
Total Pagefile: 16502.4 MB
Available Pagefile: 13450.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:55.32 GB) NTFS
Drive d: () (Fixed) (Total:465.76 GB) (Free:253.9 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 9F733E47)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: BB85F32F)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Tim Herrmann 19.05.2015 17:23
Windows 7: Internetprobleme nach VPN Verbindung mit Uni-Server
 
Vortsetzung:
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:25 on 19/05/2015 (Tim)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-05-2015 02
Ran by Tim (administrator) on TIM-PC on 19-05-2015 13:26:40
Running from D:\Users\Tim\Downloads
Loaded Profiles: Tim (Available profiles: Tim)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(Microsoft Corporation) D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE
(Tobit.Software) D:\Tobit Radio.fx\Client\rfx-tray.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
() C:\Program Files (x86)\Hotkey\Hotkey.exe
(Microsoft Corporation) D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Autodesk Inc.) C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
() D:\Tobit Radio.fx\Server\rfx-server.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5672624 2013-03-26] (VIA)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3008824 2012-11-30] (Synaptics Incorporated)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2465088 2014-11-17] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation)
HKLM-x32\...\Run: [Sound Blaster Cinema] => D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe [711680 2012-11-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [BCSSync] => D:\Programme\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [488328 2014-09-04] (Autodesk Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\Run: [OfficeSyncProcess] => D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE [718720 2010-12-21] (Microsoft Corporation)
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\Run: [rfxsrvtray] => D:\Tobit Radio.fx\Client\rfx-tray.exe [1838872 2013-02-07] (Tobit.Software)
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [455392 2015-04-10] (Sony)
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\Policies\Explorer: []
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\MountPoints2: {570a12d5-bcd4-11e4-b996-0090f5f2dc8c} - G:\AutoRun.exe
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\MountPoints2: {570a12e0-bcd4-11e4-b996-0090f5f2dc8c} - G:\AutoRun.exe
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\MountPoints2: {bfdddd47-fd1e-11e4-a05f-0cd292b85460} - F:\startme.exe
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2014-11-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2014-11-13] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk [2014-03-19]
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\Hotkey.exe ()
Startup: C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-18]
ShortcutTarget: Dropbox.lnk -> C:\Users\Tim\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2014-09-16]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-2530768674-2421857465-2161656677-1000] => hxxp://www.hs-koblenz.de/proxy.pac
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000 -> {98942130-7CF9-46E5-831B-14D569129F80} URL = https://www.google.com/search?q={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-04-07] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: ExplorerWatcher Class -> {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} -> D:\Programme\Clover\TabHelper64.dll [2014-01-23] (EJIE Technology)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Programme\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-04-07] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Programme\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 172.18.240.1 172.18.240.1

FireFox:
========
FF ProfilePath: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\zrh3dtnu.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-17] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-17] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-07-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-07-16] (Intel Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-04-07] ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-04-07] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-04-07] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-04-07]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-04-07]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2015-04-07]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2015-04-07]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-04-07]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-18]
CHR Extension: (Google Docs) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-18]
CHR Extension: (Google Drive) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-18]
CHR Extension: (YouTube) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-18]
CHR Extension: (Google Search) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-18]
CHR Extension: (Kaspersky Protection) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-05-18]
CHR Extension: (Google Sheets) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-18]
CHR Extension: (Bookmark Manager) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-18]
CHR Extension: (Black carbon + silver metal) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lodhggoaglindpoejnjldimdlikkphph [2015-05-18]
CHR Extension: (Google Wallet) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-18]
CHR Extension: (Gmail) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-18]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [597896 2014-09-04] (Autodesk Inc.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-07-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-07-16] (Intel Corporation)
S3 Microsoft SharePoint Workspace Audit Service; D:\Programme\Microsoft Office\Office14\GROOVE.EXE [31124344 2010-12-27] (Microsoft Corporation)
R2 mitsijm2014; C:\Program Files\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe [952608 2013-01-25] (Autodesk, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-11-17] (NVIDIA Corporation)
S3 Origin Client Service; D:\Programme\EA\Origin\OriginClientService.exe [1910640 2015-03-11] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-01-13] ()
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [46592 2013-05-29] () [File not signed]
R2 Radio.fx; D:\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] ()
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3377904 2013-07-17] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 3dxhid; C:\Windows\System32\DRIVERS\3dxhid.sys [38672 2014-11-07] (3Dconnexion SAM)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2015-04-07] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2015-04-07] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
S3 KMJHidMini; C:\Windows\System32\DRIVERS\3dxkmj.sys [18944 2013-10-08] (3Dconnextion Inc.) [File not signed]
S3 KMJShim; C:\Windows\System32\DRIVERS\3dxshim.sys [7168 2013-10-08] (3Dconnextion Inc.) [File not signed]
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [24848 2008-01-02] (IBM)
S3 SaiKA50A; C:\Windows\System32\DRIVERS\SaiKA50A.sys [147976 2009-09-14] (Saitek)
S3 SaiUA50A; C:\Windows\System32\DRIVERS\SaiUA50A.sys [41224 2009-09-14] (Saitek)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-30] (Synaptics Incorporated)
R3 VMfilt; C:\Windows\System32\drivers\VMfilt64.sys [25600 2009-07-30] (Creative Technology Ltd.)
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-19 13:26 - 2015-05-19 13:26 - 00000000 ____D () C:\FRST
2015-05-19 13:25 - 2015-05-19 13:25 - 00000000 _____ () C:\Users\Tim\defogger_reenable
2015-05-19 13:19 - 2015-05-19 13:25 - 00000000 ____D () C:\Users\Tim\Desktop\Trojaner-Board
2015-05-19 13:12 - 2015-05-19 13:12 - 00000372 _____ () C:\Windows\PFRO.log
2015-05-19 13:01 - 2015-05-19 13:04 - 00000000 ____D () C:\Regdelnull (1)
2015-05-19 11:35 - 2015-05-19 11:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-19 11:19 - 2015-05-19 11:23 - 00000000 ____D () C:\AdwCleaner
2015-05-19 10:25 - 2015-05-19 13:12 - 00001187 _____ () C:\Windows\setupact.log
2015-05-19 10:25 - 2015-05-19 10:25 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-19 10:25 - 2015-05-19 10:22 - 00411661 _____ () C:\Users\Tim\Desktop\Borduhr.CATPart
2015-05-18 21:30 - 2015-05-19 11:29 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-18 12:46 - 2015-05-19 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-18 12:44 - 2015-05-19 13:12 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-18 12:44 - 2015-05-19 11:49 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-18 12:44 - 2015-05-18 12:44 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-18 12:44 - 2015-05-18 12:44 - 00003848 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-18 12:20 - 2015-05-18 12:20 - 00001409 _____ () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-05-18 12:20 - 2015-05-18 12:20 - 00001403 _____ () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-18 07:33 - 2015-05-19 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-05-18 07:33 - 2015-05-18 07:33 - 00000000 ____D () C:\ProgramData\Sony
2015-05-18 07:33 - 2015-05-18 07:33 - 00000000 ____D () C:\Program Files (x86)\Sony
2015-05-18 07:32 - 2015-05-18 07:32 - 28684424 _____ (Sony Mobile Communications ) C:\Users\Tim\AppData\Local\pcc.exe
2015-05-13 18:02 - 2015-05-18 20:58 - 00000000 ____D () C:\Users\Tim\Desktop\Backup HTC
2015-05-13 17:51 - 2015-05-13 17:51 - 00000000 ____D () C:\Users\Tim\AppData\Local\Macromedia
2015-05-05 20:21 - 2015-05-18 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funktionsplotter
2015-05-05 20:20 - 2015-05-05 20:20 - 00253952 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2015-05-05 20:20 - 2015-05-05 20:20 - 00074752 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2015-04-30 17:11 - 2015-04-30 17:16 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-30 17:11 - 2015-04-01 11:16 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-30 16:53 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-04-30 16:53 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2015-04-30 16:53 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-04-30 16:53 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-04-30 16:53 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-04-30 16:53 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-04-30 16:53 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2015-04-30 16:53 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2015-04-30 16:51 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-30 16:51 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-30 16:51 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-30 16:51 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-30 16:51 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-30 16:51 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-30 16:51 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-30 16:51 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-30 16:51 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-30 16:51 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-30 16:51 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-30 16:51 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-30 16:51 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-30 16:51 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-30 16:51 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-30 16:51 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-30 16:51 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-30 16:51 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-30 16:51 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-30 16:51 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-30 16:51 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-30 16:51 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-30 16:51 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-30 16:51 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-30 16:51 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-30 16:51 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-30 16:51 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-30 16:51 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-04-30 16:51 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-04-30 16:51 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-04-30 16:51 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 02644992 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-04-30 16:51 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-04-30 16:51 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-04-30 16:51 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-04-30 16:51 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-04-30 16:51 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-04-30 16:51 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-04-30 16:51 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-04-30 16:51 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-04-30 16:51 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-04-30 16:51 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-04-30 16:51 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-04-30 16:51 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 02135040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-04-30 16:51 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-04-30 16:51 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-04-30 16:51 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-04-30 16:51 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-04-30 16:51 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-04-30 16:51 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-04-30 16:51 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-04-30 16:51 - 2014-11-11 05:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-04-30 16:51 - 2014-11-11 04:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-04-30 16:51 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-04-30 16:51 - 2014-10-14 04:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-04-30 16:51 - 2014-07-17 04:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-04-30 16:51 - 2014-07-17 04:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-04-30 16:51 - 2014-07-17 04:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-04-30 16:51 - 2014-07-17 04:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-04-30 16:51 - 2014-07-17 04:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-04-30 16:51 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2015-04-30 16:51 - 2014-07-17 03:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-04-30 16:51 - 2014-07-17 03:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-04-30 16:51 - 2014-07-17 03:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-04-30 16:51 - 2014-07-17 03:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-04-30 16:51 - 2014-07-17 03:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-04-30 16:51 - 2014-06-28 02:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-04-30 16:51 - 2014-06-28 02:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-04-30 16:51 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2015-04-30 16:51 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2015-04-30 16:51 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2015-04-30 16:51 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2015-04-30 16:51 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2015-04-30 16:51 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2015-04-30 16:51 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2015-04-30 16:51 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2015-04-30 16:51 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2015-04-30 16:51 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2015-04-30 16:51 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2015-04-30 16:51 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2015-04-30 16:51 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2015-04-30 16:51 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-30 16:50 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-30 16:50 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-30 16:50 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-30 16:50 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-30 16:50 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-30 16:50 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-30 16:50 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-30 16:50 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-30 16:50 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-30 16:50 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-30 16:50 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-30 16:50 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-30 16:50 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-30 16:50 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-30 16:50 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-30 16:50 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-30 16:50 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-30 16:50 - 2015-02-26 05:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-04-30 16:50 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-30 16:50 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-04-30 16:50 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-04-30 16:50 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-04-30 16:50 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-04-30 16:50 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-04-30 16:50 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-04-30 16:50 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-04-30 16:50 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-04-30 16:50 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-04-30 16:50 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-04-30 16:50 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-04-30 16:50 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-04-30 16:50 - 2015-02-03 05:31 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-04-30 16:50 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-04-30 16:50 - 2015-02-03 05:12 - 01011200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-04-30 16:50 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-04-30 16:50 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-30 16:50 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-04-30 16:50 - 2014-12-19 05:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-04-30 16:50 - 2014-12-19 03:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-04-30 16:50 - 2014-12-11 19:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-04-30 16:50 - 2014-12-08 05:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-04-30 16:50 - 2014-12-08 04:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-04-30 16:50 - 2014-12-06 06:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-04-30 16:50 - 2014-12-06 05:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-04-30 16:50 - 2014-12-06 05:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-04-30 16:50 - 2014-10-25 03:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-04-30 16:50 - 2014-10-25 03:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-04-30 16:50 - 2014-10-18 04:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-04-30 16:50 - 2014-10-18 03:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-04-30 16:50 - 2014-09-04 07:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-04-30 16:50 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2015-04-30 16:50 - 2014-08-12 04:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-04-30 16:50 - 2014-08-12 03:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-04-30 16:50 - 2014-06-19 00:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-04-30 16:50 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-04-30 16:50 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2015-04-30 16:50 - 2014-06-19 00:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-04-30 16:50 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2015-04-30 16:50 - 2014-06-19 00:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-04-30 16:50 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2015-04-30 16:50 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2015-04-30 16:50 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-04-30 16:50 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-04-30 16:50 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2015-04-30 16:50 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-04-30 16:50 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-04-30 16:50 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-04-30 16:50 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-04-30 16:50 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-04-30 16:50 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-04-30 16:50 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-04-30 16:50 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-04-30 16:50 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-04-30 16:50 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-04-30 16:50 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-04-30 16:50 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-04-30 16:50 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-04-30 16:50 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-04-30 16:50 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-04-30 16:50 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-04-30 16:50 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-04-30 16:50 - 2012-10-03 19:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-04-30 16:50 - 2012-10-03 19:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-04-30 16:43 - 2015-02-04 05:16 - 00392192 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-04-30 16:43 - 2015-02-04 04:54 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-04-30 16:43 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-04-30 16:42 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-04-29 12:08 - 2015-04-29 12:14 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\PDF Architect 3
2015-04-29 12:07 - 2015-05-19 12:06 - 00000000 ____D () C:\ProgramData\PDF Architect 3
2015-04-29 11:56 - 2013-09-01 13:59 - 01103872 _____ () C:\Windows\SysWOW64\CBLCtlsU.ocx
2015-04-29 11:56 - 2013-07-13 13:15 - 00805376 _____ () C:\Windows\SysWOW64\EditCtlsU.ocx
2015-04-29 11:56 - 2013-07-12 23:57 - 00539648 _____ () C:\Windows\SysWOW64\LblCtlsU.ocx
2015-04-29 11:56 - 2013-04-05 14:55 - 00476160 _____ () C:\Windows\SysWOW64\TabStripCtlU.ocx
2015-04-29 11:56 - 2013-03-29 00:13 - 00645632 _____ () C:\Windows\SysWOW64\BtnCtlsU.ocx
2015-04-29 11:56 - 2013-03-03 15:37 - 01061888 _____ () C:\Windows\SysWOW64\ExLvwU.ocx
2015-04-29 08:36 - 2015-05-13 11:55 - 00017698 _____ () C:\Users\Tim\Desktop\Notenliste.xlsx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-19 13:25 - 2014-03-19 19:41 - 00000000 ____D () C:\Users\Tim
2015-05-19 13:20 - 2009-07-14 06:45 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-19 13:20 - 2009-07-14 06:45 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-19 13:19 - 2011-04-12 09:43 - 00699342 _____ () C:\Windows\system32\perfh007.dat
2015-05-19 13:19 - 2011-04-12 09:43 - 00149450 _____ () C:\Windows\system32\perfc007.dat
2015-05-19 13:19 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-19 13:16 - 2014-03-19 19:41 - 01322819 _____ () C:\Windows\WindowsUpdate.log
2015-05-19 13:12 - 2015-01-07 11:45 - 00000433 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-05-19 13:12 - 2014-03-19 20:54 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-05-19 13:12 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-19 12:05 - 2015-03-10 20:21 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\DVDVideoSoft
2015-05-19 12:03 - 2015-02-12 21:22 - 00000000 ____D () C:\Program Files (x86)\AVS4YOU
2015-05-19 12:02 - 2014-03-20 16:19 - 00000000 ____D () C:\Users\Tim\AppData\Local\Akamai
2015-05-19 12:00 - 2014-12-08 09:39 - 00003262 _____ () C:\Windows\System32\Tasks\3DconnexionCreateProcess_3DxService.exe
2015-05-19 12:00 - 2014-04-09 11:00 - 00000000 ____D () C:\Program Files\Autodesk
2015-05-19 11:29 - 2014-09-30 08:51 - 00000000 ____D () C:\Program Files (x86)\Google
2015-05-19 11:29 - 2014-04-09 22:27 - 00000000 ____D () C:\Users\Tim\AppData\Local\Microsoft Help
2015-05-19 11:29 - 2014-04-09 22:13 - 00000000 ____D () C:\Users\Tim\AppData\Local\Autodesk,_Inc
2015-05-19 11:29 - 2014-04-09 22:09 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-05-19 11:29 - 2014-03-20 16:31 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Autodesk
2015-05-19 11:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2015-05-19 09:36 - 2015-04-15 09:07 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Nitro PDF
2015-05-19 07:34 - 2014-03-19 19:37 - 00000000 ____D () C:\Windows\Panther
2015-05-19 07:33 - 2015-04-18 17:17 - 00000080 _____ () C:\Users\Tim\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-05-18 21:30 - 2014-04-12 13:52 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Dropbox
2015-05-18 21:23 - 2014-04-12 14:06 - 00000000 ___RD () C:\Users\Tim\Dropbox
2015-05-18 12:46 - 2014-03-19 21:04 - 00000000 ____D () C:\Users\Tim\AppData\Local\Google
2015-05-18 12:43 - 2014-03-19 21:03 - 00000000 ____D () C:\Users\Tim\AppData\Local\Deployment
2015-05-18 12:19 - 2015-03-10 14:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-18 12:12 - 2014-11-03 14:16 - 00007621 _____ () C:\Users\Tim\AppData\Local\Resmon.ResmonCfg
2015-05-18 11:59 - 2015-04-12 15:28 - 00000000 ____D () C:\Program Files (x86)\MathType
2015-05-18 11:59 - 2015-03-05 10:42 - 00000000 ____D () C:\ProgramData\FreePDF
2015-05-18 11:59 - 2015-03-05 10:42 - 00000000 ____D () C:\Program Files (x86)\FreePDF_XP
2015-05-18 07:33 - 2014-03-19 20:07 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-17 18:34 - 2014-09-17 07:38 - 00000000 ____D () C:\Users\Tim\Documents\Outlook-Dateien
2015-05-13 10:52 - 2014-04-09 11:00 - 00000000 ____D () C:\Users\Tim\AppData\Local\Autodesk
2015-05-13 10:52 - 2014-03-20 16:31 - 00000000 ____D () C:\ProgramData\Autodesk
2015-05-11 11:01 - 2015-03-16 10:00 - 00036330 _____ () C:\Users\Tim\Desktop\Kalender.xlsx
2015-05-06 13:17 - 2014-10-08 10:49 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Skype
2015-05-02 15:52 - 2014-04-09 12:29 - 00000000 ____D () C:\Users\Tim\Documents\Inventor
2015-05-02 14:32 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-05-01 17:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-30 18:51 - 2009-07-14 06:45 - 00537216 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-30 18:49 - 2015-04-12 11:54 - 00000000 ____D () C:\Program Files\Windows Journal
2015-04-30 18:49 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Defender
2015-04-30 18:49 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-04-30 18:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-04-30 18:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-04-30 18:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-30 18:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-04-30 18:08 - 2014-04-09 01:09 - 01593564 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-19 10:57 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2015-05-18 07:32 - 2015-05-18 07:32 - 28684424 _____ (Sony Mobile Communications                                  ) C:\Users\Tim\AppData\Local\pcc.exe
2014-11-03 14:16 - 2015-05-18 12:12 - 0007621 _____ () C:\Users\Tim\AppData\Local\Resmon.ResmonCfg
2014-08-05 22:27 - 2014-09-12 09:33 - 0006991 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Tim\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2uuum2.dll
C:\Users\Tim\AppData\Local\Temp\Quarantine.exe
C:\Users\Tim\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-04 08:16

==================== End Of Log ============================

Tim Herrmann 19.05.2015 17:26
Windows 7: Internetprobleme nach VPN Verbindung mit Uni-Server
 
Vortsetzung:
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-05-19 13:40:00
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Samsung_SSD_840_EVO_120GB rev.EXT0BB6Q 111,79GB
Running: Gmer-19357.exe; Driver: C:\Users\Tim\AppData\Local\Temp\uwldipow.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey                                                            00000000775afaa4 5 bytes JMP 0000000171212e10
.text  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                    00000000775b0034 5 bytes JMP 0000000171212dd0
.text  C:\Windows\system32\Dwm.exe[2564] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                                                          000007fefd3b3460 7 bytes JMP 000007fffd3a00d8
.text  C:\Windows\system32\Dwm.exe[2564] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                            000007fefd3ca590 6 bytes JMP 000007fffd3a0148
.text  C:\Windows\system32\Dwm.exe[2564] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                                              000007fefd3cac00 5 bytes JMP 000007fffd3a0180
.text  C:\Windows\system32\Dwm.exe[2564] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                                                        000007fefd3cada0 5 bytes JMP 000007fffd3a0110
.text  C:\Windows\system32\Dwm.exe[2564] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                                        000007fefe4c89e0 8 bytes JMP 000007fffd3a01f0
.text  C:\Windows\system32\Dwm.exe[2564] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                                                      000007fefe4cbe40 8 bytes JMP 000007fffd3a01b8
.text  C:\Windows\system32\Dwm.exe[2564] C:\Windows\system32\dxgi.dll!CreateDXGIFactory                                                                                                              000007fef76d4da4 7 bytes JMP 000007fff76c00d8
.text  C:\Windows\system32\Dwm.exe[2564] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1                                                                                                              000007fef76f9af4 7 bytes JMP 000007fff76c0110
.text  C:\Windows\System32\igfxpers.exe[2700] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                                                    000007fefd3b3460 7 bytes JMP 000007fffd3a00d8
.text  C:\Windows\System32\igfxpers.exe[2700] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                      000007fefd3ca590 6 bytes JMP 000007fffd3a0148
.text  C:\Windows\System32\igfxpers.exe[2700] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                                          000007fefd3cac00 5 bytes JMP 000007fffd3a0180
.text  C:\Windows\System32\igfxpers.exe[2700] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                                                  000007fefd3cada0 5 bytes JMP 000007fffd3a0110
.text  C:\Windows\System32\igfxpers.exe[2700] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                                    000007fefe4c89e0 8 bytes JMP 000007fffd3a01f0
.text  C:\Windows\System32\igfxpers.exe[2700] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                                                  000007fefe4cbe40 8 bytes JMP 000007fffd3a01b8
.text  C:\Windows\System32\igfxpers.exe[2700] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                                                          000007fefd777490 11 bytes JMP 000007fffd3a0228
.text  C:\Windows\System32\igfxpers.exe[2700] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                                                        000007fefd78bf00 7 bytes JMP 000007fffd3a0260
.text  C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2824] C:\Windows\system32\kernel32.dll!RegSetValueExW                                                                                      000000007719a3e0 7 bytes JMP 000000016fff0228
.text  C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2824] C:\Windows\system32\kernel32.dll!RegQueryValueExW                                                                                    00000000771a3f00 5 bytes JMP 000000016fff0180
.text  C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2824] C:\Windows\system32\kernel32.dll!RegDeleteValueW                                                                                    00000000771bfff0 5 bytes JMP 000000016fff01b8
.text  C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2824] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                                              00000000771cf360 5 bytes JMP 000000016fff0110
.text  C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2824] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                                            00000000771f9ab0 7 bytes JMP 000000016fff00d8
.text  C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2824] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                                            0000000077209540 5 bytes JMP 000000016fff0148
.text  C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2824] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                                      0000000077228860 1 byte JMP 000000016fff01f0
.text  C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2824] C:\Windows\system32\kernel32.dll!RegSetValueExA + 2                                                                                  0000000077228862 5 bytes {JMP 0xfffffffff8dc7990}
.text  C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2824] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                                  000007fefd3b3460 7 bytes JMP 000007fffd3a00d8
.text  C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2824] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                    000007fefd3ca590 6 bytes JMP 000007fffd3a0148
.text  C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2824] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                      000007fefd3cac00 5 bytes JMP 000007fffd3a0180
.text  C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2824] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                                000007fefd3cada0 5 bytes JMP 000007fffd3a0110
.text  C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2824] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                000007fefe4c89e0 8 bytes JMP 000007fffd3a01f0
.text  C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2824] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                              000007fefe4cbe40 8 bytes JMP 000007fffd3a01b8
.text  C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2824] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                                      000007fefd777490 11 bytes JMP 000007fffd3a0228
.text  C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[2824] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                                      000007fefd78bf00 7 bytes JMP 000007fffd3a0260
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2912] C:\Windows\system32\kernel32.dll!RegSetValueExW                                                                                            000000007719a3e0 7 bytes JMP 000000016fff0228
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2912] C:\Windows\system32\kernel32.dll!RegQueryValueExW                                                                                          00000000771a3f00 5 bytes JMP 000000016fff0180
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2912] C:\Windows\system32\kernel32.dll!RegDeleteValueW                                                                                          00000000771bfff0 5 bytes JMP 000000016fff01b8
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2912] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                                                    00000000771cf360 5 bytes JMP 000000016fff0110
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2912] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                                                  00000000771f9ab0 7 bytes JMP 000000016fff00d8
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2912] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                                                  0000000077209540 5 bytes JMP 000000016fff0148
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2912] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                                            0000000077228860 1 byte JMP 000000016fff01f0
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2912] C:\Windows\system32\kernel32.dll!RegSetValueExA + 2                                                                                        0000000077228862 5 bytes {JMP 0xfffffffff8dc7990}
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2912] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                                        000007fefd3b3460 7 bytes JMP 000007fffd3a00d8
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2912] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                          000007fefd3ca590 6 bytes JMP 000007fffd3a0148
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2912] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                            000007fefd3cac00 5 bytes JMP 000007fffd3a0180
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2912] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                                      000007fefd3cada0 5 bytes JMP 000007fffd3a0110
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2912] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                      000007fefe4c89e0 8 bytes JMP 000007fffd3a01f0
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2912] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                                    000007fefe4cbe40 8 bytes JMP 000007fffd3a01b8
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2912] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                                            000007fefd777490 11 bytes JMP 000007fffd3a0228
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2912] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                                            000007fefd78bf00 7 bytes JMP 000007fffd3a0260
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                                                                    0000000076d51eee 7 bytes JMP 0000000166694b10
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                                                                      0000000076d55b85 7 bytes JMP 00000001666954b0
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                      0000000076d613e1 7 bytes JMP 0000000166694e50
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                                                                    0000000076d6ea15 7 bytes JMP 0000000166694b00
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                            0000000076df8e84 7 bytes JMP 00000001666945c0
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                            0000000076df8f09 5 bytes JMP 0000000166694670
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                              0000000076df925f 5 bytes JMP 00000001666945d0
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                  0000000076a01d29 5 bytes JMP 0000000166694580
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                                0000000076a01dd7 5 bytes JMP 0000000166694540
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                    0000000076a02ab1 5 bytes JMP 0000000166694680
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                      0000000076a02d17 5 bytes JMP 0000000166694360
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                      00000000770a8a29 5 bytes JMP 0000000166693a40
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                                  00000000770b4572 5 bytes JMP 00000001666942e0
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                                                                  00000000770ce567 5 bytes JMP 0000000166694350
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                                                              00000000770f07d7 5 bytes JMP 0000000166693850
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                                                            0000000077107a5c 5 bytes JMP 00000001666942d0
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                              000000007549e96b 5 bytes JMP 0000000166693b60
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                                000000007549eba5 5 bytes JMP 0000000166693b80
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                                      00000000756f5ea5 5 bytes JMP 0000000166693a00
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                                      0000000075729d0b 5 bytes JMP 0000000166693990
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                              0000000076891401 2 bytes JMP 76d7b1ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                0000000076891419 2 bytes JMP 76d7b31a C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                              0000000076891431 2 bytes JMP 76df8f09 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                              000000007689144a 2 bytes CALL 76d54885 C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                                                            * 9
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                00000000768914dd 2 bytes JMP 76df8802 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                          00000000768914f5 2 bytes JMP 76df89d8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                000000007689150d 2 bytes JMP 76df86f8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                          0000000076891525 2 bytes JMP 76df8ac2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                000000007689153d 2 bytes JMP 76d6fc78 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                    0000000076891555 2 bytes JMP 76d768bf C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                              000000007689156d 2 bytes JMP 76df8fc1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                0000000076891585 2 bytes JMP 76df8b22 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                  000000007689159d 2 bytes JMP 76df86bc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                00000000768915b5 2 bytes JMP 76d6fd11 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                              00000000768915cd 2 bytes JMP 76d7b2b0 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                          00000000768916b2 2 bytes JMP 76df8e84 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3112] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                          00000000768916bd 2 bytes JMP 76df8651 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[3144] C:\Windows\system32\kernel32.dll!RegSetValueExW                                                                                      000000007719a3e0 7 bytes JMP 000000016fff0228
.text  C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[3144] C:\Windows\system32\kernel32.dll!RegQueryValueExW                                                                                    00000000771a3f00 5 bytes JMP 000000016fff0180
.text  C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[3144] C:\Windows\system32\kernel32.dll!RegDeleteValueW                                                                                      00000000771bfff0 5 bytes JMP 000000016fff01b8
.text  C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[3144] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                                                00000000771cf360 5 bytes JMP 000000016fff0110
.text  C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[3144] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                                              00000000771f9ab0 7 bytes JMP 000000016fff00d8
.text  C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[3144] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                                              0000000077209540 5 bytes JMP 000000016fff0148
.text  C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[3144] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                                      0000000077228860 1 byte JMP 000000016fff01f0
.text  C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[3144] C:\Windows\system32\kernel32.dll!RegSetValueExA + 2                                                                                  0000000077228862 5 bytes {JMP 0xfffffffff8dc7990}
.text  C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[3144] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                                  000007fefd3b3460 7 bytes JMP 000007fffd3900d8
.text  C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[3144] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                    000007fefd3ca590 6 bytes JMP 000007fffd390148
.text  C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[3144] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                        000007fefd3cac00 5 bytes JMP 000007fffd390180
.text  C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[3144] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                                000007fefd3cada0 5 bytes JMP 000007fffd390110
.text  C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[3144] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                  000007fefe4c89e0 8 bytes JMP 000007fffd3901f0
.text  C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[3144] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                                000007fefe4cbe40 8 bytes JMP 000007fffd3901b8
.text  D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                                                                                    0000000076d51eee 7 bytes JMP 0000000166694b10
.text  D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                                                                                      0000000076d55b85 7 bytes JMP 00000001666954b0
.text  D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                                      0000000076d613e1 7 bytes JMP 0000000166694e50
.text  D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                                                                                      0000000076d6ea15 7 bytes JMP 0000000166694b00
.text  D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                                              0000000076df8e84 7 bytes JMP 00000001666945c0
.text  D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                                              0000000076df8f09 5 bytes JMP 0000000166694670
.text  D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                                                0000000076df925f 5 bytes JMP 00000001666945d0
.text  D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                                  0000000076a01d29 5 bytes JMP 0000000166694580
.text  D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                                                0000000076a01dd7 5 bytes JMP 0000000166694540
.text  D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                                    0000000076a02ab1 5 bytes JMP 0000000166694680
.text  D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                                        0000000076a02d17 5 bytes JMP 0000000166694360
.text  D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                                                000000007549e96b 5 bytes JMP 0000000166693b60
.text  D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                  000000007549eba5 5 bytes JMP 0000000166693b80
.text  D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                                        00000000770a8a29 5 bytes JMP 0000000166693a40
.text  D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                                                    00000000770b4572 5 bytes JMP 00000001666942e0
.text  D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                                                                                    00000000770ce567 5 bytes JMP 0000000166694350
.text  D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                                                                              00000000770f07d7 5 bytes JMP 0000000166693850
.text  D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                                                                            0000000077107a5c 5 bytes JMP 00000001666942d0
.text  D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                                                      00000000756f5ea5 5 bytes JMP 0000000166693a00
.text  D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                                                        0000000075729d0b 5 bytes JMP 0000000166693990
.text  D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                              0000000076891401 2 bytes JMP 76d7b1ef C:\Windows\syswow64\kernel32.dll
.text  D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                0000000076891419 2 bytes JMP 76d7b31a C:\Windows\syswow64\kernel32.dll
.text  D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                              0000000076891431 2 bytes JMP 76df8f09 C:\Windows\syswow64\kernel32.dll
.text  D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                              000000007689144a 2 bytes CALL 76d54885 C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                                                            * 9
.text  D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                  00000000768914dd 2 bytes JMP 76df8802 C:\Windows\syswow64\kernel32.dll
.text  D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                          00000000768914f5 2 bytes JMP 76df89d8 C:\Windows\syswow64\kernel32.dll
.text  D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                  000000007689150d 2 bytes JMP 76df86f8 C:\Windows\syswow64\kernel32.dll
.text  D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                          0000000076891525 2 bytes JMP 76df8ac2 C:\Windows\syswow64\kernel32.dll
.text  D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                000000007689153d 2 bytes JMP 76d6fc78 C:\Windows\syswow64\kernel32.dll
.text  D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                      0000000076891555 2 bytes JMP 76d768bf C:\Windows\syswow64\kernel32.dll
.text  D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                              000000007689156d 2 bytes JMP 76df8fc1 C:\Windows\syswow64\kernel32.dll
.text  D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                0000000076891585 2 bytes JMP 76df8b22 C:\Windows\syswow64\kernel32.dll
.text  D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                    000000007689159d 2 bytes JMP 76df86bc C:\Windows\syswow64\kernel32.dll
.text  D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                00000000768915b5 2 bytes JMP 76d6fd11 C:\Windows\syswow64\kernel32.dll
.text  D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                              00000000768915cd 2 bytes JMP 76d7b2b0 C:\Windows\syswow64\kernel32.dll
.text  D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                          00000000768916b2 2 bytes JMP 76df8e84 C:\Windows\syswow64\kernel32.dll
.text  D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE[3188] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                          00000000768916bd 2 bytes JMP 76df8651 C:\Windows\syswow64\kernel32.dll
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                                          00000000773b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                                                          00000000773b1544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                                  00000000773b18ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644                                                                                                  00000000773b1ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                                                                  00000000773b1bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                                    00000000773b1d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                                        00000000773b1e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                                                                      00000000773b1f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                                                                          00000000773b2248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                                      00000000773b26f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                                    00000000773b2712 8 bytes {JMP 0x10}
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                                      00000000773b276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184                                                                    00000000773b27d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 3
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                                            00000000773b2b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375                                                                            00000000773b2be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 2
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                                        00000000773b30bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                                                                                        00000000773b3248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33                                                                                                        00000000773b37c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274                                                                                                        00000000773b38b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 3
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                                            00000000773b3a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                                                    00000000773b3fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                                                                                    00000000773b4061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                                                                                    00000000773b40d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 3
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                                                                                        00000000773b4216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                                                                                        00000000773b4254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609                                                                                                  00000000773b44c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                                                                                    00000000773b46ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                                                                                    00000000773b4773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                                                                                  00000000773b4867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                                                                                  00000000773b4986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 2
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                                                                                00000000773b4ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                                                                                    00000000773b4b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                                                                                00000000773b4d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                                                                                            00000000773b4f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                                                                                      00000000773b5007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483                                                                                        00000000773b51f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                                                                                        00000000773b6006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                                                                                          00000000773b61be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                                                                                          00000000773b63ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45                                                                            00000000773b63ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                                                                                00000000773b6404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                                                                                00000000773b645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                                                                                          00000000773b6c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                              00000000773fdca0 8 bytes {JMP QWORD [RIP-0x478a2]}
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                            00000000773fde20 8 bytes {JMP QWORD [RIP-0x479ca]}
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                  00000000773fde50 8 bytes {JMP QWORD [RIP-0x47c98]}
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                00000000773fdf70 8 bytes {JMP QWORD [RIP-0x47b89]}
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                    00000000773fe020 8 bytes {JMP QWORD [RIP-0x47c7a]}
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                    00000000773fe650 8 bytes {JMP QWORD [RIP-0x46b93]}
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                  00000000773fe8a0 8 bytes {JMP QWORD [RIP-0x472a2]}
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                  00000000773ff100 8 bytes {JMP QWORD [RIP-0x484e0]}
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                                                00000000725513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                                                000000007255146b 8 bytes {JMP 0xffffffffffffffb0}
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                                              00000000725516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                          00000000725519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                                          00000000725519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                                    0000000072551a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A                                                                                                00000000775d2bf7 6 bytes JMP 0000000110057ce0
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                                                                                                  0000000076d51eee 7 bytes JMP 0000000166694b10
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                                                                                                    0000000076d55b85 7 bytes JMP 00000001666954b0
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                                                    0000000076d613e1 7 bytes JMP 0000000166694e50
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                                                                                                  0000000076d6ea15 7 bytes JMP 0000000166694b00
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                                                          0000000076df8e84 7 bytes JMP 00000001666945c0
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                                                          0000000076df8f09 5 bytes JMP 0000000166694670
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                                                            0000000076df925f 5 bytes JMP 00000001666945d0
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                                                0000000076a01d29 5 bytes JMP 0000000166694580
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                                                              0000000076a01dd7 5 bytes JMP 0000000166694540
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                                                  0000000076a02ab1 5 bytes JMP 0000000166694680
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                                                    0000000076a02d17 5 bytes JMP 0000000166694360
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\USER32.dll!GetSysColor                                                                                                        00000000770a6c3c 5 bytes JMP 00000001100941f0
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                                                    00000000770a8a29 5 bytes JMP 0000000166693a40
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\USER32.dll!GetSysColorBrush                                                                                                    00000000770b35a4 5 bytes JMP 0000000110094230
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\USER32.dll!GetScrollInfo                                                                                                      00000000770b4018 7 bytes JMP 0000000110096390
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\USER32.dll!SetScrollInfo                                                                                                      00000000770b40cf 7 bytes JMP 0000000110096420
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\USER32.dll!ShowScrollBar                                                                                                      00000000770b4162 5 bytes JMP 00000001100964c0
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\USER32.dll!GetScrollPos                                                                                                        00000000770b4234 5 bytes JMP 00000001100963c0
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                                                                00000000770b4572 5 bytes JMP 00000001666942e0
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\USER32.dll!SetScrollPos                                                                                                        00000000770b87a5 5 bytes JMP 0000000110096450
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\USER32.dll!EnableScrollBar                                                                                                    00000000770b8d3a 7 bytes JMP 0000000110096360
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\USER32.dll!GetScrollRange                                                                                                      00000000770b90c4 5 bytes JMP 00000001100963f0
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\USER32.dll!DrawFrameControl                                                                                                    00000000770c12a1 7 bytes JMP 0000000110094140
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\USER32.dll!EndDialog                                                                                                          00000000770cb99c 5 bytes JMP 0000000110057d50
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\USER32.dll!SetScrollRange                                                                                                      00000000770cd50b 5 bytes JMP 0000000110096480
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                                                                                                00000000770ce567 5 bytes JMP 0000000166694350
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                                                                                            00000000770f07d7 5 bytes JMP 0000000166693850
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                                                                                          0000000077107a5c 5 bytes JMP 00000001666942d0
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                                                            000000007549e96b 5 bytes JMP 0000000166693b60
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                              000000007549eba5 5 bytes JMP 0000000166693b80
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                                                                    00000000756f5ea5 5 bytes JMP 0000000166693a00
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                                                                    0000000075729d0b 5 bytes JMP 0000000166693990
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                            0000000076891401 2 bytes JMP 76d7b1ef C:\Windows\syswow64\kernel32.dll
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                              0000000076891419 2 bytes JMP 76d7b31a C:\Windows\syswow64\kernel32.dll
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                            0000000076891431 2 bytes JMP 76df8f09 C:\Windows\syswow64\kernel32.dll
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                            000000007689144a 2 bytes CALL 76d54885 C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                                                            * 9
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                              00000000768914dd 2 bytes JMP 76df8802 C:\Windows\syswow64\kernel32.dll
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                        00000000768914f5 2 bytes JMP 76df89d8 C:\Windows\syswow64\kernel32.dll
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                              000000007689150d 2 bytes JMP 76df86f8 C:\Windows\syswow64\kernel32.dll
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                        0000000076891525 2 bytes JMP 76df8ac2 C:\Windows\syswow64\kernel32.dll
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                              000000007689153d 2 bytes JMP 76d6fc78 C:\Windows\syswow64\kernel32.dll
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                  0000000076891555 2 bytes JMP 76d768bf C:\Windows\syswow64\kernel32.dll
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                            000000007689156d 2 bytes JMP 76df8fc1 C:\Windows\syswow64\kernel32.dll
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                              0000000076891585 2 bytes JMP 76df8b22 C:\Windows\syswow64\kernel32.dll
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                000000007689159d 2 bytes JMP 76df86bc C:\Windows\syswow64\kernel32.dll
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                              00000000768915b5 2 bytes JMP 76d6fd11 C:\Windows\syswow64\kernel32.dll
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                            00000000768915cd 2 bytes JMP 76d7b2b0 C:\Windows\syswow64\kernel32.dll
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                        00000000768916b2 2 bytes JMP 76df8e84 C:\Windows\syswow64\kernel32.dll
.text  D:\Tobit Radio.fx\Client\rfx-tray.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                        00000000768916bd 2 bytes JMP 76df8651 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                  00000000773b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                                  00000000773b1544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                          00000000773b18ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644                                                                          00000000773b1ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                                          00000000773b1bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                            00000000773b1d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                00000000773b1e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                                              00000000773b1f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                                                  00000000773b2248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                              00000000773b26f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                            00000000773b2712 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                              00000000773b276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184                                            00000000773b27d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 3
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                    00000000773b2b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375                                                    00000000773b2be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 2
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                00000000773b30bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                                                                00000000773b3248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33                                                                                00000000773b37c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274                                                                                00000000773b38b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 3
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                    00000000773b3a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                            00000000773b3fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                                                            00000000773b4061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                                                            00000000773b40d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 3
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                                                                00000000773b4216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                                                                00000000773b4254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609                                                                          00000000773b44c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                                                            00000000773b46ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                                                            00000000773b4773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                                                          00000000773b4867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                                                          00000000773b4986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 2
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                                                        00000000773b4ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                                                            00000000773b4b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                                                        00000000773b4d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                                                                    00000000773b4f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                                                              00000000773b5007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483                                                                00000000773b51f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                                                                00000000773b6006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                                                                  00000000773b61be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                                                                  00000000773b63ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45                                                    00000000773b63ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                                                        00000000773b6404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                                                        00000000773b645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                                                                  00000000773b6c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                      00000000773fdca0 8 bytes {JMP QWORD [RIP-0x478a2]}
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                    00000000773fde20 8 bytes {JMP QWORD [RIP-0x479ca]}
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                          00000000773fde50 8 bytes {JMP QWORD [RIP-0x47c98]}
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                        00000000773fdf70 8 bytes {JMP QWORD [RIP-0x47b89]}
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                            00000000773fe020 8 bytes {JMP QWORD [RIP-0x47c7a]}
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                            00000000773fe650 8 bytes {JMP QWORD [RIP-0x46b93]}
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                          00000000773fe8a0 8 bytes {JMP QWORD [RIP-0x472a2]}
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                          00000000773ff100 8 bytes {JMP QWORD [RIP-0x484e0]}
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                        00000000725513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                        000000007255146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                      00000000725516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                  00000000725519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                  00000000725519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                            0000000072551a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                                                                          0000000076d51eee 7 bytes JMP 0000000166694b10
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                                                                            0000000076d55b85 7 bytes JMP 00000001666954b0
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                            0000000076d613e1 7 bytes JMP 0000000166694e50
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                                                                          0000000076d6ea15 7 bytes JMP 0000000166694b00
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                                  0000000076df8e84 7 bytes JMP 00000001666945c0
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                                  0000000076df8f09 5 bytes JMP 0000000166694670
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                                    0000000076df925f 5 bytes JMP 00000001666945d0
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                        0000000076a01d29 5 bytes JMP 0000000166694580
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                                      0000000076a01dd7 5 bytes JMP 0000000166694540
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                          0000000076a02ab1 5 bytes JMP 0000000166694680
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                            0000000076a02d17 5 bytes JMP 0000000166694360
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                            00000000770a8a29 5 bytes JMP 0000000166693a40
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                                        00000000770b4572 5 bytes JMP 00000001666942e0
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\USER32.dll!GetMenu + 412                                                                              00000000770b51dd 7 bytes JMP 000000011003ac50
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\USER32.dll!PeekMessageA + 407                                                                          00000000770b610b 7 bytes JMP 000000011003b000
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW + 131                                                            00000000770bc6c1 7 bytes JMP 000000011003abc0
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                                                                        00000000770ce567 5 bytes JMP 0000000166694350
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                                                                    00000000770f07d7 5 bytes JMP 0000000166693850
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA + 199                                                                  00000000770ffc98 7 bytes JMP 000000011003af50
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW + 52                                                                    00000000770ffcd1 7 bytes JMP 000000011003adf0
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 31                                                                          00000000770ffcf5 7 bytes JMP 000000011003af00
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                                                                  0000000077107a5c 5 bytes JMP 00000001666942d0
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                                    000000007549e96b 5 bytes JMP 0000000166693b60
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                                      000000007549eba5 5 bytes JMP 0000000166693b80
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                    0000000076891401 2 bytes JMP 76d7b1ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                      0000000076891419 2 bytes JMP 76d7b31a C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                    0000000076891431 2 bytes JMP 76df8f09 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                    000000007689144a 2 bytes CALL 76d54885 C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                                                            * 9
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                      00000000768914dd 2 bytes JMP 76df8802 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                00000000768914f5 2 bytes JMP 76df89d8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                      000000007689150d 2 bytes JMP 76df86f8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                0000000076891525 2 bytes JMP 76df8ac2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                      000000007689153d 2 bytes JMP 76d6fc78 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                          0000000076891555 2 bytes JMP 76d768bf C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                    000000007689156d 2 bytes JMP 76df8fc1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                      0000000076891585 2 bytes JMP 76df8b22 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                        000000007689159d 2 bytes JMP 76df86bc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                      00000000768915b5 2 bytes JMP 76d6fd11 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                    00000000768915cd 2 bytes JMP 76d7b2b0 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                00000000768916b2 2 bytes JMP 76df8e84 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[3344] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                00000000768916bd 2 bytes JMP 76df8651 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                                        00000000773b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                                                        00000000773b1544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                                00000000773b18ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644                                                                                                00000000773b1ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                                                              00000000773b1bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                                  00000000773b1d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                                      00000000773b1e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                                                                    00000000773b1f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                                                                        00000000773b2248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                                    00000000773b26f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                                  00000000773b2712 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                                  00000000773b276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184                                                                  00000000773b27d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 3
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                                          00000000773b2b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375                                                                          00000000773b2be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 2
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                                      00000000773b30bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                                                                                      00000000773b3248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33                                                                                                      00000000773b37c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274                                                                                                    00000000773b38b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 3
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                                        00000000773b3a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                                                  00000000773b3fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                                                                                00000000773b4061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                                                                                00000000773b40d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 3
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                                                                                    00000000773b4216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                                                                                    00000000773b4254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609                                                                                              00000000773b44c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                                                                                  00000000773b46ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                                                                                  00000000773b4773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                                                                              00000000773b4867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                                                                              00000000773b4986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 2
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                                                                              00000000773b4ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                                                                                00000000773b4b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                                                                              00000000773b4d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                                                                                        00000000773b4f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                                                                                  00000000773b5007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483                                                                                    00000000773b51f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                                                                                    00000000773b6006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                                                                                        00000000773b61be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                                                                                        00000000773b63ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45                                                                          00000000773b63ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                                                                              00000000773b6404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                                                                            00000000773b645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                                                                                      00000000773b6c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                            00000000773fdca0 8 bytes {JMP QWORD [RIP-0x478a2]}
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                          00000000773fde20 8 bytes {JMP QWORD [RIP-0x479ca]}
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                00000000773fde50 8 bytes {JMP QWORD [RIP-0x47c98]}
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                              00000000773fdf70 8 bytes {JMP QWORD [RIP-0x47b89]}
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                  00000000773fe020 8 bytes {JMP QWORD [RIP-0x47c7a]}
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                  00000000773fe650 8 bytes {JMP QWORD [RIP-0x46b93]}
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                00000000773fe8a0 8 bytes {JMP QWORD [RIP-0x472a2]}
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                00000000773ff100 8 bytes {JMP QWORD [RIP-0x484e0]}
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                                              00000000725513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                                              000000007255146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                                          00000000725516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                        00000000725519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                                        00000000725519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                                  0000000072551a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW                                                                                              0000000076d51eee 7 bytes JMP 0000000166694b10
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW                                                                                                0000000076d55b85 7 bytes JMP 00000001666954b0
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA                                                                                                0000000076d613e1 7 bytes JMP 0000000166694e50
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW                                                                                                0000000076d6ea15 7 bytes JMP 0000000166694b00
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx                                                                                        0000000076df8e84 7 bytes JMP 00000001666945c0
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation                                                                                        0000000076df8f09 5 bytes JMP 0000000166694670
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW                                                                                          0000000076df925f 5 bytes JMP 00000001666945d0
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                                            0000000076a01d29 5 bytes JMP 0000000166694580
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                                                          0000000076a01dd7 5 bytes JMP 0000000166694540
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                                              0000000076a02ab1 5 bytes JMP 0000000166694680
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                                                  0000000076a02d17 5 bytes JMP 0000000166694360
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                                                          000000007549e96b 5 bytes JMP 0000000166693b60
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                            000000007549eba5 5 bytes JMP 0000000166693b80
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                                                  00000000770a8a29 5 bytes JMP 0000000166693a40
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                                                              00000000770b4572 5 bytes JMP 00000001666942e0
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                                                                                              00000000770ce567 5 bytes JMP 0000000166694350
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                                                                                        00000000770f07d7 5 bytes JMP 0000000166693850
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                                                                                      0000000077107a5c 5 bytes JMP 00000001666942d0
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                                                                00000000756f5ea5 5 bytes JMP 0000000166693a00
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                                                                  0000000075729d0b 5 bytes JMP 0000000166693990
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                        0000000076891401 2 bytes JMP 76d7b1ef C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                          0000000076891419 2 bytes JMP 76d7b31a C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                        0000000076891431 2 bytes JMP 76df8f09 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                        000000007689144a 2 bytes CALL 76d54885 C:\Windows\syswow64\KERNEL32.dll
.text  ...                                                                                                                                                                                            * 9
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                            00000000768914dd 2 bytes JMP 76df8802 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                    00000000768914f5 2 bytes JMP 76df89d8 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                            000000007689150d 2 bytes JMP 76df86f8 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                    0000000076891525 2 bytes JMP 76df8ac2 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                          000000007689153d 2 bytes JMP 76d6fc78 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                0000000076891555 2 bytes JMP 76d768bf C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                        000000007689156d 2 bytes JMP 76df8fc1 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                          0000000076891585 2 bytes JMP 76df8b22 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                              000000007689159d 2 bytes JMP 76df86bc C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                          00000000768915b5 2 bytes JMP 76d6fd11 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                        00000000768915cd 2 bytes JMP 76d7b2b0 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                    00000000768916b2 2 bytes JMP 76df8e84 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Hotkey\Hotkey.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                    00000000768916bd 2 bytes JMP 76df8651 C:\Windows\syswow64\KERNEL32.dll
.text  D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                                                                                    0000000076d51eee 7 bytes JMP 0000000166694b10
.text  D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                                                                                      0000000076d55b85 7 bytes JMP 00000001666954b0
.text  D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                                      0000000076d613e1 7 bytes JMP 0000000166694e50
.text  D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                                                                                    0000000076d6ea15 7 bytes JMP 0000000166694b00
.text  D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                                            0000000076df8e84 7 bytes JMP 00000001666945c0
.text  D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                                            0000000076df8f09 5 bytes JMP 0000000166694670
.text  D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                                              0000000076df925f 5 bytes JMP 00000001666945d0
.text  D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                                      00000000770a8a29 5 bytes JMP 0000000166693a40
.text  D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                                                  00000000770b4572 5 bytes JMP 00000001666942e0
.text  D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                                                                                  00000000770ce567 5 bytes JMP 0000000166694350
.text  D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                                                                              00000000770f07d7 5 bytes JMP 0000000166693850
.text  D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                                                                            0000000077107a5c 5 bytes JMP 00000001666942d0
.text  D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                              0000000076891401 2 bytes JMP 76d7b1ef C:\Windows\syswow64\kernel32.dll
.text  D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                0000000076891419 2 bytes JMP 76d7b31a C:\Windows\syswow64\kernel32.dll
.text  D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                              0000000076891431 2 bytes JMP 76df8f09 C:\Windows\syswow64\kernel32.dll
.text  D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                              000000007689144a 2 bytes CALL 76d54885 C:\Windows\syswow64\kernel32.dll
.text  ...

Tim Herrmann 19.05.2015 17:31
Windows 7: Internetprobleme nach VPN Verbindung mit Uni-Server
 
Fortsetzung:
[CODE].text D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768914dd 2 bytes JMP 76df8802 C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768914f5 2 bytes JMP 76df89d8 C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007689150d 2 bytes JMP 76df86f8 C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076891525 2 bytes JMP 76df8ac2 C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007689153d 2 bytes JMP 76d6fc78 C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076891555 2 bytes JMP 76d768bf C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007689156d 2 bytes JMP 76df8fc1 C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076891585 2 bytes JMP 76df8b22 C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007689159d 2 bytes JMP 76df86bc C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768915b5 2 bytes JMP 76d6fd11 C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768915cd 2 bytes JMP 76d7b2b0 C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768916b2 2 bytes JMP 76df8e84 C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE[3504] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768916bd 2 bytes JMP 76df8651 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000773b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000773b1544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000773b18ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 00000000773b1ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000773b1bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000773b1d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000773b1e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000773b1f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 00000000773b2248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000773b26f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000773b2712 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000773b276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000773b27d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000773b2b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 00000000773b2be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000773b30bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000773b3248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33 00000000773b37c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274 00000000773b38b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000773b3a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000773b3fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 00000000773b4061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000773b40d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000773b4216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000773b4254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000773b44c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000773b46ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 00000000773b4773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 00000000773b4867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 00000000773b4986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 00000000773b4ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 00000000773b4b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000773b4d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000773b4f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000773b5007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000773b51f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000773b6006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000773b61be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000773b63ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000773b63ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000773b6404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000773b645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 00000000773b6c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000773fdca0 8 bytes {JMP QWORD [RIP-0x478a2]}
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000773fde20 8 bytes {JMP QWORD [RIP-0x479ca]}
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000773fde50 8 bytes {JMP QWORD [RIP-0x47c98]}
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773fdf70 8 bytes {JMP QWORD [RIP-0x47b89]}
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000773fe020 8 bytes {JMP QWORD [RIP-0x47c7a]}
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773fe650 8 bytes {JMP QWORD [RIP-0x46b93]}
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000773fe8a0 8 bytes {JMP QWORD [RIP-0x472a2]}
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773ff100 8 bytes {JMP QWORD [RIP-0x484e0]}
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000725513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007255146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000725516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000725519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000725519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000072551a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076d51eee 7 bytes JMP 0000000166694b10
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076d55b85 7 bytes JMP 00000001666954b0
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076d613e1 7 bytes JMP 0000000166694e50
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076d6ea15 7 bytes JMP 0000000166694b00
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076df8e84 7 bytes JMP 00000001666945c0
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076df8f09 5 bytes JMP 0000000166694670
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076df925f 5 bytes JMP 00000001666945d0
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a01d29 5 bytes JMP 0000000166694580
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a01dd7 5 bytes JMP 0000000166694540
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a02ab1 5 bytes JMP 0000000166694680
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a02d17 5 bytes JMP 0000000166694360
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000770a8a29 5 bytes JMP 0000000166693a40
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000770b4572 5 bytes JMP 00000001666942e0
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000770ce567 5 bytes JMP 0000000166694350
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000770f07d7 5 bytes JMP 0000000166693850
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077107a5c 5 bytes JMP 00000001666942d0
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007549e96b 5 bytes JMP 0000000166693b60
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007549eba5 5 bytes JMP 0000000166693b80
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000756f5ea5 5 bytes JMP 0000000166693a00
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075729d0b 5 bytes JMP 0000000166693990
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076891401 2 bytes JMP 76d7b1ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076891419 2 bytes JMP 76d7b31a C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076891431 2 bytes JMP 76df8f09 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007689144a 2 bytes CALL 76d54885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768914dd 2 bytes JMP 76df8802 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768914f5 2 bytes JMP 76df89d8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007689150d 2 bytes JMP 76df86f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076891525 2 bytes JMP 76df8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007689153d 2 bytes JMP 76d6fc78 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076891555 2 bytes JMP 76d768bf C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007689156d 2 bytes JMP 76df8fc1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076891585 2 bytes JMP 76df8b22 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007689159d 2 bytes JMP 76df86bc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768915b5 2 bytes JMP 76d6fd11 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768915cd 2 bytes JMP 76d7b2b0 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768916b2 2 bytes JMP 76df8e84 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768916bd 2 bytes JMP 76df8651 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000773b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000773b1544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000773b18ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 00000000773b1ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000773b1bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000773b1d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000773b1e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000773b1f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 00000000773b2248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000773b26f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000773b2712 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000773b276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000773b27d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000773b2b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 00000000773b2be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000773b30bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000773b3248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33 00000000773b37c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274 00000000773b38b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000773b3a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000773b3fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 00000000773b4061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000773b40d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000773b4216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000773b4254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000773b44c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000773b46ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 00000000773b4773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 00000000773b4867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 00000000773b4986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 00000000773b4ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 00000000773b4b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000773b4d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000773b4f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000773b5007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000773b51f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000773b6006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000773b61be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000773b63ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000773b63ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000773b6404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000773b645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 00000000773b6c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000773fdca0 8 bytes {JMP QWORD [RIP-0x478a2]}
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000773fde20 8 bytes {JMP QWORD [RIP-0x479ca]}
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000773fde50 8 bytes {JMP QWORD [RIP-0x47c98]}
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773fdf70 8 bytes {JMP QWORD [RIP-0x47b89]}
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000773fe020 8 bytes {JMP QWORD [RIP-0x47c7a]}
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773fe650 8 bytes {JMP QWORD [RIP-0x46b93]}
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000773fe8a0 8 bytes {JMP QWORD [RIP-0x472a2]}
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773ff100 8 bytes {JMP QWORD [RIP-0x484e0]}
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000725513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007255146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000725516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000725519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000725519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000072551a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076d51eee 7 bytes JMP 0000000166694b10
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076d55b85 7 bytes JMP 00000001666954b0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076d613e1 7 bytes JMP 0000000166694e50
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076d6ea15 7 bytes JMP 0000000166694b00
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076df8e84 7 bytes JMP 00000001666945c0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076df8f09 5 bytes JMP 0000000166694670
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076df925f 5 bytes JMP 00000001666945d0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a01d29 5 bytes JMP 0000000166694580
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a01dd7 5 bytes JMP 0000000166694540
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a02ab1 5 bytes JMP 0000000166694680
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a02d17 5 bytes JMP 0000000166694360
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007549e96b 5 bytes JMP 0000000166693b60
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007549eba5 5 bytes JMP 0000000166693b80
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000770a8a29 5 bytes JMP 0000000166693a40
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000770b4572 5 bytes JMP 00000001666942e0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000770ce567 5 bytes JMP 0000000166694350
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000770f07d7 5 bytes JMP 0000000166693850
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077107a5c 5 bytes JMP 00000001666942d0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000756f5ea5 5 bytes JMP 0000000166693a00
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075729d0b 5 bytes JMP 0000000166693990
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076891401 2 bytes JMP 76d7b1ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076891419 2 bytes JMP 76d7b31a C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076891431 2 bytes JMP 76df8f09 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007689144a 2 bytes CALL 76d54885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768914dd 2 bytes JMP 76df8802 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768914f5 2 bytes JMP 76df89d8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007689150d 2 bytes JMP 76df86f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076891525 2 bytes JMP 76df8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007689153d 2 bytes JMP 76d6fc78 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076891555 2 bytes JMP 76d768bf C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007689156d 2 bytes JMP 76df8fc1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076891585 2 bytes JMP 76df8b22 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007689159d 2 bytes JMP 76df86bc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768915b5 2 bytes JMP 76d6fd11 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768915cd 2 bytes JMP 76d7b2b0 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768916b2 2 bytes JMP 76df8e84 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3652] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768916bd 2 bytes JMP 76df8651 C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000773b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000773b1544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000773b18ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 00000000773b1ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000773b1bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000773b1d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000773b1e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000773b1f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 00000000773b2248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000773b26f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000773b2712 8 bytes {JMP 0x10}
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000773b276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000773b27d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000773b2b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 00000000773b2be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000773b30bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000773b3248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33 00000000773b37c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274 00000000773b38b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000773b3a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000773b3fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 00000000773b4061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000773b40d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000773b4216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000773b4254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000773b44c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000773b46ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 00000000773b4773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 00000000773b4867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 00000000773b4986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 00000000773b4ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 00000000773b4b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000773b4d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000773b4f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000773b5007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000773b51f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000773b6006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000773b61be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000773b63ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000773b63ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000773b6404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000773b645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 00000000773b6c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000773fdca0 8 bytes {JMP QWORD [RIP-0x478a2]}
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000773fde20 8 bytes {JMP QWORD [RIP-0x479ca]}
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000773fde50 8 bytes {JMP QWORD [RIP-0x47c98]}
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773fdf70 8 bytes {JMP QWORD [RIP-0x47b89]}
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000773fe020 8 bytes {JMP QWORD [RIP-0x47c7a]}
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773fe650 8 bytes {JMP QWORD [RIP-0x46b93]}
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000773fe8a0 8 bytes {JMP QWORD [RIP-0x472a2]}
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773ff100 8 bytes {JMP QWORD [RIP-0x484e0]}
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000725513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007255146b 8 bytes {JMP 0xffffffffffffffb0}
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000725516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000725519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000725519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000072551a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000076d51eee 7 bytes JMP 0000000166694b10
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000076d55b85 7 bytes JMP 00000001666954b0
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000076d613e1 7 bytes JMP 0000000166694e50
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 0000000076d6ea15 7 bytes JMP 0000000166694b00
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000076df8e84 7 bytes JMP 00000001666945c0
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000076df8f09 5 bytes JMP 0000000166694670
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000076df925f 5 bytes JMP 00000001666945d0
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a01d29 5 bytes JMP 0000000166694580
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a01dd7 5 bytes JMP 0000000166694540
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a02ab1 5 bytes JMP 0000000166694680
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a02d17 5 bytes JMP 0000000166694360
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007549e96b 5 bytes JMP 0000000166693b60
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007549eba5 5 bytes JMP 0000000166693b80
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000770a8a29 5 bytes JMP 0000000166693a40
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000770b4572 5 bytes JMP 00000001666942e0
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000770ce567 5 bytes JMP 0000000166694350
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000770f07d7 5 bytes JMP 0000000166693850
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077107a5c 5 bytes JMP 00000001666942d0
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000756f5ea5 5 bytes JMP 0000000166693a00
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075729d0b 5 bytes JMP 0000000166693990
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076891401 2 bytes JMP 76d7b1ef C:\Windows\syswow64\KERNEL32.dll
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076891419 2 bytes JMP 76d7b31a C:\Windows\syswow64\KERNEL32.dll
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076891431 2 bytes JMP 76df8f09 C:\Windows\syswow64\KERNEL32.dll
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007689144a 2 bytes CALL 76d54885 C:\Windows\syswow64\KERNEL32.dll
.text ... * 9
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768914dd 2 bytes JMP 76df8802 C:\Windows\syswow64\KERNEL32.dll
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768914f5 2 bytes JMP 76df89d8 C:\Windows\syswow64\KERNEL32.dll
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007689150d 2 bytes JMP 76df86f8 C:\Windows\syswow64\KERNEL32.dll
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076891525 2 bytes JMP 76df8ac2 C:\Windows\syswow64\KERNEL32.dll
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007689153d 2 bytes JMP 76d6fc78 C:\Windows\syswow64\KERNEL32.dll
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076891555 2 bytes JMP 76d768bf C:\Windows\syswow64\KERNEL32.dll
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007689156d 2 bytes JMP 76df8fc1 C:\Windows\syswow64\KERNEL32.dll
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076891585 2 bytes JMP 76df8b22 C:\Windows\syswow64\KERNEL32.dll
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007689159d 2 bytes JMP 76df86bc C:\Windows\syswow64\KERNEL32.dll
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768915b5 2 bytes JMP 76d6fd11 C:\Windows\syswow64\KERNEL32.dll
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768915cd 2 bytes JMP 76d7b2b0 C:\Windows\syswow64\KERNEL32.dll
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768916b2 2 bytes JMP 76df8e84 C:\Windows\syswow64\KERNEL32.dll
.text D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe[3676] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768916bd 2 bytes JMP 76df8651 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3728] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007719a3e0 7 bytes JMP 000000016fff0228
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3728] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000771a3f00 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3728] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000771bfff0 5 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3728] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771cf360 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3728] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000771f9ab0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3728] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077209540 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3728] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077228860 1 byte JMP 000000016fff01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3728] C:\Windows\system32\kernel32.dll!RegSetValueExA + 2 0000000077228862 5 bytes {JMP 0xfffffffff8dc7990}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3728] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3b3460 7 bytes JMP 000007fffd3a00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3728] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3ca590 6 bytes JMP 000007fffd3a0148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3728] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3cac00 5 bytes JMP 000007fffd3a0180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3728] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3cada0 5 bytes JMP 000007fffd3a0110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3728] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe4c89e0 8 bytes JMP 000007fffd3a01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3728] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe4cbe40 8 bytes JMP 000007fffd3a01b8
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000773b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000773b1544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000773b18ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 00000000773b1ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000773b1bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000773b1d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000773b1e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000773b1f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 00000000773b2248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000773b26f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000773b2712 8 bytes {JMP 0x10}
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000773b276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000773b27d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000773b2b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 00000000773b2be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000773b30bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000773b3248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33 00000000773b37c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274 00000000773b38b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000773b3a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000773b3fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 00000000773b4061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000773b40d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000773b4216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000773b4254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000773b44c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000773b46ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 00000000773b4773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 00000000773b4867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 00000000773b4986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 00000000773b4ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 00000000773b4b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000773b4d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000773b4f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000773b5007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000773b51f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000773b6006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000773b61be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000773b63ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000773b63ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000773b6404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000773b645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 00000000773b6c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000773fdca0 8 bytes {JMP QWORD [RIP-0x478a2]}
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000773fde20 8 bytes {JMP QWORD [RIP-0x479ca]}
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000773fde50 8 bytes {JMP QWORD [RIP-0x47c98]}
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773fdf70 8 bytes {JMP QWORD [RIP-0x47b89]}
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000773fe020 8 bytes {JMP QWORD [RIP-0x47c7a]}
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773fe650 8 bytes {JMP QWORD [RIP-0x46b93]}
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000773fe8a0 8 bytes {JMP QWORD [RIP-0x472a2]}
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773ff100 8 bytes {JMP QWORD [RIP-0x484e0]}
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000725513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 000000007255146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000725516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000725519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000725519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000072551a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076d51eee 7 bytes JMP 0000000166694b10
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076d55b85 7 bytes JMP 00000001666954b0
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076d58769 5 bytes [33, C0, C2, 04, 00]
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076d613e1 7 bytes JMP 0000000166694e50
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076d6ea15 7 bytes JMP 0000000166694b00
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076df8e84 7 bytes JMP 00000001666945c0
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076df8f09 5 bytes JMP 0000000166694670
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076df925f 5 bytes JMP 00000001666945d0
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a01d29 5 bytes JMP 0000000166694580
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a01dd7 5 bytes JMP 0000000166694540
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a02ab1 5 bytes JMP 0000000166694680
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a02d17 5 bytes JMP 0000000166694360
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000770a8a29 5 bytes JMP 0000000166693a40
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000770b4572 5 bytes JMP 00000001666942e0
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000770ce567 5 bytes JMP 0000000166694350
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000770f07d7 5 bytes JMP 0000000166693850
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000077107a5c 5 bytes JMP 00000001666942d0
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007549e96b 5 bytes JMP 0000000166693b60
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007549eba5 5 bytes JMP 0000000166693b80
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076891401 2 bytes JMP 76d7b1ef C:\Windows\syswow64\kernel32.dll
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076891419 2 bytes JMP 76d7b31a C:\Windows\syswow64\kernel32.dll
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076891431 2 bytes JMP 76df8f09 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007689144a 2 bytes CALL 76d54885 C:\Windows\syswow64\kernel32.dll
.text ... * 9

Tim Herrmann 19.05.2015 17:33
Windows 7: Internetprobleme nach VPN Verbindung mit Uni-Server
 
Fortsetzung:
Code:
.text  C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                00000000768914dd 2 bytes JMP 76df8802 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                          00000000768914f5 2 bytes JMP 76df89d8 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                000000007689150d 2 bytes JMP 76df86f8 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                          0000000076891525 2 bytes JMP 76df8ac2 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                000000007689153d 2 bytes JMP 76d6fc78 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                    0000000076891555 2 bytes JMP 76d768bf C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                              000000007689156d 2 bytes JMP 76df8fc1 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                0000000076891585 2 bytes JMP 76df8b22 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                  000000007689159d 2 bytes JMP 76df86bc C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                00000000768915b5 2 bytes JMP 76d6fd11 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                              00000000768915cd 2 bytes JMP 76d7b2b0 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                          00000000768916b2 2 bytes JMP 76df8e84 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe[4012] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                          00000000768916bd 2 bytes JMP 76df8651 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\CCleaner\CCleaner64.exe[3872] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                                                  000007fefd777490 11 bytes JMP 000007fffd390228
.text  C:\Program Files\CCleaner\CCleaner64.exe[3872] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                                                000007fefd78bf00 7 bytes JMP 000007fffd390260
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                      00000000773b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                      00000000773b1544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                              00000000773b18ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644                                                              00000000773b1ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                              00000000773b1bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                00000000773b1d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                    00000000773b1e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                                  00000000773b1f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                                      00000000773b2248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                  00000000773b26f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                00000000773b2712 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                  00000000773b276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184                                00000000773b27d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 3
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                        00000000773b2b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375                                        00000000773b2be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 2
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                    00000000773b30bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                                                    00000000773b3248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33                                                                    00000000773b37c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274                                                                    00000000773b38b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 3
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                        00000000773b3a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                00000000773b3fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                                                00000000773b4061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                                                00000000773b40d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 3
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                                                    00000000773b4216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                                                    00000000773b4254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609                                                              00000000773b44c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                                                00000000773b46ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                                                00000000773b4773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                                              00000000773b4867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                                              00000000773b4986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 2
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                                            00000000773b4ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                                                00000000773b4b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                                            00000000773b4d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                                                        00000000773b4f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                                                  00000000773b5007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483                                                    00000000773b51f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                                                    00000000773b6006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                                                      00000000773b61be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                                                      00000000773b63ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45                                        00000000773b63ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                                            00000000773b6404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                                            00000000773b645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                                                      00000000773b6c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                          00000000773fdca0 8 bytes {JMP QWORD [RIP-0x478a2]}
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                        00000000773fde20 8 bytes {JMP QWORD [RIP-0x479ca]}
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                              00000000773fde50 8 bytes {JMP QWORD [RIP-0x47c98]}
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                            00000000773fdf70 8 bytes {JMP QWORD [RIP-0x47b89]}
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                00000000773fe020 8 bytes {JMP QWORD [RIP-0x47c7a]}
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                00000000773fe650 8 bytes {JMP QWORD [RIP-0x46b93]}
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                              00000000773fe8a0 8 bytes {JMP QWORD [RIP-0x472a2]}
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                              00000000773ff100 8 bytes {JMP QWORD [RIP-0x484e0]}
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                            00000000725513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                            000000007255146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                          00000000725516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                      00000000725519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                      00000000725519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                0000000072551a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                                                00000000773b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                                                                00000000773b1544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                                        00000000773b18ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644                                                                                                        00000000773b1ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                                                                      00000000773b1bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                                          00000000773b1d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                                              00000000773b1e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                                                                            00000000773b1f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                                                                                00000000773b2248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                                            00000000773b26f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                                          00000000773b2712 8 bytes {JMP 0x10}
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                                          00000000773b276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184                                                                          00000000773b27d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 3
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                                                  00000000773b2b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375                                                                                  00000000773b2be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 2
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                                              00000000773b30bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                                                                                              00000000773b3248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33                                                                                                              00000000773b37c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274                                                                                                            00000000773b38b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 3
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                                                00000000773b3a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                                                          00000000773b3fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                                                                                        00000000773b4061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                                                                                        00000000773b40d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 3
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                                                                                            00000000773b4216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                                                                                            00000000773b4254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609                                                                                                      00000000773b44c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                                                                                          00000000773b46ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                                                                                          00000000773b4773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                                                                                      00000000773b4867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                                                                                      00000000773b4986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 2
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                                                                                      00000000773b4ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                                                                                        00000000773b4b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                                                                                      00000000773b4d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                                                                                                00000000773b4f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                                                                                          00000000773b5007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483                                                                                            00000000773b51f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                                                                                            00000000773b6006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                                                                                                00000000773b61be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                                                                                                00000000773b63ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45                                                                                  00000000773b63ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                                                                                      00000000773b6404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                                                                                    00000000773b645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                                                                                              00000000773b6c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                                    00000000773fdca0 8 bytes {JMP QWORD [RIP-0x478a2]}
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                                  00000000773fde20 8 bytes {JMP QWORD [RIP-0x479ca]}
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                        00000000773fde50 8 bytes {JMP QWORD [RIP-0x47c98]}
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                      00000000773fdf70 8 bytes {JMP QWORD [RIP-0x47b89]}
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                          00000000773fe020 8 bytes {JMP QWORD [RIP-0x47c7a]}
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                          00000000773fe650 8 bytes {JMP QWORD [RIP-0x46b93]}
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                        00000000773fe8a0 8 bytes {JMP QWORD [RIP-0x472a2]}
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                        00000000773ff100 8 bytes {JMP QWORD [RIP-0x484e0]}
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                                                      00000000725513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                                                      000000007255146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                                                  00000000725516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                                00000000725519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                                                00000000725519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                                          0000000072551a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82                                                                                                              00000000645d17fa 2 bytes CALL 76d511a9 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88                                                                                                          00000000645d1860 2 bytes CALL 76d511a9 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98                                                                                                        00000000645d1942 2 bytes JMP 75147089 C:\Windows\syswow64\WS2_32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109                                                                                                        00000000645d194d 2 bytes JMP 7514cba6 C:\Windows\syswow64\WS2_32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                0000000076891401 2 bytes JMP 76d7b1ef C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                  0000000076891419 2 bytes JMP 76d7b31a C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                0000000076891431 2 bytes JMP 76df8f09 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                000000007689144a 2 bytes CALL 76d54885 C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                                                            * 9
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                    00000000768914dd 2 bytes JMP 76df8802 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                            00000000768914f5 2 bytes JMP 76df89d8 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                    000000007689150d 2 bytes JMP 76df86f8 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                            0000000076891525 2 bytes JMP 76df8ac2 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                  000000007689153d 2 bytes JMP 76d6fc78 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                        0000000076891555 2 bytes JMP 76d768bf C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                000000007689156d 2 bytes JMP 76df8fc1 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                  0000000076891585 2 bytes JMP 76df8b22 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                      000000007689159d 2 bytes JMP 76df86bc C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                  00000000768915b5 2 bytes JMP 76d6fd11 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                00000000768915cd 2 bytes JMP 76d7b2b0 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                            00000000768916b2 2 bytes JMP 76df8e84 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                            00000000768916bd 2 bytes JMP 76df8651 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                              00000000773b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                                              00000000773b1544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                      00000000773b18ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644                                                                                      00000000773b1ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                                                      00000000773b1bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                        00000000773b1d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                            00000000773b1e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                                                          00000000773b1f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                                                              00000000773b2248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                          00000000773b26f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                        00000000773b2712 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                          00000000773b276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184                                                        00000000773b27d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 3
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                                00000000773b2b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375                                                                00000000773b2be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 2
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                            00000000773b30bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                                                                            00000000773b3248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33                                                                                            00000000773b37c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274                                                                                            00000000773b38b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 3
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                                00000000773b3a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                                        00000000773b3fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                                                                        00000000773b4061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                                                                        00000000773b40d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 3
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                                                                            00000000773b4216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                                                                            00000000773b4254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609                                                                                      00000000773b44c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                                                                        00000000773b46ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                                                                        00000000773b4773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                                                                      00000000773b4867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                                                                      00000000773b4986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 2
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                                                                    00000000773b4ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                                                                        00000000773b4b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                                                                    00000000773b4d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                                                                                00000000773b4f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                                                                          00000000773b5007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483                                                                            00000000773b51f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                                                                            00000000773b6006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                                                                              00000000773b61be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                                                                              00000000773b63ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45                                                                00000000773b63ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                                                                    00000000773b6404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                                                                    00000000773b645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                                                                              00000000773b6c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                  00000000773fdca0 8 bytes {JMP QWORD [RIP-0x478a2]}
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                00000000773fde20 8 bytes {JMP QWORD [RIP-0x479ca]}
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                      00000000773fde50 8 bytes {JMP QWORD [RIP-0x47c98]}
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                    00000000773fdf70 8 bytes {JMP QWORD [RIP-0x47b89]}
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                        00000000773fe020 8 bytes {JMP QWORD [RIP-0x47c7a]}
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                        00000000773fe650 8 bytes {JMP QWORD [RIP-0x46b93]}
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                      00000000773fe8a0 8 bytes {JMP QWORD [RIP-0x472a2]}
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                      00000000773ff100 8 bytes {JMP QWORD [RIP-0x484e0]}
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                                    00000000725513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                                    000000007255146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                                  00000000725516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                              00000000725519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                              00000000725519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Hotkey\PowerBiosServer.exe[4164] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                        0000000072551a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                                        00000000773b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                                                        00000000773b1544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                                00000000773b18ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644                                                                                                00000000773b1ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                                                                00000000773b1bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                                  00000000773b1d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                                      00000000773b1e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                                                                    00000000773b1f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                                                                        00000000773b2248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                                    00000000773b26f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                                  00000000773b2712 8 bytes {JMP 0x10}
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                                    00000000773b276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184                                                                  00000000773b27d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 3
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                                          00000000773b2b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375                                                                          00000000773b2be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 2
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                                      00000000773b30bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                                                                                      00000000773b3248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33                                                                                                      00000000773b37c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274                                                                                                      00000000773b38b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 3
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                                          00000000773b3a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                                                  00000000773b3fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                                                                                  00000000773b4061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                                                                                  00000000773b40d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 3
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                                                                                      00000000773b4216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                                                                                      00000000773b4254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609                                                                                                00000000773b44c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                                                                                  00000000773b46ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                                                                                  00000000773b4773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                                                                                00000000773b4867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                                                                                00000000773b4986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 2
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                                                                              00000000773b4ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                                                                                  00000000773b4b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                                                                              00000000773b4d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                                                                                          00000000773b4f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                                                                                    00000000773b5007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483                                                                                      00000000773b51f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                                                                                      00000000773b6006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                                                                                        00000000773b61be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                                                                                        00000000773b63ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45                                                                          00000000773b63ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                                                                              00000000773b6404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                                                                              00000000773b645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                                                                                        00000000773b6c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                            00000000773fdca0 8 bytes {JMP QWORD [RIP-0x478a2]}
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                          00000000773fde20 8 bytes {JMP QWORD [RIP-0x479ca]}
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                00000000773fde50 8 bytes {JMP QWORD [RIP-0x47c98]}
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                              00000000773fdf70 8 bytes {JMP QWORD [RIP-0x47b89]}
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                  00000000773fe020 8 bytes {JMP QWORD [RIP-0x47c7a]}
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                  00000000773fe650 8 bytes {JMP QWORD [RIP-0x46b93]}
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                00000000773fe8a0 8 bytes {JMP QWORD [RIP-0x472a2]}
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                00000000773ff100 8 bytes {JMP QWORD [RIP-0x484e0]}
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                                              00000000725513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                                              000000007255146b 8 bytes {JMP 0xffffffffffffffb0}
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                                            00000000725516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                        00000000725519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                                        00000000725519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                                  0000000072551a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Tobit Radio.fx\Server\rfx-server.exe[4208] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                                                                                    0000000076d58769 5 bytes JMP 000000010067b780
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                                          00000000773b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                                                          00000000773b1544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                                  00000000773b18ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644                                                                                                  00000000773b1ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                                                                  00000000773b1bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                                    00000000773b1d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                                        00000000773b1e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                                                                      00000000773b1f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                                                                          00000000773b2248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                                      00000000773b26f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                                    00000000773b2712 8 bytes {JMP 0x10}
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                                      00000000773b276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184                                                                    00000000773b27d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 3
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                                            00000000773b2b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375                                                                            00000000773b2be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 2
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                                        00000000773b30bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                                                                                        00000000773b3248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33                                                                                                        00000000773b37c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274                                                                                                        00000000773b38b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 3
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                                            00000000773b3a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                                                    00000000773b3fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                                                                                    00000000773b4061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                                                                                    00000000773b40d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 3
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                                                                                        00000000773b4216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                                                                                        00000000773b4254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609                                                                                                  00000000773b44c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                                                                                    00000000773b46ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                                                                                    00000000773b4773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                                                                                  00000000773b4867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                                                                                  00000000773b4986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 2
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                                                                                00000000773b4ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                                                                                    00000000773b4b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                                                                                00000000773b4d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                                                                                            00000000773b4f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                                                                                      00000000773b5007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483                                                                                        00000000773b51f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                                                                                        00000000773b6006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                                                                                          00000000773b61be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                                                                                          00000000773b63ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45                                                                            00000000773b63ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                                                                                00000000773b6404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                                                                                00000000773b645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                                                                                          00000000773b6c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                              00000000773fdca0 8 bytes {JMP QWORD [RIP-0x478a2]}
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                            00000000773fde20 8 bytes {JMP QWORD [RIP-0x479ca]}
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                  00000000773fde50 8 bytes {JMP QWORD [RIP-0x47c98]}
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                00000000773fdf70 8 bytes {JMP QWORD [RIP-0x47b89]}
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                    00000000773fe020 8 bytes {JMP QWORD [RIP-0x47c7a]}
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                    00000000773fe650 8 bytes {JMP QWORD [RIP-0x46b93]}
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                  00000000773fe8a0 8 bytes {JMP QWORD [RIP-0x472a2]}
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                  00000000773ff100 8 bytes {JMP QWORD [RIP-0x484e0]}
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                                                00000000725513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                                                000000007255146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                                              00000000725516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                          00000000725519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                                          00000000725519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\sysWOW64\wbem\wmiprvse.exe[5004] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                                    0000000072551a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[6428] C:\Windows\system32\kernel32.dll!RegSetValueExW                                                                                000000007719a3e0 7 bytes JMP 000000016fff0228
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[6428] C:\Windows\system32\kernel32.dll!RegQueryValueExW                                                                              00000000771a3f00 5 bytes JMP 000000016fff0180
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[6428] C:\Windows\system32\kernel32.dll!RegDeleteValueW                                                                                00000000771bfff0 5 bytes JMP 000000016fff01b8
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[6428] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                                          00000000771cf360 5 bytes JMP 000000016fff0110
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[6428] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                                        00000000771f9ab0 7 bytes JMP 000000016fff00d8
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[6428] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                                        0000000077209540 5 bytes JMP 000000016fff0148
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[6428] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                                0000000077228860 1 byte JMP 000000016fff01f0
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[6428] C:\Windows\system32\kernel32.dll!RegSetValueExA + 2                                                                            0000000077228862 5 bytes {JMP 0xfffffffff8dc7990}
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[6428] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                            000007fefd3b3460 7 bytes JMP 000007fffd3a00d8
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[6428] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                              000007fefd3ca590 6 bytes JMP 000007fffd3a0148
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[6428] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                  000007fefd3cac00 5 bytes JMP 000007fffd3a0180
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[6428] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                          000007fefd3cada0 5 bytes JMP 000007fffd3a0110
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[6428] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                            000007fefe4c89e0 8 bytes JMP 000007fffd3a01f0
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[6428] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                          000007fefe4cbe40 8 bytes JMP 000007fffd3a01b8
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[6428] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                                  000007fefd777490 11 bytes JMP 000007fffd3a0228
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[6428] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                                000007fefd78bf00 7 bytes JMP 000007fffd3a0260
.text  C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6744] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                                    000007fefd3b3460 7 bytes JMP 000007fffd3a00d8
.text  C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6744] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                      000007fefd3ca590 6 bytes JMP 000007fffd3a0148
.text  C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6744] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                          000007fefd3cac00 5 bytes JMP 000007fffd3a0180
.text  C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6744] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                                  000007fefd3cada0 5 bytes JMP 000007fffd3a0110
.text  C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6744] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                    000007fefe4c89e0 8 bytes JMP 000007fffd3a01f0
.text  C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6744] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                                  000007fefe4cbe40 8 bytes JMP 000007fffd3a01b8
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                              00000000773b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                              00000000773b1544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                      00000000773b18ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644                                      00000000773b1ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                      00000000773b1bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                        00000000773b1d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                            00000000773b1e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                          00000000773b1f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                              00000000773b2248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                          00000000773b26f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                        00000000773b2712 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79          00000000773b276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184        00000000773b27d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 3
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                00000000773b2b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375                00000000773b2be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 2
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                            00000000773b30bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                            00000000773b3248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33                                            00000000773b37c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274                                            00000000773b38b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 3
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                00000000773b3a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                        00000000773b3fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                        00000000773b4061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                        00000000773b40d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 3
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                            00000000773b4216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                            00000000773b4254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609                                      00000000773b44c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                        00000000773b46ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                        00000000773b4773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                      00000000773b4867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                      00000000773b4986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 2
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                    00000000773b4ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                        00000000773b4b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                    00000000773b4d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                                00000000773b4f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                          00000000773b5007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483                            00000000773b51f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                            00000000773b6006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                              00000000773b61be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                              00000000773b63ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45                00000000773b63ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                    00000000773b6404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                    00000000773b645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                              00000000773b6c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                  00000000773fdca0 8 bytes {JMP QWORD [RIP-0x478a2]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                00000000773fde20 8 bytes {JMP QWORD [RIP-0x479ca]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                      00000000773fde50 8 bytes {JMP QWORD [RIP-0x47c98]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                    00000000773fdf70 8 bytes {JMP QWORD [RIP-0x47b89]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                        00000000773fe020 8 bytes {JMP QWORD [RIP-0x47c7a]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                        00000000773fe650 8 bytes {JMP QWORD [RIP-0x46b93]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                      00000000773fe8a0 8 bytes {JMP QWORD [RIP-0x472a2]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                      00000000773ff100 8 bytes {JMP QWORD [RIP-0x484e0]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                    00000000725513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                    000000007255146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                  00000000725516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                              00000000725519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                              00000000725519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[5700] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                        0000000072551a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                          00000000773b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                          00000000773b1544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                  00000000773b18ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644                                                  00000000773b1ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                00000000773b1bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                    00000000773b1d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                        00000000773b1e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                      00000000773b1f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                          00000000773b2248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                      00000000773b26f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                    00000000773b2712 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                    00000000773b276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184                    00000000773b27d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 3
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                            00000000773b2b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375                            00000000773b2be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 2
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                        00000000773b30bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                                        00000000773b3248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33                                                        00000000773b37c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274                                                      00000000773b38b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 3
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                          00000000773b3a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                    00000000773b3fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                                  00000000773b4061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                                  00000000773b40d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 3
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                                      00000000773b4216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                                      00000000773b4254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609                                                00000000773b44c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                                    00000000773b46ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                                    00000000773b4773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                                00000000773b4867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                                00000000773b4986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]

Tim Herrmann 19.05.2015 17:34
Windows 7: Internetprobleme nach VPN Verbindung mit Uni-Server
 
Fortsetzung: (Ende)
Code:
.text  ...                                                                                                                                                                                            * 2
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                                00000000773b4ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                                  00000000773b4b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                                00000000773b4d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                                          00000000773b4f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                                    00000000773b5007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483                                      00000000773b51f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                                      00000000773b6006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                                          00000000773b61be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                                          00000000773b63ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45                            00000000773b63ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                                00000000773b6404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                              00000000773b645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                                        00000000773b6c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                              00000000773fdca0 8 bytes {JMP QWORD [RIP-0x478a2]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                            00000000773fde20 8 bytes {JMP QWORD [RIP-0x479ca]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                  00000000773fde50 8 bytes {JMP QWORD [RIP-0x47c98]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                00000000773fdf70 8 bytes {JMP QWORD [RIP-0x47b89]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                    00000000773fe020 8 bytes {JMP QWORD [RIP-0x47c7a]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                    00000000773fe650 8 bytes {JMP QWORD [RIP-0x46b93]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                  00000000773fe8a0 8 bytes {JMP QWORD [RIP-0x472a2]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                  00000000773ff100 8 bytes {JMP QWORD [RIP-0x484e0]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                00000000725513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                000000007255146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                            00000000725516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                          00000000725519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                          00000000725519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                    0000000072551a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                  00000000773b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                  00000000773b1544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                          00000000773b18ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644                                                          00000000773b1ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                        00000000773b1bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                            00000000773b1d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                00000000773b1e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                              00000000773b1f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                                  00000000773b2248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                              00000000773b26f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                            00000000773b2712 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                            00000000773b276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184                            00000000773b27d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 3
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                    00000000773b2b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375                                    00000000773b2be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 2
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                00000000773b30bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                                                00000000773b3248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33                                                                00000000773b37c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274                                                              00000000773b38b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 3
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                  00000000773b3a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                            00000000773b3fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                                          00000000773b4061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                                          00000000773b40d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 3
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                                              00000000773b4216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                                              00000000773b4254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609                                                        00000000773b44c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                                            00000000773b46ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                                            00000000773b4773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                                        00000000773b4867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                                        00000000773b4986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 2
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                                        00000000773b4ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                                          00000000773b4b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                                        00000000773b4d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                                                  00000000773b4f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                                            00000000773b5007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483                                              00000000773b51f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                                              00000000773b6006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                                                  00000000773b61be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                                                  00000000773b63ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45                                    00000000773b63ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                                        00000000773b6404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                                      00000000773b645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                                                00000000773b6c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                      00000000773fdca0 8 bytes {JMP QWORD [RIP-0x478a2]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                    00000000773fde20 8 bytes {JMP QWORD [RIP-0x479ca]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                          00000000773fde50 8 bytes {JMP QWORD [RIP-0x47c98]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                        00000000773fdf70 8 bytes {JMP QWORD [RIP-0x47b89]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                            00000000773fe020 8 bytes {JMP QWORD [RIP-0x47c7a]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                            00000000773fe650 8 bytes {JMP QWORD [RIP-0x46b93]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                          00000000773fe8a0 8 bytes {JMP QWORD [RIP-0x472a2]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                          00000000773ff100 8 bytes {JMP QWORD [RIP-0x484e0]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                        00000000725513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                        000000007255146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                    00000000725516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                  00000000725519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                  00000000725519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                            0000000072551a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Windows\system32\wuauclt.exe[6660] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                                                      000007fefd3b3460 7 bytes JMP 000007fffd3a00d8
.text  C:\Windows\system32\wuauclt.exe[6660] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                        000007fefd3ca590 6 bytes JMP 000007fffd3a0148
.text  C:\Windows\system32\wuauclt.exe[6660] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                                          000007fefd3cac00 5 bytes JMP 000007fffd3a0180
.text  C:\Windows\system32\wuauclt.exe[6660] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                                                    000007fefd3cada0 5 bytes JMP 000007fffd3a0110
.text  C:\Windows\system32\wuauclt.exe[6660] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                                                          000007fefd777490 11 bytes JMP 000007fffd3a0228
.text  C:\Windows\system32\wuauclt.exe[6660] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                                                          000007fefd78bf00 7 bytes JMP 000007fffd3a0260
.text  C:\Windows\system32\wuauclt.exe[6660] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                                    000007fefe4c89e0 8 bytes JMP 000007fffd3a01f0
.text  C:\Windows\system32\wuauclt.exe[6660] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                                                  000007fefe4cbe40 8 bytes JMP 000007fffd3a01b8
.text  C:\Windows\explorer.exe[5320] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                                                                  000007fefd777490 5 bytes JMP 000007fffb660060
.text  C:\Windows\explorer.exe[5320] C:\Windows\system32\dwmapi.dll!DwmExtendFrameIntoClientArea                                                                                                      000007fefb673580 5 bytes JMP 000007fffb660010
.text  C:\Windows\explorer.exe[5320] C:\Windows\system32\UIAutomationCore.dll!UiaReturnRawElementProvider                                                                                            000007feea712dec 5 bytes JMP 000007fefb660028
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                                                  00000000773b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                                                                  00000000773b1544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                                          00000000773b18ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644                                                                                                          00000000773b1ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                                                                        00000000773b1bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                                            00000000773b1d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                                                00000000773b1e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                                                                              00000000773b1f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                                                                                  00000000773b2248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                                              00000000773b26f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                                            00000000773b2712 8 bytes {JMP 0x10}
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                                            00000000773b276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184                                                                            00000000773b27d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 3
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                                                    00000000773b2b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375                                                                                    00000000773b2be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 2
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                                                00000000773b30bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                                                                                                00000000773b3248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33                                                                                                                00000000773b37c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274                                                                                                              00000000773b38b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 3
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                                                  00000000773b3a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                                                            00000000773b3fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                                                                                          00000000773b4061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                                                                                          00000000773b40d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 3
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                                                                                              00000000773b4216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                                                                                              00000000773b4254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609                                                                                                        00000000773b44c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                                                                                            00000000773b46ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                                                                                            00000000773b4773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                                                                                        00000000773b4867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                                                                                        00000000773b4986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 2
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                                                                                        00000000773b4ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                                                                                          00000000773b4b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                                                                                        00000000773b4d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                                                                                                  00000000773b4f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                                                                                            00000000773b5007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483                                                                                              00000000773b51f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                                                                                              00000000773b6006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                                                                                                  00000000773b61be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                                                                                                  00000000773b63ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45                                                                                    00000000773b63ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                                                                                        00000000773b6404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                                                                                      00000000773b645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                                                                                                00000000773b6c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                                      00000000773fdca0 8 bytes {JMP QWORD [RIP-0x478a2]}
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                                    00000000773fde20 8 bytes {JMP QWORD [RIP-0x479ca]}
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                          00000000773fde50 8 bytes {JMP QWORD [RIP-0x47c98]}
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                        00000000773fdf70 8 bytes {JMP QWORD [RIP-0x47b89]}
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                            00000000773fe020 8 bytes {JMP QWORD [RIP-0x47c7a]}
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                            00000000773fe650 8 bytes {JMP QWORD [RIP-0x46b93]}
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                          00000000773fe8a0 8 bytes {JMP QWORD [RIP-0x472a2]}
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                          00000000773ff100 8 bytes {JMP QWORD [RIP-0x484e0]}
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                                                        00000000725513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                                                        000000007255146b 8 bytes {JMP 0xffffffffffffffb0}
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                                                    00000000725516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                                  00000000725519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                                                  00000000725519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                                            0000000072551a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                                                                                                        0000000076d51eee 7 bytes JMP 0000000166694b10
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                                                                                                          0000000076d55b85 7 bytes JMP 00000001666954b0
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                                                          0000000076d613e1 7 bytes JMP 0000000166694e50
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                                                                                                          0000000076d6ea15 7 bytes JMP 0000000166694b00
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                                                                  0000000076df8e84 7 bytes JMP 00000001666945c0
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                                                                  0000000076df8f09 5 bytes JMP 0000000166694670
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                                                                    0000000076df925f 5 bytes JMP 00000001666945d0
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                                                      0000000076a01d29 5 bytes JMP 0000000166694580
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                                                                    0000000076a01dd7 5 bytes JMP 0000000166694540
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                                                        0000000076a02ab1 5 bytes JMP 0000000166694680
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                                                            0000000076a02d17 5 bytes JMP 0000000166694360
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                                                                    000000007549e96b 5 bytes JMP 0000000166693b60
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                                      000000007549eba5 5 bytes JMP 0000000166693b80
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                                                            00000000770a8a29 5 bytes JMP 0000000166693a40
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                                                                        00000000770b4572 5 bytes JMP 00000001666942e0
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                                                                                                        00000000770ce567 5 bytes JMP 0000000166694350
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                                                                                                  00000000770f07d7 5 bytes JMP 0000000166693850
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                                                                                                0000000077107a5c 5 bytes JMP 00000001666942d0
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                                                                          00000000756f5ea5 5 bytes JMP 0000000166693a00
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                                                                            0000000075729d0b 5 bytes JMP 0000000166693990
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                  0000000076891401 2 bytes JMP 76d7b1ef C:\Windows\syswow64\kernel32.dll
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                    0000000076891419 2 bytes JMP 76d7b31a C:\Windows\syswow64\kernel32.dll
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                  0000000076891431 2 bytes JMP 76df8f09 C:\Windows\syswow64\kernel32.dll
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                  000000007689144a 2 bytes CALL 76d54885 C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                                                            * 9
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                      00000000768914dd 2 bytes JMP 76df8802 C:\Windows\syswow64\kernel32.dll
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                              00000000768914f5 2 bytes JMP 76df89d8 C:\Windows\syswow64\kernel32.dll
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                      000000007689150d 2 bytes JMP 76df86f8 C:\Windows\syswow64\kernel32.dll
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                              0000000076891525 2 bytes JMP 76df8ac2 C:\Windows\syswow64\kernel32.dll
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                    000000007689153d 2 bytes JMP 76d6fc78 C:\Windows\syswow64\kernel32.dll
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                          0000000076891555 2 bytes JMP 76d768bf C:\Windows\syswow64\kernel32.dll
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                  000000007689156d 2 bytes JMP 76df8fc1 C:\Windows\syswow64\kernel32.dll
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                    0000000076891585 2 bytes JMP 76df8b22 C:\Windows\syswow64\kernel32.dll
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                        000000007689159d 2 bytes JMP 76df86bc C:\Windows\syswow64\kernel32.dll
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                    00000000768915b5 2 bytes JMP 76d6fd11 C:\Windows\syswow64\kernel32.dll
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                  00000000768915cd 2 bytes JMP 76d7b2b0 C:\Windows\syswow64\kernel32.dll
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                              00000000768916b2 2 bytes JMP 76df8e84 C:\Windows\syswow64\kernel32.dll
.text  D:\Programme\Clover\clover.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                              00000000768916bd 2 bytes JMP 76df8651 C:\Windows\syswow64\kernel32.dll
?      C:\Windows\system32\mssprxy.dll [2644] entry point in ".rdata" section                                                                                                                        0000000074c071e6
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                              00000000773b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                                              00000000773b1544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                      00000000773b18ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644                                                                                      00000000773b1ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                                                    00000000773b1bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                        00000000773b1d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                            00000000773b1e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                                                          00000000773b1f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                                                              00000000773b2248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                          00000000773b26f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                        00000000773b2712 8 bytes {JMP 0x10}
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                        00000000773b276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184                                                        00000000773b27d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 3
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                                00000000773b2b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375                                                                00000000773b2be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 2
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                            00000000773b30bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                                                                            00000000773b3248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33                                                                                            00000000773b37c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274                                                                                          00000000773b38b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 3
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                              00000000773b3a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                                        00000000773b3fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                                                                      00000000773b4061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                                                                      00000000773b40d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 3
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                                                                          00000000773b4216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                                                                          00000000773b4254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609                                                                                    00000000773b44c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                                                                        00000000773b46ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                                                                        00000000773b4773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                                                                    00000000773b4867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                                                                    00000000773b4986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                                            * 2
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                                                                    00000000773b4ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                                                                      00000000773b4b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                                                                    00000000773b4d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                                                                              00000000773b4f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                                                                        00000000773b5007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483                                                                          00000000773b51f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                                                                          00000000773b6006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                                                                              00000000773b61be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                                                                              00000000773b63ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45                                                                00000000773b63ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                                                                    00000000773b6404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                                                                  00000000773b645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                                                                            00000000773b6c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                  00000000773fdca0 8 bytes {JMP QWORD [RIP-0x478a2]}
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                00000000773fde20 8 bytes {JMP QWORD [RIP-0x479ca]}
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                      00000000773fde50 8 bytes {JMP QWORD [RIP-0x47c98]}
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                    00000000773fdf70 8 bytes {JMP QWORD [RIP-0x47b89]}
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                        00000000773fe020 8 bytes {JMP QWORD [RIP-0x47c7a]}
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                        00000000773fe650 8 bytes {JMP QWORD [RIP-0x46b93]}
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                      00000000773fe8a0 8 bytes {JMP QWORD [RIP-0x472a2]}
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                      00000000773ff100 8 bytes {JMP QWORD [RIP-0x484e0]}
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                                    00000000725513cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                                    000000007255146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                                00000000725516d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                              00000000725519db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                              00000000725519fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                        0000000072551a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                                                                                    0000000076d51eee 7 bytes JMP 0000000166694b10
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                                                                                      0000000076d55b85 7 bytes JMP 00000001666954b0
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                                      0000000076d613e1 7 bytes JMP 0000000166694e50
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                                                                                      0000000076d6ea15 7 bytes JMP 0000000166694b00
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                                              0000000076df8e84 7 bytes JMP 00000001666945c0
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                                              0000000076df8f09 5 bytes JMP 0000000166694670
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                                                0000000076df925f 5 bytes JMP 00000001666945d0
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                                  0000000076a01d29 5 bytes JMP 0000000166694580
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                                                0000000076a01dd7 5 bytes JMP 0000000166694540
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                                    0000000076a02ab1 5 bytes JMP 0000000166694680
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                                        0000000076a02d17 5 bytes JMP 0000000166694360
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                                                000000007549e96b 5 bytes JMP 0000000166693b60
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                  000000007549eba5 5 bytes JMP 0000000166693b80
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                                        00000000770a8a29 5 bytes JMP 0000000166693a40
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                                                    00000000770b4572 5 bytes JMP 00000001666942e0
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                                                                                    00000000770ce567 5 bytes JMP 0000000166694350
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                                                                              00000000770f07d7 5 bytes JMP 0000000166693850
.text  C:\Users\Tim\Desktop\Trojaner-Board\Gmer-19357.exe[2532] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                                                                            0000000077107a5c 5 bytes JMP 00000001666942d0

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0cd292b85460                                                                                                                   
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0cd292b85460@40984e5004ce                                                                                                      0x75 0x01 0xAC 0x13 ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0cd292b85460 (not active ControlSet)                                                                                               
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0cd292b85460@40984e5004ce                                                                                                          0x75 0x01 0xAC 0x13 ...

---- EOF - GMER 2.1 ----

schrauber 20.05.2015 06:55
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Tim Herrmann 20.05.2015 09:12
MBAM.txt, ADWCleaner, JRT.txt
 
MBAM.txt:
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 20.05.2015
Suchlauf-Zeit: 09:39:39
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.05.20.01
Rootkit Datenbank: v2015.05.16.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Tim

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 360286
Verstrichene Zeit: 5 Min, 18 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
ADWCleaner.txt:
Code:
# AdwCleaner v4.204 - Bericht erstellt 20/05/2015 um 09:52:04
# Aktualisiert 12/05/2015 von Xplode
# Datenbank : 2015-05-12.2 [Lokal]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : Tim - TIM-PC
# Gestarted von : D:\Users\Tim\Downloads\AdwCleaner_4.204.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

***** [ Internetbrowser ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v


-\\ Google Chrome v42.0.2311.152


*************************

AdwCleaner[R0].txt - [3475 Bytes] - [19/05/2015 11:19:45]
AdwCleaner[R1].txt - [1036 Bytes] - [19/05/2015 11:23:26]
AdwCleaner[R2].txt - [1155 Bytes] - [20/05/2015 09:51:41]
AdwCleaner[S0].txt - [3432 Bytes] - [19/05/2015 11:21:41]
AdwCleaner[S1].txt - [1096 Bytes] - [19/05/2015 11:23:50]
AdwCleaner[S2].txt - [1076 Bytes] - [20/05/2015 09:52:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1135  Bytes] ##########
JRT.txt:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.4 (05.19.2015:1)
OS: Windows 7 Professional x64
Ran by Tim on 20.05.2015 at  9:59:37,93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.05.2015 at 10:01:58,66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2015
Ran by Tim (administrator) on TIM-PC on 20-05-2015 10:06:38
Running from C:\Users\Tim\Desktop\Trojaner-Board
Loaded Profiles: Tim (Available profiles: Tim)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Corporation) D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() D:\Tobit Radio.fx\Server\rfx-server.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
() C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(EJIE Technology) D:\Programme\Clover\clover.exe
(Farbar) C:\Users\Tim\Desktop\Trojaner-Board\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5672624 2013-03-26] (VIA)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3008824 2012-11-30] (Synaptics Incorporated)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2465088 2014-11-17] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation)
HKLM-x32\...\Run: [Sound Blaster Cinema] => D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe [711680 2012-11-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [BCSSync] => D:\Programme\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [488328 2014-09-04] (Autodesk Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\Run: [OfficeSyncProcess] => D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE [718720 2010-12-21] (Microsoft Corporation)
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\Run: [rfxsrvtray] => D:\Tobit Radio.fx\Client\rfx-tray.exe [1838872 2013-02-07] (Tobit.Software)
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [455392 2015-04-10] (Sony)
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\Policies\Explorer: []
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\MountPoints2: {570a12d5-bcd4-11e4-b996-0090f5f2dc8c} - G:\AutoRun.exe
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\MountPoints2: {570a12e0-bcd4-11e4-b996-0090f5f2dc8c} - G:\AutoRun.exe
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\MountPoints2: {bfdddd47-fd1e-11e4-a05f-0cd292b85460} - F:\startme.exe
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2014-11-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2014-11-13] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk [2014-03-19]
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\Hotkey.exe ()
Startup: C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-18]
ShortcutTarget: Dropbox.lnk -> C:\Users\Tim\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2014-09-16]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-2530768674-2421857465-2161656677-1000] => hxxp://www.hs-koblenz.de/proxy.pac
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000 -> {98942130-7CF9-46E5-831B-14D569129F80} URL = https://www.google.com/search?q={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-04-07] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: ExplorerWatcher Class -> {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} -> D:\Programme\Clover\TabHelper64.dll [2014-01-23] (EJIE Technology)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Programme\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-04-07] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Programme\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 172.18.240.1 172.18.240.1

FireFox:
========
FF ProfilePath: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\zrh3dtnu.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-17] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-17] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-07-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-07-16] (Intel Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-04-07] ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-04-07] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-04-07] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-04-07]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-04-07]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2015-04-07]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2015-04-07]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-04-07]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-18]
CHR Extension: (Google Docs) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-18]
CHR Extension: (Google Drive) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-18]
CHR Extension: (YouTube) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-18]
CHR Extension: (Google Search) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-18]
CHR Extension: (Kaspersky Protection) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-05-18]
CHR Extension: (Google Sheets) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-18]
CHR Extension: (Bookmark Manager) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-18]
CHR Extension: (Black carbon + silver metal) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lodhggoaglindpoejnjldimdlikkphph [2015-05-18]
CHR Extension: (Google Wallet) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-18]
CHR Extension: (Gmail) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-18]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [597896 2014-09-04] (Autodesk Inc.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-07-16] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-07-16] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; D:\Programme\Microsoft Office\Office14\GROOVE.EXE [31124344 2010-12-27] (Microsoft Corporation)
S2 mitsijm2014; C:\Program Files\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe [952608 2013-01-25] (Autodesk, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-11-17] (NVIDIA Corporation)
S3 Origin Client Service; D:\Programme\EA\Origin\OriginClientService.exe [1910640 2015-03-11] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-01-13] ()
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [46592 2013-05-29] () [File not signed]
R2 Radio.fx; D:\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] ()
S2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3377904 2013-07-17] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 3dxhid; C:\Windows\System32\DRIVERS\3dxhid.sys [38672 2014-11-07] (3Dconnexion SAM)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2015-04-07] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2015-04-07] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
S3 KMJHidMini; C:\Windows\System32\DRIVERS\3dxkmj.sys [18944 2013-10-08] (3Dconnextion Inc.) [File not signed]
S3 KMJShim; C:\Windows\System32\DRIVERS\3dxshim.sys [7168 2013-10-08] (3Dconnextion Inc.) [File not signed]
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [24848 2008-01-02] (IBM)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 SaiKA50A; C:\Windows\System32\DRIVERS\SaiKA50A.sys [147976 2009-09-14] (Saitek)
S3 SaiUA50A; C:\Windows\System32\DRIVERS\SaiUA50A.sys [41224 2009-09-14] (Saitek)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-30] (Synaptics Incorporated)
R3 VMfilt; C:\Windows\System32\drivers\VMfilt64.sys [25600 2009-07-30] (Creative Technology Ltd.)
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-20 10:02 - 2015-05-20 10:02 - 00001215 _____ () C:\Users\Tim\Desktop\AdwCleaner[S2].txt
2015-05-20 10:01 - 2015-05-20 10:01 - 00000598 _____ () C:\Users\Tim\Desktop\JRT.txt
2015-05-20 09:59 - 2015-05-20 09:59 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-TIM-PC-Windows-7-Professional-(64-bit).dat
2015-05-20 09:59 - 2015-05-20 09:59 - 00000000 ____D () C:\RegBackup
2015-05-20 09:46 - 2015-05-20 09:46 - 00001208 _____ () C:\Users\Tim\Desktop\mbam.txt
2015-05-20 09:37 - 2015-05-20 09:38 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-20 09:37 - 2015-05-20 09:37 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-20 09:37 - 2015-05-20 09:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-20 09:37 - 2015-05-20 09:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-20 09:37 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-20 09:37 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-20 09:37 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-19 14:42 - 2015-05-19 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-05-19 14:42 - 2015-05-19 14:42 - 00000000 ____D () C:\Program Files\7-Zip
2015-05-19 13:26 - 2015-05-20 10:06 - 00000000 ____D () C:\FRST
2015-05-19 13:25 - 2015-05-19 13:25 - 00000000 _____ () C:\Users\Tim\defogger_reenable
2015-05-19 13:19 - 2015-05-20 08:10 - 00000000 ____D () C:\Users\Tim\Desktop\Trojaner-Board
2015-05-19 13:12 - 2015-05-20 09:52 - 00000744 _____ () C:\Windows\PFRO.log
2015-05-19 13:01 - 2015-05-19 13:04 - 00000000 ____D () C:\Regdelnull (1)
2015-05-19 11:35 - 2015-05-19 11:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-19 11:19 - 2015-05-20 09:52 - 00000000 ____D () C:\AdwCleaner
2015-05-19 10:25 - 2015-05-20 09:52 - 00001355 _____ () C:\Windows\setupact.log
2015-05-19 10:25 - 2015-05-19 10:25 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-19 10:25 - 2015-05-19 10:22 - 00411661 _____ () C:\Users\Tim\Desktop\Borduhr.CATPart
2015-05-18 21:30 - 2015-05-19 11:29 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-18 12:46 - 2015-05-19 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-18 12:44 - 2015-05-20 09:56 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-18 12:44 - 2015-05-20 09:52 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-18 12:44 - 2015-05-19 13:51 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-18 12:44 - 2015-05-19 13:51 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-18 12:20 - 2015-05-18 12:20 - 00001409 _____ () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-05-18 12:20 - 2015-05-18 12:20 - 00001403 _____ () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-18 07:33 - 2015-05-19 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-05-18 07:33 - 2015-05-18 07:33 - 00000000 ____D () C:\ProgramData\Sony
2015-05-18 07:33 - 2015-05-18 07:33 - 00000000 ____D () C:\Program Files (x86)\Sony
2015-05-18 07:32 - 2015-05-18 07:32 - 28684424 _____ (Sony Mobile Communications ) C:\Users\Tim\AppData\Local\pcc.exe
2015-05-13 18:02 - 2015-05-18 20:58 - 00000000 ____D () C:\Users\Tim\Desktop\Backup HTC
2015-05-13 17:51 - 2015-05-13 17:51 - 00000000 ____D () C:\Users\Tim\AppData\Local\Macromedia
2015-05-05 20:21 - 2015-05-18 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funktionsplotter
2015-05-05 20:20 - 2015-05-05 20:20 - 00253952 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2015-05-05 20:20 - 2015-05-05 20:20 - 00074752 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2015-04-30 17:11 - 2015-04-30 17:16 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-30 17:11 - 2015-04-01 11:16 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-30 16:53 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-04-30 16:53 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2015-04-30 16:53 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-04-30 16:53 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-04-30 16:53 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-04-30 16:53 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-04-30 16:53 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2015-04-30 16:53 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2015-04-30 16:51 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-30 16:51 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-30 16:51 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-30 16:51 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-30 16:51 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-30 16:51 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-30 16:51 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-30 16:51 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-30 16:51 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-30 16:51 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-30 16:51 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-30 16:51 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-30 16:51 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-30 16:51 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-30 16:51 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-30 16:51 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-30 16:51 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-30 16:51 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-30 16:51 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-30 16:51 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-30 16:51 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-30 16:51 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-30 16:51 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-30 16:51 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-30 16:51 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-30 16:51 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-30 16:51 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-30 16:51 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-04-30 16:51 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-04-30 16:51 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-04-30 16:51 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 02644992 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-04-30 16:51 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-04-30 16:51 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-04-30 16:51 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-04-30 16:51 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-04-30 16:51 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-04-30 16:51 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-04-30 16:51 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-04-30 16:51 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-04-30 16:51 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-04-30 16:51 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-04-30 16:51 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-04-30 16:51 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 02135040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-04-30 16:51 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-04-30 16:51 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-04-30 16:51 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-04-30 16:51 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-04-30 16:51 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-04-30 16:51 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-04-30 16:51 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-04-30 16:51 - 2014-11-11 05:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-04-30 16:51 - 2014-11-11 04:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-04-30 16:51 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-04-30 16:51 - 2014-10-14 04:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-04-30 16:51 - 2014-07-17 04:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-04-30 16:51 - 2014-07-17 04:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-04-30 16:51 - 2014-07-17 04:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-04-30 16:51 - 2014-07-17 04:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-04-30 16:51 - 2014-07-17 04:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-04-30 16:51 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2015-04-30 16:51 - 2014-07-17 03:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-04-30 16:51 - 2014-07-17 03:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-04-30 16:51 - 2014-07-17 03:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-04-30 16:51 - 2014-07-17 03:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-04-30 16:51 - 2014-07-17 03:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-04-30 16:51 - 2014-06-28 02:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-04-30 16:51 - 2014-06-28 02:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-04-30 16:51 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2015-04-30 16:51 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2015-04-30 16:51 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2015-04-30 16:51 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2015-04-30 16:51 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2015-04-30 16:51 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2015-04-30 16:51 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2015-04-30 16:51 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2015-04-30 16:51 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2015-04-30 16:51 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2015-04-30 16:51 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2015-04-30 16:51 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2015-04-30 16:51 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2015-04-30 16:51 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-30 16:50 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-30 16:50 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-30 16:50 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-30 16:50 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-30 16:50 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-30 16:50 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-30 16:50 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-30 16:50 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-30 16:50 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-30 16:50 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-30 16:50 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-30 16:50 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-30 16:50 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-30 16:50 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-30 16:50 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-30 16:50 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-30 16:50 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-30 16:50 - 2015-02-26 05:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-04-30 16:50 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-30 16:50 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-04-30 16:50 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-04-30 16:50 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-04-30 16:50 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-04-30 16:50 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-04-30 16:50 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-04-30 16:50 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-04-30 16:50 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-04-30 16:50 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-04-30 16:50 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-04-30 16:50 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-04-30 16:50 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-04-30 16:50 - 2015-02-03 05:31 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-04-30 16:50 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-04-30 16:50 - 2015-02-03 05:12 - 01011200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-04-30 16:50 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-04-30 16:50 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-30 16:50 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-04-30 16:50 - 2014-12-19 05:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-04-30 16:50 - 2014-12-19 03:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-04-30 16:50 - 2014-12-11 19:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-04-30 16:50 - 2014-12-08 05:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-04-30 16:50 - 2014-12-08 04:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-04-30 16:50 - 2014-12-06 06:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-04-30 16:50 - 2014-12-06 05:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-04-30 16:50 - 2014-12-06 05:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-04-30 16:50 - 2014-10-25 03:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-04-30 16:50 - 2014-10-25 03:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-04-30 16:50 - 2014-10-18 04:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-04-30 16:50 - 2014-10-18 03:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-04-30 16:50 - 2014-09-04 07:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-04-30 16:50 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2015-04-30 16:50 - 2014-08-12 04:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-04-30 16:50 - 2014-08-12 03:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-04-30 16:50 - 2014-06-19 00:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-04-30 16:50 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-04-30 16:50 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2015-04-30 16:50 - 2014-06-19 00:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-04-30 16:50 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2015-04-30 16:50 - 2014-06-19 00:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-04-30 16:50 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2015-04-30 16:50 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2015-04-30 16:50 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-04-30 16:50 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-04-30 16:50 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2015-04-30 16:50 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-04-30 16:50 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-04-30 16:50 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-04-30 16:50 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-04-30 16:50 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-04-30 16:50 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-04-30 16:50 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-04-30 16:50 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-04-30 16:50 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-04-30 16:50 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-04-30 16:50 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-04-30 16:50 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-04-30 16:50 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-04-30 16:50 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-04-30 16:50 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-04-30 16:50 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-04-30 16:50 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-04-30 16:50 - 2012-10-03 19:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-04-30 16:50 - 2012-10-03 19:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-04-30 16:43 - 2015-02-04 05:16 - 00392192 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-04-30 16:43 - 2015-02-04 04:54 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-04-30 16:43 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-04-30 16:42 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-04-29 12:08 - 2015-04-29 12:14 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\PDF Architect 3
2015-04-29 12:07 - 2015-05-19 12:06 - 00000000 ____D () C:\ProgramData\PDF Architect 3
2015-04-29 11:56 - 2013-09-01 13:59 - 01103872 _____ () C:\Windows\SysWOW64\CBLCtlsU.ocx
2015-04-29 11:56 - 2013-07-13 13:15 - 00805376 _____ () C:\Windows\SysWOW64\EditCtlsU.ocx
2015-04-29 11:56 - 2013-07-12 23:57 - 00539648 _____ () C:\Windows\SysWOW64\LblCtlsU.ocx
2015-04-29 11:56 - 2013-04-05 14:55 - 00476160 _____ () C:\Windows\SysWOW64\TabStripCtlU.ocx
2015-04-29 11:56 - 2013-03-29 00:13 - 00645632 _____ () C:\Windows\SysWOW64\BtnCtlsU.ocx
2015-04-29 11:56 - 2013-03-03 15:37 - 01061888 _____ () C:\Windows\SysWOW64\ExLvwU.ocx
2015-04-29 08:36 - 2015-05-13 11:55 - 00017698 _____ () C:\Users\Tim\Desktop\Notenliste.xlsx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-20 10:05 - 2014-03-19 20:54 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-05-20 10:00 - 2009-07-14 06:45 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-20 10:00 - 2009-07-14 06:45 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-20 09:58 - 2011-04-12 09:43 - 00699342 _____ () C:\Windows\system32\perfh007.dat
2015-05-20 09:58 - 2011-04-12 09:43 - 00149450 _____ () C:\Windows\system32\perfc007.dat
2015-05-20 09:58 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-20 09:56 - 2014-03-19 19:41 - 01398681 _____ () C:\Windows\WindowsUpdate.log
2015-05-20 09:52 - 2015-01-07 11:45 - 00000433 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-05-20 09:52 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-19 13:25 - 2014-03-19 19:41 - 00000000 ____D () C:\Users\Tim
2015-05-19 12:05 - 2015-03-10 20:21 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\DVDVideoSoft
2015-05-19 12:03 - 2015-02-12 21:22 - 00000000 ____D () C:\Program Files (x86)\AVS4YOU
2015-05-19 12:02 - 2014-03-20 16:19 - 00000000 ____D () C:\Users\Tim\AppData\Local\Akamai
2015-05-19 12:00 - 2014-12-08 09:39 - 00003262 _____ () C:\Windows\System32\Tasks\3DconnexionCreateProcess_3DxService.exe
2015-05-19 12:00 - 2014-04-09 11:00 - 00000000 ____D () C:\Program Files\Autodesk
2015-05-19 11:29 - 2014-09-30 08:51 - 00000000 ____D () C:\Program Files (x86)\Google
2015-05-19 11:29 - 2014-04-09 22:27 - 00000000 ____D () C:\Users\Tim\AppData\Local\Microsoft Help
2015-05-19 11:29 - 2014-04-09 22:13 - 00000000 ____D () C:\Users\Tim\AppData\Local\Autodesk,_Inc
2015-05-19 11:29 - 2014-04-09 22:09 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-05-19 11:29 - 2014-03-20 16:31 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Autodesk
2015-05-19 11:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2015-05-19 09:36 - 2015-04-15 09:07 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Nitro PDF
2015-05-19 07:34 - 2014-03-19 19:37 - 00000000 ____D () C:\Windows\Panther
2015-05-19 07:33 - 2015-04-18 17:17 - 00000080 _____ () C:\Users\Tim\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-05-18 21:30 - 2014-04-12 13:52 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Dropbox
2015-05-18 21:23 - 2014-04-12 14:06 - 00000000 ___RD () C:\Users\Tim\Dropbox
2015-05-18 12:46 - 2014-03-19 21:04 - 00000000 ____D () C:\Users\Tim\AppData\Local\Google
2015-05-18 12:43 - 2014-03-19 21:03 - 00000000 ____D () C:\Users\Tim\AppData\Local\Deployment
2015-05-18 12:19 - 2015-03-10 14:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-18 12:12 - 2014-11-03 14:16 - 00007621 _____ () C:\Users\Tim\AppData\Local\Resmon.ResmonCfg
2015-05-18 11:59 - 2015-04-12 15:28 - 00000000 ____D () C:\Program Files (x86)\MathType
2015-05-18 11:59 - 2015-03-05 10:42 - 00000000 ____D () C:\ProgramData\FreePDF
2015-05-18 11:59 - 2015-03-05 10:42 - 00000000 ____D () C:\Program Files (x86)\FreePDF_XP
2015-05-18 07:33 - 2014-03-19 20:07 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-17 18:34 - 2014-09-17 07:38 - 00000000 ____D () C:\Users\Tim\Documents\Outlook-Dateien
2015-05-13 10:52 - 2014-04-09 11:00 - 00000000 ____D () C:\Users\Tim\AppData\Local\Autodesk
2015-05-13 10:52 - 2014-03-20 16:31 - 00000000 ____D () C:\ProgramData\Autodesk
2015-05-11 11:01 - 2015-03-16 10:00 - 00036330 _____ () C:\Users\Tim\Desktop\Kalender.xlsx
2015-05-06 13:17 - 2014-10-08 10:49 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Skype
2015-05-02 15:52 - 2014-04-09 12:29 - 00000000 ____D () C:\Users\Tim\Documents\Inventor
2015-05-02 14:32 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-05-01 17:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-30 18:51 - 2009-07-14 06:45 - 00537216 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-30 18:49 - 2015-04-12 11:54 - 00000000 ____D () C:\Program Files\Windows Journal
2015-04-30 18:49 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Defender
2015-04-30 18:49 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-04-30 18:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-04-30 18:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-04-30 18:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-30 18:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-04-30 18:08 - 2014-04-09 01:09 - 01593564 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

==================== Files in the root of some directories =======

2015-05-18 07:32 - 2015-05-18 07:32 - 28684424 _____ (Sony Mobile Communications                                  ) C:\Users\Tim\AppData\Local\pcc.exe
2014-11-03 14:16 - 2015-05-18 12:12 - 0007621 _____ () C:\Users\Tim\AppData\Local\Resmon.ResmonCfg
2014-08-05 22:27 - 2014-09-12 09:33 - 0006991 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Tim\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3mmov4.dll
C:\Users\Tim\AppData\Local\Temp\Quarantine.exe
C:\Users\Tim\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-04 08:16

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 20.05.2015 20:33

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Tim Herrmann 21.05.2015 08:51
Guten Morgen!
Der ESET-Scanner hat einige infizierte Dateien gefunden:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=5c54cbc063cca04c823230d92c42cb6f
# engine=23948
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-21 07:20:33
# local_time=2015-05-21 09:20:33 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1296 16777213 100 100 2618 36269115 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 1528067 183822683 0 0
# scanned=376044
# found=11
# cleaned=11
# scan_time=2032
sh=34AA6C24CE5A526BC0E7E57C36BFF26656D54797 ft=1 fh=1bde4a98e6bad6cd vn="Variante von Win32/DownloadGuide.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\avira-free-antivir.exe"
sh=E750C443A83F9B135B499E7917C5A93120384BB3 ft=1 fh=4eedbac881d1fc72 vn="Win32/DownWare.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\DTLite4491-0356.exe"
sh=CE9A0EB1748895D12D25223034E6B55059863240 ft=1 fh=3e92a1834760c140 vn="Variante von Win32/WinloadSDA.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\Dxtory-lnstall.exe"
sh=C9973F358FB3BEBB13DD1B1C3EB63C8F1D12946B ft=1 fh=c6cd0c57ade7db32 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\KaLoMa - CHIP-Installer.exe"
sh=4DBB24944C417DE1BDF419116B4590BF25BD8F9D ft=1 fh=160e5b36c5c9cf21 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\PDF24 Creator - CHIP-Installer.exe"
sh=1DC26BBEAFBAF69A274CAFE534156EACE3A49A8D ft=1 fh=07386e4897eae14b vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\PDFCreator-2_0_2-setup (1).exe"
sh=1DC26BBEAFBAF69A274CAFE534156EACE3A49A8D ft=1 fh=07386e4897eae14b vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\pdfcreator-2_0_2-setup.exe"
sh=F218CB4810038F0B9E1DAA6A8E73FA258D620A8C ft=1 fh=719afe2b4494447f vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\pdfcreator-2_1_1-setup.exe"
sh=02AE50CDA1DBDD4518963C1A9D7063C81E136309 ft=1 fh=691f2086075791c1 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\VLC media player 64 Bit - CHIP-Installer (1).exe"
sh=1AEEDC323FDDBADD2AF1962A8AEBF6035C93A765 ft=1 fh=89e1c64adff58b81 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\VLC media player 64 Bit - CHIP-Installer (2).exe"
sh=2B962DF0BE0E4FBAB81E77AFC253F82FB136253E ft=1 fh=c5f6a624e00f0cfa vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Downloads\VLC media player 64 Bit - CHIP-Installer.exe"
Security Check:
Code:
Results of screen317's Security Check version 1.001 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Internet Security 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 17.0.0.134 
 Google Chrome (42.0.2311.152)
````````Process Check: objlist.exe by Laurent```````` 
 Kaspersky Lab Kaspersky Internet Security 15.0.0 avp.exe 
 Kaspersky Lab Kaspersky Internet Security 15.0.0 avpui.exe 
 Kaspersky Lab Kaspersky Internet Security 15.0.0 plugin-nm-server.exe 
 Kaspersky Lab Kaspersky Internet Security 15.0.0 klwtblfs.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
FRST Log:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2015
Ran by Tim (administrator) on TIM-PC on 21-05-2015 09:27:12
Running from C:\Users\Tim\Desktop\Trojaner-Board
Loaded Profiles: Tim (Available profiles: Tim)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(Microsoft Corporation) D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE
(Tobit.Software) D:\Tobit Radio.fx\Client\rfx-tray.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
() C:\Program Files (x86)\Hotkey\Hotkey.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Microsoft Corporation) D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Autodesk Inc.) C:\Users\Tim\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
() D:\Tobit Radio.fx\Server\rfx-server.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(EJIE Technology) D:\Programme\Clover\clover.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Tim\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Farbar) C:\Users\Tim\Desktop\Trojaner-Board\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5672624 2013-03-26] (VIA)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3008824 2012-11-30] (Synaptics Incorporated)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2465088 2014-11-17] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation)
HKLM-x32\...\Run: [Sound Blaster Cinema] => D:\Programme\Treiber\Sound Blaster Cinema\SBCinema.exe [711680 2012-11-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [BCSSync] => D:\Programme\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [488328 2014-09-04] (Autodesk Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\Run: [OfficeSyncProcess] => D:\Programme\Microsoft Office\Office14\MSOSYNC.EXE [718720 2010-12-21] (Microsoft Corporation)
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\Run: [rfxsrvtray] => D:\Tobit Radio.fx\Client\rfx-tray.exe [1838872 2013-02-07] (Tobit.Software)
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [455392 2015-04-10] (Sony)
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\Policies\Explorer: []
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\MountPoints2: {570a12d5-bcd4-11e4-b996-0090f5f2dc8c} - G:\AutoRun.exe
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\MountPoints2: {570a12e0-bcd4-11e4-b996-0090f5f2dc8c} - G:\AutoRun.exe
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\...\MountPoints2: {bfdddd47-fd1e-11e4-a05f-0cd292b85460} - F:\startme.exe
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2014-11-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2014-11-13] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk [2014-03-19]
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\Hotkey.exe ()
Startup: C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-18]
ShortcutTarget: Dropbox.lnk -> C:\Users\Tim\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2014-09-16]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> D:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-2530768674-2421857465-2161656677-1000] => hxxp://www.hs-koblenz.de/proxy.pac
HKU\S-1-5-21-2530768674-2421857465-2161656677-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2530768674-2421857465-2161656677-1000 -> {98942130-7CF9-46E5-831B-14D569129F80} URL = https://www.google.com/search?q={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-04-07] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: ExplorerWatcher Class -> {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} -> D:\Programme\Clover\TabHelper64.dll [2014-01-23] (EJIE Technology)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Programme\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-04-07] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Programme\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 172.18.240.1 172.18.240.1

FireFox:
========
FF ProfilePath: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\zrh3dtnu.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-17] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-17] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-07-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-07-16] (Intel Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-04-07] ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-04-07] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-04-07] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-04-07]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-04-07]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2015-04-07]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2015-04-07]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-04-07]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-18]
CHR Extension: (Google Docs) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-18]
CHR Extension: (Google Drive) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-18]
CHR Extension: (YouTube) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-18]
CHR Extension: (Google Search) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-18]
CHR Extension: (Kaspersky Protection) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-05-18]
CHR Extension: (Google Sheets) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-18]
CHR Extension: (Bookmark Manager) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-18]
CHR Extension: (Black carbon + silver metal) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lodhggoaglindpoejnjldimdlikkphph [2015-05-18]
CHR Extension: (Google Wallet) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-18]
CHR Extension: (Gmail) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-18]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [597896 2014-09-04] (Autodesk Inc.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-07-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-07-16] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; D:\Programme\Microsoft Office\Office14\GROOVE.EXE [31124344 2010-12-27] (Microsoft Corporation)
R2 mitsijm2014; C:\Program Files\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe [952608 2013-01-25] (Autodesk, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-11-17] (NVIDIA Corporation)
S3 Origin Client Service; D:\Programme\EA\Origin\OriginClientService.exe [1910640 2015-03-11] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-01-13] ()
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [46592 2013-05-29] () [File not signed]
R2 Radio.fx; D:\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] ()
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3377904 2013-07-17] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 3dxhid; C:\Windows\System32\DRIVERS\3dxhid.sys [38672 2014-11-07] (3Dconnexion SAM)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2015-04-07] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2015-04-07] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
S3 KMJHidMini; C:\Windows\System32\DRIVERS\3dxkmj.sys [18944 2013-10-08] (3Dconnextion Inc.) [File not signed]
S3 KMJShim; C:\Windows\System32\DRIVERS\3dxshim.sys [7168 2013-10-08] (3Dconnextion Inc.) [File not signed]
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [24848 2008-01-02] (IBM)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 SaiKA50A; C:\Windows\System32\DRIVERS\SaiKA50A.sys [147976 2009-09-14] (Saitek)
R3 SaiUA50A; C:\Windows\System32\DRIVERS\SaiUA50A.sys [41224 2009-09-14] (Saitek)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-30] (Synaptics Incorporated)
R3 VMfilt; C:\Windows\System32\drivers\VMfilt64.sys [25600 2009-07-30] (Creative Technology Ltd.)
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-21 09:26 - 2015-05-21 09:26 - 00000882 _____ () C:\Users\Tim\Desktop\checkup.txt
2015-05-21 09:24 - 2015-05-21 08:41 - 00852630 _____ () C:\Users\Tim\Desktop\SecurityCheck.exe
2015-05-20 10:07 - 2015-05-20 10:07 - 00073993 _____ () C:\Users\Tim\Desktop\FRST.txt
2015-05-20 10:02 - 2015-05-20 10:02 - 00001215 _____ () C:\Users\Tim\Desktop\AdwCleaner[S2].txt
2015-05-20 10:01 - 2015-05-20 10:01 - 00000598 _____ () C:\Users\Tim\Desktop\JRT.txt
2015-05-20 09:59 - 2015-05-20 09:59 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-TIM-PC-Windows-7-Professional-(64-bit).dat
2015-05-20 09:59 - 2015-05-20 09:59 - 00000000 ____D () C:\RegBackup
2015-05-20 09:46 - 2015-05-20 09:46 - 00001208 _____ () C:\Users\Tim\Desktop\mbam.txt
2015-05-20 09:37 - 2015-05-20 09:38 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-20 09:37 - 2015-05-20 09:37 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-20 09:37 - 2015-05-20 09:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-20 09:37 - 2015-05-20 09:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-20 09:37 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-20 09:37 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-20 09:37 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-19 14:42 - 2015-05-19 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-05-19 14:42 - 2015-05-19 14:42 - 00000000 ____D () C:\Program Files\7-Zip
2015-05-19 13:26 - 2015-05-21 09:27 - 00000000 ____D () C:\FRST
2015-05-19 13:25 - 2015-05-19 13:25 - 00000000 _____ () C:\Users\Tim\defogger_reenable
2015-05-19 13:19 - 2015-05-20 08:10 - 00000000 ____D () C:\Users\Tim\Desktop\Trojaner-Board
2015-05-19 13:12 - 2015-05-20 09:52 - 00000744 _____ () C:\Windows\PFRO.log
2015-05-19 13:01 - 2015-05-19 13:04 - 00000000 ____D () C:\Regdelnull (1)
2015-05-19 11:35 - 2015-05-19 11:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-19 11:19 - 2015-05-20 09:52 - 00000000 ____D () C:\AdwCleaner
2015-05-19 10:25 - 2015-05-21 08:36 - 00001523 _____ () C:\Windows\setupact.log
2015-05-19 10:25 - 2015-05-19 10:25 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-19 10:25 - 2015-05-19 10:22 - 00411661 _____ () C:\Users\Tim\Desktop\Borduhr.CATPart
2015-05-18 21:30 - 2015-05-19 11:29 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-18 12:46 - 2015-05-19 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-18 12:44 - 2015-05-21 08:56 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-18 12:44 - 2015-05-21 08:37 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-18 12:44 - 2015-05-19 13:51 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-18 12:44 - 2015-05-19 13:51 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-18 12:20 - 2015-05-18 12:20 - 00001409 _____ () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-05-18 12:20 - 2015-05-18 12:20 - 00001403 _____ () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-18 07:33 - 2015-05-19 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-05-18 07:33 - 2015-05-18 07:33 - 00000000 ____D () C:\ProgramData\Sony
2015-05-18 07:33 - 2015-05-18 07:33 - 00000000 ____D () C:\Program Files (x86)\Sony
2015-05-18 07:32 - 2015-05-18 07:32 - 28684424 _____ (Sony Mobile Communications ) C:\Users\Tim\AppData\Local\pcc.exe
2015-05-13 18:02 - 2015-05-18 20:58 - 00000000 ____D () C:\Users\Tim\Desktop\Backup HTC
2015-05-13 17:51 - 2015-05-13 17:51 - 00000000 ____D () C:\Users\Tim\AppData\Local\Macromedia
2015-05-05 20:21 - 2015-05-18 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funktionsplotter
2015-05-05 20:20 - 2015-05-05 20:20 - 00253952 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2015-05-05 20:20 - 2015-05-05 20:20 - 00074752 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2015-04-30 17:11 - 2015-04-30 17:16 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-30 17:11 - 2015-04-01 11:16 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-30 16:53 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-04-30 16:53 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2015-04-30 16:53 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-04-30 16:53 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-04-30 16:53 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-04-30 16:53 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-04-30 16:53 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2015-04-30 16:53 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2015-04-30 16:51 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-30 16:51 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-30 16:51 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-30 16:51 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-30 16:51 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-30 16:51 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-30 16:51 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-30 16:51 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-30 16:51 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-30 16:51 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-30 16:51 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-30 16:51 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-30 16:51 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-30 16:51 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-30 16:51 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-30 16:51 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-30 16:51 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-30 16:51 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-30 16:51 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-30 16:51 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-30 16:51 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-30 16:51 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-30 16:51 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-30 16:51 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-30 16:51 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-30 16:51 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-30 16:51 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-30 16:51 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-30 16:51 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-30 16:51 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-30 16:51 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-04-30 16:51 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-04-30 16:51 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-04-30 16:51 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 02644992 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-04-30 16:51 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-04-30 16:51 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-04-30 16:51 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-04-30 16:51 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-04-30 16:51 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-04-30 16:51 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-04-30 16:51 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-04-30 16:51 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-04-30 16:51 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-04-30 16:51 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-04-30 16:51 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-04-30 16:51 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-04-30 16:51 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-04-30 16:51 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 02135040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-04-30 16:51 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-04-30 16:51 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-04-30 16:51 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-04-30 16:51 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-04-30 16:51 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-04-30 16:51 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-04-30 16:51 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-04-30 16:51 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-04-30 16:51 - 2014-11-11 05:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-04-30 16:51 - 2014-11-11 04:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-04-30 16:51 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-04-30 16:51 - 2014-10-14 04:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-04-30 16:51 - 2014-07-17 04:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-04-30 16:51 - 2014-07-17 04:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-04-30 16:51 - 2014-07-17 04:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-04-30 16:51 - 2014-07-17 04:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-04-30 16:51 - 2014-07-17 04:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-04-30 16:51 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2015-04-30 16:51 - 2014-07-17 03:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-04-30 16:51 - 2014-07-17 03:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-04-30 16:51 - 2014-07-17 03:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-04-30 16:51 - 2014-07-17 03:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-04-30 16:51 - 2014-07-17 03:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-04-30 16:51 - 2014-06-28 02:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-04-30 16:51 - 2014-06-28 02:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-04-30 16:51 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2015-04-30 16:51 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2015-04-30 16:51 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2015-04-30 16:51 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2015-04-30 16:51 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2015-04-30 16:51 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2015-04-30 16:51 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2015-04-30 16:51 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2015-04-30 16:51 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2015-04-30 16:51 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2015-04-30 16:51 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2015-04-30 16:51 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2015-04-30 16:51 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2015-04-30 16:51 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-30 16:50 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-30 16:50 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-30 16:50 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-30 16:50 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-30 16:50 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-30 16:50 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-30 16:50 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-30 16:50 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-30 16:50 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-30 16:50 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-30 16:50 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-30 16:50 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-30 16:50 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-30 16:50 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-30 16:50 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-30 16:50 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-30 16:50 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-30 16:50 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-30 16:50 - 2015-02-26 05:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-04-30 16:50 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-30 16:50 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-04-30 16:50 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-04-30 16:50 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-04-30 16:50 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-04-30 16:50 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-04-30 16:50 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-04-30 16:50 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-04-30 16:50 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-04-30 16:50 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-04-30 16:50 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-04-30 16:50 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-04-30 16:50 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-04-30 16:50 - 2015-02-03 05:31 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-04-30 16:50 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-04-30 16:50 - 2015-02-03 05:12 - 01011200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-04-30 16:50 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-04-30 16:50 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-30 16:50 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-04-30 16:50 - 2014-12-19 05:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-04-30 16:50 - 2014-12-19 03:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-04-30 16:50 - 2014-12-11 19:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-04-30 16:50 - 2014-12-08 05:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-04-30 16:50 - 2014-12-08 04:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-04-30 16:50 - 2014-12-06 06:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-04-30 16:50 - 2014-12-06 05:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-04-30 16:50 - 2014-12-06 05:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-04-30 16:50 - 2014-10-25 03:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-04-30 16:50 - 2014-10-25 03:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-04-30 16:50 - 2014-10-18 04:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-04-30 16:50 - 2014-10-18 03:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-04-30 16:50 - 2014-09-04 07:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-04-30 16:50 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2015-04-30 16:50 - 2014-08-12 04:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-04-30 16:50 - 2014-08-12 03:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-04-30 16:50 - 2014-06-19 00:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-04-30 16:50 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-04-30 16:50 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2015-04-30 16:50 - 2014-06-19 00:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-04-30 16:50 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2015-04-30 16:50 - 2014-06-19 00:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-04-30 16:50 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2015-04-30 16:50 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2015-04-30 16:50 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-04-30 16:50 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-04-30 16:50 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2015-04-30 16:50 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-04-30 16:50 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-04-30 16:50 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-04-30 16:50 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-04-30 16:50 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-04-30 16:50 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-04-30 16:50 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-04-30 16:50 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-04-30 16:50 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-04-30 16:50 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-04-30 16:50 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-04-30 16:50 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-04-30 16:50 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-04-30 16:50 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-04-30 16:50 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-04-30 16:50 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-04-30 16:50 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-04-30 16:50 - 2012-10-03 19:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-04-30 16:50 - 2012-10-03 19:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-04-30 16:43 - 2015-02-04 05:16 - 00392192 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-04-30 16:43 - 2015-02-04 04:54 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-04-30 16:43 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-04-30 16:42 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-04-29 12:08 - 2015-04-29 12:14 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\PDF Architect 3
2015-04-29 12:07 - 2015-05-19 12:06 - 00000000 ____D () C:\ProgramData\PDF Architect 3
2015-04-29 11:56 - 2013-09-01 13:59 - 01103872 _____ () C:\Windows\SysWOW64\CBLCtlsU.ocx
2015-04-29 11:56 - 2013-07-13 13:15 - 00805376 _____ () C:\Windows\SysWOW64\EditCtlsU.ocx
2015-04-29 11:56 - 2013-07-12 23:57 - 00539648 _____ () C:\Windows\SysWOW64\LblCtlsU.ocx
2015-04-29 11:56 - 2013-04-05 14:55 - 00476160 _____ () C:\Windows\SysWOW64\TabStripCtlU.ocx
2015-04-29 11:56 - 2013-03-29 00:13 - 00645632 _____ () C:\Windows\SysWOW64\BtnCtlsU.ocx
2015-04-29 11:56 - 2013-03-03 15:37 - 01061888 _____ () C:\Windows\SysWOW64\ExLvwU.ocx
2015-04-29 08:36 - 2015-05-13 11:55 - 00017698 _____ () C:\Users\Tim\Desktop\Notenliste.xlsx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-21 09:22 - 2014-03-19 20:54 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-05-21 08:45 - 2009-07-14 06:45 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-21 08:45 - 2009-07-14 06:45 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-21 08:41 - 2014-03-19 19:41 - 01437745 _____ () C:\Windows\WindowsUpdate.log
2015-05-21 08:40 - 2011-04-12 09:43 - 00699342 _____ () C:\Windows\system32\perfh007.dat
2015-05-21 08:40 - 2011-04-12 09:43 - 00149450 _____ () C:\Windows\system32\perfc007.dat
2015-05-21 08:40 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-21 08:37 - 2015-01-07 11:45 - 00000433 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-05-21 08:36 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-19 13:25 - 2014-03-19 19:41 - 00000000 ____D () C:\Users\Tim
2015-05-19 12:05 - 2015-03-10 20:21 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\DVDVideoSoft
2015-05-19 12:03 - 2015-02-12 21:22 - 00000000 ____D () C:\Program Files (x86)\AVS4YOU
2015-05-19 12:02 - 2014-03-20 16:19 - 00000000 ____D () C:\Users\Tim\AppData\Local\Akamai
2015-05-19 12:00 - 2014-12-08 09:39 - 00003262 _____ () C:\Windows\System32\Tasks\3DconnexionCreateProcess_3DxService.exe
2015-05-19 12:00 - 2014-04-09 11:00 - 00000000 ____D () C:\Program Files\Autodesk
2015-05-19 11:29 - 2014-09-30 08:51 - 00000000 ____D () C:\Program Files (x86)\Google
2015-05-19 11:29 - 2014-04-09 22:27 - 00000000 ____D () C:\Users\Tim\AppData\Local\Microsoft Help
2015-05-19 11:29 - 2014-04-09 22:13 - 00000000 ____D () C:\Users\Tim\AppData\Local\Autodesk,_Inc
2015-05-19 11:29 - 2014-04-09 22:09 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-05-19 11:29 - 2014-03-20 16:31 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Autodesk
2015-05-19 11:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2015-05-19 09:36 - 2015-04-15 09:07 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Nitro PDF
2015-05-19 07:34 - 2014-03-19 19:37 - 00000000 ____D () C:\Windows\Panther
2015-05-19 07:33 - 2015-04-18 17:17 - 00000080 _____ () C:\Users\Tim\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-05-18 21:30 - 2014-04-12 13:52 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Dropbox
2015-05-18 21:23 - 2014-04-12 14:06 - 00000000 ___RD () C:\Users\Tim\Dropbox
2015-05-18 12:46 - 2014-03-19 21:04 - 00000000 ____D () C:\Users\Tim\AppData\Local\Google
2015-05-18 12:43 - 2014-03-19 21:03 - 00000000 ____D () C:\Users\Tim\AppData\Local\Deployment
2015-05-18 12:19 - 2015-03-10 14:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-18 12:12 - 2014-11-03 14:16 - 00007621 _____ () C:\Users\Tim\AppData\Local\Resmon.ResmonCfg
2015-05-18 11:59 - 2015-04-12 15:28 - 00000000 ____D () C:\Program Files (x86)\MathType
2015-05-18 11:59 - 2015-03-05 10:42 - 00000000 ____D () C:\ProgramData\FreePDF
2015-05-18 11:59 - 2015-03-05 10:42 - 00000000 ____D () C:\Program Files (x86)\FreePDF_XP
2015-05-18 07:33 - 2014-03-19 20:07 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-17 18:34 - 2014-09-17 07:38 - 00000000 ____D () C:\Users\Tim\Documents\Outlook-Dateien
2015-05-13 10:52 - 2014-04-09 11:00 - 00000000 ____D () C:\Users\Tim\AppData\Local\Autodesk
2015-05-13 10:52 - 2014-03-20 16:31 - 00000000 ____D () C:\ProgramData\Autodesk
2015-05-11 11:01 - 2015-03-16 10:00 - 00036330 _____ () C:\Users\Tim\Desktop\Kalender.xlsx
2015-05-06 13:17 - 2014-10-08 10:49 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Skype
2015-05-02 15:52 - 2014-04-09 12:29 - 00000000 ____D () C:\Users\Tim\Documents\Inventor
2015-05-02 14:32 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-05-01 17:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-30 18:51 - 2009-07-14 06:45 - 00537216 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-30 18:49 - 2015-04-12 11:54 - 00000000 ____D () C:\Program Files\Windows Journal
2015-04-30 18:49 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Defender
2015-04-30 18:49 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-04-30 18:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-04-30 18:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-04-30 18:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-30 18:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-04-30 18:08 - 2014-04-09 01:09 - 01593564 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

==================== Files in the root of some directories =======

2015-05-18 07:32 - 2015-05-18 07:32 - 28684424 _____ (Sony Mobile Communications                                  ) C:\Users\Tim\AppData\Local\pcc.exe
2014-11-03 14:16 - 2015-05-18 12:12 - 0007621 _____ () C:\Users\Tim\AppData\Local\Resmon.ResmonCfg
2014-08-05 22:27 - 2014-09-12 09:33 - 0006991 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Tim\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9nlf8n.dll
C:\Users\Tim\AppData\Local\Temp\Quarantine.exe
C:\Users\Tim\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-20 14:43

==================== End Of Log ============================
--- --- ---

--- --- ---


Die Symptome mit dem ca. 15 sekündigen Ladevorgang beim öffnen des Web-Browsers und die nicht herzustellende Verbindung zur Dropbox sind aber leider immer noch vorhanden.
Dies hat vor ein paar Tagen alles noch einwandfrei funktioniert, daher bin ich ein wenig stutzig. :balla:

schrauber 22.05.2015 06:39
Mit welchem Browser hast Du die Probleme?

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
D:\Downloads\avira-free-antivir.exe

D:\Downloads\DTLite4491-0356.exe

D:\Downloads\Dxtory-lnstall.exe

D:\Downloads\KaLoMa - CHIP-Installer.exe

D:\Downloads\PDF24 Creator - CHIP-Installer.exe

D:\Downloads\PDFCreator-2_0_2-setup (1).exe

D:\Downloads\pdfcreator-2_0_2-setup.exe

D:\Downloads\pdfcreator-2_1_1-setup.exe

D:\Downloads\VLC media player 64 Bit - CHIP-Installer (1).exe

D:\Downloads\VLC media player 64 Bit - CHIP-Installer (2).exe

D:\Downloads\VLC media player 64 Bit - CHIP-Installer.exe
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Downloadverhalten überdenken:
CHIP-Installer - was ist das? - Anleitungen

Du musst den Proxy auch komplett rausnehmen in den Einstellungen, wenn Du nicht in der UNI bist.

Tim Herrmann 22.05.2015 07:36
FRST Fixlog:
Code:
Fix result of Farbar Recovery Scan Tool (x64) Version: 21-05-2015
Ran by Tim at 2015-05-22 07:45:25 Run:1
Running from C:\Users\Tim\Desktop\Trojaner-Board
Loaded Profiles: Tim (Available profiles: Tim)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
D:\Downloads\avira-free-antivir.exe

D:\Downloads\DTLite4491-0356.exe

D:\Downloads\Dxtory-lnstall.exe

D:\Downloads\KaLoMa - CHIP-Installer.exe

D:\Downloads\PDF24 Creator - CHIP-Installer.exe

D:\Downloads\PDFCreator-2_0_2-setup (1).exe

D:\Downloads\pdfcreator-2_0_2-setup.exe

D:\Downloads\pdfcreator-2_1_1-setup.exe

D:\Downloads\VLC media player 64 Bit - CHIP-Installer (1).exe

D:\Downloads\VLC media player 64 Bit - CHIP-Installer (2).exe

D:\Downloads\VLC media player 64 Bit - CHIP-Installer.exe
Emptytemp:
*****************

"D:\Downloads\avira-free-antivir.exe" => File/Directory not found.
"D:\Downloads\DTLite4491-0356.exe" => File/Directory not found.
"D:\Downloads\Dxtory-lnstall.exe" => File/Directory not found.
"D:\Downloads\KaLoMa - CHIP-Installer.exe" => File/Directory not found.
"D:\Downloads\PDF24 Creator - CHIP-Installer.exe" => File/Directory not found.
"D:\Downloads\PDFCreator-2_0_2-setup (1).exe" => File/Directory not found.
"D:\Downloads\pdfcreator-2_0_2-setup.exe" => File/Directory not found.
"D:\Downloads\pdfcreator-2_1_1-setup.exe" => File/Directory not found.
"D:\Downloads\VLC media player 64 Bit - CHIP-Installer (1).exe" => File/Directory not found.
"D:\Downloads\VLC media player 64 Bit - CHIP-Installer (2).exe" => File/Directory not found.
"D:\Downloads\VLC media player 64 Bit - CHIP-Installer.exe" => File/Directory not found.
EmptyTemp: => Removed 456 MB temporary data.


The system needed a reboot.

==== End of Fixlog 07:45:36 ====
Die Probleme habe ich mit allen Browsern festgestellt. Chrome, Firefox, IE.
Nachdem ich die Probleme mit dem VPN festgestellt habe, hab' ich die Verbindung komplett ausgeschaltet. Welche Einstellungen genau muss ich denn noch ändern. Ich dachte ich hätte wieder alles auf den Ursprungszustand zurückgesetzt

Wie bekomme ich denn die in dem verlinkten Artikel beschriebenen "Tools" wieder restlos entfernt?

Sind Downloads auf Heise.de denn sauberer?

schrauber 22.05.2015 20:03
Solange Du keinen Downloadmanager nutzt sollten das passen.

Systemsteuerung > Internetoptionen > Verbindungen > LAN Einstellungen > dort den Proxy raus.


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:45 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55