Procesor často pracuje aj pri odskočení od PC

[CarrioSs]

Dobrý deň,

mal som nejaké problémy s PC ćo sa týka hardwaru. Teraz a síce aj predtým PC dosť hučal. Tiež niektoré procesy berú dosť CPU aj keď odskočím PC a pozerám na Správca úloh->Procesy. Tiež som si všimol, že niekedy Adobe Flash neposlúcha. Niekedy niečo nejde spustiť dokiaľ nevyplem proces AdobeFlashPlayer cez Správcu úloh. (väčšinou je to tam 2x ale keď vypnem jedno, skonćí sa aj druhý proces. Tiež tá aplikácia potrebuje AdobeFlashPlayer).
Aaaa hej, Mozilla Firefox tiež niekedy berie okolo 300-450MB RAM.

Vygeneroval som log z RSIT, prosím o pomoc a prehliadnutie. Vopred vám ďakujem.


Logfile of random's system information tool 1.09 (written by random/random)
Run by Andrej at 2014-04-13 22:29:53
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 273 GB (78%) free of 350 GB
Total RAM: 3071 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:30:00, on 13. 4. 2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16521)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\MediaMonkey\MediaMonkey (non-skinned).exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
C:\Users\Andrej\Desktop\RSIT.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Andrej.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [StickyPassword] "C:\Program Files\Sticky Password\stpass.exe" /autorunned
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: MediaMonkey.lnk = C:\Program Files\MediaMonkey\MediaMonkey.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 6516 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GlaryInitialize 4.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\g44kf4fq.default-1384441063421

prefs.js - "browser.startup.homepage" - "http://www.google.sk/"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.182 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.51.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\MsiExec.exe\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-12-18 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-12-18 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DDA57003-0068-4ed2-9D32-4D1EC707D94D}]
Microsoft Web Test Recorder 10.0 Helper - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2010-03-19 61360]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2013-09-12 5110672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"StickyPassword"=C:\Program Files\Sticky Password\stpass.exe [2014-01-20 8145208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jusched.exe]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck.exe]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

C:\Users\Andrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MediaMonkey.lnk - C:\Program Files\MediaMonkey\MediaMonkey.exe
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SynchronousMachineGroupPolicy"=1
"SynchronousUserGroupPolicy"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"VIDC.XFR1"=xfcodec.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"VIDC.FPS1"=frapsvid.dll
"wave9"=wdmaud.drv
"mixer9"=wdmaud.drv
"midi9"=wdmaud.drv
"VIDC.LAGS"=lagarith.dll
"VIDC.X264"=x264vfw.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.FFDS"=ff_vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.l3codecp"=l3codecp.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - "C:\Program Files\PSPad editor\PSPad.exe" "%1"
.txt - open - "C:\Program Files\PSPad editor\PSPad.exe" "%1"

======List of files/folders created in the last 1 month======

2014-04-13 22:27:05 ----D---- C:\Program Files\trend micro
2014-04-13 22:27:04 ----D---- C:\rsit
2014-04-12 15:24:08 ----D---- C:\Windows\ERUNT
2014-04-09 16:38:01 ----A---- C:\Windows\system32\mshtml.dll
2014-04-09 16:37:52 ----A---- C:\Windows\system32\kernel32.dll
2014-04-09 16:37:49 ----A---- C:\Windows\system32\drivers\ntfs.sys
2014-04-09 16:37:43 ----A---- C:\Windows\system32\iologmsg.dll
2014-04-09 16:37:43 ----A---- C:\Windows\system32\drivers\storport.sys
2014-04-09 16:37:43 ----A---- C:\Windows\system32\drivers\msiscsi.sys
2014-04-09 16:37:43 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2014-04-04 13:22:26 ----SHD---- C:\$RECYCLE.BIN
2014-04-04 13:18:45 ----A---- C:\Windows\zoek-delete.exe
2014-04-04 13:18:44 ----D---- C:\Windows\Temp
2014-04-04 13:05:57 ----D---- C:\zoek_backup
2014-04-03 17:55:31 ----D---- C:\Program Files\Common Files\Java
2014-04-03 17:55:28 ----A---- C:\Windows\system32\javaws.exe
2014-04-03 17:55:23 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
2014-04-03 17:55:23 ----A---- C:\Windows\system32\javaw.exe
2014-04-03 17:55:23 ----A---- C:\Windows\system32\java.exe
2014-03-29 17:37:27 ----D---- C:\Program Files\Mozilla Firefox
2014-03-27 20:35:29 ----D---- C:\Program Files\Google
2014-03-23 20:55:30 ----D---- C:\Users\Andrej\AppData\Roaming\Autodesk
2014-03-23 20:55:30 ----D---- C:\ProgramData\Autodesk
2014-03-21 23:25:42 ----A---- C:\Windows\BALTIE.INI
2014-03-14 21:09:07 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-14 21:09:07 ----A---- C:\Windows\system32\jsproxy.dll
2014-03-14 21:09:07 ----A---- C:\Windows\system32\jscript9diag.dll
2014-03-14 21:09:07 ----A---- C:\Windows\system32\iernonce.dll
2014-03-14 21:09:07 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-03-14 21:09:07 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-03-14 21:09:07 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-03-14 21:09:06 ----A---- C:\Windows\system32\wininet.dll
2014-03-14 21:09:06 ----A---- C:\Windows\system32\ieapfltr.dll
2014-03-14 21:09:05 ----A---- C:\Windows\system32\ieUnatt.exe
2014-03-14 21:09:05 ----A---- C:\Windows\system32\ieui.dll
2014-03-14 21:09:04 ----A---- C:\Windows\system32\jscript9.dll
2014-03-14 21:09:04 ----A---- C:\Windows\system32\iertutil.dll
2014-03-14 21:09:02 ----A---- C:\Windows\system32\urlmon.dll
2014-03-14 21:09:02 ----A---- C:\Windows\system32\msfeeds.dll
2014-03-14 21:09:01 ----A---- C:\Windows\system32\msrating.dll
2014-03-14 21:09:01 ----A---- C:\Windows\system32\iesetup.dll
2014-03-14 21:09:01 ----A---- C:\Windows\system32\ie4uinit.exe
2014-03-14 21:09:00 ----A---- C:\Windows\system32\ieframe.dll
2014-03-14 21:07:50 ----A---- C:\Windows\system32\qedit.dll
2014-03-14 03:17:00 ----A---- C:\Windows\system32\wwansvc.dll
2014-03-14 03:16:58 ----A---- C:\Windows\system32\win32k.sys
2014-03-14 03:16:56 ----A---- C:\Windows\system32\WindowsCodecs.dll
2014-03-14 03:16:54 ----A---- C:\Windows\system32\wer.dll

======List of files/folders modified in the last 1 month======

2014-04-13 22:30:00 ----D---- C:\Windows\Prefetch
2014-04-13 22:27:05 ----D---- C:\Program Files
2014-04-13 22:19:33 ----D---- C:\Windows\system32\config
2014-04-13 21:26:04 ----D---- C:\Windows\System32
2014-04-13 21:26:04 ----D---- C:\Windows\inf
2014-04-13 21:26:04 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-04-13 21:21:48 ----D---- C:\Windows
2014-04-13 21:21:48 ----D---- C:\ProgramData\NVIDIA
2014-04-13 21:18:59 ----D---- C:\Users\Andrej\AppData\Roaming\MediaMonkey
2014-04-13 21:16:46 ----D---- C:\Users\Andrej\AppData\Roaming\TS3Client
2014-04-13 21:00:02 ----D---- C:\Windows\system32\LogFiles
2014-04-13 20:36:37 ----D---- C:\Users\Andrej\AppData\Roaming\Xfire
2014-04-13 15:18:56 ----D---- C:\Users\Andrej\AppData\Roaming\Skype
2014-04-13 01:18:42 ----D---- C:\Windows\Minidump
2014-04-12 17:33:51 ----D---- C:\Windows\rescache
2014-04-11 19:08:30 ----D---- C:\Windows\SoftwareDistribution
2014-04-11 19:07:59 ----D---- C:\Program Files\Steam
2014-04-11 17:37:35 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2014-04-10 11:16:59 ----D---- C:\Windows\debug
2014-04-09 16:43:42 ----D---- C:\Windows\winsxs
2014-04-09 16:42:07 ----D---- C:\Windows\system32\en-US
2014-04-09 16:42:07 ----D---- C:\Windows\system32\DriverStore
2014-04-09 16:42:07 ----D---- C:\Windows\system32\drivers
2014-04-09 16:41:03 ----D---- C:\Windows\system32\MRT
2014-04-09 16:38:53 ----A---- C:\Windows\system32\MRT.exe
2014-04-09 16:38:23 ----SHD---- C:\System Volume Information
2014-04-09 16:37:30 ----D---- C:\Windows\system32\catroot2
2014-04-09 16:37:30 ----D---- C:\Windows\system32\catroot
2014-04-08 21:03:17 ----D---- C:\Windows\system32\NDF
2014-04-08 16:52:28 ----D---- C:\Program Files\MediaMonkey
2014-04-05 13:36:39 ----HD---- C:\Program Files\InstallShield Installation Information
2014-04-04 13:21:58 ----RSD---- C:\Windows\Media
2014-04-04 13:08:50 ----D---- C:\Windows\system32\drivers\etc
2014-04-04 13:05:03 ----D---- C:\Program Files\Adobe
2014-04-04 11:44:27 ----D---- C:\Windows\system32\Tasks
2014-04-03 17:55:40 ----D---- C:\ProgramData\Oracle
2014-04-03 17:55:32 ----SHD---- C:\Windows\Installer
2014-04-03 17:55:31 ----D---- C:\Program Files\Common Files
2014-04-03 17:55:23 ----D---- C:\Program Files\Java
2014-04-03 17:04:42 ----D---- C:\Windows\Tasks
2014-04-03 17:02:32 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2014-04-01 19:10:40 ----D---- C:\ProgramData\Xfire
2014-03-31 11:21:10 ----D---- C:\Windows\system32\FxsTmp
2014-03-27 15:02:44 ----D---- C:\Windows\Logs
2014-03-26 18:35:28 ----D---- C:\Program Files\NVIDIA Corporation
2014-03-26 18:33:23 ----D---- C:\Windows\system32\directx
2014-03-26 18:31:52 ----D---- C:\Riot Games
2014-03-26 14:11:12 ----D---- C:\Windows\Registration
2014-03-23 20:56:12 ----RD---- C:\Users
2014-03-23 20:55:30 ----HD---- C:\ProgramData
2014-03-23 20:43:12 ----D---- C:\ProgramData\Ubisoft
2014-03-23 20:37:27 ----D---- C:\Program Files\Microsoft SDKs
2014-03-23 16:45:36 ----D---- C:\Program Files\Common Files\Adobe
2014-03-23 16:45:06 ----D---- C:\ProgramData\Adobe
2014-03-23 16:44:34 ----D---- C:\Users\Andrej\AppData\Roaming\Adobe
2014-03-15 16:18:15 ----D---- C:\Program Files\JDownloader
2014-03-15 16:14:58 ----D---- C:\ProgramData\Origin
2014-03-15 16:11:51 ----D---- C:\Program Files\TeamSpeak 3 Client
2014-03-15 02:56:13 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2013-09-17 49240]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2014-01-29 436792]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2013-09-17 188808]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2013-09-17 134248]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2013-09-17 37416]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2013-09-17 174400]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2011-12-13 3921448]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2013-09-17 161056]
R3 NVNET;NVIDIA nForce 10/100 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmf6232.sys [2010-08-12 298216]
S3 a69ok4hq;a69ok4hq; C:\Windows\system32\drivers\a69ok4hq.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys [2011-05-13 30312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver; \??\C:\Program Files\DU Meter\DUMETR32.SYS []
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2013-07-11 14656]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
S3 msvad_simple;SoliCall; C:\Windows\system32\solicall.sys [2010-10-30 36568]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-14 347264]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 14848]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-05-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2011-05-13 114280]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 36352]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 VSPerfDrv100;Performance Tools Driver 10.0; \??\C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-12-08 48128]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
S4 RsFx0103;RsFx0103 Driver; C:\Windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2013-09-12 1337752]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-10-23 664352]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-11 257712]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-03-01 108032]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-07-03 1887520]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2014-01-27 571816]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-07-11 1343400]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

[Márty84]

Zdravim

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.

[CarrioSs]

Tu to máte.

# AdwCleaner v3.023 - Report created 14/04/2014 at 16:53:19
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Andrej - CHLAPCI-PC
# Running from : C:\Users\Andrej\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v28.0 (sk)

[ File : C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\g44kf4fq.default-1384441063421\prefs.js ]


[ File : C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\x6ul9v0y.default\prefs.js ]


*************************

AdwCleaner[R1].txt - [885 octets] - [14/04/2014 16:52:16]
AdwCleaner[S1].txt - [807 octets] - [14/04/2014 16:53:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [866 octets] ##########

[Márty84]

Udelejte !!!kompletni!!! kontrolu s MBAM http://forum.viry.cz/viewtopic.php?f=29&t=115222 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

[CarrioSs]

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Verzia databázy: v2014.04.15.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16659
Andrej :: CHLAPCI-PC [administrátor]

Ochrana: Vypnuté

15. 4. 2014 18:01:43
mbam-log-2014-04-15 (18-01-43).txt

Typ kontroly: Úplná kontrola (C:\|)
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 436744
Uplynutý čas: 1 hod, 14 min, 8 sek

Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)

Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)

Detegované registračné kľúče: 0
(Škodlivé položky neboli zistené)

Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)

Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)

Detegované priečinky: 0
(Škodlivé položky neboli zistené)

Detegované súbory: 0
(Škodlivé položky neboli zistené)

(koniec)

[Márty84]

MBAM odinstalujte.

iež niektoré procesy berú dosť CPU aj keď odskočím PC a pozerám na Správca úloh

Ktere konkretne?

[CarrioSs]

firefox.exe
dwm.exe
Niekedy aj klienti hier, ktoré používajú starý Adobe Air. Po spustení videa na youtube sa mi tam zobrazí "FlashPlayerPlugin_13_0_0_182.exe" dva-krát. Jeden z nich neberie nič z procesoru ale berie asi 10MB Ram a ten druhý berie do 10% procesoru a MB Ram sa zvyBuje s počtom spustených videí asi. Po prvom je to okolo 70MB.

[Márty84]

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe , ulozte ho na plochu, kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Zprava a objevi se log. Ten mi sem vlozte

[CarrioSs]

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operačný systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spustené v : Normálny režim
Užívateľ : Andrej [Práva Správcu]
Režim : Kontrola -- Dátum : 04/16/2014 14:08:29
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy : 0 ¤¤¤

¤¤¤ Záznamy Registrov : 11 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> NÁJDENÉ
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> NÁJDENÉ
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> NÁJDENÉ
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> NÁJDENÉ
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> NÁJDENÉ
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> NÁJDENÉ
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowHelp (0) -> NÁJDENÉ
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> NÁJDENÉ
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_TrackProgs (0) -> NÁJDENÉ
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NÁJDENÉ
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NÁJDENÉ

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spustenie položky : 0 ¤¤¤

¤¤¤ webové prehliadače : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Zvláštne súbory / Adresáre: ¤¤¤

¤¤¤ Ovládač : [NAHRATÉ] ¤¤¤
[Address] IRP[IRP_MJ_CREATE] : C:\Windows\system32\drivers\winhv.sys -> HOOKED (Unknown @ 0x859711F8)
[Address] IRP[IRP_MJ_CLOSE] : C:\Windows\system32\drivers\winhv.sys -> HOOKED (Unknown @ 0x859711F8)
[Address] IRP[IRP_MJ_DEVICE_CONTROL] : C:\Windows\system32\drivers\winhv.sys -> HOOKED (Unknown @ 0x859711F8)
[Address] IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : C:\Windows\system32\drivers\winhv.sys -> HOOKED (Unknown @ 0x859711F8)
[Address] IRP[IRP_MJ_POWER] : C:\Windows\system32\drivers\winhv.sys -> HOOKED (Unknown @ 0x859711F8)
[Address] IRP[IRP_MJ_SYSTEM_CONTROL] : C:\Windows\system32\drivers\winhv.sys -> HOOKED (Unknown @ 0x859711F8)
[Address] IRP[IRP_MJ_PNP] : C:\Windows\system32\drivers\winhv.sys -> HOOKED (Unknown @ 0x859711F8)
[Address] EAT @explorer.exe (DllCanUnloadNow) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F5B2B3B)
[Address] EAT @explorer.exe (DllGetClassObject) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F5C188E)
[Address] EAT @explorer.exe (DllGetVersion) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F5B2982)
[Address] EAT @explorer.exe (DllRegisterServer) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F647DC5)
[Address] EAT @explorer.exe (DllUnregisterServer) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F64818F)
[Address] EAT @explorer.exe (Migrate10CachedPackagesA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F64C744)
[Address] EAT @explorer.exe (Migrate10CachedPackagesW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F64E1AC)
[Address] EAT @explorer.exe (MsiAdvertiseProductA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F65257F)
[Address] EAT @explorer.exe (MsiAdvertiseProductExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F6527D7)
[Address] EAT @explorer.exe (MsiAdvertiseProductExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F64D6C1)
[Address] EAT @explorer.exe (MsiAdvertiseProductW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F64D46F)
[Address] EAT @explorer.exe (MsiAdvertiseScriptA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F658A3F)
[Address] EAT @explorer.exe (MsiAdvertiseScriptW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F65B641)
[Address] EAT @explorer.exe (MsiApplyMultiplePatchesA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F665903)
[Address] EAT @explorer.exe (MsiApplyMultiplePatchesW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F661057)
[Address] EAT @explorer.exe (MsiApplyPatchA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F652D5D)
[Address] EAT @explorer.exe (MsiApplyPatchW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F64D943)
[Address] EAT @explorer.exe (MsiBeginTransactionA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F669441)
[Address] EAT @explorer.exe (MsiBeginTransactionW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F6639D4)
[Address] EAT @explorer.exe (MsiCloseAllHandles) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F6700C3)
[Address] EAT @explorer.exe (MsiCloseHandle) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F670015)
[Address] EAT @explorer.exe (MsiCollectUserInfoA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F651C3A)
[Address] EAT @explorer.exe (MsiCollectUserInfoW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F64D16F)
[Address] EAT @explorer.exe (MsiConfigureFeatureA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F651D5A)
[Address] EAT @explorer.exe (MsiConfigureFeatureFromDescriptorA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F65D70A)
[Address] EAT @explorer.exe (MsiConfigureFeatureFromDescriptorW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F65E41B)
[Address] EAT @explorer.exe (MsiConfigureFeatureW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F64D2B7)
[Address] EAT @explorer.exe (MsiConfigureProductA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F65F256)
[Address] EAT @explorer.exe (MsiConfigureProductExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F65DACA)
[Address] EAT @explorer.exe (MsiConfigureProductExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F65E891)
[Address] EAT @explorer.exe (MsiConfigureProductW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F65F581)
[Address] EAT @explorer.exe (MsiCreateAndVerifyInstallerDirectory) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F5CB2E1)
[Address] EAT @explorer.exe (MsiCreateRecord) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F671514)
[Address] EAT @explorer.exe (MsiCreateTransformSummaryInfoA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F6755D1)
[Address] EAT @explorer.exe (MsiCreateTransformSummaryInfoW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F6748EF)
[Address] EAT @explorer.exe (MsiDatabaseApplyTransformA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F6748A9)
[Address] EAT @explorer.exe (MsiDatabaseApplyTransformW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F671397)
[Address] EAT @explorer.exe (MsiDatabaseCommit) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F670DEB)
[Address] EAT @explorer.exe (MsiDatabaseExportA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F674792)
[Address] EAT @explorer.exe (MsiDatabaseExportW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F671008)
[Address] EAT @explorer.exe (MsiDatabaseGenerateTransformA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F67485D)
[Address] EAT @explorer.exe (MsiDatabaseGenerateTransformW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F671270)
[Address] EAT @explorer.exe (MsiDatabaseGetPrimaryKeysA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F6745FD)
[Address] EAT @explorer.exe (MsiDatabaseGetPrimaryKeysW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F673C54)
[Address] EAT @explorer.exe (MsiDatabaseImportA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F67472E)
[Address] EAT @explorer.exe (MsiDatabaseImportW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F670F1E)
[Address] EAT @explorer.exe (MsiDatabaseIsTablePersistentA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F674643)
[Address] EAT @explorer.exe (MsiDatabaseIsTablePersistentW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F670C8F)
[Address] EAT @explorer.exe (MsiDatabaseMergeA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F674817)
[Address] EAT @explorer.exe (MsiDatabaseMergeW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F671111)
[Address] EAT @explorer.exe (MsiDatabaseOpenViewA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F6745B7)
[Address] EAT @explorer.exe (MsiDatabaseOpenViewW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F6702B7)
[Address] EAT @explorer.exe (MsiDecomposeDescriptorA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F65DA7B)
[Address] EAT @explorer.exe (MsiDecomposeDescriptorW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F5A6286)
[Address] EAT @explorer.exe (MsiDeleteUserDataA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F65A367)
[Address] EAT @explorer.exe (MsiDeleteUserDataW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F6569EB)
[Address] EAT @explorer.exe (MsiDetermineApplicablePatchesA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F66D4C5)
[Address] EAT @explorer.exe (MsiDetermineApplicablePatchesW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F66C559)
[Address] EAT @explorer.exe (MsiDeterminePatchSequenceA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F66D9D9)
[Address] EAT @explorer.exe (MsiDeterminePatchSequenceW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F66C9E1)
[Address] EAT @explorer.exe (MsiDoActionA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F67613D)
[Address] EAT @explorer.exe (MsiDoActionW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F672D61)
[Address] EAT @explorer.exe (MsiEnableLogA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F65189B)
[Address] EAT @explorer.exe (MsiEnableLogW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F64FBE9)
[Address] EAT @explorer.exe (MsiEnableUIPreview) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F6739CD)
[Address] EAT @explorer.exe (MsiEndTransaction) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F663E11)
[Address] EAT @explorer.exe (MsiEnumClientsA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F5CEC96)
[Address] EAT @explorer.exe (MsiEnumClientsExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F665D6E)
[Address] EAT @explorer.exe (MsiEnumClientsExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F6613A7)
[Address] EAT @explorer.exe (MsiEnumClientsW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F5B3647)
[Address] EAT @explorer.exe (MsiEnumComponentCostsA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F677847)
[Address] EAT @explorer.exe (MsiEnumComponentCostsW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F677A95)
[Address] EAT @explorer.exe (MsiEnumComponentQualifiersA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F65CD6D)
[Address] EAT @explorer.exe (MsiEnumComponentQualifiersW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F5B384D)
[Address] EAT @explorer.exe (MsiEnumComponentsA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F6591B9)
[Address] EAT @explorer.exe (MsiEnumComponentsExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F665B08)
[Address] EAT @explorer.exe (MsiEnumComponentsExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F66121D)
[Address] EAT @explorer.exe (MsiEnumComponentsW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F65BA57)
[Address] EAT @explorer.exe (MsiEnumFeaturesA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F659C04)
[Address] EAT @explorer.exe (MsiEnumFeaturesW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F65C259)
[Address] EAT @explorer.exe (MsiEnumPatchesA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F6697EB)
[Address] EAT @explorer.exe (MsiEnumPatchesExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F664897)
[Address] EAT @explorer.exe (MsiEnumPatchesExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F660E79)
[Address] EAT @explorer.exe (MsiEnumPatchesW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F66468E)
[Address] EAT @explorer.exe (MsiEnumProductsA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F659175)
[Address] EAT @explorer.exe (MsiEnumProductsExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F666313)
[Address] EAT @explorer.exe (MsiEnumProductsExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F661729)
[Address] EAT @explorer.exe (MsiEnumProductsW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F5B559D)
[Address] EAT @explorer.exe (MsiEnumRelatedProductsA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F659109)
[Address] EAT @explorer.exe (MsiEnumRelatedProductsW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F65B9EB)
[Address] EAT @explorer.exe (MsiEvaluateConditionA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F6761C6)
[Address] EAT @explorer.exe (MsiEvaluateConditionW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F6730C1)
[Address] EAT @explorer.exe (MsiExtractPatchXMLDataA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F664FAE)
[Address] EAT @explorer.exe (MsiExtractPatchXMLDataW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F664C22)
[Address] EAT @explorer.exe (MsiFormatRecordA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F672A73)
[Address] EAT @explorer.exe (MsiFormatRecordW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F672BF9)
[Address] EAT @explorer.exe (MsiGetActiveDatabase) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F672639)
[Address] EAT @explorer.exe (MsiGetComponentPathA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F65EEBD)
[Address] EAT @explorer.exe (MsiGetComponentPathExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F666053)
[Address] EAT @explorer.exe (MsiGetComponentPathExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F661559)
[Address] EAT @explorer.exe (MsiGetComponentPathW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F5A62DD)
[Address] EAT @explorer.exe (MsiGetComponentStateA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F6771E3)
[Address] EAT @explorer.exe (MsiGetComponentStateW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F6772DC)
[Address] EAT @explorer.exe (MsiGetDatabaseState) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F670ED9)
[Address] EAT @explorer.exe (MsiGetFeatureCostA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F6775FD)
[Address] EAT @explorer.exe (MsiGetFeatureCostW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F677702)
[Address] EAT @explorer.exe (MsiGetFeatureInfoA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F650D1A)
[Address] EAT @explorer.exe (MsiGetFeatureInfoW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F64F5EE)
[Address] EAT @explorer.exe (MsiGetFeatureStateA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F676CD5)
[Address] EAT @explorer.exe (MsiGetFeatureStateW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F676DC3)
[Address] EAT @explorer.exe (MsiGetFeatureUsageA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F65A111)
[Address] EAT @explorer.exe (MsiGetFeatureUsageW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F65C9BD)
[Address] EAT @explorer.exe (MsiGetFeatureValidStatesA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F677CC5)
[Address] EAT @explorer.exe (MsiGetFeatureValidStatesW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F6736EC)
[Address] EAT @explorer.exe (MsiGetFileHashA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F651214)
[Address] EAT @explorer.exe (MsiGetFileHashW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F64CA49)
[Address] EAT @explorer.exe (MsiGetFileSignatureInformationA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F65128C)
[Address] EAT @explorer.exe (MsiGetFileSignatureInformationW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F64CA9F)
[Address] EAT @explorer.exe (MsiGetFileVersionA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F650EF8)
[Address] EAT @explorer.exe (MsiGetFileVersionW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F653D2F)
[Address] EAT @explorer.exe (MsiGetLanguage) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F672727)
[Address] EAT @explorer.exe (MsiGetLastErrorRecord) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F671D69)
[Address] EAT @explorer.exe (MsiGetMode) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F67279F)
[Address] EAT @explorer.exe (MsiGetPatchFileListA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F66D25D)
[Address] EAT @explorer.exe (MsiGetPatchFileListW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F668B6E)
[Address] EAT @explorer.exe (MsiGetPatchInfoA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F65A24F)
[Address] EAT @explorer.exe (MsiGetPatchInfoExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F6655E9)
[Address] EAT @explorer.exe (MsiGetPatchInfoExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F665177)
[Address] EAT @explorer.exe (MsiGetPatchInfoW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F65CAFB)
[Address] EAT @explorer.exe (MsiGetProductCodeA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F5CEADC)
[Address] EAT @explorer.exe (MsiGetProductCodeFromPackageCodeA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F65ED5F)
[Address] EAT @explorer.exe (MsiGetProductCodeFromPackageCodeW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F65F353)
[Address] EAT @explorer.exe (MsiGetProductCodeW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F5CEE6C)
[Address] EAT @explorer.exe (MsiGetProductInfoA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F65D362)
[Address] EAT @explorer.exe (MsiGetProductInfoExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F6665DE)
[Address] EAT @explorer.exe (MsiGetProductInfoExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F6618FF)
[Address] EAT @explorer.exe (MsiGetProductInfoFromScriptA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F650880)
[Address] EAT @explorer.exe (MsiGetProductInfoFromScriptW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F64F132)
[Address] EAT @explorer.exe (MsiGetProductInfoW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F5B4273)
[Address] EAT @explorer.exe (MsiGetProductPropertyA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F650B90)
[Address] EAT @explorer.exe (MsiGetProductPropertyW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F64F48B)
[Address] EAT @explorer.exe (MsiGetPropertyA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F67596D)
[Address] EAT @explorer.exe (MsiGetPropertyW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F675BA3)
[Address] EAT @explorer.exe (MsiGetShortcutTargetA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F652A58)
[Address] EAT @explorer.exe (MsiGetShortcutTargetW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F654689)
[Address] EAT @explorer.exe (MsiGetSourcePathA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F676209)
[Address] EAT @explorer.exe (MsiGetSourcePathW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F67640D)
[Address] EAT @explorer.exe (MsiGetSummaryInformationA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F6758BD)
[Address] EAT @explorer.exe (MsiGetSummaryInformationW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F674293)
[Address] EAT @explorer.exe (MsiGetTargetPathA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F6765F5)
[Address] EAT @explorer.exe (MsiGetTargetPathW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F6767F9)
[Address] EAT @explorer.exe (MsiGetUserInfoA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F6591FE)
[Address] EAT @explorer.exe (MsiGetUserInfoW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F5CE466)
[Address] EAT @explorer.exe (MsiInstallMissingComponentA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F6522C7)
[Address] EAT @explorer.exe (MsiInstallMissingComponentW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F6543D9)
[Address] EAT @explorer.exe (MsiInstallMissingFileA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F652067)
[Address] EAT @explorer.exe (MsiInstallMissingFileW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F654179)
[Address] EAT @explorer.exe (MsiInstallProductA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F65197E)
[Address] EAT @explorer.exe (MsiInstallProductW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F64CE4B)
[Address] EAT @explorer.exe (MsiInvalidateFeatureCache) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F60D1D3)
[Address] EAT @explorer.exe (MsiIsProductElevatedA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F653306)
[Address] EAT @explorer.exe (MsiIsProductElevatedW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F654A5D)
[Address] EAT @explorer.exe (MsiJoinTransaction) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F663FEB)
[Address] EAT @explorer.exe (MsiLoadStringA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F65141F)
[Address] EAT @explorer.exe (MsiLoadStringW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F5BAE09)
[Address] EAT @explorer.exe (MsiLocateComponentA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F65F19F)
[Address] EAT @explorer.exe (MsiLocateComponentW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F65F4CA)
[Address] EAT @explorer.exe (MsiMessageBoxA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F6516DA)
[Address] EAT @explorer.exe (MsiMessageBoxExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F651528)
[Address] EAT @explorer.exe (MsiMessageBoxExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F64CCB1)
[Address] EAT @explorer.exe (MsiMessageBoxW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F64CE24)
[Address] EAT @explorer.exe (MsiNotifySidChangeA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F65A306)
[Address] EAT @explorer.exe (MsiNotifySidChangeW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F65501B)
[Address] EAT @explorer.exe (MsiOpenDatabaseA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F674691)
[Address] EAT @explorer.exe (MsiOpenDatabaseW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F673D8D)
[Address] EAT @explorer.exe (MsiOpenPackageA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F64EDC0)
[Address] EAT @explorer.exe (MsiOpenPackageExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F64C63E)
[Address] EAT @explorer.exe (MsiOpenPackageExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F64C8E9)
[Address] EAT @explorer.exe (MsiOpenPackageW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F64F7AB)
[Address] EAT @explorer.exe (MsiOpenProductA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F658BF2)
[Address] EAT @explorer.exe (MsiOpenProductW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F65B857)
[Address] EAT @explorer.exe (MsiPreviewBillboardA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F677D4E)
[Address] EAT @explorer.exe (MsiPreviewBillboardW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F673AEA)
[Address] EAT @explorer.exe (MsiPreviewDialogA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F677D0B)
[Address] EAT @explorer.exe (MsiPreviewDialogW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F673A96)
[Address] EAT @explorer.exe (MsiProcessAdvertiseScriptA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F65CBB2)
[Address] EAT @explorer.exe (MsiProcessAdvertiseScriptW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F65DF39)
[Address] EAT @explorer.exe (MsiProcessMessage) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F672F51)
[Address] EAT @explorer.exe (MsiProvideAssemblyA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F65FD5D)
[Address] EAT @explorer.exe (MsiProvideAssemblyW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F660765)
[Address] EAT @explorer.exe (MsiProvideComponentA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F65F7B9)
[Address] EAT @explorer.exe (MsiProvideComponentFromDescriptorA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F65FAB3)
[Address] EAT @explorer.exe (MsiProvideComponentFromDescriptorW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F5B4F84)
[Address] EAT @explorer.exe (MsiProvideComponentW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F66030C)
[Address] EAT @explorer.exe (MsiProvideQualifiedComponentA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F5CC385)
[Address] EAT @explorer.exe (MsiProvideQualifiedComponentExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F5CD411)
[Address] EAT @explorer.exe (MsiProvideQualifiedComponentExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F5A8A47)
[Address] EAT @explorer.exe (MsiProvideQualifiedComponentW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F5A8C86)
[Address] EAT @explorer.exe (MsiQueryComponentStateA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F66687C)
[Address] EAT @explorer.exe (MsiQueryComponentStateW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F661AE1)
[Address] EAT @explorer.exe (MsiQueryFeatureStateA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F65F6F1)
[Address] EAT @explorer.exe (MsiQueryFeatureStateExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F666A94)
[Address] EAT @explorer.exe (MsiQueryFeatureStateExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F661CD9)
[Address] EAT @explorer.exe (MsiQueryFeatureStateFromDescriptorA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F65FC02)
[Address] EAT @explorer.exe (MsiQueryFeatureStateFromDescriptorW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F66057D)
[Address] EAT @explorer.exe (MsiQueryFeatureStateW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F5A617D)
[Address] EAT @explorer.exe (MsiQueryProductStateA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F65D45D)
[Address] EAT @explorer.exe (MsiQueryProductStateW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F5B49FE)
[Address] EAT @explorer.exe (MsiRecordClearData) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F671D27)
[Address] EAT @explorer.exe (MsiRecordDataSize) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F6716E5)
[Address] EAT @explorer.exe (MsiRecordGetFieldCount) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F671916)
[Address] EAT @explorer.exe (MsiRecordGetInteger) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F6718B5)
[Address] EAT @explorer.exe (MsiRecordGetStringA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F673F1D)
[Address] EAT @explorer.exe (MsiRecordGetStringW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F6740CC)
[Address] EAT @explorer.exe (MsiRecordIsNull) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F6715F5)
[Address] EAT @explorer.exe (MsiRecordReadStream) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F671B6D)
[Address] EAT @explorer.exe (MsiRecordSetInteger) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F6717C2)
[Address] EAT @explorer.exe (MsiRecordSetStreamA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F675877)
[Address] EAT @explorer.exe (MsiRecordSetStreamW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F671A03)
[Address] EAT @explorer.exe (MsiRecordSetStringA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F67561D)
[Address] EAT @explorer.exe (MsiRecordSetStringW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F67572E)
[Address] EAT @explorer.exe (MsiReinstallFeatureA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F651EDE)
[Address] EAT @explorer.exe (MsiReinstallFeatureFromDescriptorA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F65D8C2)
[Address] EAT @explorer.exe (MsiReinstallFeatureFromDescriptorW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F65E657)
[Address] EAT @explorer.exe (MsiReinstallFeatureW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F5B8C24)
[Address] EAT @explorer.exe (MsiReinstallProductA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F651AFE)
[Address] EAT @explorer.exe (MsiReinstallProductW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F64CFF1)
[Address] EAT @explorer.exe (MsiRemovePatchesA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F669606)
[Address] EAT @explorer.exe (MsiRemovePatchesW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F663702)
[Address] EAT @explorer.exe (MsiSequenceA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F676180)
[Address] EAT @explorer.exe (MsiSequenceW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F672E4B)
[Address] EAT @explorer.exe (MsiSetComponentStateA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F6773EB)
[Address] EAT @explorer.exe (MsiSetComponentStateW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F6774E5)
[Address] EAT @explorer.exe (MsiSetExternalUIA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F64C72F)
[Address] EAT @explorer.exe (MsiSetExternalUIRecord) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F66336B)
[Address] EAT @explorer.exe (MsiSetExternalUIW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F5B4E86)
[Address] EAT @explorer.exe (MsiSetFeatureAttributesA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F677001)
[Address] EAT @explorer.exe (MsiSetFeatureAttributesW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F6770B4)
[Address] EAT @explorer.exe (MsiSetFeatureStateA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F676E2D)
[Address] EAT @explorer.exe (MsiSetFeatureStateW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F676EDF)
[Address] EAT @explorer.exe (MsiSetInstallLevel) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F673424)
[Address] EAT @explorer.exe (MsiSetInternalUI) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F5B4FE6)
[Address] EAT @explorer.exe (MsiSetMode) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F6728BB)
[Address] EAT @explorer.exe (MsiSetOfflineContextW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F678485)
[Address] EAT @explorer.exe (MsiSetPropertyA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F675DC1)
[Address] EAT @explorer.exe (MsiSetPropertyW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F675F85)
[Address] EAT @explorer.exe (MsiSetTargetPathA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F6769DD)
[Address] EAT @explorer.exe (MsiSetTargetPathW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F676B61)
[Address] EAT @explorer.exe (MsiSourceListAddMediaDiskA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F667136)
[Address] EAT @explorer.exe (MsiSourceListAddMediaDiskW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F662165)
[Address] EAT @explorer.exe (MsiSourceListAddSourceA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F653037)
[Address] EAT @explorer.exe (MsiSourceListAddSourceExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F666F13)
[Address] EAT @explorer.exe (MsiSourceListAddSourceExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F661F43)
[Address] EAT @explorer.exe (MsiSourceListAddSourceW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F64DC51)
[Address] EAT @explorer.exe (MsiSourceListClearAllA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F652EF0)
[Address] EAT @explorer.exe (MsiSourceListClearAllExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F667875)
[Address] EAT @explorer.exe (MsiSourceListClearAllExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F66281B)
[Address] EAT @explorer.exe (MsiSourceListClearAllW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F64DAEB)
[Address] EAT @explorer.exe (MsiSourceListClearMediaDiskA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F66764A)
[Address] EAT @explorer.exe (MsiSourceListClearMediaDiskW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F66260D)
[Address] EAT @explorer.exe (MsiSourceListClearSourceA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F667436)
[Address] EAT @explorer.exe (MsiSourceListClearSourceW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F662405)
[Address] EAT @explorer.exe (MsiSourceListEnumMediaDisksA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F66834E)
[Address] EAT @explorer.exe (MsiSourceListEnumMediaDisksW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F6631B5)
[Address] EAT @explorer.exe (MsiSourceListEnumSourcesA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F667C4B)
[Address] EAT @explorer.exe (MsiSourceListEnumSourcesW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F662C07)
[Address] EAT @explorer.exe (MsiSourceListForceResolutionA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F6531B8)
[Address] EAT @explorer.exe (MsiSourceListForceResolutionExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F667A6C)
[Address] EAT @explorer.exe (MsiSourceListForceResolutionExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F662A09)
[Address] EAT @explorer.exe (MsiSourceListForceResolutionW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F64DDDB)
[Address] EAT @explorer.exe (MsiSourceListGetInfoA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F667E30)
[Address] EAT @explorer.exe (MsiSourceListGetInfoW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F662DB5)
[Address] EAT @explorer.exe (MsiSourceListSetInfoA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F6680F8)
[Address] EAT @explorer.exe (MsiSourceListSetInfoW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F662FAB)
[Address] EAT @explorer.exe (MsiSummaryInfoGetPropertyA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F6721B9)
[Address] EAT @explorer.exe (MsiSummaryInfoGetPropertyCount) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F671E3D)
[Address] EAT @explorer.exe (MsiSummaryInfoGetPropertyW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F67238B)
[Address] EAT @explorer.exe (MsiSummaryInfoPersist) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F672551)
[Address] EAT @explorer.exe (MsiSummaryInfoSetPropertyA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F675906)
[Address] EAT @explorer.exe (MsiSummaryInfoSetPropertyW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F671F2B)
[Address] EAT @explorer.exe (MsiUseFeatureA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F660D83)
[Address] EAT @explorer.exe (MsiUseFeatureExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F65F9E8)
[Address] EAT @explorer.exe (MsiUseFeatureExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F5B4D3A)
[Address] EAT @explorer.exe (MsiUseFeatureW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F660DA0)
[Address] EAT @explorer.exe (MsiVerifyDiskSpace) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F673863)
[Address] EAT @explorer.exe (MsiVerifyPackageA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F6507AA)
[Address] EAT @explorer.exe (MsiVerifyPackageW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F64F097)
[Address] EAT @explorer.exe (MsiViewClose) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F670BAF)
[Address] EAT @explorer.exe (MsiViewExecute) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F67070F)
[Address] EAT @explorer.exe (MsiViewFetch) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F670833)
[Address] EAT @explorer.exe (MsiViewGetColumnInfo) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F670A91)
[Address] EAT @explorer.exe (MsiViewGetErrorA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F6703F1)
[Address] EAT @explorer.exe (MsiViewGetErrorW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F6705CE)
[Address] EAT @explorer.exe (MsiViewModify) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F67093F)
[Address] EAT @explorer.exe (QueryInstanceCount) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F5B2B2A)
[Address] EAT @explorer.exe (BeginBufferedAnimation) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740009AE)
[Address] EAT @explorer.exe (BeginBufferedPaint) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FF49A1)
[Address] EAT @explorer.exe (BeginPanningFeedback) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74020731)
[Address] EAT @explorer.exe (BufferedPaintClear) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FF6395)
[Address] EAT @explorer.exe (BufferedPaintInit) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FF940E)
[Address] EAT @explorer.exe (BufferedPaintRenderAnimation) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740008ED)
[Address] EAT @explorer.exe (BufferedPaintSetAlpha) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7400E6B3)
[Address] EAT @explorer.exe (BufferedPaintStopAllAnimations) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7400D395)
[Address] EAT @explorer.exe (BufferedPaintUnInit) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FF94AB)
[Address] EAT @explorer.exe (CloseThemeData) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FF6A18)
[Address] EAT @explorer.exe (DrawThemeBackground) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FF3982)
[Address] EAT @explorer.exe (DrawThemeBackgroundEx) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7400D9DA)
[Address] EAT @explorer.exe (DrawThemeEdge) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74013B52)
[Address] EAT @explorer.exe (DrawThemeIcon) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740235E7)
[Address] EAT @explorer.exe (DrawThemeParentBackground) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FF53E5)
[Address] EAT @explorer.exe (DrawThemeParentBackgroundEx) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FF51BF)
[Address] EAT @explorer.exe (DrawThemeText) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FF4EA1)
[Address] EAT @explorer.exe (DrawThemeTextEx) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FF63E6)
[Address] EAT @explorer.exe (EnableThemeDialogTexture) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FFFCAF)
[Address] EAT @explorer.exe (EnableTheming) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74022FEB)
[Address] EAT @explorer.exe (EndBufferedAnimation) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FF3F9A)
[Address] EAT @explorer.exe (EndBufferedPaint) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FF3F9A)
[Address] EAT @explorer.exe (EndPanningFeedback) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740206CC)
[Address] EAT @explorer.exe (GetBufferedPaintBits) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FF4BAF)
[Address] EAT @explorer.exe (GetBufferedPaintDC) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740004BC)
[Address] EAT @explorer.exe (GetBufferedPaintTargetDC) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74000473)
[Address] EAT @explorer.exe (GetBufferedPaintTargetRect) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74022E7F)
[Address] EAT @explorer.exe (GetCurrentThemeName) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740005DD)
[Address] EAT @explorer.exe (GetThemeAppProperties) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74000FB1)
[Address] EAT @explorer.exe (GetThemeBackgroundContentRect) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FFCD2E)
[Address] EAT @explorer.exe (GetThemeBackgroundExtent) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FFF8BF)
[Address] EAT @explorer.exe (GetThemeBackgroundRegion) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7400165D)
[Address] EAT @explorer.exe (GetThemeBitmap) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FFBF93)
[Address] EAT @explorer.exe (GetThemeBool) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FF7C1F)
[Address] EAT @explorer.exe (GetThemeColor) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FF616C)
[Address] EAT @explorer.exe (GetThemeDocumentationProperty) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74022932)
[Address] EAT @explorer.exe (GetThemeEnumValue) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FF616C)
[Address] EAT @explorer.exe (GetThemeFilename) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74022412)
[Address] EAT @explorer.exe (GetThemeFont) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FFFF21)
[Address] EAT @explorer.exe (GetThemeInt) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FF616C)
[Address] EAT @explorer.exe (GetThemeIntList) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740223B1)
[Address] EAT @explorer.exe (GetThemeMargins) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FF86E9)
[Address] EAT @explorer.exe (GetThemeMetric) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740006E2)
[Address] EAT @explorer.exe (GetThemePartSize) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FFCDB1)
[Address] EAT @explorer.exe (GetThemePosition) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74022350)
[Address] EAT @explorer.exe (GetThemePropertyOrigin) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74013FBB)
[Address] EAT @explorer.exe (GetThemeRect) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74003611)
[Address] EAT @explorer.exe (GetThemeStream) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740039D9)
[Address] EAT @explorer.exe (GetThemeString) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740222E4)
[Address] EAT @explorer.exe (GetThemeSysBool) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74023172)
[Address] EAT @explorer.exe (GetThemeSysColor) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74013274)
[Address] EAT @explorer.exe (GetThemeSysColorBrush) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7402301E)
[Address] EAT @explorer.exe (GetThemeSysFont) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740229C4)
[Address] EAT @explorer.exe (GetThemeSysInt) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74022BD3)
[Address] EAT @explorer.exe (GetThemeSysSize) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7402320B)
[Address] EAT @explorer.exe (GetThemeSysString) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74022B3F)
[Address] EAT @explorer.exe (GetThemeTextExtent) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FF2D57)
[Address] EAT @explorer.exe (GetThemeTextMetrics) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FFF992)
[Address] EAT @explorer.exe (GetThemeTransitionDuration) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74001081)
[Address] EAT @explorer.exe (GetWindowTheme) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FFDF46)
[Address] EAT @explorer.exe (HitTestThemeBackground) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74003CE3)
[Address] EAT @explorer.exe (IsAppThemed) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FFF869)
[Address] EAT @explorer.exe (IsCompositionActive) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FF2E9A)
[Address] EAT @explorer.exe (IsThemeActive) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FFF785)
[Address] EAT @explorer.exe (IsThemeBackgroundPartiallyTransparent) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FF60AB)
[Address] EAT @explorer.exe (IsThemeDialogTextureEnabled) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7402312B)
[Address] EAT @explorer.exe (IsThemePartDefined) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FF85B4)
[Address] EAT @explorer.exe (OpenThemeData) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FF73D2)
[Address] EAT @explorer.exe (OpenThemeDataEx) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74013D43)
[Address] EAT @explorer.exe (SetThemeAppProperties) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74023296)
[Address] EAT @explorer.exe (SetWindowTheme) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74000134)
[Address] EAT @explorer.exe (SetWindowThemeAttribute) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7400CFE6)
[Address] EAT @explorer.exe (ThemeInitApiHook) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FFB176)
[Address] EAT @explorer.exe (UpdatePanningFeedback) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7402068D)
[Address] EAT @firefox.exe (BeginBufferedAnimation) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740009AE)
[Address] EAT @firefox.exe (BeginBufferedPaint) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FF49A1)
[Address] EAT @firefox.exe (BeginPanningFeedback) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74020731)
[Address] EAT @firefox.exe (BufferedPaintClear) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FF6395)
[Address] EAT @firefox.exe (BufferedPaintInit) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FF940E)
[Address] EAT @firefox.exe (BufferedPaintRenderAnimation) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740008ED)
[Address] EAT @firefox.exe (BufferedPaintSetAlpha) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7400E6B3)
[Address] EAT @firefox.exe (BufferedPaintStopAllAnimations) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7400D395)
[Address] EAT @firefox.exe (BufferedPaintUnInit) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FF94AB)
[Address] EAT @firefox.exe (CloseThemeData) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FF6A18)
[Address] EAT @firefox.exe (DrawThemeBackground) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FF3982)
[Address] EAT @firefox.exe (DrawThemeBackgroundEx) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7400D9DA)
[Address] EAT @firefox.exe (DrawThemeEdge) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74013B52)
[Address] EAT @firefox.exe (DrawThemeIcon) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740235E7)
[Address] EAT @firefox.exe (DrawThemeParentBackground) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FF53E5)
[Address] EAT @firefox.exe (DrawThemeParentBackgroundEx) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FF51BF)
[Address] EAT @firefox.exe (DrawThemeText) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FF4EA1)
[Address] EAT @firefox.exe (DrawThemeTextEx) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FF63E6)
[Address] EAT @firefox.exe (EnableThemeDialogTexture) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FFFCAF)
[Address] EAT @firefox.exe (EnableTheming) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74022FEB)
[Address] EAT @firefox.exe (EndBufferedAnimation) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FF3F9A)
[Address] EAT @firefox.exe (EndBufferedPaint) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FF3F9A)
[Address] EAT @firefox.exe (EndPanningFeedback) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740206CC)
[Address] EAT @firefox.exe (GetBufferedPaintBits) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FF4BAF)
[Address] EAT @firefox.exe (GetBufferedPaintDC) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740004BC)
[Address] EAT @firefox.exe (GetBufferedPaintTargetDC) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74000473)
[Address] EAT @firefox.exe (GetBufferedPaintTargetRect) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74022E7F)
[Address] EAT @firefox.exe (GetCurrentThemeName) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740005DD)
[Address] EAT @firefox.exe (GetThemeAppProperties) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74000FB1)
[Address] EAT @firefox.exe (GetThemeBackgroundContentRect) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FFCD2E)
[Address] EAT @firefox.exe (GetThemeBackgroundExtent) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FFF8BF)
[Address] EAT @firefox.exe (GetThemeBackgroundRegion) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7400165D)
[Address] EAT @firefox.exe (GetThemeBitmap) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FFBF93)
[Address] EAT @firefox.exe (GetThemeBool) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FF7C1F)
[Address] EAT @firefox.exe (GetThemeColor) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FF616C)
[Address] EAT @firefox.exe (GetThemeDocumentationProperty) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74022932)
[Address] EAT @firefox.exe (GetThemeEnumValue) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FF616C)
[Address] EAT @firefox.exe (GetThemeFilename) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74022412)
[Address] EAT @firefox.exe (GetThemeFont) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FFFF21)
[Address] EAT @firefox.exe (GetThemeInt) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FF616C)
[Address] EAT @firefox.exe (GetThemeIntList) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740223B1)
[Address] EAT @firefox.exe (GetThemeMargins) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FF86E9)
[Address] EAT @firefox.exe (GetThemeMetric) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740006E2)
[Address] EAT @firefox.exe (GetThemePartSize) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FFCDB1)
[Address] EAT @firefox.exe (GetThemePosition) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74022350)
[Address] EAT @firefox.exe (GetThemePropertyOrigin) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74013FBB)
[Address] EAT @firefox.exe (GetThemeRect) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74003611)
[Address] EAT @firefox.exe (GetThemeStream) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740039D9)
[Address] EAT @firefox.exe (GetThemeString) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740222E4)
[Address] EAT @firefox.exe (GetThemeSysBool) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74023172)
[Address] EAT @firefox.exe (GetThemeSysColor) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74013274)
[Address] EAT @firefox.exe (GetThemeSysColorBrush) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7402301E)
[Address] EAT @firefox.exe (GetThemeSysFont) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x740229C4)
[Address] EAT @firefox.exe (GetThemeSysInt) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74022BD3)
[Address] EAT @firefox.exe (GetThemeSysSize) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7402320B)
[Address] EAT @firefox.exe (GetThemeSysString) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74022B3F)
[Address] EAT @firefox.exe (GetThemeTextExtent) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FF2D57)
[Address] EAT @firefox.exe (GetThemeTextMetrics) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FFF992)
[Address] EAT @firefox.exe (GetThemeTransitionDuration) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74001081)
[Address] EAT @firefox.exe (GetWindowTheme) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FFDF46)
[Address] EAT @firefox.exe (HitTestThemeBackground) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74003CE3)
[Address] EAT @firefox.exe (IsAppThemed) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FFF869)
[Address] EAT @firefox.exe (IsCompositionActive) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FF2E9A)
[Address] EAT @firefox.exe (IsThemeActive) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FFF785)
[Address] EAT @firefox.exe (IsThemeBackgroundPartiallyTransparent) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FF60AB)
[Address] EAT @firefox.exe (IsThemeDialogTextureEnabled) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7402312B)
[Address] EAT @firefox.exe (IsThemePartDefined) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FF85B4)
[Address] EAT @firefox.exe (OpenThemeData) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FF73D2)
[Address] EAT @firefox.exe (OpenThemeDataEx) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74013D43)
[Address] EAT @firefox.exe (SetThemeAppProperties) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74023296)
[Address] EAT @firefox.exe (SetWindowTheme) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74000134)
[Address] EAT @firefox.exe (SetWindowThemeAttribute) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7400CFE6)
[Address] EAT @firefox.exe (ThemeInitApiHook) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73FFB176)
[Address] EAT @firefox.exe (UpdatePanningFeedback) : AVRT.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7402068D)

¤¤¤ Vonkajšie Hives: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Súbor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts



127.0.0.1 localhost
::1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) SAMSUNG HD154UI SCSI Disk Device +++++
--- User ---
[MBR] c1c38d5a9c73f973c03aeedb6aa4076f
[BSP] 362659e2bcb65deb3e19e0e2da6d7546 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 350000 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 717006848 | Size: 149898 MB
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 1023999165 | Size: 930789 MB
User = LL1 ... OK!
Error reading LL2 MBR! ([0x1] Nesprávna funkcia. )

Dokončené : << RKreport[0]_S_04162014_140829.txt >>

[Márty84]

Znovu spustte RogueKiller jako spravce (pokud jste ho jeste nezavrel/a, rovnou kliknete na napis Smazat)
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Smazat.
Pak kliknete na napis Zprava a objevi se log. Ten mi sem vlozte.
Pak kliknete na napis Oprava Host a Zprava.
Objevi se dalsi log. I ten mi sem vlozte.

[CarrioSs]

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operačný systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spustené v : Normálny režim
Užívateľ : Andrej [Práva Správcu]
Režim : Odebrať -- Dátum : 04/17/2014 13:37:25
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy : 0 ¤¤¤

¤¤¤ Záznamy Registrov : 11 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> VYMAZANÉ
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> VYMAZANÉ
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> NAHRADENÉ (1)
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> NAHRADENÉ (1)
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> NAHRADENÉ (1)
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> NAHRADENÉ (1)
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowHelp (0) -> NAHRADENÉ (1)
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> NAHRADENÉ (1)
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_TrackProgs (0) -> NAHRADENÉ (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRADENÉ (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRADENÉ (0)

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spustenie položky : 0 ¤¤¤

¤¤¤ webové prehliadače : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Zvláštne súbory / Adresáre: ¤¤¤

¤¤¤ Ovládač : [NAHRATÉ] ¤¤¤
[Address] IRP[IRP_MJ_CREATE] : C:\Windows\system32\drivers\winhv.sys -> HOOKED (Unknown @ 0x859721F8)
[Address] IRP[IRP_MJ_CLOSE] : C:\Windows\system32\drivers\winhv.sys -> HOOKED (Unknown @ 0x859721F8)
[Address] IRP[IRP_MJ_DEVICE_CONTROL] : C:\Windows\system32\drivers\winhv.sys -> HOOKED (Unknown @ 0x859721F8)
[Address] IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : C:\Windows\system32\drivers\winhv.sys -> HOOKED (Unknown @ 0x859721F8)
[Address] IRP[IRP_MJ_POWER] : C:\Windows\system32\drivers\winhv.sys -> HOOKED (Unknown @ 0x859721F8)
[Address] IRP[IRP_MJ_SYSTEM_CONTROL] : C:\Windows\system32\drivers\winhv.sys -> HOOKED (Unknown @ 0x859721F8)
[Address] IRP[IRP_MJ_PNP] : C:\Windows\system32\drivers\winhv.sys -> HOOKED (Unknown @ 0x859721F8)
[Address] EAT @explorer.exe (BeginBufferedAnimation) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742C09AE)
[Address] EAT @explorer.exe (BeginBufferedPaint) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742B49A1)
[Address] EAT @explorer.exe (BeginPanningFeedback) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742E0731)
[Address] EAT @explorer.exe (BufferedPaintClear) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742B6395)
[Address] EAT @explorer.exe (BufferedPaintInit) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742B940E)
[Address] EAT @explorer.exe (BufferedPaintRenderAnimation) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742C08ED)
[Address] EAT @explorer.exe (BufferedPaintSetAlpha) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742CE6B3)
[Address] EAT @explorer.exe (BufferedPaintStopAllAnimations) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742CD395)
[Address] EAT @explorer.exe (BufferedPaintUnInit) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742B94AB)
[Address] EAT @explorer.exe (CloseThemeData) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742B6A18)
[Address] EAT @explorer.exe (DrawThemeBackground) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742B3982)
[Address] EAT @explorer.exe (DrawThemeBackgroundEx) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742CD9DA)
[Address] EAT @explorer.exe (DrawThemeEdge) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742D3B52)
[Address] EAT @explorer.exe (DrawThemeIcon) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742E35E7)
[Address] EAT @explorer.exe (DrawThemeParentBackground) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742B53E5)
[Address] EAT @explorer.exe (DrawThemeParentBackgroundEx) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742B51BF)
[Address] EAT @explorer.exe (DrawThemeText) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742B4EA1)
[Address] EAT @explorer.exe (DrawThemeTextEx) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742B63E6)
[Address] EAT @explorer.exe (EnableThemeDialogTexture) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742BFCAF)
[Address] EAT @explorer.exe (EnableTheming) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742E2FEB)
[Address] EAT @explorer.exe (EndBufferedAnimation) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742B3F9A)
[Address] EAT @explorer.exe (EndBufferedPaint) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742B3F9A)
[Address] EAT @explorer.exe (EndPanningFeedback) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742E06CC)
[Address] EAT @explorer.exe (GetBufferedPaintBits) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742B4BAF)
[Address] EAT @explorer.exe (GetBufferedPaintDC) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742C04BC)
[Address] EAT @explorer.exe (GetBufferedPaintTargetDC) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742C0473)
[Address] EAT @explorer.exe (GetBufferedPaintTargetRect) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742E2E7F)
[Address] EAT @explorer.exe (GetCurrentThemeName) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742C05DD)
[Address] EAT @explorer.exe (GetThemeAppProperties) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742C0FB1)
[Address] EAT @explorer.exe (GetThemeBackgroundContentRect) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742BCD2E)
[Address] EAT @explorer.exe (GetThemeBackgroundExtent) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742BF8BF)
[Address] EAT @explorer.exe (GetThemeBackgroundRegion) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742C165D)
[Address] EAT @explorer.exe (GetThemeBitmap) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742BBF93)
[Address] EAT @explorer.exe (GetThemeBool) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742B7C1F)
[Address] EAT @explorer.exe (GetThemeColor) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742B616C)
[Address] EAT @explorer.exe (GetThemeDocumentationProperty) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742E2932)
[Address] EAT @explorer.exe (GetThemeEnumValue) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742B616C)
[Address] EAT @explorer.exe (GetThemeFilename) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742E2412)
[Address] EAT @explorer.exe (GetThemeFont) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742BFF21)
[Address] EAT @explorer.exe (GetThemeInt) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742B616C)
[Address] EAT @explorer.exe (GetThemeIntList) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742E23B1)
[Address] EAT @explorer.exe (GetThemeMargins) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742B86E9)
[Address] EAT @explorer.exe (GetThemeMetric) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742C06E2)
[Address] EAT @explorer.exe (GetThemePartSize) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742BCDB1)
[Address] EAT @explorer.exe (GetThemePosition) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742E2350)
[Address] EAT @explorer.exe (GetThemePropertyOrigin) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742D3FBB)
[Address] EAT @explorer.exe (GetThemeRect) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742C3611)
[Address] EAT @explorer.exe (GetThemeStream) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742C39D9)
[Address] EAT @explorer.exe (GetThemeString) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742E22E4)
[Address] EAT @explorer.exe (GetThemeSysBool) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742E3172)
[Address] EAT @explorer.exe (GetThemeSysColor) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742D3274)
[Address] EAT @explorer.exe (GetThemeSysColorBrush) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742E301E)
[Address] EAT @explorer.exe (GetThemeSysFont) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742E29C4)
[Address] EAT @explorer.exe (GetThemeSysInt) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742E2BD3)
[Address] EAT @explorer.exe (GetThemeSysSize) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742E320B)
[Address] EAT @explorer.exe (GetThemeSysString) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742E2B3F)
[Address] EAT @explorer.exe (GetThemeTextExtent) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742B2D57)
[Address] EAT @explorer.exe (GetThemeTextMetrics) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742BF992)
[Address] EAT @explorer.exe (GetThemeTransitionDuration) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742C1081)
[Address] EAT @explorer.exe (GetWindowTheme) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742BDF46)
[Address] EAT @explorer.exe (HitTestThemeBackground) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742C3CE3)
[Address] EAT @explorer.exe (IsAppThemed) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742BF869)
[Address] EAT @explorer.exe (IsCompositionActive) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742B2E9A)
[Address] EAT @explorer.exe (IsThemeActive) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742BF785)
[Address] EAT @explorer.exe (IsThemeBackgroundPartiallyTransparent) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742B60AB)
[Address] EAT @explorer.exe (IsThemeDialogTextureEnabled) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742E312B)
[Address] EAT @explorer.exe (IsThemePartDefined) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742B85B4)
[Address] EAT @explorer.exe (OpenThemeData) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742B73D2)
[Address] EAT @explorer.exe (OpenThemeDataEx) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742D3D43)
[Address] EAT @explorer.exe (SetThemeAppProperties) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742E3296)
[Address] EAT @explorer.exe (SetWindowTheme) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742C0134)
[Address] EAT @explorer.exe (SetWindowThemeAttribute) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742CCFE6)
[Address] EAT @explorer.exe (ThemeInitApiHook) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742BB176)
[Address] EAT @explorer.exe (UpdatePanningFeedback) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742E068D)
[Address] EAT @explorer.exe (DllCanUnloadNow) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F7C2B3B)
[Address] EAT @explorer.exe (DllGetClassObject) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F7D188E)
[Address] EAT @explorer.exe (DllGetVersion) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F7C2982)
[Address] EAT @explorer.exe (DllRegisterServer) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F857DC5)
[Address] EAT @explorer.exe (DllUnregisterServer) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F85818F)
[Address] EAT @explorer.exe (Migrate10CachedPackagesA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F85C744)
[Address] EAT @explorer.exe (Migrate10CachedPackagesW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F85E1AC)
[Address] EAT @explorer.exe (MsiAdvertiseProductA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F86257F)
[Address] EAT @explorer.exe (MsiAdvertiseProductExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F8627D7)
[Address] EAT @explorer.exe (MsiAdvertiseProductExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F85D6C1)
[Address] EAT @explorer.exe (MsiAdvertiseProductW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F85D46F)
[Address] EAT @explorer.exe (MsiAdvertiseScriptA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F868A3F)
[Address] EAT @explorer.exe (MsiAdvertiseScriptW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F86B641)
[Address] EAT @explorer.exe (MsiApplyMultiplePatchesA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F875903)
[Address] EAT @explorer.exe (MsiApplyMultiplePatchesW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F871057)
[Address] EAT @explorer.exe (MsiApplyPatchA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F862D5D)
[Address] EAT @explorer.exe (MsiApplyPatchW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F85D943)
[Address] EAT @explorer.exe (MsiBeginTransactionA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F879441)
[Address] EAT @explorer.exe (MsiBeginTransactionW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F8739D4)
[Address] EAT @explorer.exe (MsiCloseAllHandles) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F8800C3)
[Address] EAT @explorer.exe (MsiCloseHandle) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F880015)
[Address] EAT @explorer.exe (MsiCollectUserInfoA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F861C3A)
[Address] EAT @explorer.exe (MsiCollectUserInfoW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F85D16F)
[Address] EAT @explorer.exe (MsiConfigureFeatureA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F861D5A)
[Address] EAT @explorer.exe (MsiConfigureFeatureFromDescriptorA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F86D70A)
[Address] EAT @explorer.exe (MsiConfigureFeatureFromDescriptorW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F86E41B)
[Address] EAT @explorer.exe (MsiConfigureFeatureW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F85D2B7)
[Address] EAT @explorer.exe (MsiConfigureProductA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F86F256)
[Address] EAT @explorer.exe (MsiConfigureProductExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F86DACA)
[Address] EAT @explorer.exe (MsiConfigureProductExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F86E891)
[Address] EAT @explorer.exe (MsiConfigureProductW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F86F581)
[Address] EAT @explorer.exe (MsiCreateAndVerifyInstallerDirectory) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F7DB2E1)
[Address] EAT @explorer.exe (MsiCreateRecord) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F881514)
[Address] EAT @explorer.exe (MsiCreateTransformSummaryInfoA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F8855D1)
[Address] EAT @explorer.exe (MsiCreateTransformSummaryInfoW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F8848EF)
[Address] EAT @explorer.exe (MsiDatabaseApplyTransformA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F8848A9)
[Address] EAT @explorer.exe (MsiDatabaseApplyTransformW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F881397)
[Address] EAT @explorer.exe (MsiDatabaseCommit) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F880DEB)
[Address] EAT @explorer.exe (MsiDatabaseExportA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F884792)
[Address] EAT @explorer.exe (MsiDatabaseExportW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F881008)
[Address] EAT @explorer.exe (MsiDatabaseGenerateTransformA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F88485D)
[Address] EAT @explorer.exe (MsiDatabaseGenerateTransformW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F881270)
[Address] EAT @explorer.exe (MsiDatabaseGetPrimaryKeysA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F8845FD)
[Address] EAT @explorer.exe (MsiDatabaseGetPrimaryKeysW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F883C54)
[Address] EAT @explorer.exe (MsiDatabaseImportA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F88472E)
[Address] EAT @explorer.exe (MsiDatabaseImportW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F880F1E)
[Address] EAT @explorer.exe (MsiDatabaseIsTablePersistentA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F884643)
[Address] EAT @explorer.exe (MsiDatabaseIsTablePersistentW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F880C8F)
[Address] EAT @explorer.exe (MsiDatabaseMergeA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F884817)
[Address] EAT @explorer.exe (MsiDatabaseMergeW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F881111)
[Address] EAT @explorer.exe (MsiDatabaseOpenViewA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F8845B7)
[Address] EAT @explorer.exe (MsiDatabaseOpenViewW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F8802B7)
[Address] EAT @explorer.exe (MsiDecomposeDescriptorA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F86DA7B)
[Address] EAT @explorer.exe (MsiDecomposeDescriptorW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F7B6286)
[Address] EAT @explorer.exe (MsiDeleteUserDataA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F86A367)
[Address] EAT @explorer.exe (MsiDeleteUserDataW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F8669EB)
[Address] EAT @explorer.exe (MsiDetermineApplicablePatchesA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F87D4C5)
[Address] EAT @explorer.exe (MsiDetermineApplicablePatchesW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F87C559)
[Address] EAT @explorer.exe (MsiDeterminePatchSequenceA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F87D9D9)
[Address] EAT @explorer.exe (MsiDeterminePatchSequenceW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F87C9E1)
[Address] EAT @explorer.exe (MsiDoActionA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F88613D)
[Address] EAT @explorer.exe (MsiDoActionW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F882D61)
[Address] EAT @explorer.exe (MsiEnableLogA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F86189B)
[Address] EAT @explorer.exe (MsiEnableLogW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F85FBE9)
[Address] EAT @explorer.exe (MsiEnableUIPreview) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F8839CD)
[Address] EAT @explorer.exe (MsiEndTransaction) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F873E11)
[Address] EAT @explorer.exe (MsiEnumClientsA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F7DEC96)
[Address] EAT @explorer.exe (MsiEnumClientsExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F875D6E)
[Address] EAT @explorer.exe (MsiEnumClientsExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F8713A7)
[Address] EAT @explorer.exe (MsiEnumClientsW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F7C3647)
[Address] EAT @explorer.exe (MsiEnumComponentCostsA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F887847)
[Address] EAT @explorer.exe (MsiEnumComponentCostsW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F887A95)
[Address] EAT @explorer.exe (MsiEnumComponentQualifiersA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F86CD6D)
[Address] EAT @explorer.exe (MsiEnumComponentQualifiersW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F7C384D)
[Address] EAT @explorer.exe (MsiEnumComponentsA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F8691B9)
[Address] EAT @explorer.exe (MsiEnumComponentsExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F875B08)
[Address] EAT @explorer.exe (MsiEnumComponentsExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F87121D)
[Address] EAT @explorer.exe (MsiEnumComponentsW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F86BA57)
[Address] EAT @explorer.exe (MsiEnumFeaturesA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F869C04)
[Address] EAT @explorer.exe (MsiEnumFeaturesW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F86C259)
[Address] EAT @explorer.exe (MsiEnumPatchesA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F8797EB)
[Address] EAT @explorer.exe (MsiEnumPatchesExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F874897)
[Address] EAT @explorer.exe (MsiEnumPatchesExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F870E79)
[Address] EAT @explorer.exe (MsiEnumPatchesW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F87468E)
[Address] EAT @explorer.exe (MsiEnumProductsA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F869175)
[Address] EAT @explorer.exe (MsiEnumProductsExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F876313)
[Address] EAT @explorer.exe (MsiEnumProductsExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F871729)
[Address] EAT @explorer.exe (MsiEnumProductsW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F7C559D)
[Address] EAT @explorer.exe (MsiEnumRelatedProductsA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F869109)
[Address] EAT @explorer.exe (MsiEnumRelatedProductsW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F86B9EB)
[Address] EAT @explorer.exe (MsiEvaluateConditionA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F8861C6)
[Address] EAT @explorer.exe (MsiEvaluateConditionW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F8830C1)
[Address] EAT @explorer.exe (MsiExtractPatchXMLDataA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F874FAE)
[Address] EAT @explorer.exe (MsiExtractPatchXMLDataW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F874C22)
[Address] EAT @explorer.exe (MsiFormatRecordA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F882A73)
[Address] EAT @explorer.exe (MsiFormatRecordW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F882BF9)
[Address] EAT @explorer.exe (MsiGetActiveDatabase) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F882639)
[Address] EAT @explorer.exe (MsiGetComponentPathA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F86EEBD)
[Address] EAT @explorer.exe (MsiGetComponentPathExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F876053)
[Address] EAT @explorer.exe (MsiGetComponentPathExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F871559)
[Address] EAT @explorer.exe (MsiGetComponentPathW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F7B62DD)
[Address] EAT @explorer.exe (MsiGetComponentStateA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F8871E3)
[Address] EAT @explorer.exe (MsiGetComponentStateW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F8872DC)
[Address] EAT @explorer.exe (MsiGetDatabaseState) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F880ED9)
[Address] EAT @explorer.exe (MsiGetFeatureCostA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F8875FD)
[Address] EAT @explorer.exe (MsiGetFeatureCostW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F887702)
[Address] EAT @explorer.exe (MsiGetFeatureInfoA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F860D1A)
[Address] EAT @explorer.exe (MsiGetFeatureInfoW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F85F5EE)
[Address] EAT @explorer.exe (MsiGetFeatureStateA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F886CD5)
[Address] EAT @explorer.exe (MsiGetFeatureStateW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F886DC3)
[Address] EAT @explorer.exe (MsiGetFeatureUsageA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F86A111)
[Address] EAT @explorer.exe (MsiGetFeatureUsageW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F86C9BD)
[Address] EAT @explorer.exe (MsiGetFeatureValidStatesA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F887CC5)
[Address] EAT @explorer.exe (MsiGetFeatureValidStatesW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F8836EC)
[Address] EAT @explorer.exe (MsiGetFileHashA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F861214)
[Address] EAT @explorer.exe (MsiGetFileHashW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F85CA49)
[Address] EAT @explorer.exe (MsiGetFileSignatureInformationA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F86128C)
[Address] EAT @explorer.exe (MsiGetFileSignatureInformationW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F85CA9F)
[Address] EAT @explorer.exe (MsiGetFileVersionA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F860EF8)
[Address] EAT @explorer.exe (MsiGetFileVersionW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F863D2F)
[Address] EAT @explorer.exe (MsiGetLanguage) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F882727)
[Address] EAT @explorer.exe (MsiGetLastErrorRecord) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F881D69)
[Address] EAT @explorer.exe (MsiGetMode) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F88279F)
[Address] EAT @explorer.exe (MsiGetPatchFileListA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F87D25D)
[Address] EAT @explorer.exe (MsiGetPatchFileListW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F878B6E)
[Address] EAT @explorer.exe (MsiGetPatchInfoA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F86A24F)
[Address] EAT @explorer.exe (MsiGetPatchInfoExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F8755E9)
[Address] EAT @explorer.exe (MsiGetPatchInfoExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F875177)
[Address] EAT @explorer.exe (MsiGetPatchInfoW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F86CAFB)
[Address] EAT @explorer.exe (MsiGetProductCodeA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F7DEADC)
[Address] EAT @explorer.exe (MsiGetProductCodeFromPackageCodeA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F86ED5F)
[Address] EAT @explorer.exe (MsiGetProductCodeFromPackageCodeW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F86F353)
[Address] EAT @explorer.exe (MsiGetProductCodeW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F7DEE6C)
[Address] EAT @explorer.exe (MsiGetProductInfoA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F86D362)
[Address] EAT @explorer.exe (MsiGetProductInfoExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F8765DE)
[Address] EAT @explorer.exe (MsiGetProductInfoExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F8718FF)
[Address] EAT @explorer.exe (MsiGetProductInfoFromScriptA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F860880)
[Address] EAT @explorer.exe (MsiGetProductInfoFromScriptW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F85F132)
[Address] EAT @explorer.exe (MsiGetProductInfoW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F7C4273)
[Address] EAT @explorer.exe (MsiGetProductPropertyA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F860B90)
[Address] EAT @explorer.exe (MsiGetProductPropertyW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F85F48B)
[Address] EAT @explorer.exe (MsiGetPropertyA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F88596D)
[Address] EAT @explorer.exe (MsiGetPropertyW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F885BA3)
[Address] EAT @explorer.exe (MsiGetShortcutTargetA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F862A58)
[Address] EAT @explorer.exe (MsiGetShortcutTargetW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F864689)
[Address] EAT @explorer.exe (MsiGetSourcePathA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F886209)
[Address] EAT @explorer.exe (MsiGetSourcePathW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F88640D)
[Address] EAT @explorer.exe (MsiGetSummaryInformationA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F8858BD)
[Address] EAT @explorer.exe (MsiGetSummaryInformationW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F884293)
[Address] EAT @explorer.exe (MsiGetTargetPathA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F8865F5)
[Address] EAT @explorer.exe (MsiGetTargetPathW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F8867F9)
[Address] EAT @explorer.exe (MsiGetUserInfoA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F8691FE)
[Address] EAT @explorer.exe (MsiGetUserInfoW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F7DE466)
[Address] EAT @explorer.exe (MsiInstallMissingComponentA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F8622C7)
[Address] EAT @explorer.exe (MsiInstallMissingComponentW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F8643D9)
[Address] EAT @explorer.exe (MsiInstallMissingFileA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F862067)
[Address] EAT @explorer.exe (MsiInstallMissingFileW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F864179)
[Address] EAT @explorer.exe (MsiInstallProductA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F86197E)
[Address] EAT @explorer.exe (MsiInstallProductW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F85CE4B)
[Address] EAT @explorer.exe (MsiInvalidateFeatureCache) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F81D1D3)
[Address] EAT @explorer.exe (MsiIsProductElevatedA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F863306)
[Address] EAT @explorer.exe (MsiIsProductElevatedW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F864A5D)
[Address] EAT @explorer.exe (MsiJoinTransaction) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F873FEB)
[Address] EAT @explorer.exe (MsiLoadStringA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F86141F)
[Address] EAT @explorer.exe (MsiLoadStringW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F7CAE09)
[Address] EAT @explorer.exe (MsiLocateComponentA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F86F19F)
[Address] EAT @explorer.exe (MsiLocateComponentW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F86F4CA)
[Address] EAT @explorer.exe (MsiMessageBoxA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F8616DA)
[Address] EAT @explorer.exe (MsiMessageBoxExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F861528)
[Address] EAT @explorer.exe (MsiMessageBoxExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F85CCB1)
[Address] EAT @explorer.exe (MsiMessageBoxW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F85CE24)
[Address] EAT @explorer.exe (MsiNotifySidChangeA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F86A306)
[Address] EAT @explorer.exe (MsiNotifySidChangeW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F86501B)
[Address] EAT @explorer.exe (MsiOpenDatabaseA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F884691)
[Address] EAT @explorer.exe (MsiOpenDatabaseW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F883D8D)
[Address] EAT @explorer.exe (MsiOpenPackageA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F85EDC0)
[Address] EAT @explorer.exe (MsiOpenPackageExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F85C63E)
[Address] EAT @explorer.exe (MsiOpenPackageExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F85C8E9)
[Address] EAT @explorer.exe (MsiOpenPackageW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F85F7AB)
[Address] EAT @explorer.exe (MsiOpenProductA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F868BF2)
[Address] EAT @explorer.exe (MsiOpenProductW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F86B857)
[Address] EAT @explorer.exe (MsiPreviewBillboardA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F887D4E)
[Address] EAT @explorer.exe (MsiPreviewBillboardW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F883AEA)
[Address] EAT @explorer.exe (MsiPreviewDialogA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F887D0B)
[Address] EAT @explorer.exe (MsiPreviewDialogW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F883A96)
[Address] EAT @explorer.exe (MsiProcessAdvertiseScriptA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F86CBB2)
[Address] EAT @explorer.exe (MsiProcessAdvertiseScriptW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F86DF39)
[Address] EAT @explorer.exe (MsiProcessMessage) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F882F51)
[Address] EAT @explorer.exe (MsiProvideAssemblyA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F86FD5D)
[Address] EAT @explorer.exe (MsiProvideAssemblyW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F870765)
[Address] EAT @explorer.exe (MsiProvideComponentA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F86F7B9)
[Address] EAT @explorer.exe (MsiProvideComponentFromDescriptorA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F86FAB3)
[Address] EAT @explorer.exe (MsiProvideComponentFromDescriptorW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F7C4F84)
[Address] EAT @explorer.exe (MsiProvideComponentW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F87030C)
[Address] EAT @explorer.exe (MsiProvideQualifiedComponentA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F7DC385)
[Address] EAT @explorer.exe (MsiProvideQualifiedComponentExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F7DD411)
[Address] EAT @explorer.exe (MsiProvideQualifiedComponentExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F7B8A47)
[Address] EAT @explorer.exe (MsiProvideQualifiedComponentW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F7B8C86)
[Address] EAT @explorer.exe (MsiQueryComponentStateA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F87687C)
[Address] EAT @explorer.exe (MsiQueryComponentStateW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F871AE1)
[Address] EAT @explorer.exe (MsiQueryFeatureStateA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F86F6F1)
[Address] EAT @explorer.exe (MsiQueryFeatureStateExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F876A94)
[Address] EAT @explorer.exe (MsiQueryFeatureStateExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F871CD9)
[Address] EAT @explorer.exe (MsiQueryFeatureStateFromDescriptorA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F86FC02)
[Address] EAT @explorer.exe (MsiQueryFeatureStateFromDescriptorW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F87057D)
[Address] EAT @explorer.exe (MsiQueryFeatureStateW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F7B617D)
[Address] EAT @explorer.exe (MsiQueryProductStateA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F86D45D)
[Address] EAT @explorer.exe (MsiQueryProductStateW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F7C49FE)
[Address] EAT @explorer.exe (MsiRecordClearData) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F881D27)
[Address] EAT @explorer.exe (MsiRecordDataSize) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F8816E5)
[Address] EAT @explorer.exe (MsiRecordGetFieldCount) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F881916)
[Address] EAT @explorer.exe (MsiRecordGetInteger) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F8818B5)
[Address] EAT @explorer.exe (MsiRecordGetStringA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F883F1D)
[Address] EAT @explorer.exe (MsiRecordGetStringW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F8840CC)
[Address] EAT @explorer.exe (MsiRecordIsNull) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F8815F5)
[Address] EAT @explorer.exe (MsiRecordReadStream) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F881B6D)
[Address] EAT @explorer.exe (MsiRecordSetInteger) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F8817C2)
[Address] EAT @explorer.exe (MsiRecordSetStreamA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F885877)
[Address] EAT @explorer.exe (MsiRecordSetStreamW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F881A03)
[Address] EAT @explorer.exe (MsiRecordSetStringA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F88561D)
[Address] EAT @explorer.exe (MsiRecordSetStringW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F88572E)
[Address] EAT @explorer.exe (MsiReinstallFeatureA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F861EDE)
[Address] EAT @explorer.exe (MsiReinstallFeatureFromDescriptorA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F86D8C2)
[Address] EAT @explorer.exe (MsiReinstallFeatureFromDescriptorW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F86E657)
[Address] EAT @explorer.exe (MsiReinstallFeatureW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F7C8C24)
[Address] EAT @explorer.exe (MsiReinstallProductA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F861AFE)
[Address] EAT @explorer.exe (MsiReinstallProductW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F85CFF1)
[Address] EAT @explorer.exe (MsiRemovePatchesA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F879606)
[Address] EAT @explorer.exe (MsiRemovePatchesW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F873702)
[Address] EAT @explorer.exe (MsiSequenceA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F886180)
[Address] EAT @explorer.exe (MsiSequenceW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F882E4B)
[Address] EAT @explorer.exe (MsiSetComponentStateA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F8873EB)
[Address] EAT @explorer.exe (MsiSetComponentStateW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F8874E5)
[Address] EAT @explorer.exe (MsiSetExternalUIA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F85C72F)
[Address] EAT @explorer.exe (MsiSetExternalUIRecord) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F87336B)
[Address] EAT @explorer.exe (MsiSetExternalUIW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F7C4E86)
[Address] EAT @explorer.exe (MsiSetFeatureAttributesA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F887001)
[Address] EAT @explorer.exe (MsiSetFeatureAttributesW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F8870B4)
[Address] EAT @explorer.exe (MsiSetFeatureStateA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F886E2D)
[Address] EAT @explorer.exe (MsiSetFeatureStateW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F886EDF)
[Address] EAT @explorer.exe (MsiSetInstallLevel) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F883424)
[Address] EAT @explorer.exe (MsiSetInternalUI) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F7C4FE6)
[Address] EAT @explorer.exe (MsiSetMode) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F8828BB)
[Address] EAT @explorer.exe (MsiSetOfflineContextW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F888485)
[Address] EAT @explorer.exe (MsiSetPropertyA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F885DC1)
[Address] EAT @explorer.exe (MsiSetPropertyW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F885F85)
[Address] EAT @explorer.exe (MsiSetTargetPathA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F8869DD)
[Address] EAT @explorer.exe (MsiSetTargetPathW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F886B61)
[Address] EAT @explorer.exe (MsiSourceListAddMediaDiskA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F877136)
[Address] EAT @explorer.exe (MsiSourceListAddMediaDiskW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F872165)
[Address] EAT @explorer.exe (MsiSourceListAddSourceA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F863037)
[Address] EAT @explorer.exe (MsiSourceListAddSourceExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F876F13)
[Address] EAT @explorer.exe (MsiSourceListAddSourceExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F871F43)
[Address] EAT @explorer.exe (MsiSourceListAddSourceW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F85DC51)
[Address] EAT @explorer.exe (MsiSourceListClearAllA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F862EF0)
[Address] EAT @explorer.exe (MsiSourceListClearAllExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F877875)
[Address] EAT @explorer.exe (MsiSourceListClearAllExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F87281B)
[Address] EAT @explorer.exe (MsiSourceListClearAllW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F85DAEB)
[Address] EAT @explorer.exe (MsiSourceListClearMediaDiskA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F87764A)
[Address] EAT @explorer.exe (MsiSourceListClearMediaDiskW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F87260D)
[Address] EAT @explorer.exe (MsiSourceListClearSourceA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F877436)
[Address] EAT @explorer.exe (MsiSourceListClearSourceW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F872405)
[Address] EAT @explorer.exe (MsiSourceListEnumMediaDisksA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F87834E)
[Address] EAT @explorer.exe (MsiSourceListEnumMediaDisksW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F8731B5)
[Address] EAT @explorer.exe (MsiSourceListEnumSourcesA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F877C4B)
[Address] EAT @explorer.exe (MsiSourceListEnumSourcesW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F872C07)
[Address] EAT @explorer.exe (MsiSourceListForceResolutionA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F8631B8)
[Address] EAT @explorer.exe (MsiSourceListForceResolutionExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F877A6C)
[Address] EAT @explorer.exe (MsiSourceListForceResolutionExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F872A09)
[Address] EAT @explorer.exe (MsiSourceListForceResolutionW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F85DDDB)
[Address] EAT @explorer.exe (MsiSourceListGetInfoA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F877E30)
[Address] EAT @explorer.exe (MsiSourceListGetInfoW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F872DB5)
[Address] EAT @explorer.exe (MsiSourceListSetInfoA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F8780F8)
[Address] EAT @explorer.exe (MsiSourceListSetInfoW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F872FAB)
[Address] EAT @explorer.exe (MsiSummaryInfoGetPropertyA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F8821B9)
[Address] EAT @explorer.exe (MsiSummaryInfoGetPropertyCount) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F881E3D)
[Address] EAT @explorer.exe (MsiSummaryInfoGetPropertyW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F88238B)
[Address] EAT @explorer.exe (MsiSummaryInfoPersist) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F882551)
[Address] EAT @explorer.exe (MsiSummaryInfoSetPropertyA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F885906)
[Address] EAT @explorer.exe (MsiSummaryInfoSetPropertyW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F881F2B)
[Address] EAT @explorer.exe (MsiUseFeatureA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F870D83)
[Address] EAT @explorer.exe (MsiUseFeatureExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F86F9E8)
[Address] EAT @explorer.exe (MsiUseFeatureExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F7C4D3A)
[Address] EAT @explorer.exe (MsiUseFeatureW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F870DA0)
[Address] EAT @explorer.exe (MsiVerifyDiskSpace) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F883863)
[Address] EAT @explorer.exe (MsiVerifyPackageA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F8607AA)
[Address] EAT @explorer.exe (MsiVerifyPackageW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F85F097)
[Address] EAT @explorer.exe (MsiViewClose) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F880BAF)
[Address] EAT @explorer.exe (MsiViewExecute) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F88070F)
[Address] EAT @explorer.exe (MsiViewFetch) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F880833)
[Address] EAT @explorer.exe (MsiViewGetColumnInfo) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F880A91)
[Address] EAT @explorer.exe (MsiViewGetErrorA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F8803F1)
[Address] EAT @explorer.exe (MsiViewGetErrorW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F8805CE)
[Address] EAT @explorer.exe (MsiViewModify) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F88093F)
[Address] EAT @explorer.exe (QueryInstanceCount) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6F7C2B2A)
[Address] EAT @explorer.exe (DllGetClassObject) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EACF9D)
[Address] EAT @explorer.exe (IEnumString_Next_WIC_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAE000)
[Address] EAT @explorer.exe (IEnumString_Reset_WIC_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAE029)
[Address] EAT @explorer.exe (IPropertyBag2_Write_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAE049)
[Address] EAT @explorer.exe (IWICBitmapClipper_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EADD2A)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportAnimation_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAEA9A)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportLossless_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAEABD)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportMultiframe_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAEAE0)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetContainerFormat_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAE9D3)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetDeviceManufacturer_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAE9F6)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetDeviceModels_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAEA1F)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetFileExtensions_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAEA71)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetMimeTypes_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAEA48)
[Address] EAT @explorer.exe (IWICBitmapDecoder_CopyPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD845)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetColorContexts_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAE9AA)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetDecoderInfo_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD822)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetFrameCount_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD9A2)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetFrame_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD868)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetMetadataQueryReader_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD8DA)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetPreview_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EADC74)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetThumbnail_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAE9D3)
[Address] EAT @explorer.exe (IWICBitmapEncoder_Commit_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EADC05)
[Address] EAT @explorer.exe (IWICBitmapEncoder_CreateNewFrame_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EADB87)
[Address] EAT @explorer.exe (IWICBitmapEncoder_GetEncoderInfo_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EADB5E)
[Address] EAT @explorer.exe (IWICBitmapEncoder_GetMetadataQueryWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD9A2)
[Address] EAT @explorer.exe (IWICBitmapEncoder_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EADB32)
[Address] EAT @explorer.exe (IWICBitmapEncoder_SetPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EADBDC)
[Address] EAT @explorer.exe (IWICBitmapEncoder_SetThumbnail_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EADBB3)
[Address] EAT @explorer.exe (IWICBitmapFlipRotator_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EADD2A)
[Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetColorContexts_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD88E)
[Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetMetadataQueryReader_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD8DA)
[Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetThumbnail_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD8B7)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_Commit_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD9C5)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_GetMetadataQueryWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAEB03)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EADFB7)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetColorContexts_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EADB06)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetResolution_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EADA17)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetSize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD9E5)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetThumbnail_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EADADD)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_WriteSource_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EADA71)
[Address] EAT @explorer.exe (IWICBitmapLock_GetDataPointer_STA_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD7FC)
[Address] EAT @explorer.exe (IWICBitmapLock_GetStride_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EADC25)
[Address] EAT @explorer.exe (IWICBitmapScaler_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EADCFE)
[Address] EAT @explorer.exe (IWICBitmapSource_CopyPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD822)
[Address] EAT @explorer.exe (IWICBitmapSource_CopyPixels_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EADC48)
[Address] EAT @explorer.exe (IWICBitmapSource_GetPixelFormat_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EADC25)
[Address] EAT @explorer.exe (IWICBitmapSource_GetResolution_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD7FC)
[Address] EAT @explorer.exe (IWICBitmapSource_GetSize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD91D)
[Address] EAT @explorer.exe (IWICBitmap_Lock_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAE981)
[Address] EAT @explorer.exe (IWICBitmap_SetPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EADC74)
[Address] EAT @explorer.exe (IWICBitmap_SetResolution_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EADC97)
[Address] EAT @explorer.exe (IWICColorContext_InitializeFromMemory_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAEB75)
[Address] EAT @explorer.exe (IWICComponentFactory_CreateMetadataWriterFromReader_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD7AA)
[Address] EAT @explorer.exe (IWICComponentFactory_CreateQueryWriterFromBlockWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD7D3)
[Address] EAT @explorer.exe (IWICComponentInfo_GetAuthor_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAE958)
[Address] EAT @explorer.exe (IWICComponentInfo_GetCLSID_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EADC25)
[Address] EAT @explorer.exe (IWICComponentInfo_GetFriendlyName_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAE9AA)
[Address] EAT @explorer.exe (IWICComponentInfo_GetSpecVersion_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD88E)
[Address] EAT @explorer.exe (IWICComponentInfo_GetVersion_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAE981)
[Address] EAT @explorer.exe (IWICFastMetadataEncoder_Commit_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD8FD)
[Address] EAT @explorer.exe (IWICFastMetadataEncoder_GetMetadataQueryWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EADC25)
[Address] EAT @explorer.exe (IWICFormatConverter_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EADCC7)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapClipper_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD557)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFlipRotator_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD580)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromHBITMAP_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD6BA)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromHICON_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD6E6)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromMemory_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD656)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromSource_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD62D)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapScaler_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD52E)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmap_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD68B)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateComponentInfo_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD4D9)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromFileHandle_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD4A1)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromFilename_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD466)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromStream_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD42E)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateEncoder_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD5D2)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateFastMetadataEncoderFromDecoder_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD70C)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateFastMetadataEncoderFromFrameDecode_ProxþÐVP@•Qø"$ÿÿÿÿL•QtD^ÑVP[) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD732)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateFormatConverter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD505)
[Address] EAT @explorer.exe (IWICImagingFactory_CreatePalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EADADD)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateQueryWriterFromReader_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD781)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateQueryWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD758)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateStream_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD5A9)
[Address] EAT @explorer.exe (IWICMetadataBlockReader_GetCount_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EADC25)
[Address] EAT @explorer.exe (IWICMetadataBlockReader_GetReaderByIndex_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD7FC)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetContainerFormat_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EADFB7)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetEnumerator_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD822)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetLocation_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAE049)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetMetadataByName_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD7FC)
[Address] EAT @explorer.exe (IWICMetadataQueryWriter_RemoveMetadataByName_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD8DA)
[Address] EAT @explorer.exe (IWICMetadataQueryWriter_SetMetadataByName_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EADFDA)
[Address] EAT @explorer.exe (IWICPalette_GetColorCount_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD96C)
[Address] EAT @explorer.exe (IWICPalette_GetColors_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD88E)
[Address] EAT @explorer.exe (IWICPalette_GetType_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD845)
[Address] EAT @explorer.exe (IWICPalette_HasAlpha_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD9A2)
[Address] EAT @explorer.exe (IWICPalette_InitializeCustom_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAEB75)
[Address] EAT @explorer.exe (IWICPalette_InitializeFromBitmap_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD943)
[Address] EAT @explorer.exe (IWICPalette_InitializeFromPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD822)
[Address] EAT @explorer.exe (IWICPalette_InitializePredefined_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD91D)
[Address] EAT @explorer.exe (IWICPixelFormatInfo_GetBitsPerPixel_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAEB03)
[Address] EAT @explorer.exe (IWICPixelFormatInfo_GetChannelCount_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EADD50)
[Address] EAT @explorer.exe (IWICPixelFormatInfo_GetChannelMask_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAEB26)
[Address] EAT @explorer.exe (IWICStream_InitializeFromIStream_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EADD50)
[Address] EAT @explorer.exe (IWICStream_InitializeFromMemory_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EADD73)
[Address] EAT @explorer.exe (WICConvertBitmapSource) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EADDB8)
[Address] EAT @explorer.exe (WICCreateBitmapFromSection) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EADF8D)
[Address] EAT @explorer.exe (WICCreateBitmapFromSectionEx) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EADE8C)
[Address] EAT @explorer.exe (WICCreateColorContext_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAEB52)
[Address] EAT @explorer.exe (WICCreateImagingFactory_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD02B)
[Address] EAT @explorer.exe (WICGetMetadataContentSize) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAE61D)
[Address] EAT @explorer.exe (WICMapGuidToShortName) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD0EC)
[Address] EAT @explorer.exe (WICMapSchemaToName) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD2E0)
[Address] EAT @explorer.exe (WICMapShortNameToGuid) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAD217)
[Address] EAT @explorer.exe (WICMatchMetadataContent) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAE072)
[Address] EAT @explorer.exe (WICSerializeMetadataContent) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EAE1B4)
[Address] EAT @explorer.exe (WICSetEncoderFormat_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EADD99)
[Address] EAT @firefox.exe (BeginBufferedAnimation) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742C09AE)
[Address] EAT @firefox.exe (BeginBufferedPaint) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742B49A1)
[Address] EAT @firefox.exe (BeginPanningFeedback) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742E0731)
[Address] EAT @firefox.exe (BufferedPaintClear) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742B6395)
[Address] EAT @firefox.exe (BufferedPaintInit) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742B940E)
[Address] EAT @firefox.exe (BufferedPaintRenderAnimation) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742C08ED)
[Address] EAT @firefox.exe (BufferedPaintSetAlpha) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742CE6B3)
[Address] EAT @firefox.exe (BufferedPaintStopAllAnimations) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742CD395)
[Address] EAT @firefox.exe (BufferedPaintUnInit) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742B94AB)
[Address] EAT @firefox.exe (CloseThemeData) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742B6A18)
[Address] EAT @firefox.exe (DrawThemeBackground) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742B3982)
[Address] EAT @firefox.exe (DrawThemeBackgroundEx) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742CD9DA)
[Address] EAT @firefox.exe (DrawThemeEdge) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742D3B52)
[Address] EAT @firefox.exe (DrawThemeIcon) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742E35E7)
[Address] EAT @firefox.exe (DrawThemeParentBackground) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742B53E5)
[Address] EAT @firefox.exe (DrawThemeParentBackgroundEx) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742B51BF)
[Address] EAT @firefox.exe (DrawThemeText) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742B4EA1)
[Address] EAT @firefox.exe (DrawThemeTextEx) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742B63E6)
[Address] EAT @firefox.exe (EnableThemeDialogTexture) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742BFCAF)
[Address] EAT @firefox.exe (EnableTheming) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742E2FEB)
[Address] EAT @firefox.exe (EndBufferedAnimation) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742B3F9A)
[Address] EAT @firefox.exe (EndBufferedPaint) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742B3F9A)
[Address] EAT @firefox.exe (EndPanningFeedback) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742E06CC)
[Address] EAT @firefox.exe (GetBufferedPaintBits) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742B4BAF)
[Address] EAT @firefox.exe (GetBufferedPaintDC) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742C04BC)
[Address] EAT @firefox.exe (GetBufferedPaintTargetDC) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742C0473)
[Address] EAT @firefox.exe (GetBufferedPaintTargetRect) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742E2E7F)
[Address] EAT @firefox.exe (GetCurrentThemeName) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742C05DD)
[Address] EAT @firefox.exe (GetThemeAppProperties) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742C0FB1)
[Address] EAT @firefox.exe (GetThemeBackgroundContentRect) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742BCD2E)
[Address] EAT @firefox.exe (GetThemeBackgroundExtent) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742BF8BF)
[Address] EAT @firefox.exe (GetThemeBackgroundRegion) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742C165D)
[Address] EAT @firefox.exe (GetThemeBitmap) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742BBF93)
[Address] EAT @firefox.exe (GetThemeBool) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742B7C1F)
[Address] EAT @firefox.exe (GetThemeColor) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742B616C)
[Address] EAT @firefox.exe (GetThemeDocumentationProperty) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742E2932)
[Address] EAT @firefox.exe (GetThemeEnumValue) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742B616C)
[Address] EAT @firefox.exe (GetThemeFilename) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742E2412)
[Address] EAT @firefox.exe (GetThemeFont) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742BFF21)
[Address] EAT @firefox.exe (GetThemeInt) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742B616C)
[Address] EAT @firefox.exe (GetThemeIntList) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742E23B1)
[Address] EAT @firefox.exe (GetThemeMargins) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742B86E9)
[Address] EAT @firefox.exe (GetThemeMetric) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742C06E2)
[Address] EAT @firefox.exe (GetThemePartSize) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742BCDB1)
[Address] EAT @firefox.exe (GetThemePosition) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742E2350)
[Address] EAT @firefox.exe (GetThemePropertyOrigin) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742D3FBB)
[Address] EAT @firefox.exe (GetThemeRect) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742C3611)
[Address] EAT @firefox.exe (GetThemeStream) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742C39D9)
[Address] EAT @firefox.exe (GetThemeString) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742E22E4)
[Address] EAT @firefox.exe (GetThemeSysBool) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742E3172)
[Address] EAT @firefox.exe (GetThemeSysColor) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742D3274)
[Address] EAT @firefox.exe (GetThemeSysColorBrush) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742E301E)
[Address] EAT @firefox.exe (GetThemeSysFont) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742E29C4)
[Address] EAT @firefox.exe (GetThemeSysInt) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742E2BD3)
[Address] EAT @firefox.exe (GetThemeSysSize) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742E320B)
[Address] EAT @firefox.exe (GetThemeSysString) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742E2B3F)
[Address] EAT @firefox.exe (GetThemeTextExtent) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742B2D57)
[Address] EAT @firefox.exe (GetThemeTextMetrics) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742BF992)
[Address] EAT @firefox.exe (GetThemeTransitionDuration) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742C1081)
[Address] EAT @firefox.exe (GetWindowTheme) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742BDF46)
[Address] EAT @firefox.exe (HitTestThemeBackground) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742C3CE3)
[Address] EAT @firefox.exe (IsAppThemed) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742BF869)
[Address] EAT @firefox.exe (IsCompositionActive) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742B2E9A)
[Address] EAT @firefox.exe (IsThemeActive) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742BF785)
[Address] EAT @firefox.exe (IsThemeBackgroundPartiallyTransparent) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742B60AB)
[Address] EAT @firefox.exe (IsThemeDialogTextureEnabled) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742E312B)
[Address] EAT @firefox.exe (IsThemePartDefined) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742B85B4)
[Address] EAT @firefox.exe (OpenThemeData) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742B73D2)
[Address] EAT @firefox.exe (OpenThemeDataEx) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742D3D43)
[Address] EAT @firefox.exe (SetThemeAppProperties) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742E3296)
[Address] EAT @firefox.exe (SetWindowTheme) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742C0134)
[Address] EAT @firefox.exe (SetWindowThemeAttribute) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742CCFE6)
[Address] EAT @firefox.exe (ThemeInitApiHook) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742BB176)
[Address] EAT @firefox.exe (UpdatePanningFeedback) : dwmapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x742E068D)

¤¤¤ Vonkajšie Hives: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Súbor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts



127.0.0.1 localhost
::1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) SAMSUNG HD154UI SCSI Disk Device +++++
--- User ---
[MBR] c1c38d5a9c73f973c03aeedb6aa4076f
[BSP] 362659e2bcb65deb3e19e0e2da6d7546 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 350000 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 717006848 | Size: 149898 MB
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 1023999165 | Size: 930789 MB
User = LL1 ... OK!
Error reading LL2 MBR! ([0x1] Nesprávna funkcia. )

Dokončené : << RKreport[0]_D_04172014_133725.txt >>
RKreport[0]_S_04162014_140829.txt;RKreport[0]_S_04172014_133637.txt















RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operačný systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spustené v : Normálny režim
Užívateľ : Andrej [Práva Správcu]
Režim : Oprava HOSTS -- Dátum : 04/17/2014 13:37:46
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy : 0 ¤¤¤

¤¤¤ Záznamy Registrov : 0 ¤¤¤

¤¤¤ Ovládač : [NAHRATÉ] ¤¤¤

¤¤¤ Vonkajšie Hives: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Súbor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts



127.0.0.1 localhost
::1 localhost


¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost


Dokončené : << RKreport[0]_H_04172014_133746.txt >>
RKreport[0]_D_04172014_133725.txt;RKreport[0]_S_04162014_140829.txt;RKreport[0]_S_04172014_133637.txt

[Márty84]

Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

[CarrioSs]

ComboFix 14-04-17.01 - Andrej . 04. 2014 19:52:37.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1051.18.3071.2372 [GMT 2:00]
Running from: c:\users\Andrej\Desktop\ComboFix.exe
AV: ESET Smart Security 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET personal firewall *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1386616638.bdinstall.bin
c:\programdata\1386623397.bdinstall.bin
c:\users\Andrej\AppData\Local\assembly\tmp
c:\users\Andrej\AppData\Roaming\1D959CA221C7573.sys
.
.
((((((((((((((((((((((((( Files Created from 2014-03-18 to 2014-04-18 )))))))))))))))))))))))))))))))
.
.
2014-04-18 17:59 . 2014-04-18 18:07 -------- d-----w- c:\users\Andrej\AppData\Local\temp
2014-04-18 17:59 . 2014-04-18 17:59 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-04-17 11:45 . 2014-04-17 11:45 -------- d-----w- c:\users\Andrej\AppData\Local\VirtualStore
2014-04-15 15:54 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-15 15:54 . 2014-04-15 15:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-04-14 18:46 . 2014-04-14 18:46 -------- d-----r- c:\users\Lukáš\Documents
2014-04-14 14:52 . 2014-04-14 14:53 -------- d-----w- C:\AdwCleaner
2014-04-13 20:27 . 2014-04-13 20:30 -------- d-----w- c:\program files\trend micro
2014-04-13 20:27 . 2014-04-13 20:30 -------- d-----w- C:\rsit
2014-04-12 13:24 . 2014-04-12 13:24 -------- d-----w- c:\windows\ERUNT
2014-04-09 14:38 . 2014-03-31 00:13 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-04-09 14:37 . 2014-01-24 02:18 1212352 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-04-09 14:37 . 2014-02-04 02:07 149440 ----a-w- c:\windows\system32\drivers\storport.sys
2014-04-09 14:37 . 2014-02-04 02:07 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2014-04-09 14:37 . 2014-02-04 02:07 27072 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-04-09 14:37 . 2014-02-04 02:00 2048 ----a-w- c:\windows\system32\iologmsg.dll
2014-04-07 21:30 . 2014-04-09 11:56 -------- d-----w- c:\users\Lukáš\AppData\Local\CrashDumps
2014-04-04 11:18 . 2014-04-04 11:05 24064 ----a-w- c:\windows\zoek-delete.exe
2014-04-03 15:55 . 2014-04-03 15:55 -------- d-----w- c:\program files\Common Files\Java
2014-04-03 15:55 . 2013-12-18 19:10 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-03-27 18:35 . 2014-04-03 15:04 -------- d-----w- c:\program files\Google
2014-03-25 17:20 . 2014-04-18 17:45 -------- d-----w- c:\users\Andrej\AppData\Local\CrashDumps
2014-03-23 18:55 . 2014-03-23 18:55 -------- d-----w- c:\users\Andrej\AppData\Roaming\Autodesk
2014-03-23 18:55 . 2014-03-23 18:55 -------- d-----w- c:\programdata\Autodesk
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-11 15:37 . 2013-12-20 12:04 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-11 15:37 . 2013-12-20 12:04 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-01 04:10 . 2014-03-14 19:09 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-01 03:52 . 2014-03-14 19:09 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-03-01 03:51 . 2014-03-14 19:09 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-01 03:38 . 2014-03-14 19:09 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-01 03:38 . 2014-03-14 19:09 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-01 03:37 . 2014-03-14 19:09 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-01 03:31 . 2014-03-14 19:09 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 03:14 . 2014-03-14 19:09 4244480 ----a-w- c:\windows\system32\jscript9.dll
2014-03-01 03:00 . 2014-03-14 19:09 1964032 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-01 02:32 . 2014-03-14 19:09 1820160 ----a-w- c:\windows\system32\wininet.dll
2014-02-07 01:07 . 2014-03-14 01:16 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-02-06 18:00 . 2014-02-20 10:54 112640 ----a-w- c:\windows\system32\ff_vfw.dll
2014-02-04 02:04 . 2014-03-14 01:16 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-14 19:07 509440 ----a-w- c:\windows\system32\qedit.dll
2014-01-29 20:08 . 2013-09-26 10:15 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
2014-01-29 02:06 . 2014-03-14 01:16 381440 ----a-w- c:\windows\system32\wer.dll
2014-01-28 02:07 . 2014-03-14 01:17 185344 ----a-w- c:\windows\system32\wwansvc.dll
2013-10-20 14:23 . 2013-10-20 14:23 4216840 ----a-w- c:\program files\Common Files\vcredist.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StickyPassword"="c:\program files\Sticky Password\stpass.exe" [2014-01-20 8145208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-09-12 5110672]
.
c:\users\Andrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MediaMonkey.lnk - c:\program files\MediaMonkey\MediaMonkey.exe [2013-8-13 11126784]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2013-3-21 3560832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 1 (0x1)
"SynchronousUserGroupPolicy"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0??????????\0??\0????????\0?$\0
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jusched.exe]
2013-07-02 07:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck.exe]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 07:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AdobeBridge"=
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Alcmtr"=ALCMTR.EXE
"RTHDVCPL"=c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe -s
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 30312]
R3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\program files\DU Meter\DUMETR32.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-01 108032]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 136808]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 114280]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-12-08 48128]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2013-07-11 1343400]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2013-09-17 49240]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2014-01-29 436792]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2013-09-17 188808]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2013-09-17 134248]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2013-09-17 37416]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2013-09-12 1337752]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-20 15:37]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <-loopback>
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\g44kf4fq.default-1384441063421\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
.
.
------- File Associations -------
.
txtfile="c:\program files\PSPad editor\PSPad.exe" "%1"
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3108)
c:\program files\Xfire\xfire_toucan_46139.dll
c:\program files\Sticky Password\spCapBtnLdr.dll
c:\program files\Sticky Password\spCapBtn.dll
c:\windows\system32\authui.dll
c:\windows\System32\hgcpl.dll
c:\windows\system32\fxsst.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2014-04-18 20:10:37 - machine was rebooted
ComboFix-quarantined-files.txt 2014-04-18 18:10
.
Pre-Run: 284 600 836 096 bytes free
Post-Run: 284 486 176 768 bytes free
.
- - End Of File - - B2C0D0627AB0140D9700A4B1351E338A
A36C5E4F47E84449FF07ED3517B43A31

[Márty84]

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jusched.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"=-
"NeroFilterCheck"=-
"SunJavaUpdateSched"=-

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Driver::
SkypeUpdate

Reboot::

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

[CarrioSs]

ComboFix 14-04-17.01 - Andrej . 04. 2014 12:24:23.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1051.18.3071.1690 [GMT 2:00]
Running from: c:\users\Andrej\Desktop\ComboFix.exe
Command switches used :: c:\users\Andrej\Desktop\CFScript.txt
AV: ESET Smart Security 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET personal firewall *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Files Created from 2014-03-19 to 2014-04-19 )))))))))))))))))))))))))))))))
.
.
2014-04-19 10:31 . 2014-04-19 10:31 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-04-19 10:31 . 2014-04-19 10:31 -------- d-----w- c:\users\Lukáš\AppData\Local\temp
2014-04-19 10:31 . 2014-04-19 10:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-19 10:19 . 2014-04-17 03:32 8050496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B03B82EB-07A9-4A67-9E8F-DD44FD9545EE}\mpengine.dll
2014-04-18 18:27 . 2013-10-01 23:45 32256 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2014-04-18 18:27 . 2013-10-02 00:42 49152 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2014-04-18 18:27 . 2013-10-02 00:32 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-04-18 18:27 . 2013-10-02 00:30 14336 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-04-18 18:27 . 2013-10-02 00:14 50176 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2014-04-18 18:27 . 2013-10-02 00:14 17920 ----a-w- c:\windows\system32\wksprtPS.dll
2014-04-18 18:27 . 2013-10-01 23:58 53248 ----a-w- c:\windows\system32\tsgqec.dll
2014-04-18 18:27 . 2013-10-01 23:08 855552 ----a-w- c:\windows\system32\rdvidcrl.dll
2014-04-18 18:27 . 2013-10-01 23:00 76288 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-04-18 18:27 . 2013-10-01 22:53 350208 ----a-w- c:\windows\system32\wksprt.exe
2014-04-18 18:27 . 2013-10-01 22:34 1068544 ----a-w- c:\windows\system32\mstsc.exe
2014-04-18 18:27 . 2013-10-01 20:55 5698048 ----a-w- c:\windows\system32\mstscax.dll
2014-04-18 18:26 . 2014-03-04 11:32 599840 ----a-w- c:\windows\system32\nvStreaming.exe
2014-04-18 18:22 . 2014-03-06 08:20 8011264 ----a-w- c:\program files\Internet Explorer\F12Resources.dll
2014-04-18 18:22 . 2014-03-06 06:56 1064960 ----a-w- c:\program files\Internet Explorer\networkinspection.dll
2014-04-18 18:22 . 2014-03-06 07:44 222720 ----a-w- c:\program files\Internet Explorer\ielowutil.exe
2014-04-18 18:22 . 2014-03-06 06:57 1634304 ----a-w- c:\program files\Internet Explorer\F12.dll
2014-04-18 18:22 . 2014-03-08 01:59 811728 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2014-04-18 18:22 . 2014-03-06 07:03 470016 ----a-w- c:\program files\Internet Explorer\ieinstal.exe
2014-04-18 18:22 . 2014-03-06 06:40 1967104 ----a-w- c:\windows\system32\inetcpl.cpl
2014-04-18 18:22 . 2014-03-06 05:41 1789440 ----a-w- c:\windows\system32\wininet.dll
2014-04-18 18:22 . 2014-03-06 07:46 4254720 ----a-w- c:\windows\system32\jscript9.dll
2014-04-18 18:17 . 2013-09-25 01:57 792576 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-04-18 17:59 . 2014-04-19 10:33 -------- d-----w- c:\users\Andrej\AppData\Local\temp
2014-04-17 11:45 . 2014-04-17 11:45 -------- d-----w- c:\users\Andrej\AppData\Local\VirtualStore
2014-04-15 15:54 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-15 15:54 . 2014-04-15 15:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-04-14 18:46 . 2014-04-14 18:46 -------- d-----r- c:\users\Lukáš\Documents
2014-04-14 14:52 . 2014-04-14 14:53 -------- d-----w- C:\AdwCleaner
2014-04-13 20:27 . 2014-04-13 20:30 -------- d-----w- c:\program files\trend micro
2014-04-13 20:27 . 2014-04-13 20:30 -------- d-----w- C:\rsit
2014-04-12 13:24 . 2014-04-12 13:24 -------- d-----w- c:\windows\ERUNT
2014-04-09 14:37 . 2014-01-24 02:18 1212352 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-04-09 14:37 . 2014-02-04 02:07 149440 ----a-w- c:\windows\system32\drivers\storport.sys
2014-04-09 14:37 . 2014-02-04 02:07 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2014-04-09 14:37 . 2014-02-04 02:07 27072 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-04-09 14:37 . 2014-02-04 02:00 2048 ----a-w- c:\windows\system32\iologmsg.dll
2014-04-07 21:30 . 2014-04-09 11:56 -------- d-----w- c:\users\Lukáš\AppData\Local\CrashDumps
2014-04-04 11:18 . 2014-04-04 11:05 24064 ----a-w- c:\windows\zoek-delete.exe
2014-04-03 15:55 . 2014-04-03 15:55 -------- d-----w- c:\program files\Common Files\Java
2014-04-03 15:55 . 2013-12-18 19:10 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-03-27 18:35 . 2014-04-03 15:04 -------- d-----w- c:\program files\Google
2014-03-25 17:20 . 2014-04-18 17:45 -------- d-----w- c:\users\Andrej\AppData\Local\CrashDumps
2014-03-23 18:55 . 2014-03-23 18:55 -------- d-----w- c:\users\Andrej\AppData\Roaming\Autodesk
2014-03-23 18:55 . 2014-03-23 18:55 -------- d-----w- c:\programdata\Autodesk
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-11 15:37 . 2013-12-20 12:04 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-11 15:37 . 2013-12-20 12:04 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-31 07:35 . 2013-07-11 14:57 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-03-20 21:03 . 2013-07-11 14:23 53024 ----a-w- c:\windows\system32\OpenCL.dll
2014-03-20 21:03 . 2013-07-15 14:56 15783992 ----a-w- c:\windows\system32\nvwgf2um.dll
2014-03-20 21:03 . 2013-07-15 14:56 832936 ----a-w- c:\windows\system32\nvumdshim.dll
2014-03-20 21:03 . 2013-07-15 14:56 2715264 ----a-w- c:\windows\system32\nvapi.dll
2014-03-04 12:34 . 2013-07-15 14:59 4348704 ----a-w- c:\windows\system32\nvcpl.dll
2014-03-04 12:34 . 2013-07-15 14:59 3044696 ----a-w- c:\windows\system32\nvsvc.dll
2014-03-04 12:34 . 2013-07-15 14:59 663896 ----a-w- c:\windows\system32\nvvsvc.exe
2014-03-04 12:34 . 2013-07-15 14:59 62752 ----a-w- c:\windows\system32\nvshext.dll
2014-03-04 12:34 . 2013-07-15 14:59 2556360 ----a-w- c:\windows\system32\nvsvcr.dll
2014-03-04 12:34 . 2013-07-15 14:59 375128 ----a-w- c:\windows\system32\nvmctray.dll
2014-02-07 01:07 . 2014-03-14 01:16 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-02-06 18:00 . 2014-02-20 10:54 112640 ----a-w- c:\windows\system32\ff_vfw.dll
2014-02-04 02:04 . 2014-03-14 01:16 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-14 19:07 509440 ----a-w- c:\windows\system32\qedit.dll
2014-01-29 20:08 . 2013-09-26 10:15 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
2014-01-29 02:06 . 2014-03-14 01:16 381440 ----a-w- c:\windows\system32\wer.dll
2014-01-28 02:07 . 2014-03-14 01:17 185344 ----a-w- c:\windows\system32\wwansvc.dll
2013-10-20 14:23 . 2013-10-20 14:23 4216840 ----a-w- c:\program files\Common Files\vcredist.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StickyPassword"="c:\program files\Sticky Password\stpass.exe" [2014-01-20 8145208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-09-12 5110672]
.
c:\users\Andrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MediaMonkey.lnk - c:\program files\MediaMonkey\MediaMonkey.exe [2013-8-13 11126784]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2013-3-21 3560832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 1 (0x1)
"SynchronousUserGroupPolicy"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0??????????\0??\0????????\0?$\0
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AdobeBridge"=
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Alcmtr"=ALCMTR.EXE
"RTHDVCPL"=c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe -s
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 30312]
R3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\program files\DU Meter\DUMETR32.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-06 108032]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 136808]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 114280]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-12-08 48128]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2013-07-11 1343400]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2013-09-17 49240]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2014-01-29 436792]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2013-09-17 188808]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2013-09-17 134248]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2013-09-17 37416]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2013-09-12 1337752]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-03-04 411936]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-20 15:37]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <-loopback>
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\g44kf4fq.default-1384441063421\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2560)
c:\program files\Xfire\xfire_toucan_46139.dll
c:\program files\Sticky Password\spCapBtnLdr.dll
c:\program files\Sticky Password\spCapBtn.dll
c:\program files\MediaMonkey\MMHelper.dll
c:\windows\system32\authui.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\MediaMonkey\MediaMonkey (non-skinned).exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2014-04-19 12:36:38 - machine was rebooted
ComboFix-quarantined-files.txt 2014-04-19 10:36
ComboFix2.txt 2014-04-18 18:10
.
Pre-Run: 284 870 799 360 bytes free
Post-Run: 284 595 499 008 bytes free
.
- - End Of File - - 33370D737A6451291F52C7F36F5AE524
A36C5E4F47E84449FF07ED3517B43A31