| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows 7: Internetseiten öffnen sich langsamWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.12.2013, 18:32
| #1 |
 |  Windows 7: Internetseiten öffnen sich langsam Hallo Leute, ich verwende Google Chrome und ab und zu Opera und seit einigen Tagen werden die Seiten und Inhalte viel langsamer geladen und manchmal gar nicht. Hab selbst für diesen Thread mit Anfängen ewig gebraucht. Hab mir da was eingefangen schätz ich. Wenn ich einen Speedtest mache ist meine Verbindung nämlich noch sehr gut Habe schon mit CCleaner alles gesäubert und Antiviren Schnellscan durchgeführt (avast) aber keine Erfolge gehabt. Hoffe mir kann wer helfen. Anhang 62697 Anhang 62698 Das GMER file ist knapp 400 kB groß deswegen konnt ichs nicht uploaden... Gruß eX |
|
05.12.2013, 06:24
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7: Internetseiten öffnen sich langsam Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
05.12.2013, 19:58
| #3 |
| | Windows 7: Internetseiten öffnen sich langsam Also gut, ich dachte vielleicht wirds dann zu lang oder so.
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2013 02
Ran by Burak (administrator) on BURAK-PC on 04-12-2013 17:09:37
Running from C:\Users\Burak\Downloads
Windows 7 Professional (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(LOL Replay) C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKCU\...\Policies\system: [DisableChangePassword] 0
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\avastui.exe [3567800 2013-10-22] (AVAST Software)
HKLM-x32\...\Run: [20131121] - C:\Program Files\AVAST Software\Avast\Setup\emupdate\67a285fb-148c-416e-8634-73a07caccd17.exe [180184 2013-11-23] (AVAST Software)
HKU\Administrator\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1823656 2013-12-03] (Valve Corporation)
HKU\Administrator\...\Run: [LOLReplay Recorder] - C:\Program Files (x86)\LOLReplay\LOLRecorder.exe [526848 2013-11-05] (LOL Replay)
HKU\Administrator\...\Policies\system: [DisableChangePassword] 0
HKU\Administrator\...\Policies\system: [DisableLockWorkstation] 0
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3C6D23ED1B4DCA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 6\bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Professional 6\bin\ZeonIEFavClient.dll (Zeon Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 6\bin\ZeonIEFavClient.dll (Zeon Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Burak\AppData\Roaming\Mozilla\Firefox\Profiles\raeh19ch.default
FF NetworkProxy: "backup.ftp", "186.232.196.25"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "186.232.196.25"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "186.232.196.25"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "http", "109.195.54.231"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", ", stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF NewTab: about:blank
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=1.6.0_39 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Professional 6\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: No Name - C:\Users\Burak\AppData\Roaming\Mozilla\Firefox\Profiles\raeh19ch.default\Extensions\staged
FF Extension: nuance - C:\Users\Burak\AppData\Roaming\Mozilla\Firefox\Profiles\raeh19ch.default\Extensions\nuance@pdf6
FF Extension: stealthyextension - C:\Users\Burak\AppData\Roaming\Mozilla\Firefox\Profiles\raeh19ch.default\Extensions\stealthyextension@gmail.com.xpi
FF Extension: toolbar - C:\Users\Burak\AppData\Roaming\Mozilla\Firefox\Profiles\raeh19ch.default\Extensions\toolbar@web.de.xpi
FF Extension: prefs - C:\Users\Burak\AppData\Roaming\Mozilla\Firefox\Profiles\raeh19ch.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: Adblock Plus - C:\Users\Burak\AppData\Roaming\Mozilla\Firefox\Profiles\raeh19ch.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\
FF Extension: Firefox Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Extension: (Google Drive) - C:\Users\Burak\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1
CHR Extension: (YouTube) - C:\Users\Burak\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1
CHR Extension: (Google Search) - C:\Users\Burak\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1
CHR Extension: (AdBlock) - C:\Users\Burak\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0
CHR Extension: (avast! Online Security) - C:\Users\Burak\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0
CHR Extension: (Google Wallet) - C:\Users\Burak\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Burak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-10-21] (AVAST Software)
S4 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2004-06-13] (brother Industries Ltd)
S4 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2008-10-31] (National Instruments, Inc.)
S4 lkClassAds; C:\Windows\SysWOW64\lkads.exe [42544 2009-06-18] (National Instruments Corporation)
S4 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [53296 2009-06-18] (National Instruments Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
S4 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [121144 2013-03-25] (Motorola Mobility LLC)
S4 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [356912 2009-06-18] (National Instruments Corporation)
S4 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1007616 2009-09-18] (Macrovision Corporation)
S4 niSvcLoc; C:\Windows\SysWOW64\nisvcloc.exe [13896 2009-06-04] (National Instruments Corporation)
S4 NitroReaderDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [216080 2012-05-16] (Nitro PDF Software)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [4323256 2011-03-28] (INCA Internet Co., Ltd.)
S4 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 6\PDFProFiltSrv.exe [134944 2009-07-27] (Nuance Communications, Inc.)
==================== Drivers (Whitelisted) ====================
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
S3 AODDriver4.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57512 2012-11-20] (Advanced Micro Devices)
R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-10-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-10-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-10-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-10-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-11-08] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2013-10-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-10-21] ()
S3 ATITool; C:\Windows\System32\DRIVERS\ATITool64.sys [30720 2006-11-10] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2009-11-13] ()
R3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [79872 2009-06-10] (AVM GmbH)
R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [24968 2009-06-17] (IVT Corporation.)
S3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [34440 2009-06-17] ()
R2 DRHMSR64; C:\Windows\system32\drivers\DRHMSR64.sys [13760 2013-07-21] ()
R2 DRHMSR64; C:\Windows\SysWow64\drivers\DRHMSR64.sys [13760 2013-07-21] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [270912 2011-10-13] (DT Soft Ltd)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWow64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
S3 FXUSBASE; C:\Windows\System32\DRIVERS\fxusbase.sys [694272 2009-06-10] (AVM Berlin)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2010-08-07] ()
S3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [30344 2009-06-17] (IVT Corporation.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2009-11-13] ()
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-04] (INCA Internet Co., Ltd.)
S3 PRODIGY; C:\Windows\System32\Drivers\PRODIGY.SYS [32377 2006-08-29] (B-phreaks)
S3 SPC220NC; C:\Windows\System32\DRIVERS\SPC220NC.SYS [572928 2007-05-16] (PixArt Imaging Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [526392 2011-10-12] ()
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2010-08-31] (Jungo)
U3 a18b5mvf; C:\Windows\System32\Drivers\a18b5mvf.sys [0 ] (Advanced Micro Devices)
S3 ALSysIO; \??\C:\Users\Burak\AppData\Local\Temp\ALSysIO64.sys [x]
S3 BT; system32\DRIVERS\btnetdrv.sys [x]
S3 Btcsrusb; System32\Drivers\btcusb.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 cpuz130; \??\C:\Users\Burak\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]
S3 DRHARD; \??\C:\Windows\system32\DRIVERS\DRHARD.SYS [x]
S3 dump_wmimmc; \??\C:\Program Files (x86)\NCsoft\Lineage II\system\GameGuard\dump_wmimmc.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 tcphoc; \??\C:\Program Files (x86)\Thunder Network\Thunder\XLDoctor\7.1.7.2244_1\Program\tcphoc.sys [x]
S3 VComm; system32\DRIVERS\VComm.sys [x]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [x]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 X6va003; \??\C:\Users\Burak\AppData\Local\Temp\003FC86.tmp [x]
S3 X6va006; \??\C:\Users\Burak\AppData\Local\Temp\006361D.tmp [x]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-04 17:05 - 2013-12-04 17:10 - 00020320 _____ C:\Users\Burak\Downloads\FRST.txt
2013-12-04 17:01 - 2013-12-04 17:01 - 01959614 _____ (Farbar) C:\Users\Burak\Downloads\FRST64.exe
2013-12-04 17:01 - 2013-12-04 17:01 - 00377856 _____ C:\Users\Burak\Downloads\gmer_2.1.19163.exe
2013-12-04 16:57 - 2013-12-04 16:57 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-04 16:57 - 2013-12-04 16:57 - 00002167 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-12-04 16:57 - 2013-12-04 16:57 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-04 16:57 - 2013-12-04 16:57 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-12-04 16:57 - 2013-12-04 16:57 - 00000000 ____D C:\ProgramData\McAfee
2013-12-04 16:57 - 2013-12-04 16:57 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2013-12-04 14:35 - 2013-12-04 14:35 - 00000000 ____D C:\Program Files (x86)\Hayrat Neþriyat
2013-12-04 14:19 - 2013-12-04 14:19 - 00388608 _____ (Trend Micro Inc.) C:\Users\Burak\Downloads\HijackThis (1).exe
2013-11-27 17:30 - 2013-11-27 17:30 - 00000000 ____D C:\Users\Burak\AppData\Roaming\LolClientID1
2013-11-14 12:53 - 2013-11-14 12:53 - 00000877 _____ C:\Users\Burak\Desktop\Checksum.exe - Verknüpfung.lnk
2013-11-12 00:21 - 2013-11-12 00:21 - 00000065 _____ C:\Users\Burak\Desktop\Naruto Sages15.url
2013-11-06 00:29 - 2013-02-01 21:07 - 01543680 _____ (Home of Gamehacking) C:\Users\Burak\Desktop\me3v15+12tr.exe
2013-11-06 00:16 - 2013-11-06 00:17 - 00000000 ____D C:\Windows\RazorDOX
2013-11-06 00:16 - 2013-11-06 00:16 - 00133166 _____ C:\Users\Burak\Downloads\rzr-me3t.rar
2013-11-05 22:55 - 2013-11-05 22:55 - 00656825 _____ C:\Users\Burak\Downloads\me3_readness_level_cheat.rar
2013-11-05 18:06 - 2013-11-05 18:06 - 00000992 _____ C:\Users\Burak\Desktop\TinyPic.lnk
2013-11-05 18:06 - 2013-11-05 18:06 - 00000000 ____D C:\Program Files (x86)\Tinypic
2013-11-05 17:37 - 2013-11-05 17:37 - 00817776 _____ C:\Windows\SysWOW64\~.tmp
==================== One Month Modified Files and Folders =======
2013-12-04 17:10 - 2013-12-04 17:05 - 00020320 _____ C:\Users\Burak\Downloads\FRST.txt
2013-12-04 17:01 - 2013-12-04 17:01 - 01959614 _____ (Farbar) C:\Users\Burak\Downloads\FRST64.exe
2013-12-04 17:01 - 2013-12-04 17:01 - 00377856 _____ C:\Users\Burak\Downloads\gmer_2.1.19163.exe
2013-12-04 16:58 - 2009-10-14 23:36 - 00000000 ____D C:\Users\Burak\AppData\Local\Adobe
2013-12-04 16:57 - 2013-12-04 16:57 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-04 16:57 - 2013-12-04 16:57 - 00002167 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-12-04 16:57 - 2013-12-04 16:57 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-04 16:57 - 2013-12-04 16:57 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-12-04 16:57 - 2013-12-04 16:57 - 00000000 ____D C:\ProgramData\McAfee
2013-12-04 16:57 - 2013-12-04 16:57 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2013-12-04 16:57 - 2012-04-11 14:46 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-04 16:57 - 2011-05-19 19:09 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-04 16:49 - 2012-03-08 22:19 - 00000000 ____D C:\Users\Burak\AppData\Local\PMB Files
2013-12-04 16:49 - 2012-03-08 22:19 - 00000000 ____D C:\ProgramData\PMB Files
2013-12-04 16:21 - 2013-10-05 18:05 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-04 14:35 - 2013-12-04 14:35 - 00000000 ____D C:\Program Files (x86)\Hayrat Neþriyat
2013-12-04 14:22 - 2013-07-06 22:43 - 00000000 ____D C:\Program Files (x86)\Steam
2013-12-04 14:20 - 2011-07-17 10:24 - 00000000 ____D C:\Users\Burak\AppData\Roaming\Nitro PDF
2013-12-04 14:20 - 2009-10-15 15:09 - 00009201 _____ C:\Users\Burak\Documents\hijackthis.log
2013-12-04 14:19 - 2013-12-04 14:19 - 00388608 _____ (Trend Micro Inc.) C:\Users\Burak\Downloads\HijackThis (1).exe
2013-12-04 13:23 - 2013-03-02 13:15 - 01587094 ____N C:\Windows\WindowsUpdate.log
2013-12-04 13:23 - 2009-07-14 05:45 - 00013280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-04 13:23 - 2009-07-14 05:45 - 00013280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-04 13:16 - 2013-10-05 18:05 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-04 13:16 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-03 00:27 - 2013-03-02 13:06 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-12-02 00:16 - 2013-10-05 18:05 - 00004104 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-02 00:16 - 2013-10-05 18:05 - 00003852 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-27 23:33 - 2012-09-26 23:20 - 00000000 ____D C:\Users\Burak\AppData\Roaming\vlc
2013-11-27 21:15 - 2013-08-20 20:01 - 00001067 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-11-27 17:30 - 2013-11-27 17:30 - 00000000 ____D C:\Users\Burak\AppData\Roaming\LolClientID1
2013-11-26 13:09 - 2013-05-15 16:28 - 00000000 ____D C:\Users\Burak\Documents\Bewerbung_Arbeitsstelle
2013-11-20 19:18 - 2013-07-21 01:56 - 00000000 ____D C:\Program Files (x86)\Cheat Engine
2013-11-16 01:19 - 2013-10-05 18:06 - 00002176 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-14 12:53 - 2013-11-14 12:53 - 00000877 _____ C:\Users\Burak\Desktop\Checksum.exe - Verknüpfung.lnk
2013-11-12 14:13 - 2009-07-14 18:58 - 00712738 _____ C:\Windows\system32\perfh007.dat
2013-11-12 14:13 - 2009-07-14 18:58 - 00155142 _____ C:\Windows\system32\perfc007.dat
2013-11-12 14:13 - 2009-07-14 06:13 - 01656746 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-12 00:21 - 2013-11-12 00:21 - 00000065 _____ C:\Users\Burak\Desktop\Naruto Sages15.url
2013-11-08 23:35 - 2011-10-15 17:23 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2013-11-06 00:17 - 2013-11-06 00:16 - 00000000 ____D C:\Windows\RazorDOX
2013-11-06 00:16 - 2013-11-06 00:16 - 00133166 _____ C:\Users\Burak\Downloads\rzr-me3t.rar
2013-11-05 22:55 - 2013-11-05 22:55 - 00656825 _____ C:\Users\Burak\Downloads\me3_readness_level_cheat.rar
2013-11-05 18:06 - 2013-11-05 18:06 - 00000992 _____ C:\Users\Burak\Desktop\TinyPic.lnk
2013-11-05 18:06 - 2013-11-05 18:06 - 00000000 ____D C:\Program Files (x86)\Tinypic
2013-11-05 18:01 - 2013-10-30 15:05 - 00001902 _____ C:\Users\Public\Desktop\LOL Recorder.lnk
2013-11-05 18:01 - 2012-04-20 22:33 - 00000000 ____D C:\Program Files (x86)\LOLReplay
2013-11-05 17:37 - 2013-11-05 17:37 - 00817776 _____ C:\Windows\SysWOW64\~.tmp
Files to move or delete:
====================
C:\Users\Public\ClientLibGame.dat
C:\Users\Public\exefile.reg
Some content of TEMP:
====================
C:\Users\Burak\AppData\Local\Temp\npp.6.5.Installer.exe
C:\Users\Burak\AppData\Local\Temp\vlc-2.1.1-win32.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-30 23:06
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2013 02
Ran by Burak at 2013-12-04 17:10:19
Running from C:\Users\Burak\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
@BIOS (x32 Version: 2.08)
Active@ DVD Eraser v 1.1 (x32)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.152)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.5.635)
Adolix Split and Merge PDF v2.1 (x32)
AMD Accelerated Video Transcoding (Version: 13.15.100.30830)
AMD Catalyst Control Center (x32 Version: 2013.0830.1944.33589)
AMD Catalyst Install Manager (Version: 8.0.915.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2013.0830.1944.33589)
AMD Media Foundation Decoders (Version: 1.0.80830.1925)
AMD Steady Video Plug-In (Version: 2.06.0000)
Ashampoo Burning Studio 2010 Advanced (x32 Version: 9.2.4)
Aspell 0.6 Dictionary (Language: de) (x32)
Aspell Data (Installed for Current User) (HKCU)
Aspell Data (x32)
avast! Free Antivirus (x32 Version: 9.0.2006)
AVM FRITZ!Box Dokumentation (x32)
AVR Jungo USB (x32 Version: 10.2)
AVR Studio 5.0 (x32 Version: 5.0.1119)
AVRStudio4 (x32 Version: 4.18.684)
Axife Mouse Recorder DEMO 5.01 (x32)
Bandicam (x32 Version: 1.9.0.397)
Bandisoft MPEG-1 Decoder (x32)
BioShock Infinite (x32)
BioShock Infinite Clash in the Clouds DLC Plus AiO PreOrder DLC - Pack Plus Update v1.1.22.55730 1.0 (x32)
Brother BRAdmin Light 1.18.0000 (x32 Version: 1.18.0000)
Brother MFL-Pro Suite MFC-215C (x32 Version: 1.0.1.0)
Brother MFL-Pro Suite MFC-J415W (x32 Version: 1.0.3.0)
calibre (x32 Version: 0.9.29)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0830.1944.33589)
Catalyst Control Center InstallProxy (x32 Version: 2010.0706.2128.36662)
Catalyst Control Center InstallProxy (x32 Version: 2013.0830.1944.33589)
Catalyst Control Center Localization All (x32 Version: 2013.0830.1944.33589)
CCC Help Chinese Standard (x32 Version: 2012.1116.1514.27190)
CCC Help Chinese Standard (x32 Version: 2013.0830.1943.33589)
CCC Help Chinese Traditional (x32 Version: 2012.1116.1514.27190)
CCC Help Chinese Traditional (x32 Version: 2013.0830.1943.33589)
CCC Help Czech (x32 Version: 2012.1116.1514.27190)
CCC Help Czech (x32 Version: 2013.0830.1943.33589)
CCC Help Danish (x32 Version: 2012.1116.1514.27190)
CCC Help Danish (x32 Version: 2013.0830.1943.33589)
CCC Help Dutch (x32 Version: 2012.1116.1514.27190)
CCC Help Dutch (x32 Version: 2013.0830.1943.33589)
CCC Help English (x32 Version: 2012.1116.1514.27190)
CCC Help English (x32 Version: 2013.0830.1943.33589)
CCC Help Finnish (x32 Version: 2012.1116.1514.27190)
CCC Help Finnish (x32 Version: 2013.0830.1943.33589)
CCC Help French (x32 Version: 2012.1116.1514.27190)
CCC Help French (x32 Version: 2013.0830.1943.33589)
CCC Help German (x32 Version: 2012.1116.1514.27190)
CCC Help German (x32 Version: 2013.0830.1943.33589)
CCC Help Greek (x32 Version: 2012.1116.1514.27190)
CCC Help Greek (x32 Version: 2013.0830.1943.33589)
CCC Help Hungarian (x32 Version: 2012.1116.1514.27190)
CCC Help Hungarian (x32 Version: 2013.0830.1943.33589)
CCC Help Italian (x32 Version: 2012.1116.1514.27190)
CCC Help Italian (x32 Version: 2013.0830.1943.33589)
CCC Help Japanese (x32 Version: 2012.1116.1514.27190)
CCC Help Japanese (x32 Version: 2013.0830.1943.33589)
CCC Help Korean (x32 Version: 2012.1116.1514.27190)
CCC Help Korean (x32 Version: 2013.0830.1943.33589)
CCC Help Norwegian (x32 Version: 2012.1116.1514.27190)
CCC Help Norwegian (x32 Version: 2013.0830.1943.33589)
CCC Help Polish (x32 Version: 2012.1116.1514.27190)
CCC Help Polish (x32 Version: 2013.0830.1943.33589)
CCC Help Portuguese (x32 Version: 2012.1116.1514.27190)
CCC Help Portuguese (x32 Version: 2013.0830.1943.33589)
CCC Help Russian (x32 Version: 2012.1116.1514.27190)
CCC Help Russian (x32 Version: 2013.0830.1943.33589)
CCC Help Spanish (x32 Version: 2012.1116.1514.27190)
CCC Help Spanish (x32 Version: 2013.0830.1943.33589)
CCC Help Swedish (x32 Version: 2012.1116.1514.27190)
CCC Help Swedish (x32 Version: 2013.0830.1943.33589)
CCC Help Thai (x32 Version: 2012.1116.1514.27190)
CCC Help Thai (x32 Version: 2013.0830.1943.33589)
CCC Help Turkish (x32 Version: 2012.1116.1514.27190)
CCC Help Turkish (x32 Version: 2013.0830.1943.33589)
ccc-utility64 (Version: 2013.0830.1944.33589)
CCleaner (Version: 4.06)
Cheat Engine 5.6.1 (x32)
CloneCD (x32)
CodeBlocks (HKCU Version: 10.05)
Counter-Strike: Source (x32 Version: 1.0.0.0)
Counter-Strike: Source (x32)
Counter-Strike: Source Beta (x32)
CPUID CPU-Z 1.66.1
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Lite (x32 Version: 4.41.3.0173)
Dead Space™ 2 (x32 Version: 1.0.941.0)
DeepBurner v1.9.0.228 (x32)
Dishonored Die Maske des Zorns Game of the Year Edition MULTI-2 1.0 (x32)
DivX-Setup (x32 Version: 2.6.1.24)
doPDF 7.2 printer
Dota 2 (x32)
Dr. Hardware 2013 13.5d (x32)
Dragon Age 2 DLC Pack 1 1.00 (x32)
Dragon Age II (x32 Version: 1.03)
Dragon Age II Patch 1.03 precracked 1.00 (x32)
EAGLE 5.10.0 (x32 Version: 5.10.0)
EAGLE 5.11.0 (x32 Version: 5.11.0)
EAGLE 6.2.0 (x32 Version: 6.2.0)
Easy Tune 6 B10.0528.1 (x32 Version: 1.00.0000)
EasyCODE 9.0 Development Suite (x32 Version: 9.00.0000)
Fable III (x32 Version: 1.0.0001.131)
Fotogalerie (x32 Version: 16.4.3508.0205)
Fraps (remove only) (x32)
Free YouTube Download version 3.2.11.812 (x32 Version: 3.2.11.812)
Freemake Video Converter Version 4.0.4 (x32 Version: 4.0.4)
Garmin POI Loader (x32 Version: 2.5.4.0)
Garmin USB Drivers (x32 Version: 2.3.0.0)
Garmin WebUpdater (x32 Version: 2.4.2)
GmapTool 0.5.6a (x32)
Google Chrome (x32 Version: 31.0.1650.57)
Google Update Helper (x32 Version: 1.3.22.3)
Governor of Poker 2 Premium Edition v1.0 Multi (x32)
Heroes of Newerth (x32 Version: 2.3.0)
HiJackThis (x32 Version: 1.0.0)
HI-TECH C51-lite V9.60PL0 (x32 Version: 9.60)
HI-TECH PICC lite V9.60PL0 (x32 Version: 9.60)
IrfanView (remove only) (x32 Version: 4.36)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Java(TM) 6 Update 27 (x32 Version: 6.0.270)
Java(TM) 6 Update 39 (64-bit) (Version: 6.0.390)
Java(TM) SE Development Kit 6 Update 24 (x32 Version: 1.6.0.240)
JDownloader (x32 Version: 0.89)
JDownloader 0.9 (x32 Version: 0.9)
K-Lite Codec Pack 7.0.0 (Standard) (x32 Version: 7.0.0)
League of Legends (x32 Version: 3.0.1)
LOLReplay (x32 Version: 0.8.5.0)
Mass Effect 2 (x32 Version: 1.02)
Mass Effect 3 - Ultimate Edition (x32 Version: 1.5.5427.124)
McAfee Security Scan Plus (x32 Version: 3.0.285.6)
MegaTrainer eXperience V1.1.4.3 (x32)
MF Shutdown Manager 1.0.1 (x32 Version: 1.0.1)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 1.1 (x32)
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (x32 Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server 2008 R2 Management Objects (x32 Version: 10.50.1447.4)
Microsoft SQL Server System CLR Types (x32 Version: 10.50.1447.4)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (x32 Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (x32 Version: 9.0.30729.4974)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 (x32 Version: 10.0.30319)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (x32 Version: 11.0.50727.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (x32 Version: 11.0.50727.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (x32 Version: 10.0.30319)
MinGW-Get version 0.5-beta-20120426-1 (x32 Version: 0.5-beta-20120426-1)
MotoCast (x32 Version: 2.0.31)
Motorola Device Manager (x32 Version: 2.3.9)
Motorola Device Software Update (x32 Version: 13.02.1402)
MOTOROLA MEDIA LINK (x32 Version: 1.9.0002.0)
Motorola Mobile Drivers Installation 6.0.0 (Version: 6.0.0)
Mouse Recorder Pro 1.3 (x32)
Movie Maker (x32 Version: 16.4.3508.0205)
MozBackup 1.4.9 (x32)
Mozilla Firefox 14.0.1 (x86 de) (x32 Version: 14.0.1)
Mozilla Maintenance Service (x32 Version: 14.0.1)
MSVC80_x64_v2 (Version: 1.0.3.0)
MSVC80_x86_v2 (x32 Version: 1.0.3.0)
MSVC90_x64 (Version: 1.0.1.2)
MSVC90_x86 (x32 Version: 1.0.1.2)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
NetMeter 1.1.4 BETA (x32)
Nexus Mod Manager (Version: 0.44.7)
NI Circuit Design Suite 11.0 Core (x32 Version: 11.0.278)
NI Circuit Design Suite 11.0 Edu Licenses (x32 Version: 11.0.278)
NI Circuit Design Suite 11.0 Education (x32 Version: 11.0.278)
NI EULA Depot (x32 Version: 2.71.128)
NI Example Finder 9.0 (x32 Version: 9.0.136.0)
NI Help Assistant (64bit) (Version: 1.0.10)
NI Help Assistant (x32 Version: 1.0.10)
NI LabVIEW Real-Time NBFifo (x32 Version: 8.6.348.0)
NI LabVIEW Real-Time NBFifo (x32 Version: 9.0.222.0)
NI LabVIEW Run-Time Engine 2009 (x32 Version: 9.0.315.0)
NI LabVIEW Run-Time Engine 8.6.1 (x32 Version: 8.6.426.0)
NI LabVIEW Run-Time Engine Interop 2009 (x32 Version: 9.0.78.0)
NI LabVIEW Run-Time Engine Web Services (x32 Version: 9.0.197.0)
NI LabVIEW Web Server for Run-Time Engine (x32 Version: 8.6.41.0)
NI LabVIEW Web Server for Run-Time Engine (x32 Version: 9.0.185.0)
NI LabVIEW Web Services Runtime (x32 Version: 8.6.48.0)
NI LabWindows/CVI 9.0.1 Run-Time Engine (x32 Version: 9.0.1376)
NI License Manager (x32 Version: 3.4.28)
NI Logos 5.1 (x32 Version: 5.1.118.0)
NI Logos XT Support (x32 Version: 5.1.66.0)
NI Logos64 5.1 (Version: 5.1.71.0)
NI Logos64 XT Support (Version: 5.1.63.0)
NI Math Kernel Libraries (64-bit) (Version: 1.0.14.0)
NI Math Kernel Libraries (x32 Version: 1.0.28.0)
NI Math Kernel Libraries (x32 Version: 1.0.861.0)
NI MDF Support (x32 Version: 2.71.128)
NI MetaSuite Installer (x32 Version: 2.70.346)
NI Service Locator (x32 Version: 9.0.260.0)
NI TDMS (64-bit) (Version: 2.0.171.0)
NI TDMS (x32 Version: 2.0.171.0)
NI Trace Engine (64-bit) (Version: 9.0.128.0)
NI Trace Engine (x32 Version: 9.0.146.0)
NI Uninstaller (x32 Version: 2.71.128)
NI Update Service 1.0 (x32 Version: 1.1.6.0)
NI Update Service Extras 1.0 (x32 Version: 1.1.6.0)
NI USI 1.7.0 (x32 Version: 1.7.03805)
NI USI 1.7.0 64-Bit (Version: 1.7.03805)
NI VC2005MSMs x64 (Version: 8.01.5)
NI VC2005MSMs x86 (x32 Version: 8.01.5)
NI VC2008MSMs x64 (Version: 9.0.100)
NI VC2008MSMs x86 (x32 Version: 9.0.100)
NI Web Pipeline 2.0.1 (x32 Version: 2.0.128.0)
NI Web Pipeline 2.0.1 64-bit support (Version: 2.0.122.0)
Nitro Reader 2 (Version: 2.4.1.1)
nLite 1.4.9.1 (x32 Version: 1.4.9.1)
Nokia Connectivity Cable Driver (x32 Version: 7.1.45.0)
Nokia PC Suite (x32 Version: 7.1.62.1)
Nokia Software Updater (x32 Version: 02.05.008.43342)
Notepad++ (x32 Version: 6.4.5)
Nuance PDF Professional 6 (Version: 6.00.6401)
NVIDIA PhysX (x32 Version: 9.12.1031)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenOffice.org 3.2 (x32 Version: 3.2.9502)
Opera 11.01 (x32 Version: 11.01)
Opera 12.16 (x32 Version: 12.16.1860)
Ovi Desktop Sync Engine (x32 Version: 1.4.78.0)
OviMPlatform (x32 Version: 2.6.195.0)
Pando Media Booster (x32 Version: 2.6.0.7)
PC Connectivity Solution (x32 Version: 11.4.19.0)
PDF-Viewer (Version: 2.5.197.0)
Photo Common (x32 Version: 16.4.3508.0205)
Photo Gallery (x32 Version: 16.4.3508.0205)
PhotoScape (x32)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6873)
Revo Uninstaller Pro 3.0.7 (Version: 3.0.7)
Samsung Kies (x32 Version: 2.1.0.11112_41)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.4.0)
Scansoft PDF Professional (x32)
Secure Download Manager (x32 Version: 3.1.10)
Security Task Manager 1.7 (x32 Version: 1.7)
Shogun™2 - Total War DELUXE EDITION (x32 Version: 1.1 (Build 3.444))
Sid Meier's Civilization V (x32 Version: Sid Meier's Civilization V)
Skype™ 5.5 (x32 Version: 5.5.124)
Software von National Instruments (x32 Version: )
SpeedFan (remove only) (x32)
Star Wars: The Old Republic (x32 Version: 1.00)
Steam (x32 Version: 1.0.0.0)
swMSM (x32 Version: 12.0.0.1)
System Requirements Lab (x32 Version: 4.1.71.0)
TeamSpeak 3 Client
TeamViewer 6 (x32 Version: 6.0.10194)
The Elder Scrolls V - Skyrim (x32)
The Elder Scrolls V Skyrim - Dawnguard DLC Deutsche Version 1.00 (x32)
The Witcher 2 - Assassins of Kings (x32)
Tinypic 3.18 (x32 Version: Tinypic 3.18)
Total Video Converter 3.50 (x32)
Transparent Screen Lock for Win2000 NT and XP v 2.10 (x32)
Trillian (x32)
Ubisoft Game Launcher (x32 Version: 1.0.0.0)
Uninstall 1.0.0.1 (x32)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
Visual C++ 8.0 Runtime Setup Package (x64) (x32 Version: 8.0.0.35)
Visual C++ 8.0 Runtime Setup Package (x64) (x32 Version: 9.0.0.623)
Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2)
VLC media player 2.1.1 (x32 Version: 2.1.1)
WinAVR 20100110 (remove only) (x32 Version: 20100110)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205)
Windows Live Essentials (x32 Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3508.0205)
Windows Live Photo Common (x32 Version: 16.4.3508.0205)
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)
Windows Live SOXE (x32 Version: 16.4.3508.0205)
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)
Windows Live UX Platform (x32 Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
Windows Resource Kit Tools - SubInAcl.exe (x32 Version: 5.2.3790.1164)
Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7) (Version: 02/25/2011 4.7)
Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9) (Version: 02/25/2011 7.01.0.9)
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
WinRAR
Wise Registry Cleaner 7.65 (x32)
XviD MPEG4 Video Codec (remove only) (x32)
==================== Restore Points =========================
01-12-2013 13:39:58 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2009-07-14 03:34 - 2013-10-05 16:52 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0489B220-D95F-48D0-9639-373DBC723D0E} - System32\Tasks\{5D4A0D55-A672-4EE7-8F76-59A6B50927BD} => C:\Users\Burak\Desktop\mmsetup(2).exe
Task: {1741E45D-EF7A-4EA7-8DD8-9E1A1F99404A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {23C67B26-978E-486E-ADAB-0A7BC12DEA4F} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {30B68B1F-36D8-4A50-8D55-BEBC28104B7F} - System32\Tasks\elbyExecuteWithUAC => C:\Program Files (x86)\SlySoft\CloneCD\ExecuteWithUAC.exe [2008-06-27] ()
Task: {37CE48EF-C3C7-4FB4-8B10-604756C2A51F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-05] (Google Inc.)
Task: {395654B4-89B5-4B8F-BA42-5D088D8749DE} - System32\Tasks\{48E0C7CB-9CE6-4C27-A875-44E177A44E24} => C:\Program Files (x86)\JDownloader\JDownloader.exe [2011-04-21] (AppWork UG (haftungsbeschränkt))
Task: {39DFC7AB-A5B8-49C1-8470-EE0F51D7C6FC} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe
Task: {612A33C4-EC33-426D-B67B-1C70E5D2F2E4} - System32\Tasks\MotoCast Update => C:\Program Files (x86)\Motorola Mobility\MotoCast\LiveUpdate\MotoCastUpdate.exe [2012-07-24] ()
Task: {8D338498-9D3F-41EB-9658-F56CE1D9C857} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe
Task: {957E81B9-69CE-40EF-AF51-345C533C0672} - \Dealply No Task File
Task: {9632AF5C-6753-4385-B5CF-268854CC381D} - System32\Tasks\{551D8548-C740-4D95-9662-6652FA227E4D} => C:\Users\Burak\Desktop\mmsetup(2).exe
Task: {A942461D-FA9C-4C6C-843F-192488E54464} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-10-21] (AVAST Software)
Task: {B6FA32C3-5CBE-4F96-A7D4-A3B3F054D71B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-05] (Google Inc.)
Task: {BD57AA68-5648-4C04-8871-1FBCA061476F} - System32\Tasks\{2C25C038-200B-40E9-9090-1BEF4B73E7B2} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.114/de/abandoninstall?page=tsMain
Task: {C2EFF56B-392B-4512-80CD-BBDAFD164F8A} - System32\Tasks\{C16A0346-685D-4AB5-A176-4F9465D5E3E0} => C:\Program Files (x86)\JDownloader\JDownloader.exe [2011-04-21] (AppWork UG (haftungsbeschränkt))
Task: {C6735887-6BE0-4C36-926A-6D7963B7666C} - System32\Tasks\{08B4B505-7FEB-40C0-BD18-0600CCB2DCDC} => C:\Users\Burak\Desktop\mmsetup(2).exe
Task: {D4E19767-DA75-46DC-8D14-09016D843F25} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-04] (Adobe Systems Incorporated)
Task: {F8D0B3CC-82D7-4D10-8AAC-9614AC4C8E09} - \AmiUpdXp No Task File
Task: {FAFAA2C8-5630-4125-B89E-0CF6C39C700A} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2009-10-17 11:41 - 2009-08-16 16:06 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2012-06-18 16:24 - 2012-06-18 16:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2011-02-28 13:16 - 2005-03-12 00:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2013-08-30 18:47 - 2013-08-30 18:47 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-12-03 22:01 - 2013-12-03 19:46 - 02151424 _____ () C:\Program Files\AVAST Software\Avast\defs\13120301\algo.dll
2013-11-05 09:04 - 2013-11-05 09:04 - 00377856 _____ () C:\Program Files (x86)\LOLReplay\LOLUtils.dll
2013-09-06 17:12 - 2013-09-06 17:12 - 00040448 _____ () C:\Program Files (x86)\LOLReplay\Compression.dll
2013-10-21 11:36 - 2013-10-21 11:36 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-11-16 01:19 - 2013-11-14 12:28 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
2013-11-16 01:19 - 2013-11-14 12:28 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libegl.dll
2013-11-16 01:19 - 2013-11-14 12:29 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
2013-11-16 01:19 - 2013-11-14 12:29 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
2013-11-16 01:19 - 2013-11-14 12:28 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
2013-11-16 01:19 - 2013-11-14 12:29 - 13582800 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:527B6DAD
AlternateDataStreams: C:\ProgramData\TEMP:8E55808C
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: AODDriver4.2
Description: AODDriver4.2
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AODDriver4.2
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/02/2013 00:05:03 AM) (Source: Application Hang) (User: )
Description: Programm League of Legends.exe, Version 3.15.0.144 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 718
Startzeit: 01ceeee41cd2b05f
Endzeit: 97
Anwendungspfad: C:\Users\Burak\Desktop\LOLPBE\RADS\solutions\lol_game_client_sln\releases\0.0.1.213\deploy\League of Legends.exe
Berichts-ID:
Error: (12/01/2013 01:20:35 PM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (12/01/2013 01:20:35 PM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.
Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (12/01/2013 01:20:35 PM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (12/01/2013 01:20:35 PM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)
Error: (12/01/2013 01:20:34 PM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (12/01/2013 01:20:34 PM) (Source: Windows Search Service) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800)
Error: (12/01/2013 01:20:34 PM) (Source: Windows Search Service) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (12/01/2013 01:20:34 PM) (Source: Windows Search Service) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (12/01/2013 01:20:34 PM) (Source: Windows Search Service) (User: )
Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.
Details:
0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800))
System errors:
=============
Error: (12/04/2013 01:27:18 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Error: (12/04/2013 01:27:18 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Error: (12/04/2013 01:27:18 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Error: (12/04/2013 01:27:18 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Error: (12/04/2013 01:27:18 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801
Error: (12/04/2013 01:27:18 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801
Error: (12/04/2013 01:17:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Error: (12/04/2013 01:17:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Error: (12/04/2013 01:17:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Error: (12/04/2013 01:17:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Microsoft Office Sessions:
=========================
Error: (12/02/2013 00:05:03 AM) (Source: Application Hang)(User: )
Description: League of Legends.exe3.15.0.14471801ceeee41cd2b05f97C:\Users\Burak\Desktop\LOLPBE\RADS\solutions\lol_game_client_sln\releases\0.0.1.213\deploy\League of Legends.exe
Error: (12/01/2013 01:20:35 PM) (Source: Windows Search Service)(User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (12/01/2013 01:20:35 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (12/01/2013 01:20:35 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (12/01/2013 01:20:35 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer
Error: (12/01/2013 01:20:34 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore
Error: (12/01/2013 01:20:34 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800)
Error: (12/01/2013 01:20:34 PM) (Source: Windows Search Service)(User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt
Error: (12/01/2013 01:20:34 PM) (Source: Windows Search Service)(User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
4700
Error: (12/01/2013 01:20:34 PM) (Source: Windows Search Service)(User: )
Description:
Details:
0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800))
CodeIntegrity Errors:
===================================
Date: 2013-10-05 17:49:59.383
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-05 17:49:59.355
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-10-03 13:30:10.979
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Thunder Network\Thunder\XLDoctor\7.1.7.2244_1\Program\tcphoc.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-10-03 13:30:10.979
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Thunder Network\Thunder\XLDoctor\7.1.7.2244_1\Program\tcphoc.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-10-03 13:30:10.823
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Thunder Network\Thunder\XLDoctor\7.1.7.2244_1\Program\tcphoc.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-10-03 13:30:10.808
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Thunder Network\Thunder\XLDoctor\7.1.7.2244_1\Program\tcphoc.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-03-02 13:34:31.762
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Burak\AppData\Local\Temp\mc282A8.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-03-02 13:34:31.758
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Burak\AppData\Local\Temp\mc282A8.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2010-09-08 02:21:02.921
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Ray Adams\ATI Tray Tools\atitray64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2010-09-08 02:21:02.921
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Ray Adams\ATI Tray Tools\atitray64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 25%
Total physical RAM: 8190.49 MB
Available physical RAM: 6106.23 MB
Total Pagefile: 14332.63 MB
Available Pagefile: 11845.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (C) (Fixed) (Total:596.16 GB) (Free:168.26 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 30AE30AD)
Partition 1: (Active) - (Size=596 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
05.12.2013, 20:02
| #4 |
| | Windows 7: Internetseiten öffnen sich langsamCode:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-12-04 17:27:47
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD6400AAKS-00A7B2 rev.01.03B01 596,17GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Burak\AppData\Local\Temp\pgloqpow.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload fffff88006f70c34 12 bytes {MOV RAX, 0xfffffa80084112a0; JMP RAX}
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c1f760 5 bytes JMP 0000000149c90460
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c1f7b0 5 bytes JMP 0000000149c90450
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c1f910 5 bytes JMP 0000000149c90370
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c1f960 5 bytes JMP 0000000149c90470
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c1f970 5 bytes JMP 0000000149c903e0
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c1fa20 5 bytes JMP 0000000149c90320
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c1fa50 5 bytes JMP 0000000149c903b0
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c1fa70 5 bytes JMP 0000000149c90390
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c1fab0 5 bytes JMP 0000000149c902e0
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c1fb30 5 bytes JMP 0000000149c902d0
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c1fb50 5 bytes JMP 0000000149c90310
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c1fb90 5 bytes JMP 0000000149c903c0
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c1fbe0 5 bytes JMP 0000000149c903f0
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c1fd40 5 bytes JMP 0000000149c90230
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c1ff00 5 bytes JMP 0000000149c90480
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c1ff30 5 bytes JMP 0000000149c903a0
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c20010 5 bytes JMP 0000000149c902f0
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c20020 5 bytes JMP 0000000149c90350
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c20080 5 bytes JMP 0000000149c90290
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c20110 5 bytes JMP 0000000149c902b0
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c20130 5 bytes JMP 0000000149c903d0
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c20140 5 bytes JMP 0000000149c90330
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c201b0 5 bytes JMP 0000000149c90410
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c201e0 5 bytes JMP 0000000149c90240
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c204a0 5 bytes JMP 0000000149c901e0
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c20560 5 bytes JMP 0000000149c90250
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c20590 5 bytes JMP 0000000149c90490
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c205a0 5 bytes JMP 0000000149c904a0
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c205d0 5 bytes JMP 0000000149c90300
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c205e0 5 bytes JMP 0000000149c90360
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c20640 5 bytes JMP 0000000149c902a0
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c20690 5 bytes JMP 0000000149c902c0
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c206c0 5 bytes JMP 0000000149c90380
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c206d0 5 bytes JMP 0000000149c90340
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c209c0 5 bytes JMP 0000000149c90440
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c20bc0 5 bytes JMP 0000000149c90260
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c20bd0 5 bytes JMP 0000000149c90270
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c20be0 5 bytes JMP 0000000149c90400
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c20da0 5 bytes JMP 0000000149c901f0
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c20db0 5 bytes JMP 0000000149c90210
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c20e20 5 bytes JMP 0000000149c90200
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c20e80 5 bytes JMP 0000000149c90420
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c20e90 5 bytes JMP 0000000149c90430
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c20ea0 5 bytes JMP 0000000149c90220
.text C:\Windows\system32\csrss.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c20f80 5 bytes JMP 0000000149c90280
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c1f760 5 bytes JMP 0000000077d80460
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c1f7b0 5 bytes JMP 0000000077d80450
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c1f910 5 bytes JMP 0000000077d80370
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c1f960 5 bytes JMP 0000000077d80470
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c1f970 5 bytes JMP 0000000077d803e0
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c1fa20 5 bytes JMP 0000000077d80320
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c1fa50 5 bytes JMP 0000000077d803b0
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c1fa70 5 bytes JMP 0000000077d80390
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c1fab0 5 bytes JMP 0000000077d802e0
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c1fb30 5 bytes JMP 0000000077d802d0
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c1fb50 5 bytes JMP 0000000077d80310
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c1fb90 5 bytes JMP 0000000077d803c0
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c1fbe0 5 bytes JMP 0000000077d803f0
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c1fd40 5 bytes JMP 0000000077d80230
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c1ff00 5 bytes JMP 0000000077d80480
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c1ff30 5 bytes JMP 0000000077d803a0
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c20010 5 bytes JMP 0000000077d802f0
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c20020 5 bytes JMP 0000000077d80350
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c20080 5 bytes JMP 0000000077d80290
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c20110 5 bytes JMP 0000000077d802b0
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c20130 5 bytes JMP 0000000077d803d0
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c20140 5 bytes JMP 0000000077d80330
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c201b0 5 bytes JMP 0000000077d80410
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c201e0 5 bytes JMP 0000000077d80240
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c204a0 5 bytes JMP 0000000077d801e0
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c20560 5 bytes JMP 0000000077d80250
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c20590 5 bytes JMP 0000000077d80490
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c205a0 5 bytes JMP 0000000077d804a0
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c205d0 5 bytes JMP 0000000077d80300
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c205e0 5 bytes JMP 0000000077d80360
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c20640 5 bytes JMP 0000000077d802a0
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c20690 5 bytes JMP 0000000077d802c0
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c206c0 5 bytes JMP 0000000077d80380
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c206d0 5 bytes JMP 0000000077d80340
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c209c0 5 bytes JMP 0000000077d80440
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c20bc0 5 bytes JMP 0000000077d80260
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c20bd0 5 bytes JMP 0000000077d80270
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c20be0 5 bytes JMP 0000000077d80400
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c20da0 5 bytes JMP 0000000077d801f0
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c20db0 5 bytes JMP 0000000077d80210
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c20e20 5 bytes JMP 0000000077d80200
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c20e80 5 bytes JMP 0000000077d80420
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c20e90 5 bytes JMP 0000000077d80430
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c20ea0 5 bytes JMP 0000000077d80220
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c20f80 5 bytes JMP 0000000077d80280
.text C:\Windows\system32\wininit.exe[536] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b0f1fd 1 byte [62]
.text C:\Windows\system32\csrss.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c1f760 5 bytes JMP 0000000149c90460
.text C:\Windows\system32\csrss.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c1f7b0 5 bytes JMP 0000000149c90450
.text C:\Windows\system32\csrss.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c1f910 5 bytes JMP 0000000149c90370
.text C:\Windows\system32\csrss.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c1f960 5 bytes JMP 0000000149c90470
.text C:\Windows\system32\csrss.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c1f970 5 bytes JMP 0000000149c903e0
.text C:\Windows\system32\csrss.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c1fa20 5 bytes JMP 0000000149c90320
.text C:\Windows\system32\csrss.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c1fa50 5 bytes JMP 0000000149c903b0
.text C:\Windows\system32\csrss.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c1fa70 5 bytes JMP 0000000149c90390
.text C:\Windows\system32\csrss.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c1fab0 5 bytes JMP 0000000149c902e0
.text C:\Windows\system32\csrss.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c1fb30 5 bytes JMP 0000000149c902d0
.text C:\Windows\system32\csrss.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c1fb50 5 bytes JMP 0000000149c90310
.text C:\Windows\system32\csrss.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c1fb90 5 bytes JMP 0000000149c903c0
.text C:\Windows\system32\csrss.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c1fbe0 5 bytes JMP 0000000149c903f0
.text C:\Windows\system32\csrss.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c1fd40 5 bytes JMP 0000000149c90230
.text C:\Windows\system32\csrss.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c1ff00 5 bytes JMP 0000000149c90480
.text C:\Windows\system32\csrss.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c1ff30 5 bytes JMP 0000000149c903a0
.text C:\Windows\system32\csrss.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c20010 5 bytes JMP 0000000149c902f0
.text C:\Windows\system32\csrss.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c20020 5 bytes JMP 0000000149c90350
.text C:\Windows\system32\csrss.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c20080 5 bytes JMP 0000000149c90290
.text C:\Windows\system32\csrss.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c20110 5 bytes JMP 0000000149c902b0
.text C:\Windows\system32\csrss.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c20130 5 bytes JMP 0000000149c903d0
.text C:\Windows\system32\csrss.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c20140 5 bytes JMP 0000000149c90330
.text C:\Windows\system32\csrss.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c201b0 5 bytes JMP 0000000149c90410
.text C:\Windows\system32\csrss.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c201e0 5 bytes JMP 0000000149c90240
.text C:\Windows\system32\csrss.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c204a0 5 bytes JMP 0000000149c901e0
.text C:\Windows\system32\csrss.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c20560 5 bytes JMP 0000000149c90250
.text C:\Windows\system32\csrss.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c20590 5 bytes JMP 0000000149c90490
.text C:\Windows\system32\csrss.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c205a0 5 bytes JMP 0000000149c904a0
.text C:\Windows\system32\csrss.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c205d0 5 bytes JMP 0000000149c90300
.text C:\Windows\system32\csrss.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c205e0 5 bytes JMP 0000000149c90360
.text C:\Windows\system32\csrss.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c20640 5 bytes JMP 0000000149c902a0
.text C:\Windows\system32\csrss.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c20690 5 bytes JMP 0000000149c902c0
.text C:\Windows\system32\csrss.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c206c0 5 bytes JMP 0000000149c90380
.text C:\Windows\system32\csrss.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c206d0 5 bytes JMP 0000000149c90340
.text C:\Windows\system32\csrss.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c209c0 5 bytes JMP 0000000149c90440
.text C:\Windows\system32\csrss.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c20bc0 5 bytes JMP 0000000149c90260
.text C:\Windows\system32\csrss.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c20bd0 5 bytes JMP 0000000149c90270
.text C:\Windows\system32\csrss.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c20be0 5 bytes JMP 0000000149c90400
.text C:\Windows\system32\csrss.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c20da0 5 bytes JMP 0000000149c901f0
.text C:\Windows\system32\csrss.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c20db0 5 bytes JMP 0000000149c90210
.text C:\Windows\system32\csrss.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c20e20 5 bytes JMP 0000000149c90200
.text C:\Windows\system32\csrss.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c20e80 5 bytes JMP 0000000149c90420
.text C:\Windows\system32\csrss.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c20e90 5 bytes JMP 0000000149c90430
.text C:\Windows\system32\csrss.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c20ea0 5 bytes JMP 0000000149c90220
.text C:\Windows\system32\csrss.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c20f80 5 bytes JMP 0000000149c90280
.text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c1f760 5 bytes JMP 0000000077d80460
.text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c1f7b0 5 bytes JMP 0000000077d80450
.text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c1f910 5 bytes JMP 0000000077d80370
.text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c1f960 5 bytes JMP 0000000077d80470
.text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c1f970 5 bytes JMP 0000000077d803e0
.text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c1fa20 5 bytes JMP 0000000077d80320
.text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c1fa50 5 bytes JMP 0000000077d803b0
.text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c1fa70 5 bytes JMP 0000000077d80390
.text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c1fab0 5 bytes JMP 0000000077d802e0
.text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c1fb30 5 bytes JMP 0000000077d802d0
.text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c1fb50 5 bytes JMP 0000000077d80310
.text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c1fb90 5 bytes JMP 0000000077d803c0
.text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c1fbe0 5 bytes JMP 0000000077d803f0
.text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c1fd40 5 bytes JMP 0000000077d80230
.text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c1ff00 5 bytes JMP 0000000077d80480
.text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c1ff30 5 bytes JMP 0000000077d803a0
.text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c20010 5 bytes JMP 0000000077d802f0
.text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c20020 5 bytes JMP 0000000077d80350
.text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c20080 5 bytes JMP 0000000077d80290
.text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c20110 5 bytes JMP 0000000077d802b0
.text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c20130 5 bytes JMP 0000000077d803d0
.text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c20140 5 bytes JMP 0000000077d80330
.text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c201b0 5 bytes JMP 0000000077d80410
.text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c201e0 5 bytes JMP 0000000077d80240
.text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c204a0 5 bytes JMP 0000000077d801e0
.text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c20560 5 bytes JMP 0000000077d80250
.text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c20590 5 bytes JMP 0000000077d80490
.text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c205a0 5 bytes JMP 0000000077d804a0
.text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c205d0 5 bytes JMP 0000000077d80300
.text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c205e0 5 bytes JMP 0000000077d80360
.text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c20640 5 bytes JMP 0000000077d802a0
.text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c20690 5 bytes JMP 0000000077d802c0
.text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c206c0 5 bytes JMP 0000000077d80380
.text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c206d0 5 bytes JMP 0000000077d80340
.text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c209c0 5 bytes JMP 0000000077d80440
.text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c20bc0 5 bytes JMP 0000000077d80260
.text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c20bd0 5 bytes JMP 0000000077d80270
.text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c20be0 5 bytes JMP 0000000077d80400
.text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c20da0 5 bytes JMP 0000000077d801f0
.text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c20db0 5 bytes JMP 0000000077d80210
.text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c20e20 5 bytes JMP 0000000077d80200
.text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c20e80 5 bytes JMP 0000000077d80420
.text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c20e90 5 bytes JMP 0000000077d80430
.text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c20ea0 5 bytes JMP 0000000077d80220
.text C:\Windows\system32\services.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c20f80 5 bytes JMP 0000000077d80280
.text C:\Windows\system32\services.exe[596] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b0f1fd 1 byte [62]
.text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c1f760 5 bytes JMP 0000000077d80460
.text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c1f7b0 5 bytes JMP 0000000077d80450
.text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c1f910 5 bytes JMP 0000000077d80370
.text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c1f960 5 bytes JMP 0000000077d80470
.text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c1f970 5 bytes JMP 0000000077d803e0
.text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c1fa20 5 bytes JMP 0000000077d80320
.text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c1fa50 5 bytes JMP 0000000077d803b0
.text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c1fa70 5 bytes JMP 0000000077d80390
.text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c1fab0 5 bytes JMP 0000000077d802e0
.text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c1fb30 5 bytes JMP 0000000077d802d0
.text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c1fb50 5 bytes JMP 0000000077d80310
.text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c1fb90 5 bytes JMP 0000000077d803c0
.text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c1fbe0 5 bytes JMP 0000000077d803f0
.text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c1fd40 5 bytes JMP 0000000077d80230
.text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c1ff00 5 bytes JMP 0000000077d80480
.text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c1ff30 5 bytes JMP 0000000077d803a0
.text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c20010 5 bytes JMP 0000000077d802f0
.text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c20020 5 bytes JMP 0000000077d80350
.text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c20080 5 bytes JMP 0000000077d80290
.text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c20110 5 bytes JMP 0000000077d802b0
.text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c20130 5 bytes JMP 0000000077d803d0
.text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c20140 5 bytes JMP 0000000077d80330
.text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c201b0 5 bytes JMP 0000000077d80410
.text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c201e0 5 bytes JMP 0000000077d80240
.text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c204a0 5 bytes JMP 0000000077d801e0
.text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c20560 5 bytes JMP 0000000077d80250
.text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c20590 5 bytes JMP 0000000077d80490
.text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c205a0 5 bytes JMP 0000000077d804a0
.text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c205d0 5 bytes JMP 0000000077d80300
.text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c205e0 5 bytes JMP 0000000077d80360
.text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c20640 5 bytes JMP 0000000077d802a0
.text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c20690 5 bytes JMP 0000000077d802c0
.text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c206c0 5 bytes JMP 0000000077d80380
.text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c206d0 5 bytes JMP 0000000077d80340
.text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c209c0 5 bytes JMP 0000000077d80440
.text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c20bc0 5 bytes JMP 0000000077d80260
.text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c20bd0 5 bytes JMP 0000000077d80270
.text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c20be0 5 bytes JMP 0000000077d80400
.text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c20da0 5 bytes JMP 0000000077d801f0
.text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c20db0 5 bytes JMP 0000000077d80210
.text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c20e20 5 bytes JMP 0000000077d80200
.text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c20e80 5 bytes JMP 0000000077d80420
.text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c20e90 5 bytes JMP 0000000077d80430
.text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c20ea0 5 bytes JMP 0000000077d80220
.text C:\Windows\system32\lsass.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c20f80 5 bytes JMP 0000000077d80280
.text C:\Windows\system32\lsass.exe[616] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b0f1fd 1 byte [62]
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c1f760 5 bytes JMP 0000000077d80460
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c1f7b0 5 bytes JMP 0000000077d80450
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c1f910 5 bytes JMP 0000000077d80370
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c1f960 5 bytes JMP 0000000077d80470
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c1f970 5 bytes JMP 0000000077d803e0
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c1fa20 5 bytes JMP 0000000077d80320
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c1fa50 5 bytes JMP 0000000077d803b0
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c1fa70 5 bytes JMP 0000000077d80390
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c1fab0 5 bytes JMP 0000000077d802e0
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c1fb30 5 bytes JMP 0000000077d802d0
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c1fb50 5 bytes JMP 0000000077d80310
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c1fb90 5 bytes JMP 0000000077d803c0
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c1fbe0 5 bytes JMP 0000000077d803f0
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c1fd40 5 bytes JMP 0000000077d80230
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c1ff00 5 bytes JMP 0000000077d80480
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c1ff30 5 bytes JMP 0000000077d803a0
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c20010 5 bytes JMP 0000000077d802f0
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c20020 5 bytes JMP 0000000077d80350
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c20080 5 bytes JMP 0000000077d80290
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c20110 5 bytes JMP 0000000077d802b0
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c20130 5 bytes JMP 0000000077d803d0
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c20140 5 bytes JMP 0000000077d80330
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c201b0 5 bytes JMP 0000000077d80410
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c201e0 5 bytes JMP 0000000077d80240
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c204a0 5 bytes JMP 0000000077d801e0
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c20560 5 bytes JMP 0000000077d80250
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c20590 5 bytes JMP 0000000077d80490
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c205a0 5 bytes JMP 0000000077d804a0
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c205d0 5 bytes JMP 0000000077d80300
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c205e0 5 bytes JMP 0000000077d80360
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c20640 5 bytes JMP 0000000077d802a0
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c20690 5 bytes JMP 0000000077d802c0
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c206c0 5 bytes JMP 0000000077d80380
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c206d0 5 bytes JMP 0000000077d80340
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c209c0 5 bytes JMP 0000000077d80440
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c20bc0 5 bytes JMP 0000000077d80260
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c20bd0 5 bytes JMP 0000000077d80270
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c20be0 5 bytes JMP 0000000077d80400
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c20da0 5 bytes JMP 0000000077d801f0
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c20db0 5 bytes JMP 0000000077d80210
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c20e20 5 bytes JMP 0000000077d80200
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c20e80 5 bytes JMP 0000000077d80420
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c20e90 5 bytes JMP 0000000077d80430
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c20ea0 5 bytes JMP 0000000077d80220
.text C:\Windows\system32\lsm.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c20f80 5 bytes JMP 0000000077d80280
.text C:\Windows\system32\winlogon.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c1f760 5 bytes JMP 0000000100040460
.text C:\Windows\system32\winlogon.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c1f7b0 5 bytes JMP 0000000100040450
.text C:\Windows\system32\winlogon.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c1f910 5 bytes JMP 0000000100040370
.text C:\Windows\system32\winlogon.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c1f960 5 bytes JMP 0000000100040470
.text C:\Windows\system32\winlogon.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c1f970 5 bytes JMP 00000001000403e0
.text C:\Windows\system32\winlogon.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c1fa20 5 bytes JMP 0000000100040320
.text C:\Windows\system32\winlogon.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c1fa50 5 bytes JMP 00000001000403b0
.text C:\Windows\system32\winlogon.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c1fa70 5 bytes JMP 0000000100040390
.text C:\Windows\system32\winlogon.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c1fab0 5 bytes JMP 00000001000402e0
.text C:\Windows\system32\winlogon.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c1fb30 5 bytes JMP 00000001000402d0
.text C:\Windows\system32\winlogon.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c1fb50 5 bytes JMP 0000000100040310
.text C:\Windows\system32\winlogon.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c1fb90 5 bytes JMP 00000001000403c0
.text C:\Windows\system32\winlogon.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c1fbe0 5 bytes JMP 00000001000403f0
.text C:\Windows\system32\winlogon.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c1fd40 5 bytes JMP 0000000100040230
.text C:\Windows\system32\winlogon.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c1ff00 5 bytes JMP 0000000100040480
.text C:\Windows\system32\winlogon.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c1ff30 5 bytes JMP 00000001000403a0
.text C:\Windows\system32\winlogon.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c20010 5 bytes JMP 00000001000402f0
.text C:\Windows\system32\winlogon.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c20020 5 bytes JMP 0000000100040350
.text C:\Windows\system32\winlogon.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c20080 5 bytes JMP 0000000100040290
.text C:\Windows\system32\winlogon.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c20110 5 bytes JMP 00000001000402b0
.text C:\Windows\system32\winlogon.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c20130 5 bytes JMP 00000001000403d0
.text C:\Windows\system32\winlogon.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c20140 5 bytes JMP 0000000100040330
.text C:\Windows\system32\winlogon.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c201b0 5 bytes JMP 0000000100040410
.text C:\Windows\system32\winlogon.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c201e0 5 bytes JMP 0000000100040240
.text C:\Windows\system32\winlogon.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c204a0 5 bytes JMP 00000001000401e0
.text C:\Windows\system32\winlogon.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c20560 5 bytes JMP 0000000100040250
.text C:\Windows\system32\winlogon.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c20590 5 bytes JMP 0000000100040490
.text C:\Windows\system32\winlogon.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c205a0 5 bytes JMP 00000001000404a0
.text C:\Windows\system32\winlogon.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c205d0 5 bytes JMP 0000000100040300
.text C:\Windows\system32\winlogon.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c205e0 5 bytes JMP 0000000100040360
.text C:\Windows\system32\winlogon.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c20640 5 bytes JMP 00000001000402a0
.text C:\Windows\system32\winlogon.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c20690 5 bytes JMP 00000001000402c0
.text C:\Windows\system32\winlogon.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c206c0 5 bytes JMP 0000000100040380
.text C:\Windows\system32\winlogon.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c206d0 5 bytes JMP 0000000100040340
.text C:\Windows\system32\winlogon.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c209c0 5 bytes JMP 0000000100040440
.text C:\Windows\system32\winlogon.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c20bc0 5 bytes JMP 0000000100040260
.text C:\Windows\system32\winlogon.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c20bd0 5 bytes JMP 0000000100040270
.text C:\Windows\system32\winlogon.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c20be0 5 bytes JMP 0000000100040400
.text C:\Windows\system32\winlogon.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c20da0 5 bytes JMP 00000001000401f0
.text C:\Windows\system32\winlogon.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c20db0 5 bytes JMP 0000000100040210
.text C:\Windows\system32\winlogon.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c20e20 5 bytes JMP 0000000100040200
.text C:\Windows\system32\winlogon.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c20e80 5 bytes JMP 0000000100040420
.text C:\Windows\system32\winlogon.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c20e90 5 bytes JMP 0000000100040430
.text C:\Windows\system32\winlogon.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c20ea0 5 bytes JMP 0000000100040220
.text C:\Windows\system32\winlogon.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c20f80 5 bytes JMP 0000000100040280
.text C:\Windows\system32\winlogon.exe[708] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b0f1fd 1 byte [62]
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c1f760 5 bytes JMP 0000000077d80460
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c1f7b0 5 bytes JMP 0000000077d80450
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c1f910 5 bytes JMP 0000000077d80370
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c1f960 5 bytes JMP 0000000077d80470
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c1f970 5 bytes JMP 0000000077d803e0
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c1fa20 5 bytes JMP 0000000077d80320
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c1fa50 5 bytes JMP 0000000077d803b0
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c1fa70 5 bytes JMP 0000000077d80390
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c1fab0 5 bytes JMP 0000000077d802e0
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c1fb30 5 bytes JMP 0000000077d802d0
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c1fb50 5 bytes JMP 0000000077d80310
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c1fb90 5 bytes JMP 0000000077d803c0
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c1fbe0 5 bytes JMP 0000000077d803f0
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c1fd40 5 bytes JMP 0000000077d80230
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c1ff00 5 bytes JMP 0000000077d80480
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c1ff30 5 bytes JMP 0000000077d803a0
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c20010 5 bytes JMP 0000000077d802f0
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c20020 5 bytes JMP 0000000077d80350
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c20080 5 bytes JMP 0000000077d80290
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c20110 5 bytes JMP 0000000077d802b0
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c20130 5 bytes JMP 0000000077d803d0
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c20140 5 bytes JMP 0000000077d80330
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c201b0 5 bytes JMP 0000000077d80410
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c201e0 5 bytes JMP 0000000077d80240
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c204a0 5 bytes JMP 0000000077d801e0
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c20560 5 bytes JMP 0000000077d80250
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c20590 5 bytes JMP 0000000077d80490
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c205a0 5 bytes JMP 0000000077d804a0
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c205d0 5 bytes JMP 0000000077d80300
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c205e0 5 bytes JMP 0000000077d80360
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c20640 5 bytes JMP 0000000077d802a0
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c20690 5 bytes JMP 0000000077d802c0
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c206c0 5 bytes JMP 0000000077d80380
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c206d0 5 bytes JMP 0000000077d80340
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c209c0 5 bytes JMP 0000000077d80440
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c20bc0 5 bytes JMP 0000000077d80260
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c20bd0 5 bytes JMP 0000000077d80270
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c20be0 5 bytes JMP 0000000077d80400
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c20da0 5 bytes JMP 0000000077d801f0
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c20db0 5 bytes JMP 0000000077d80210
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c20e20 5 bytes JMP 0000000077d80200
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c20e80 5 bytes JMP 0000000077d80420
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c20e90 5 bytes JMP 0000000077d80430
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c20ea0 5 bytes JMP 0000000077d80220
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c20f80 5 bytes JMP 0000000077d80280
.text C:\Windows\system32\svchost.exe[776] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b0f1fd 1 byte [62]
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c1f760 5 bytes JMP 0000000077d80460
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c1f7b0 5 bytes JMP 0000000077d80450
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c1f910 5 bytes JMP 0000000077d80370
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c1f960 5 bytes JMP 0000000077d80470
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c1f970 5 bytes JMP 0000000077d803e0
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c1fa20 5 bytes JMP 0000000077d80320
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c1fa50 5 bytes JMP 0000000077d803b0
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c1fa70 5 bytes JMP 0000000077d80390
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c1fab0 5 bytes JMP 0000000077d802e0
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c1fb30 5 bytes JMP 0000000077d802d0
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c1fb50 5 bytes JMP 0000000077d80310
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c1fb90 5 bytes JMP 0000000077d803c0
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c1fbe0 5 bytes JMP 0000000077d803f0
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c1fd40 5 bytes JMP 0000000077d80230
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c1ff00 5 bytes JMP 0000000077d80480
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c1ff30 5 bytes JMP 0000000077d803a0
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c20010 5 bytes JMP 0000000077d802f0
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c20020 5 bytes JMP 0000000077d80350
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c20080 5 bytes JMP 0000000077d80290
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c20110 5 bytes JMP 0000000077d802b0
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c20130 5 bytes JMP 0000000077d803d0
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c20140 5 bytes JMP 0000000077d80330
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c201b0 5 bytes JMP 0000000077d80410
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c201e0 5 bytes JMP 0000000077d80240
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c204a0 5 bytes JMP 0000000077d801e0
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c20560 5 bytes JMP 0000000077d80250
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c20590 5 bytes JMP 0000000077d80490
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c205a0 5 bytes JMP 0000000077d804a0
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c205d0 5 bytes JMP 0000000077d80300
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c205e0 5 bytes JMP 0000000077d80360
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c20640 5 bytes JMP 0000000077d802a0
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c20690 5 bytes JMP 0000000077d802c0
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c206c0 5 bytes JMP 0000000077d80380
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c206d0 5 bytes JMP 0000000077d80340
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c209c0 5 bytes JMP 0000000077d80440
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c20bc0 5 bytes JMP 0000000077d80260
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c20bd0 5 bytes JMP 0000000077d80270
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c20be0 5 bytes JMP 0000000077d80400
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c20da0 5 bytes JMP 0000000077d801f0
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c20db0 5 bytes JMP 0000000077d80210
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c20e20 5 bytes JMP 0000000077d80200
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c20e80 5 bytes JMP 0000000077d80420
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c20e90 5 bytes JMP 0000000077d80430
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c20ea0 5 bytes JMP 0000000077d80220
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c20f80 5 bytes JMP 0000000077d80280
.text C:\Windows\system32\svchost.exe[868] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b0f1fd 1 byte [62]
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c1f760 5 bytes JMP 0000000077d80460
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c1f7b0 5 bytes JMP 0000000077d80450
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c1f910 5 bytes JMP 0000000077d80370
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c1f960 5 bytes JMP 0000000077d80470
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c1f970 5 bytes JMP 0000000077d803e0
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c1fa20 5 bytes JMP 0000000077d80320
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c1fa50 5 bytes JMP 0000000077d803b0
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c1fa70 5 bytes JMP 0000000077d80390
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c1fab0 5 bytes JMP 0000000077d802e0
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c1fb30 5 bytes JMP 0000000077d802d0
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c1fb50 5 bytes JMP 0000000077d80310
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c1fb90 5 bytes JMP 0000000077d803c0
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c1fbe0 5 bytes JMP 0000000077d803f0
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c1fd40 5 bytes JMP 0000000077d80230
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c1ff00 5 bytes JMP 0000000077d80480
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c1ff30 5 bytes JMP 0000000077d803a0
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c20010 5 bytes JMP 0000000077d802f0
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c20020 5 bytes JMP 0000000077d80350
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c20080 5 bytes JMP 0000000077d80290
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c20110 5 bytes JMP 0000000077d802b0
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c20130 5 bytes JMP 0000000077d803d0
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c20140 5 bytes JMP 0000000077d80330
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c201b0 5 bytes JMP 0000000077d80410
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c201e0 5 bytes JMP 0000000077d80240
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c204a0 5 bytes JMP 0000000077d801e0
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c20560 5 bytes JMP 0000000077d80250
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c20590 5 bytes JMP 0000000077d80490
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c205a0 5 bytes JMP 0000000077d804a0
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c205d0 5 bytes JMP 0000000077d80300
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c205e0 5 bytes JMP 0000000077d80360
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c20640 5 bytes JMP 0000000077d802a0
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c20690 5 bytes JMP 0000000077d802c0
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c206c0 5 bytes JMP 0000000077d80380
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c206d0 5 bytes JMP 0000000077d80340
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c209c0 5 bytes JMP 0000000077d80440
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c20bc0 5 bytes JMP 0000000077d80260
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c20bd0 5 bytes JMP 0000000077d80270
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c20be0 5 bytes JMP 0000000077d80400
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c20da0 5 bytes JMP 0000000077d801f0
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c20db0 5 bytes JMP 0000000077d80210
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c20e20 5 bytes JMP 0000000077d80200
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c20e80 5 bytes JMP 0000000077d80420
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c20e90 5 bytes JMP 0000000077d80430
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c20ea0 5 bytes JMP 0000000077d80220
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c20f80 5 bytes JMP 0000000077d80280
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b0f1fd 1 byte [62]
.text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c1f760 5 bytes JMP 0000000077d80460
.text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c1f7b0 5 bytes JMP 0000000077d80450
.text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c1f910 5 bytes JMP 0000000077d80370
.text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c1f960 5 bytes JMP 0000000077d80470
.text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c1f970 5 bytes JMP 0000000077d803e0
.text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c1fa20 5 bytes JMP 0000000077d80320
.text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c1fa50 5 bytes JMP 0000000077d803b0
.text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c1fa70 5 bytes JMP 0000000077d80390
.text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c1fab0 5 bytes JMP 0000000077d802e0
.text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c1fb30 5 bytes JMP 0000000077d802d0
.text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c1fb50 5 bytes JMP 0000000077d80310
.text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c1fb90 5 bytes JMP 0000000077d803c0
.text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c1fbe0 5 bytes JMP 0000000077d803f0
.text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c1fd40 5 bytes JMP 0000000077d80230
.text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c1ff00 5 bytes JMP 0000000077d80480
.text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c1ff30 5 bytes JMP 0000000077d803a0
.text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c20010 5 bytes JMP 0000000077d802f0
.text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c20020 5 bytes JMP 0000000077d80350
.text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c20080 5 bytes JMP 0000000077d80290
.text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c20110 5 bytes JMP 0000000077d802b0
.text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c20130 5 bytes JMP 0000000077d803d0
.text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c20140 5 bytes JMP 0000000077d80330
.text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c201b0 5 bytes JMP 0000000077d80410
.text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c201e0 5 bytes JMP 0000000077d80240
.text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c204a0 5 bytes JMP 0000000077d801e0
.text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c20560 5 bytes JMP 0000000077d80250
.text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c20590 5 bytes JMP 0000000077d80490
.text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c205a0 5 bytes JMP 0000000077d804a0
.text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c205d0 5 bytes JMP 0000000077d80300
.text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c205e0 5 bytes JMP 0000000077d80360
.text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c20640 5 bytes JMP 0000000077d802a0
.text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c20690 5 bytes JMP 0000000077d802c0
.text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c206c0 5 bytes JMP 0000000077d80380
.text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c206d0 5 bytes JMP 0000000077d80340
.text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c209c0 5 bytes JMP 0000000077d80440
.text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c20bc0 5 bytes JMP 0000000077d80260
.text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c20bd0 5 bytes JMP 0000000077d80270
.text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c20be0 5 bytes JMP 0000000077d80400
.text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c20da0 5 bytes JMP 0000000077d801f0
.text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c20db0 5 bytes JMP 0000000077d80210
.text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c20e20 5 bytes JMP 0000000077d80200
.text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c20e80 5 bytes JMP 0000000077d80420
.text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c20e90 5 bytes JMP 0000000077d80430
.text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c20ea0 5 bytes JMP 0000000077d80220
.text C:\Windows\System32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c20f80 5 bytes JMP 0000000077d80280
.text C:\Windows\System32\svchost.exe[996] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b0f1fd 1 byte [62]
.text C:\Windows\System32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c1f760 5 bytes JMP 0000000077d80460
.text C:\Windows\System32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c1f7b0 5 bytes JMP 0000000077d80450
.text C:\Windows\System32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c1f910 5 bytes JMP 0000000077d80370
.text C:\Windows\System32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c1f960 5 bytes JMP 0000000077d80470
.text C:\Windows\System32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c1f970 5 bytes JMP 0000000077d803e0
.text C:\Windows\System32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c1fa20 5 bytes JMP 0000000077d80320
.text C:\Windows\System32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c1fa50 5 bytes JMP 0000000077d803b0
.text C:\Windows\System32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c1fa70 5 bytes JMP 0000000077d80390
.text C:\Windows\System32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c1fab0 5 bytes JMP 0000000077d802e0
.text C:\Windows\System32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c1fb30 5 bytes JMP 0000000077d802d0
.text C:\Windows\System32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c1fb50 5 bytes JMP 0000000077d80310
.text C:\Windows\System32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c1fb90 5 bytes JMP 0000000077d803c0
.text C:\Windows\System32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c1fbe0 5 bytes JMP 0000000077d803f0
.text C:\Windows\System32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c1fd40 5 bytes JMP 0000000077d80230
.text C:\Windows\System32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c1ff00 5 bytes JMP 0000000077d80480
.text C:\Windows\System32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c1ff30 5 bytes JMP 0000000077d803a0
.text C:\Windows\System32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c20010 5 bytes JMP 0000000077d802f0
.text C:\Windows\System32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c20020 5 bytes JMP 0000000077d80350
.text C:\Windows\System32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c20080 5 bytes JMP 0000000077d80290
.text C:\Windows\System32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c20110 5 bytes JMP 0000000077d802b0
.text C:\Windows\System32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c20130 5 bytes JMP 0000000077d803d0
.text C:\Windows\System32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c20140 5 bytes JMP 0000000077d80330
.text C:\Windows\System32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c201b0 5 bytes JMP 0000000077d80410
.text C:\Windows\System32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c201e0 5 bytes JMP 0000000077d80240
.text C:\Windows\System32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c204a0 5 bytes JMP 0000000077d801e0
.text C:\Windows\System32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c20560 5 bytes JMP 0000000077d80250
.text C:\Windows\System32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c20590 5 bytes JMP 0000000077d80490
.text C:\Windows\System32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c205a0 5 bytes JMP 0000000077d804a0
.text C:\Windows\System32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c205d0 5 bytes JMP 0000000077d80300
.text C:\Windows\System32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c205e0 5 bytes JMP 0000000077d80360
.text C:\Windows\System32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c20640 5 bytes JMP 0000000077d802a0
.text C:\Windows\System32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c20690 5 bytes JMP 0000000077d802c0
.text C:\Windows\System32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c206c0 5 bytes JMP 0000000077d80380
.text C:\Windows\System32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c206d0 5 bytes JMP 0000000077d80340
.text C:\Windows\System32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c209c0 5 bytes JMP 0000000077d80440
.text C:\Windows\System32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c20bc0 5 bytes JMP 0000000077d80260
.text C:\Windows\System32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c20bd0 5 bytes JMP 0000000077d80270
.text C:\Windows\System32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c20be0 5 bytes JMP 0000000077d80400
.text C:\Windows\System32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c20da0 5 bytes JMP 0000000077d801f0
.text C:\Windows\System32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c20db0 5 bytes JMP 0000000077d80210
.text C:\Windows\System32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c20e20 5 bytes JMP 0000000077d80200
.text C:\Windows\System32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c20e80 5 bytes JMP 0000000077d80420
.text C:\Windows\System32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c20e90 5 bytes JMP 0000000077d80430
.text C:\Windows\System32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c20ea0 5 bytes JMP 0000000077d80220
.text C:\Windows\System32\svchost.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c20f80 5 bytes JMP 0000000077d80280
.text C:\Windows\System32\svchost.exe[128] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b0f1fd 1 byte [62]
|
|
05.12.2013, 20:04
| #5 |
| | Windows 7: Internetseiten öffnen sich langsamCode:
ATTFilter .text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c1f760 5 bytes JMP 0000000077d80460
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c1f7b0 5 bytes JMP 0000000077d80450
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c1f910 5 bytes JMP 0000000077d80370
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c1f960 5 bytes JMP 0000000077d80470
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c1f970 5 bytes JMP 0000000077d803e0
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c1fa20 5 bytes JMP 0000000077d80320
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c1fa50 5 bytes JMP 0000000077d803b0
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c1fa70 5 bytes JMP 0000000077d80390
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c1fab0 5 bytes JMP 0000000077d802e0
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c1fb30 5 bytes JMP 0000000077d802d0
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c1fb50 5 bytes JMP 0000000077d80310
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c1fb90 5 bytes JMP 0000000077d803c0
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c1fbe0 5 bytes JMP 0000000077d803f0
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c1fd40 5 bytes JMP 0000000077d80230
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c1ff00 5 bytes JMP 0000000077d80480
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c1ff30 5 bytes JMP 0000000077d803a0
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c20010 5 bytes JMP 0000000077d802f0
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c20020 5 bytes JMP 0000000077d80350
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c20080 5 bytes JMP 0000000077d80290
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c20110 5 bytes JMP 0000000077d802b0
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c20130 5 bytes JMP 0000000077d803d0
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c20140 5 bytes JMP 0000000077d80330
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c201b0 5 bytes JMP 0000000077d80410
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c201e0 5 bytes JMP 0000000077d80240
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c204a0 5 bytes JMP 0000000077d801e0
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c20560 5 bytes JMP 0000000077d80250
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c20590 5 bytes JMP 0000000077d80490
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c205a0 5 bytes JMP 0000000077d804a0
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c205d0 5 bytes JMP 0000000077d80300
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c205e0 5 bytes JMP 0000000077d80360
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c20640 5 bytes JMP 0000000077d802a0
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c20690 5 bytes JMP 0000000077d802c0
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c206c0 5 bytes JMP 0000000077d80380
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c206d0 5 bytes JMP 0000000077d80340
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c209c0 5 bytes JMP 0000000077d80440
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c20bc0 5 bytes JMP 0000000077d80260
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c20bd0 5 bytes JMP 0000000077d80270
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c20be0 5 bytes JMP 0000000077d80400
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c20da0 5 bytes JMP 0000000077d801f0
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c20db0 5 bytes JMP 0000000077d80210
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c20e20 5 bytes JMP 0000000077d80200
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c20e80 5 bytes JMP 0000000077d80420
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c20e90 5 bytes JMP 0000000077d80430
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c20ea0 5 bytes JMP 0000000077d80220
.text C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c20f80 5 bytes JMP 0000000077d80280
.text C:\Windows\system32\svchost.exe[472] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b0f1fd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c1f760 5 bytes JMP 0000000077d80460
.text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c1f7b0 5 bytes JMP 0000000077d80450
.text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c1f910 5 bytes JMP 0000000077d80370
.text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c1f960 5 bytes JMP 0000000077d80470
.text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c1f970 5 bytes JMP 0000000077d803e0
.text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c1fa20 5 bytes JMP 0000000077d80320
.text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c1fa50 5 bytes JMP 0000000077d803b0
.text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c1fa70 5 bytes JMP 0000000077d80390
.text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c1fab0 5 bytes JMP 0000000077d802e0
.text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c1fb30 5 bytes JMP 0000000077d802d0
.text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c1fb50 5 bytes JMP 0000000077d80310
.text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c1fb90 5 bytes JMP 0000000077d803c0
.text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c1fbe0 5 bytes JMP 0000000077d803f0
.text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c1fd40 5 bytes JMP 0000000077d80230
.text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c1ff00 5 bytes JMP 0000000077d80480
.text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c1ff30 5 bytes JMP 0000000077d803a0
.text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c20010 5 bytes JMP 0000000077d802f0
.text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c20020 5 bytes JMP 0000000077d80350
.text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c20080 5 bytes JMP 0000000077d80290
.text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c20110 5 bytes JMP 0000000077d802b0
.text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c20130 5 bytes JMP 0000000077d803d0
.text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c20140 5 bytes JMP 0000000077d80330
.text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c201b0 5 bytes JMP 0000000077d80410
.text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c201e0 5 bytes JMP 0000000077d80240
.text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c204a0 5 bytes JMP 0000000077d801e0
.text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c20560 5 bytes JMP 0000000077d80250
.text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c20590 5 bytes JMP 0000000077d80490
.text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c205a0 5 bytes JMP 0000000077d804a0
.text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c205d0 5 bytes JMP 0000000077d80300
.text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c205e0 5 bytes JMP 0000000077d80360
.text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c20640 5 bytes JMP 0000000077d802a0
.text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c20690 5 bytes JMP 0000000077d802c0
.text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c206c0 5 bytes JMP 0000000077d80380
.text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c206d0 5 bytes JMP 0000000077d80340
.text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c209c0 5 bytes JMP 0000000077d80440
.text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c20bc0 5 bytes JMP 0000000077d80260
.text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c20bd0 5 bytes JMP 0000000077d80270
.text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c20be0 5 bytes JMP 0000000077d80400
.text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c20da0 5 bytes JMP 0000000077d801f0
.text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c20db0 5 bytes JMP 0000000077d80210
.text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c20e20 5 bytes JMP 0000000077d80200
.text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c20e80 5 bytes JMP 0000000077d80420
.text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c20e90 5 bytes JMP 0000000077d80430
.text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c20ea0 5 bytes JMP 0000000077d80220
.text C:\Windows\system32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c20f80 5 bytes JMP 0000000077d80280
.text C:\Windows\system32\svchost.exe[1072] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b0f1fd 1 byte [62]
.text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c1f760 5 bytes JMP 0000000077d80460
.text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c1f7b0 5 bytes JMP 0000000077d80450
.text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c1f910 5 bytes JMP 0000000077d80370
.text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c1f960 5 bytes JMP 0000000077d80470
.text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c1f970 5 bytes JMP 0000000077d803e0
.text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c1fa20 5 bytes JMP 0000000077d80320
.text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c1fa50 5 bytes JMP 0000000077d803b0
.text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c1fa70 5 bytes JMP 0000000077d80390
.text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c1fab0 5 bytes JMP 0000000077d802e0
.text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c1fb30 5 bytes JMP 0000000077d802d0
.text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c1fb50 5 bytes JMP 0000000077d80310
.text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c1fb90 5 bytes JMP 0000000077d803c0
.text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c1fbe0 5 bytes JMP 0000000077d803f0
.text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c1fd40 5 bytes JMP 0000000077d80230
.text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c1ff00 5 bytes JMP 0000000077d80480
.text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c1ff30 5 bytes JMP 0000000077d803a0
.text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c20010 5 bytes JMP 0000000077d802f0
.text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c20020 5 bytes JMP 0000000077d80350
.text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c20080 5 bytes JMP 0000000077d80290
.text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c20110 5 bytes JMP 0000000077d802b0
.text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c20130 5 bytes JMP 0000000077d803d0
.text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c20140 5 bytes JMP 0000000077d80330
.text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c201b0 5 bytes JMP 0000000077d80410
.text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c201e0 5 bytes JMP 0000000077d80240
.text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c204a0 5 bytes JMP 0000000077d801e0
.text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c20560 5 bytes JMP 0000000077d80250
.text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c20590 5 bytes JMP 0000000077d80490
.text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c205a0 5 bytes JMP 0000000077d804a0
.text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c205d0 5 bytes JMP 0000000077d80300
.text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c205e0 5 bytes JMP 0000000077d80360
.text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c20640 5 bytes JMP 0000000077d802a0
.text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c20690 5 bytes JMP 0000000077d802c0
.text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c206c0 5 bytes JMP 0000000077d80380
.text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c206d0 5 bytes JMP 0000000077d80340
.text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c209c0 5 bytes JMP 0000000077d80440
.text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c20bc0 5 bytes JMP 0000000077d80260
.text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c20bd0 5 bytes JMP 0000000077d80270
.text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c20be0 5 bytes JMP 0000000077d80400
.text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c20da0 5 bytes JMP 0000000077d801f0
.text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c20db0 5 bytes JMP 0000000077d80210
.text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c20e20 5 bytes JMP 0000000077d80200
.text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c20e80 5 bytes JMP 0000000077d80420
.text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c20e90 5 bytes JMP 0000000077d80430
.text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c20ea0 5 bytes JMP 0000000077d80220
.text C:\Windows\system32\atieclxx.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c20f80 5 bytes JMP 0000000077d80280
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c1f760 5 bytes JMP 0000000077d80460
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c1f7b0 5 bytes JMP 0000000077d80450
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c1f910 5 bytes JMP 0000000077d80370
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c1f960 5 bytes JMP 0000000077d80470
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c1f970 5 bytes JMP 0000000077d803e0
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c1fa20 5 bytes JMP 0000000077d80320
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c1fa50 5 bytes JMP 0000000077d803b0
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c1fa70 5 bytes JMP 0000000077d80390
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c1fab0 5 bytes JMP 0000000077d802e0
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c1fb30 5 bytes JMP 0000000077d802d0
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c1fb50 5 bytes JMP 0000000077d80310
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c1fb90 5 bytes JMP 0000000077d803c0
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c1fbe0 5 bytes JMP 0000000077d803f0
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c1fd40 5 bytes JMP 0000000077d80230
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c1ff00 5 bytes JMP 0000000077d80480
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c1ff30 5 bytes JMP 0000000077d803a0
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c20010 5 bytes JMP 0000000077d802f0
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c20020 5 bytes JMP 0000000077d80350
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c20080 5 bytes JMP 0000000077d80290
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c20110 5 bytes JMP 0000000077d802b0
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c20130 5 bytes JMP 0000000077d803d0
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c20140 5 bytes JMP 0000000077d80330
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c201b0 5 bytes JMP 0000000077d80410
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c201e0 5 bytes JMP 0000000077d80240
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c204a0 5 bytes JMP 0000000077d801e0
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c20560 5 bytes JMP 0000000077d80250
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c20590 5 bytes JMP 0000000077d80490
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c205a0 5 bytes JMP 0000000077d804a0
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c205d0 5 bytes JMP 0000000077d80300
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c205e0 5 bytes JMP 0000000077d80360
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c20640 5 bytes JMP 0000000077d802a0
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c20690 5 bytes JMP 0000000077d802c0
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c206c0 5 bytes JMP 0000000077d80380
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c206d0 5 bytes JMP 0000000077d80340
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c209c0 5 bytes JMP 0000000077d80440
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c20bc0 5 bytes JMP 0000000077d80260
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c20bd0 5 bytes JMP 0000000077d80270
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c20be0 5 bytes JMP 0000000077d80400
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c20da0 5 bytes JMP 0000000077d801f0
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c20db0 5 bytes JMP 0000000077d80210
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c20e20 5 bytes JMP 0000000077d80200
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c20e80 5 bytes JMP 0000000077d80420
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c20e90 5 bytes JMP 0000000077d80430
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c20ea0 5 bytes JMP 0000000077d80220
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c20f80 5 bytes JMP 0000000077d80280
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b0f1fd 1 byte [62]
.text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c1f760 5 bytes JMP 0000000077d80460
.text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c1f7b0 5 bytes JMP 0000000077d80450
.text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c1f910 5 bytes JMP 0000000077d80370
.text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c1f960 5 bytes JMP 0000000077d80470
.text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c1f970 5 bytes JMP 0000000077d803e0
.text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c1fa20 5 bytes JMP 0000000077d80320
.text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c1fa50 5 bytes JMP 0000000077d803b0
.text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c1fa70 5 bytes JMP 0000000077d80390
.text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c1fab0 5 bytes JMP 0000000077d802e0
.text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c1fb30 5 bytes JMP 0000000077d802d0
.text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c1fb50 5 bytes JMP 0000000077d80310
.text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c1fb90 5 bytes JMP 0000000077d803c0
.text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c1fbe0 5 bytes JMP 0000000077d803f0
.text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c1fd40 5 bytes JMP 0000000077d80230
.text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c1ff00 5 bytes JMP 0000000077d80480
.text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c1ff30 5 bytes JMP 0000000077d803a0
.text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c20010 5 bytes JMP 0000000077d802f0
.text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c20020 5 bytes JMP 0000000077d80350
.text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c20080 5 bytes JMP 0000000077d80290
.text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c20110 5 bytes JMP 0000000077d802b0
.text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c20130 5 bytes JMP 0000000077d803d0
.text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c20140 5 bytes JMP 0000000077d80330
.text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c201b0 5 bytes JMP 0000000077d80410
.text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c201e0 5 bytes JMP 0000000077d80240
.text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c204a0 5 bytes JMP 0000000077d801e0
.text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c20560 5 bytes JMP 0000000077d80250
.text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c20590 5 bytes JMP 0000000077d80490
.text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c205a0 5 bytes JMP 0000000077d804a0
.text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c205d0 5 bytes JMP 0000000077d80300
.text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c205e0 5 bytes JMP 0000000077d80360
.text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c20640 5 bytes JMP 0000000077d802a0
.text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c20690 5 bytes JMP 0000000077d802c0
.text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c206c0 5 bytes JMP 0000000077d80380
.text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c206d0 5 bytes JMP 0000000077d80340
.text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c209c0 5 bytes JMP 0000000077d80440
.text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c20bc0 5 bytes JMP 0000000077d80260
.text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c20bd0 5 bytes JMP 0000000077d80270
.text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c20be0 5 bytes JMP 0000000077d80400
.text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c20da0 5 bytes JMP 0000000077d801f0
.text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c20db0 5 bytes JMP 0000000077d80210
.text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c20e20 5 bytes JMP 0000000077d80200
.text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c20e80 5 bytes JMP 0000000077d80420
.text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c20e90 5 bytes JMP 0000000077d80430
.text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c20ea0 5 bytes JMP 0000000077d80220
.text C:\Windows\system32\Dwm.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c20f80 5 bytes JMP 0000000077d80280
.text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c1f760 5 bytes JMP 0000000077d80460
.text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c1f7b0 5 bytes JMP 0000000077d80450
.text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c1f910 5 bytes JMP 0000000077d80370
.text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c1f960 5 bytes JMP 0000000077d80470
.text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c1f970 5 bytes JMP 0000000077d803e0
.text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c1fa20 5 bytes JMP 0000000077d80320
.text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c1fa50 5 bytes JMP 0000000077d803b0
.text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c1fa70 5 bytes JMP 0000000077d80390
.text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c1fab0 5 bytes JMP 0000000077d802e0
.text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c1fb30 5 bytes JMP 0000000077d802d0
.text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c1fb50 5 bytes JMP 0000000077d80310
.text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c1fb90 5 bytes JMP 0000000077d803c0
.text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c1fbe0 5 bytes JMP 0000000077d803f0
.text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c1fd40 5 bytes JMP 0000000077d80230
.text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c1ff00 5 bytes JMP 0000000077d80480
.text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c1ff30 5 bytes JMP 0000000077d803a0
.text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c20010 5 bytes JMP 0000000077d802f0
.text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c20020 5 bytes JMP 0000000077d80350
.text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c20080 5 bytes JMP 0000000077d80290
.text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c20110 5 bytes JMP 0000000077d802b0
.text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c20130 5 bytes JMP 0000000077d803d0
.text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c20140 5 bytes JMP 0000000077d80330
.text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c201b0 5 bytes JMP 0000000077d80410
.text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c201e0 5 bytes JMP 0000000077d80240
.text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c204a0 5 bytes JMP 0000000077d801e0
.text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c20560 5 bytes JMP 0000000077d80250
.text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c20590 5 bytes JMP 0000000077d80490
.text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c205a0 5 bytes JMP 0000000077d804a0
.text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c205d0 5 bytes JMP 0000000077d80300
.text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c205e0 5 bytes JMP 0000000077d80360
.text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c20640 5 bytes JMP 0000000077d802a0
.text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c20690 5 bytes JMP 0000000077d802c0
.text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c206c0 5 bytes JMP 0000000077d80380
.text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c206d0 5 bytes JMP 0000000077d80340
.text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c209c0 5 bytes JMP 0000000077d80440
.text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c20bc0 5 bytes JMP 0000000077d80260
.text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c20bd0 5 bytes JMP 0000000077d80270
.text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c20be0 5 bytes JMP 0000000077d80400
.text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c20da0 5 bytes JMP 0000000077d801f0
.text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c20db0 5 bytes JMP 0000000077d80210
.text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c20e20 5 bytes JMP 0000000077d80200
.text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c20e80 5 bytes JMP 0000000077d80420
.text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c20e90 5 bytes JMP 0000000077d80430
.text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c20ea0 5 bytes JMP 0000000077d80220
.text C:\Windows\Explorer.EXE[1496] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c20f80 5 bytes JMP 0000000077d80280
.text C:\Windows\Explorer.EXE[1496] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b0f1fd 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c1f760 5 bytes JMP 0000000077d80460
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c1f7b0 5 bytes JMP 0000000077d80450
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c1f910 5 bytes JMP 0000000077d80370
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c1f960 5 bytes JMP 0000000077d80470
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c1f970 5 bytes JMP 0000000077d803e0
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c1fa20 5 bytes JMP 0000000077d80320
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c1fa50 5 bytes JMP 0000000077d803b0
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c1fa70 5 bytes JMP 0000000077d80390
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c1fab0 5 bytes JMP 0000000077d802e0
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c1fb30 5 bytes JMP 0000000077d802d0
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c1fb50 5 bytes JMP 0000000077d80310
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c1fb90 5 bytes JMP 0000000077d803c0
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c1fbe0 5 bytes JMP 0000000077d803f0
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c1fd40 5 bytes JMP 0000000077d80230
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c1ff00 5 bytes JMP 0000000077d80480
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c1ff30 5 bytes JMP 0000000077d803a0
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c20010 5 bytes JMP 0000000077d802f0
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c20020 5 bytes JMP 0000000077d80350
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c20080 5 bytes JMP 0000000077d80290
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c20110 5 bytes JMP 0000000077d802b0
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c20130 5 bytes JMP 0000000077d803d0
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c20140 5 bytes JMP 0000000077d80330
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c201b0 5 bytes JMP 0000000077d80410
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c201e0 5 bytes JMP 0000000077d80240
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c204a0 5 bytes JMP 0000000077d801e0
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c20560 5 bytes JMP 0000000077d80250
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c20590 5 bytes JMP 0000000077d80490
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c205a0 5 bytes JMP 0000000077d804a0
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c205d0 5 bytes JMP 0000000077d80300
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c205e0 5 bytes JMP 0000000077d80360
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c20640 5 bytes JMP 0000000077d802a0
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c20690 5 bytes JMP 0000000077d802c0
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c206c0 5 bytes JMP 0000000077d80380
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c206d0 5 bytes JMP 0000000077d80340
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c209c0 5 bytes JMP 0000000077d80440
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c20bc0 5 bytes JMP 0000000077d80260
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c20bd0 5 bytes JMP 0000000077d80270
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c20be0 5 bytes JMP 0000000077d80400
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c20da0 5 bytes JMP 0000000077d801f0
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c20db0 5 bytes JMP 0000000077d80210
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c20e20 5 bytes JMP 0000000077d80200
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c20e80 5 bytes JMP 0000000077d80420
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c20e90 5 bytes JMP 0000000077d80430
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c20ea0 5 bytes JMP 0000000077d80220
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c20f80 5 bytes JMP 0000000077d80280
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b0f1fd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c1f760 5 bytes JMP 0000000077d80460
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c1f7b0 5 bytes JMP 0000000077d80450
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c1f910 5 bytes JMP 0000000077d80370
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c1f960 5 bytes JMP 0000000077d80470
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c1f970 5 bytes JMP 0000000077d803e0
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c1fa20 5 bytes JMP 0000000077d80320
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c1fa50 5 bytes JMP 0000000077d803b0
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c1fa70 5 bytes JMP 0000000077d80390
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c1fab0 5 bytes JMP 0000000077d802e0
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c1fb30 5 bytes JMP 0000000077d802d0
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c1fb50 5 bytes JMP 0000000077d80310
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c1fb90 5 bytes JMP 0000000077d803c0
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c1fbe0 5 bytes JMP 0000000077d803f0
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c1fd40 5 bytes JMP 0000000077d80230
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c1ff00 5 bytes JMP 0000000077d80480
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c1ff30 5 bytes JMP 0000000077d803a0
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c20010 5 bytes JMP 0000000077d802f0
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c20020 5 bytes JMP 0000000077d80350
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c20080 5 bytes JMP 0000000077d80290
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c20110 5 bytes JMP 0000000077d802b0
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c20130 5 bytes JMP 0000000077d803d0
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c20140 5 bytes JMP 0000000077d80330
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c201b0 5 bytes JMP 0000000077d80410
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c201e0 5 bytes JMP 0000000077d80240
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c204a0 5 bytes JMP 0000000077d801e0
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c20560 5 bytes JMP 0000000077d80250
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c20590 5 bytes JMP 0000000077d80490
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c205a0 5 bytes JMP 0000000077d804a0
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c205d0 5 bytes JMP 0000000077d80300
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c205e0 5 bytes JMP 0000000077d80360
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c20640 5 bytes JMP 0000000077d802a0
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c20690 5 bytes JMP 0000000077d802c0
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c206c0 5 bytes JMP 0000000077d80380
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c206d0 5 bytes JMP 0000000077d80340
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c209c0 5 bytes JMP 0000000077d80440
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c20bc0 5 bytes JMP 0000000077d80260
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c20bd0 5 bytes JMP 0000000077d80270
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c20be0 5 bytes JMP 0000000077d80400
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c20da0 5 bytes JMP 0000000077d801f0
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c20db0 5 bytes JMP 0000000077d80210
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c20e20 5 bytes JMP 0000000077d80200
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c20e80 5 bytes JMP 0000000077d80420
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c20e90 5 bytes JMP 0000000077d80430
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c20ea0 5 bytes JMP 0000000077d80220
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c20f80 5 bytes JMP 0000000077d80280
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b0f1fd 1 byte [62]
.text C:\Windows\system32\taskhost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c1f760 5 bytes JMP 0000000100060460
.text C:\Windows\system32\taskhost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c1f7b0 5 bytes JMP 0000000100060450
.text C:\Windows\system32\taskhost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c1f910 5 bytes JMP 0000000100060370
.text C:\Windows\system32\taskhost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c1f960 5 bytes JMP 0000000100060470
.text C:\Windows\system32\taskhost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c1f970 5 bytes JMP 00000001000603e0
.text C:\Windows\system32\taskhost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c1fa20 5 bytes JMP 0000000100060320
.text C:\Windows\system32\taskhost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c1fa50 5 bytes JMP 00000001000603b0
.text C:\Windows\system32\taskhost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c1fa70 5 bytes JMP 0000000100060390
.text C:\Windows\system32\taskhost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c1fab0 5 bytes JMP 00000001000602e0
.text C:\Windows\system32\taskhost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c1fb30 5 bytes JMP 00000001000602d0
.text C:\Windows\system32\taskhost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c1fb50 5 bytes JMP 0000000100060310
.text C:\Windows\system32\taskhost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c1fb90 5 bytes JMP 00000001000603c0
.text C:\Windows\system32\taskhost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c1fbe0 5 bytes JMP 00000001000603f0
.text C:\Windows\system32\taskhost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c1fd40 5 bytes JMP 0000000100060230
.text C:\Windows\system32\taskhost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c1ff00 5 bytes JMP 0000000100060480
.text C:\Windows\system32\taskhost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c1ff30 5 bytes JMP 00000001000603a0
.text C:\Windows\system32\taskhost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c20010 5 bytes JMP 00000001000602f0
.text C:\Windows\system32\taskhost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c20020 5 bytes JMP 0000000100060350
.text C:\Windows\system32\taskhost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c20080 5 bytes JMP 0000000100060290
.text C:\Windows\system32\taskhost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c20110 5 bytes JMP 00000001000602b0
.text C:\Windows\system32\taskhost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c20130 5 bytes JMP 00000001000603d0
.text C:\Windows\system32\taskhost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c20140 5 bytes JMP 0000000100060330
.text C:\Windows\system32\taskhost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c201b0 5 bytes JMP 0000000100060410
.text C:\Windows\system32\taskhost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c201e0 5 bytes JMP 0000000100060240
.text C:\Windows\system32\taskhost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c204a0 5 bytes JMP 00000001000601e0
.text C:\Windows\system32\taskhost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c20560 5 bytes JMP 0000000100060250
.text C:\Windows\system32\taskhost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c20590 5 bytes JMP 0000000100060490
.text C:\Windows\system32\taskhost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c205a0 5 bytes JMP 00000001000604a0
.text C:\Windows\system32\taskhost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c205d0 5 bytes JMP 0000000100060300
.text C:\Windows\system32\taskhost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c205e0 5 bytes JMP 0000000100060360
.text C:\Windows\system32\taskhost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c20640 5 bytes JMP 00000001000602a0
.text C:\Windows\system32\taskhost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c20690 5 bytes JMP 00000001000602c0
.text C:\Windows\system32\taskhost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c206c0 5 bytes JMP 0000000100060380
.text C:\Windows\system32\taskhost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c206d0 5 bytes JMP 0000000100060340
.text C:\Windows\system32\taskhost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c209c0 5 bytes JMP 0000000100060440
.text C:\Windows\system32\taskhost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c20bc0 5 bytes JMP 0000000100060260
.text C:\Windows\system32\taskhost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c20bd0 5 bytes JMP 0000000100060270
.text C:\Windows\system32\taskhost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c20be0 5 bytes JMP 0000000100060400
.text C:\Windows\system32\taskhost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c20da0 5 bytes JMP 00000001000601f0
.text C:\Windows\system32\taskhost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c20db0 5 bytes JMP 0000000100060210
.text C:\Windows\system32\taskhost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c20e20 5 bytes JMP 0000000100060200
.text C:\Windows\system32\taskhost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c20e80 5 bytes JMP 0000000100060420
.text C:\Windows\system32\taskhost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c20e90 5 bytes JMP 0000000100060430
.text C:\Windows\system32\taskhost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c20ea0 5 bytes JMP 0000000100060220
.text C:\Windows\system32\taskhost.exe[1740] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c20f80 5 bytes JMP 0000000100060280
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1868] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007758b0c5 1 byte [62]
|
|
05.12.2013, 20:05
| #6 |
| | Windows 7: Internetseiten öffnen sich langsamCode:
ATTFilter .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c1f760 5 bytes JMP 0000000077d80460
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c1f7b0 5 bytes JMP 0000000077d80450
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c1f910 5 bytes JMP 0000000077d80370
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c1f960 5 bytes JMP 0000000077d80470
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c1f970 5 bytes JMP 0000000077d803e0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c1fa20 5 bytes JMP 0000000077d80320
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c1fa50 5 bytes JMP 0000000077d803b0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c1fa70 5 bytes JMP 0000000077d80390
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c1fab0 5 bytes JMP 0000000077d802e0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c1fb30 5 bytes JMP 0000000077d802d0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c1fb50 5 bytes JMP 0000000077d80310
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c1fb90 5 bytes JMP 0000000077d803c0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c1fbe0 5 bytes JMP 0000000077d803f0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c1fd40 5 bytes JMP 0000000077d80230
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c1ff00 5 bytes JMP 0000000077d80480
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c1ff30 5 bytes JMP 0000000077d803a0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c20010 5 bytes JMP 0000000077d802f0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c20020 5 bytes JMP 0000000077d80350
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c20080 5 bytes JMP 0000000077d80290
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c20110 5 bytes JMP 0000000077d802b0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c20130 5 bytes JMP 0000000077d803d0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c20140 5 bytes JMP 0000000077d80330
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c201b0 5 bytes JMP 0000000077d80410
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c201e0 5 bytes JMP 0000000077d80240
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c204a0 5 bytes JMP 0000000077d801e0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c20560 5 bytes JMP 0000000077d80250
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c20590 5 bytes JMP 0000000077d80490
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c205a0 5 bytes JMP 0000000077d804a0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c205d0 5 bytes JMP 0000000077d80300
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c205e0 5 bytes JMP 0000000077d80360
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c20640 5 bytes JMP 0000000077d802a0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c20690 5 bytes JMP 0000000077d802c0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c206c0 5 bytes JMP 0000000077d80380
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c206d0 5 bytes JMP 0000000077d80340
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c209c0 5 bytes JMP 0000000077d80440
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c20bc0 5 bytes JMP 0000000077d80260
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c20bd0 5 bytes JMP 0000000077d80270
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c20be0 5 bytes JMP 0000000077d80400
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c20da0 5 bytes JMP 0000000077d801f0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c20db0 5 bytes JMP 0000000077d80210
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c20e20 5 bytes JMP 0000000077d80200
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c20e80 5 bytes JMP 0000000077d80420
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c20e90 5 bytes JMP 0000000077d80430
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c20ea0 5 bytes JMP 0000000077d80220
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c20f80 5 bytes JMP 0000000077d80280
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c1f760 5 bytes JMP 0000000077d80460
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c1f7b0 5 bytes JMP 0000000077d80450
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c1f910 5 bytes JMP 0000000077d80370
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c1f960 5 bytes JMP 0000000077d80470
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c1f970 5 bytes JMP 0000000077d803e0
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c1fa20 5 bytes JMP 0000000077d80320
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c1fa50 5 bytes JMP 0000000077d803b0
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c1fa70 5 bytes JMP 0000000077d80390
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c1fab0 5 bytes JMP 0000000077d802e0
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c1fb30 5 bytes JMP 0000000077d802d0
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c1fb50 5 bytes JMP 0000000077d80310
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c1fb90 5 bytes JMP 0000000077d803c0
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c1fbe0 5 bytes JMP 0000000077d803f0
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c1fd40 5 bytes JMP 0000000077d80230
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c1ff00 5 bytes JMP 0000000077d80480
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c1ff30 5 bytes JMP 0000000077d803a0
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c20010 5 bytes JMP 0000000077d802f0
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c20020 5 bytes JMP 0000000077d80350
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c20080 5 bytes JMP 0000000077d80290
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c20110 5 bytes JMP 0000000077d802b0
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c20130 5 bytes JMP 0000000077d803d0
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c20140 5 bytes JMP 0000000077d80330
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c201b0 5 bytes JMP 0000000077d80410
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c201e0 5 bytes JMP 0000000077d80240
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c204a0 5 bytes JMP 0000000077d801e0
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c20560 5 bytes JMP 0000000077d80250
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c20590 5 bytes JMP 0000000077d80490
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c205a0 5 bytes JMP 0000000077d804a0
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c205d0 5 bytes JMP 0000000077d80300
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c205e0 5 bytes JMP 0000000077d80360
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c20640 5 bytes JMP 0000000077d802a0
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c20690 5 bytes JMP 0000000077d802c0
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c206c0 5 bytes JMP 0000000077d80380
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c206d0 5 bytes JMP 0000000077d80340
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c209c0 5 bytes JMP 0000000077d80440
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c20bc0 5 bytes JMP 0000000077d80260
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c20bd0 5 bytes JMP 0000000077d80270
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c20be0 5 bytes JMP 0000000077d80400
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c20da0 5 bytes JMP 0000000077d801f0
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c20db0 5 bytes JMP 0000000077d80210
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c20e20 5 bytes JMP 0000000077d80200
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c20e80 5 bytes JMP 0000000077d80420
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c20e90 5 bytes JMP 0000000077d80430
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c20ea0 5 bytes JMP 0000000077d80220
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c20f80 5 bytes JMP 0000000077d80280
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b0f1fd 1 byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1340] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c1f760 5 bytes JMP 0000000077d80460
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1340] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c1f7b0 5 bytes JMP 0000000077d80450
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c1f910 5 bytes JMP 0000000077d80370
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1340] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c1f960 5 bytes JMP 0000000077d80470
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c1f970 5 bytes JMP 0000000077d803e0
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c1fa20 5 bytes JMP 0000000077d80320
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1340] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c1fa50 5 bytes JMP 0000000077d803b0
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1340] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c1fa70 5 bytes JMP 0000000077d80390
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c1fab0 5 bytes JMP 0000000077d802e0
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c1fb30 5 bytes JMP 0000000077d802d0
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c1fb50 5 bytes JMP 0000000077d80310
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c1fb90 5 bytes JMP 0000000077d803c0
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c1fbe0 5 bytes JMP 0000000077d803f0
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1340] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c1fd40 5 bytes JMP 0000000077d80230
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1340] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c1ff00 5 bytes JMP 0000000077d80480
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1340] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c1ff30 5 bytes JMP 0000000077d803a0
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c20010 5 bytes JMP 0000000077d802f0
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c20020 5 bytes JMP 0000000077d80350
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c20080 5 bytes JMP 0000000077d80290
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c20110 5 bytes JMP 0000000077d802b0
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c20130 5 bytes JMP 0000000077d803d0
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c20140 5 bytes JMP 0000000077d80330
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1340] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c201b0 5 bytes JMP 0000000077d80410
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1340] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c201e0 5 bytes JMP 0000000077d80240
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1340] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c204a0 5 bytes JMP 0000000077d801e0
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1340] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c20560 5 bytes JMP 0000000077d80250
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1340] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c20590 5 bytes JMP 0000000077d80490
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1340] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c205a0 5 bytes JMP 0000000077d804a0
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c205d0 5 bytes JMP 0000000077d80300
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c205e0 5 bytes JMP 0000000077d80360
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c20640 5 bytes JMP 0000000077d802a0
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c20690 5 bytes JMP 0000000077d802c0
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c206c0 5 bytes JMP 0000000077d80380
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c206d0 5 bytes JMP 0000000077d80340
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1340] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c209c0 5 bytes JMP 0000000077d80440
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c20bc0 5 bytes JMP 0000000077d80260
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c20bd0 5 bytes JMP 0000000077d80270
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c20be0 5 bytes JMP 0000000077d80400
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c20da0 5 bytes JMP 0000000077d801f0
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c20db0 5 bytes JMP 0000000077d80210
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1340] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c20e20 5 bytes JMP 0000000077d80200
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c20e80 5 bytes JMP 0000000077d80420
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c20e90 5 bytes JMP 0000000077d80430
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c20ea0 5 bytes JMP 0000000077d80220
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1340] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c20f80 5 bytes JMP 0000000077d80280
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1340] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b0f1fd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c1f760 5 bytes JMP 0000000100070460
.text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c1f7b0 5 bytes JMP 0000000100070450
.text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c1f910 5 bytes JMP 0000000100070370
.text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c1f960 5 bytes JMP 0000000100070470
.text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c1f970 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c1fa20 5 bytes JMP 0000000100070320
.text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c1fa50 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c1fa70 5 bytes JMP 0000000100070390
.text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c1fab0 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c1fb30 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c1fb50 5 bytes JMP 0000000100070310
.text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c1fb90 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c1fbe0 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c1fd40 5 bytes JMP 0000000100070230
.text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c1ff00 5 bytes JMP 0000000100070480
.text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c1ff30 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c20010 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c20020 5 bytes JMP 0000000100070350
.text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c20080 5 bytes JMP 0000000100070290
.text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c20110 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c20130 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c20140 5 bytes JMP 0000000100070330
.text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c201b0 5 bytes JMP 0000000100070410
.text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c201e0 5 bytes JMP 0000000100070240
.text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c204a0 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c20560 5 bytes JMP 0000000100070250
.text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c20590 5 bytes JMP 0000000100070490
.text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c205a0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c205d0 5 bytes JMP 0000000100070300
.text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c205e0 5 bytes JMP 0000000100070360
.text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c20640 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c20690 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c206c0 5 bytes JMP 0000000100070380
.text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c206d0 5 bytes JMP 0000000100070340
.text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c209c0 5 bytes JMP 0000000100070440
.text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c20bc0 5 bytes JMP 0000000100070260
.text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c20bd0 5 bytes JMP 0000000100070270
.text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c20be0 5 bytes JMP 0000000100070400
.text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c20da0 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c20db0 5 bytes JMP 0000000100070210
.text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c20e20 5 bytes JMP 0000000100070200
.text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c20e80 5 bytes JMP 0000000100070420
.text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c20e90 5 bytes JMP 0000000100070430
.text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c20ea0 5 bytes JMP 0000000100070220
.text C:\Windows\system32\svchost.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c20f80 5 bytes JMP 0000000100070280
.text C:\Windows\system32\svchost.exe[1828] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b0f1fd 1 byte [62]
.text C:\Windows\System32\svchost.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c1f760 5 bytes JMP 0000000100070460
.text C:\Windows\System32\svchost.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c1f7b0 5 bytes JMP 0000000100070450
.text C:\Windows\System32\svchost.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c1f910 5 bytes JMP 0000000100070370
.text C:\Windows\System32\svchost.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c1f960 5 bytes JMP 0000000100070470
.text C:\Windows\System32\svchost.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c1f970 5 bytes JMP 00000001000703e0
.text C:\Windows\System32\svchost.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c1fa20 5 bytes JMP 0000000100070320
.text C:\Windows\System32\svchost.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c1fa50 5 bytes JMP 00000001000703b0
.text C:\Windows\System32\svchost.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c1fa70 5 bytes JMP 0000000100070390
.text C:\Windows\System32\svchost.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c1fab0 5 bytes JMP 00000001000702e0
.text C:\Windows\System32\svchost.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c1fb30 5 bytes JMP 00000001000702d0
.text C:\Windows\System32\svchost.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c1fb50 5 bytes JMP 0000000100070310
.text C:\Windows\System32\svchost.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c1fb90 5 bytes JMP 00000001000703c0
.text C:\Windows\System32\svchost.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c1fbe0 5 bytes JMP 00000001000703f0
.text C:\Windows\System32\svchost.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c1fd40 5 bytes JMP 0000000100070230
.text C:\Windows\System32\svchost.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c1ff00 5 bytes JMP 0000000100070480
.text C:\Windows\System32\svchost.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c1ff30 5 bytes JMP 00000001000703a0
.text C:\Windows\System32\svchost.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c20010 5 bytes JMP 00000001000702f0
.text C:\Windows\System32\svchost.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c20020 5 bytes JMP 0000000100070350
.text C:\Windows\System32\svchost.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c20080 5 bytes JMP 0000000100070290
.text C:\Windows\System32\svchost.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c20110 5 bytes JMP 00000001000702b0
.text C:\Windows\System32\svchost.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c20130 5 bytes JMP 00000001000703d0
.text C:\Windows\System32\svchost.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c20140 5 bytes JMP 0000000100070330
.text C:\Windows\System32\svchost.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c201b0 5 bytes JMP 0000000100070410
.text C:\Windows\System32\svchost.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c201e0 5 bytes JMP 0000000100070240
.text C:\Windows\System32\svchost.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c204a0 5 bytes JMP 00000001000701e0
.text C:\Windows\System32\svchost.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c20560 5 bytes JMP 0000000100070250
.text C:\Windows\System32\svchost.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c20590 5 bytes JMP 0000000100070490
.text C:\Windows\System32\svchost.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c205a0 5 bytes JMP 00000001000704a0
.text C:\Windows\System32\svchost.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c205d0 5 bytes JMP 0000000100070300
.text C:\Windows\System32\svchost.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c205e0 5 bytes JMP 0000000100070360
.text C:\Windows\System32\svchost.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c20640 5 bytes JMP 00000001000702a0
.text C:\Windows\System32\svchost.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c20690 5 bytes JMP 00000001000702c0
.text C:\Windows\System32\svchost.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c206c0 5 bytes JMP 0000000100070380
.text C:\Windows\System32\svchost.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c206d0 5 bytes JMP 0000000100070340
.text C:\Windows\System32\svchost.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c209c0 5 bytes JMP 0000000100070440
.text C:\Windows\System32\svchost.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c20bc0 5 bytes JMP 0000000100070260
.text C:\Windows\System32\svchost.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c20bd0 5 bytes JMP 0000000100070270
.text C:\Windows\System32\svchost.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c20be0 5 bytes JMP 0000000100070400
.text C:\Windows\System32\svchost.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c20da0 5 bytes JMP 00000001000701f0
.text C:\Windows\System32\svchost.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c20db0 5 bytes JMP 0000000100070210
.text C:\Windows\System32\svchost.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c20e20 5 bytes JMP 0000000100070200
.text C:\Windows\System32\svchost.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c20e80 5 bytes JMP 0000000100070420
.text C:\Windows\System32\svchost.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c20e90 5 bytes JMP 0000000100070430
.text C:\Windows\System32\svchost.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c20ea0 5 bytes JMP 0000000100070220
.text C:\Windows\System32\svchost.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c20f80 5 bytes JMP 0000000100070280
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2176] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c1f760 5 bytes JMP 0000000077d80460
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2176] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c1f7b0 5 bytes JMP 0000000077d80450
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c1f910 5 bytes JMP 0000000077d80370
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2176] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c1f960 5 bytes JMP 0000000077d80470
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2176] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c1f970 5 bytes JMP 0000000077d803e0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c1fa20 5 bytes JMP 0000000077d80320
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2176] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c1fa50 5 bytes JMP 0000000077d803b0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2176] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c1fa70 5 bytes JMP 0000000077d80390
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c1fab0 5 bytes JMP 0000000077d802e0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c1fb30 5 bytes JMP 0000000077d802d0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c1fb50 5 bytes JMP 0000000077d80310
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c1fb90 5 bytes JMP 0000000077d803c0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2176] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c1fbe0 5 bytes JMP 0000000077d803f0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2176] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c1fd40 5 bytes JMP 0000000077d80230
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2176] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c1ff00 5 bytes JMP 0000000077d80480
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2176] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c1ff30 5 bytes JMP 0000000077d803a0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c20010 5 bytes JMP 0000000077d802f0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c20020 5 bytes JMP 0000000077d80350
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c20080 5 bytes JMP 0000000077d80290
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c20110 5 bytes JMP 0000000077d802b0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c20130 5 bytes JMP 0000000077d803d0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c20140 5 bytes JMP 0000000077d80330
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2176] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c201b0 5 bytes JMP 0000000077d80410
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2176] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c201e0 5 bytes JMP 0000000077d80240
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2176] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c204a0 5 bytes JMP 0000000077d801e0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2176] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c20560 5 bytes JMP 0000000077d80250
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2176] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c20590 5 bytes JMP 0000000077d80490
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2176] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c205a0 5 bytes JMP 0000000077d804a0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c205d0 5 bytes JMP 0000000077d80300
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c205e0 5 bytes JMP 0000000077d80360
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c20640 5 bytes JMP 0000000077d802a0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c20690 5 bytes JMP 0000000077d802c0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c206c0 5 bytes JMP 0000000077d80380
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c206d0 5 bytes JMP 0000000077d80340
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2176] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c209c0 5 bytes JMP 0000000077d80440
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2176] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c20bc0 5 bytes JMP 0000000077d80260
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2176] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c20bd0 5 bytes JMP 0000000077d80270
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2176] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c20be0 5 bytes JMP 0000000077d80400
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2176] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c20da0 5 bytes JMP 0000000077d801f0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2176] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c20db0 5 bytes JMP 0000000077d80210
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2176] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c20e20 5 bytes JMP 0000000077d80200
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2176] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c20e80 5 bytes JMP 0000000077d80420
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2176] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c20e90 5 bytes JMP 0000000077d80430
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2176] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c20ea0 5 bytes JMP 0000000077d80220
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2176] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c20f80 5 bytes JMP 0000000077d80280
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2176] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b0f1fd 1 byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c1f760 5 bytes JMP 0000000077d80460
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c1f7b0 5 bytes JMP 0000000077d80450
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c1f910 5 bytes JMP 0000000077d80370
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c1f960 5 bytes JMP 0000000077d80470
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c1f970 5 bytes JMP 0000000077d803e0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c1fa20 5 bytes JMP 0000000077d80320
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c1fa50 5 bytes JMP 0000000077d803b0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c1fa70 5 bytes JMP 0000000077d80390
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c1fab0 5 bytes JMP 0000000077d802e0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c1fb30 5 bytes JMP 0000000077d802d0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c1fb50 5 bytes JMP 0000000077d80310
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c1fb90 5 bytes JMP 0000000077d803c0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c1fbe0 5 bytes JMP 0000000077d803f0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c1fd40 5 bytes JMP 0000000077d80230
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c1ff00 5 bytes JMP 0000000077d80480
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c1ff30 5 bytes JMP 0000000077d803a0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c20010 5 bytes JMP 0000000077d802f0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c20020 5 bytes JMP 0000000077d80350
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c20080 5 bytes JMP 0000000077d80290
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c20110 5 bytes JMP 0000000077d802b0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c20130 5 bytes JMP 0000000077d803d0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c20140 5 bytes JMP 0000000077d80330
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c201b0 5 bytes JMP 0000000077d80410
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c201e0 5 bytes JMP 0000000077d80240
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c204a0 5 bytes JMP 0000000077d801e0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c20560 5 bytes JMP 0000000077d80250
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c20590 5 bytes JMP 0000000077d80490
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c205a0 5 bytes JMP 0000000077d804a0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c205d0 5 bytes JMP 0000000077d80300
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c205e0 5 bytes JMP 0000000077d80360
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c20640 5 bytes JMP 0000000077d802a0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c20690 5 bytes JMP 0000000077d802c0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c206c0 5 bytes JMP 0000000077d80380
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c206d0 5 bytes JMP 0000000077d80340
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c209c0 5 bytes JMP 0000000077d80440
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c20bc0 5 bytes JMP 0000000077d80260
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c20bd0 5 bytes JMP 0000000077d80270
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c20be0 5 bytes JMP 0000000077d80400
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c20da0 5 bytes JMP 0000000077d801f0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c20db0 5 bytes JMP 0000000077d80210
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c20e20 5 bytes JMP 0000000077d80200
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c20e80 5 bytes JMP 0000000077d80420
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c20e90 5 bytes JMP 0000000077d80430
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c20ea0 5 bytes JMP 0000000077d80220
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c20f80 5 bytes JMP 0000000077d80280
.text C:\Windows\system32\SearchIndexer.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c1f760 5 bytes JMP 0000000077d80460
.text C:\Windows\system32\SearchIndexer.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c1f7b0 5 bytes JMP 0000000077d80450
.text C:\Windows\system32\SearchIndexer.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c1f910 5 bytes JMP 0000000077d80370
.text C:\Windows\system32\SearchIndexer.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c1f960 5 bytes JMP 0000000077d80470
.text C:\Windows\system32\SearchIndexer.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c1f970 5 bytes JMP 0000000077d803e0
.text C:\Windows\system32\SearchIndexer.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c1fa20 5 bytes JMP 0000000077d80320
.text C:\Windows\system32\SearchIndexer.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c1fa50 5 bytes JMP 0000000077d803b0
.text C:\Windows\system32\SearchIndexer.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c1fa70 5 bytes JMP 0000000077d80390
.text C:\Windows\system32\SearchIndexer.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c1fab0 5 bytes JMP 0000000077d802e0
.text C:\Windows\system32\SearchIndexer.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c1fb30 5 bytes JMP 0000000077d802d0
.text C:\Windows\system32\SearchIndexer.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c1fb50 5 bytes JMP 0000000077d80310
.text C:\Windows\system32\SearchIndexer.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c1fb90 5 bytes JMP 0000000077d803c0
.text C:\Windows\system32\SearchIndexer.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c1fbe0 5 bytes JMP 0000000077d803f0
.text C:\Windows\system32\SearchIndexer.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c1fd40 5 bytes JMP 0000000077d80230
.text C:\Windows\system32\SearchIndexer.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c1ff00 5 bytes JMP 0000000077d80480
.text C:\Windows\system32\SearchIndexer.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c1ff30 5 bytes JMP 0000000077d803a0
.text C:\Windows\system32\SearchIndexer.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c20010 5 bytes JMP 0000000077d802f0
.text C:\Windows\system32\SearchIndexer.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c20020 5 bytes JMP 0000000077d80350
.text C:\Windows\system32\SearchIndexer.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c20080 5 bytes JMP 0000000077d80290
.text C:\Windows\system32\SearchIndexer.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c20110 5 bytes JMP 0000000077d802b0
.text C:\Windows\system32\SearchIndexer.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c20130 5 bytes JMP 0000000077d803d0
.text C:\Windows\system32\SearchIndexer.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c20140 5 bytes JMP 0000000077d80330
.text C:\Windows\system32\SearchIndexer.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c201b0 5 bytes JMP 0000000077d80410
.text C:\Windows\system32\SearchIndexer.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c201e0 5 bytes JMP 0000000077d80240
.text C:\Windows\system32\SearchIndexer.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c204a0 5 bytes JMP 0000000077d801e0
.text C:\Windows\system32\SearchIndexer.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c20560 5 bytes JMP 0000000077d80250
.text C:\Windows\system32\SearchIndexer.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c20590 5 bytes JMP 0000000077d80490
.text C:\Windows\system32\SearchIndexer.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c205a0 5 bytes JMP 0000000077d804a0
.text C:\Windows\system32\SearchIndexer.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c205d0 5 bytes JMP 0000000077d80300
.text C:\Windows\system32\SearchIndexer.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c205e0 5 bytes JMP 0000000077d80360
.text C:\Windows\system32\SearchIndexer.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c20640 5 bytes JMP 0000000077d802a0
.text C:\Windows\system32\SearchIndexer.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c20690 5 bytes JMP 0000000077d802c0
.text C:\Windows\system32\SearchIndexer.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c206c0 5 bytes JMP 0000000077d80380
.text C:\Windows\system32\SearchIndexer.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c206d0 5 bytes JMP 0000000077d80340
.text C:\Windows\system32\SearchIndexer.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c209c0 5 bytes JMP 0000000077d80440
.text C:\Windows\system32\SearchIndexer.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c20bc0 5 bytes JMP 0000000077d80260
.text C:\Windows\system32\SearchIndexer.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c20bd0 5 bytes JMP 0000000077d80270
.text C:\Windows\system32\SearchIndexer.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c20be0 5 bytes JMP 0000000077d80400
.text C:\Windows\system32\SearchIndexer.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c20da0 5 bytes JMP 0000000077d801f0
.text C:\Windows\system32\SearchIndexer.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c20db0 5 bytes JMP 0000000077d80210
.text C:\Windows\system32\SearchIndexer.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c20e20 5 bytes JMP 0000000077d80200
.text C:\Windows\system32\SearchIndexer.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c20e80 5 bytes JMP 0000000077d80420
.text C:\Windows\system32\SearchIndexer.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c20e90 5 bytes JMP 0000000077d80430
.text C:\Windows\system32\SearchIndexer.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c20ea0 5 bytes JMP 0000000077d80220
.text C:\Windows\system32\SearchIndexer.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c20f80 5 bytes JMP 0000000077d80280
.text C:\Windows\system32\SearchIndexer.exe[3080] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b0f1fd 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c1f760 5 bytes JMP 0000000077d80460
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c1f7b0 5 bytes JMP 0000000077d80450
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c1f910 5 bytes JMP 0000000077d80370
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c1f960 5 bytes JMP 0000000077d80470
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c1f970 5 bytes JMP 0000000077d803e0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c1fa20 5 bytes JMP 0000000077d80320
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c1fa50 5 bytes JMP 0000000077d803b0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c1fa70 5 bytes JMP 0000000077d80390
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c1fab0 5 bytes JMP 0000000077d802e0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c1fb30 5 bytes JMP 0000000077d802d0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c1fb50 5 bytes JMP 0000000077d80310
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c1fb90 5 bytes JMP 0000000077d803c0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c1fbe0 5 bytes JMP 0000000077d803f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c1fd40 5 bytes JMP 0000000077d80230
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c1ff00 5 bytes JMP 0000000077d80480
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c1ff30 5 bytes JMP 0000000077d803a0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c20010 5 bytes JMP 0000000077d802f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c20020 5 bytes JMP 0000000077d80350
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c20080 5 bytes JMP 0000000077d80290
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c20110 5 bytes JMP 0000000077d802b0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c20130 5 bytes JMP 0000000077d803d0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c20140 5 bytes JMP 0000000077d80330
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c201b0 5 bytes JMP 0000000077d80410
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c201e0 5 bytes JMP 0000000077d80240
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c204a0 5 bytes JMP 0000000077d801e0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c20560 5 bytes JMP 0000000077d80250
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c20590 5 bytes JMP 0000000077d80490
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c205a0 5 bytes JMP 0000000077d804a0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c205d0 5 bytes JMP 0000000077d80300
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c205e0 5 bytes JMP 0000000077d80360
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c20640 5 bytes JMP 0000000077d802a0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c20690 5 bytes JMP 0000000077d802c0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c206c0 5 bytes JMP 0000000077d80380
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c206d0 5 bytes JMP 0000000077d80340
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c209c0 5 bytes JMP 0000000077d80440
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c20bc0 5 bytes JMP 0000000077d80260
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c20bd0 5 bytes JMP 0000000077d80270
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c20be0 5 bytes JMP 0000000077d80400
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c20da0 5 bytes JMP 0000000077d801f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c20db0 5 bytes JMP 0000000077d80210
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c20e20 5 bytes JMP 0000000077d80200
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c20e80 5 bytes JMP 0000000077d80420
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c20e90 5 bytes JMP 0000000077d80430
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c20ea0 5 bytes JMP 0000000077d80220
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c20f80 5 bytes JMP 0000000077d80280
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3204] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b0f1fd 1 byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3436] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b0f1fd 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3776] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007758b0c5 1 byte [62]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4060] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007758b0c5 1 byte [62]
.text C:\Windows\System32\svchost.exe[3876] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b0f1fd 1 byte [62]
|
|
05.12.2013, 20:05
| #7 |
| | Windows 7: Internetseiten öffnen sich langsamCode:
ATTFilter .text C:\Windows\system32\AUDIODG.EXE[4516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c1f760 5 bytes JMP 0000000077d80460
.text C:\Windows\system32\AUDIODG.EXE[4516] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c1f7b0 5 bytes JMP 0000000077d80450
.text C:\Windows\system32\AUDIODG.EXE[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c1f910 5 bytes JMP 0000000077d80370
.text C:\Windows\system32\AUDIODG.EXE[4516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c1f960 5 bytes JMP 0000000077d80470
.text C:\Windows\system32\AUDIODG.EXE[4516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c1f970 5 bytes JMP 0000000077d803e0
.text C:\Windows\system32\AUDIODG.EXE[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c1fa20 5 bytes JMP 0000000077d80320
.text C:\Windows\system32\AUDIODG.EXE[4516] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c1fa50 5 bytes JMP 0000000077d803b0
.text C:\Windows\system32\AUDIODG.EXE[4516] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c1fa70 5 bytes JMP 0000000077d80390
.text C:\Windows\system32\AUDIODG.EXE[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c1fab0 5 bytes JMP 0000000077d802e0
.text C:\Windows\system32\AUDIODG.EXE[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c1fb30 5 bytes JMP 0000000077d802d0
.text C:\Windows\system32\AUDIODG.EXE[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c1fb50 5 bytes JMP 0000000077d80310
.text C:\Windows\system32\AUDIODG.EXE[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c1fb90 5 bytes JMP 0000000077d803c0
.text C:\Windows\system32\AUDIODG.EXE[4516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c1fbe0 5 bytes JMP 0000000077d803f0
.text C:\Windows\system32\AUDIODG.EXE[4516] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c1fd40 5 bytes JMP 0000000077d80230
.text C:\Windows\system32\AUDIODG.EXE[4516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c1ff00 5 bytes JMP 0000000077d80480
.text C:\Windows\system32\AUDIODG.EXE[4516] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c1ff30 5 bytes JMP 0000000077d803a0
.text C:\Windows\system32\AUDIODG.EXE[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c20010 5 bytes JMP 0000000077d802f0
.text C:\Windows\system32\AUDIODG.EXE[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c20020 5 bytes JMP 0000000077d80350
.text C:\Windows\system32\AUDIODG.EXE[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c20080 5 bytes JMP 0000000077d80290
.text C:\Windows\system32\AUDIODG.EXE[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c20110 5 bytes JMP 0000000077d802b0
.text C:\Windows\system32\AUDIODG.EXE[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c20130 5 bytes JMP 0000000077d803d0
.text C:\Windows\system32\AUDIODG.EXE[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c20140 5 bytes JMP 0000000077d80330
.text C:\Windows\system32\AUDIODG.EXE[4516] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c201b0 5 bytes JMP 0000000077d80410
.text C:\Windows\system32\AUDIODG.EXE[4516] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c201e0 5 bytes JMP 0000000077d80240
.text C:\Windows\system32\AUDIODG.EXE[4516] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c204a0 5 bytes JMP 0000000077d801e0
.text C:\Windows\system32\AUDIODG.EXE[4516] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c20560 5 bytes JMP 0000000077d80250
.text C:\Windows\system32\AUDIODG.EXE[4516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c20590 5 bytes JMP 0000000077d80490
.text C:\Windows\system32\AUDIODG.EXE[4516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c205a0 5 bytes JMP 0000000077d804a0
.text C:\Windows\system32\AUDIODG.EXE[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c205d0 5 bytes JMP 0000000077d80300
.text C:\Windows\system32\AUDIODG.EXE[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c205e0 5 bytes JMP 0000000077d80360
.text C:\Windows\system32\AUDIODG.EXE[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c20640 5 bytes JMP 0000000077d802a0
.text C:\Windows\system32\AUDIODG.EXE[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c20690 5 bytes JMP 0000000077d802c0
.text C:\Windows\system32\AUDIODG.EXE[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c206c0 5 bytes JMP 0000000077d80380
.text C:\Windows\system32\AUDIODG.EXE[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c206d0 5 bytes JMP 0000000077d80340
.text C:\Windows\system32\AUDIODG.EXE[4516] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c209c0 5 bytes JMP 0000000077d80440
.text C:\Windows\system32\AUDIODG.EXE[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c20bc0 5 bytes JMP 0000000077d80260
.text C:\Windows\system32\AUDIODG.EXE[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c20bd0 5 bytes JMP 0000000077d80270
.text C:\Windows\system32\AUDIODG.EXE[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c20be0 5 bytes JMP 0000000077d80400
.text C:\Windows\system32\AUDIODG.EXE[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c20da0 5 bytes JMP 0000000077d801f0
.text C:\Windows\system32\AUDIODG.EXE[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c20db0 5 bytes JMP 0000000077d80210
.text C:\Windows\system32\AUDIODG.EXE[4516] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c20e20 5 bytes JMP 0000000077d80200
.text C:\Windows\system32\AUDIODG.EXE[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c20e80 5 bytes JMP 0000000077d80420
.text C:\Windows\system32\AUDIODG.EXE[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c20e90 5 bytes JMP 0000000077d80430
.text C:\Windows\system32\AUDIODG.EXE[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c20ea0 5 bytes JMP 0000000077d80220
.text C:\Windows\system32\AUDIODG.EXE[4516] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c20f80 5 bytes JMP 0000000077d80280
.text C:\Windows\system32\AUDIODG.EXE[4516] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 0000000077b0f1fd 1 byte [62]
.text C:\Windows\system32\taskhost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c1f760 5 bytes JMP 0000000077d80460
.text C:\Windows\system32\taskhost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c1f7b0 5 bytes JMP 0000000077d80450
.text C:\Windows\system32\taskhost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c1f910 5 bytes JMP 0000000077d80370
.text C:\Windows\system32\taskhost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c1f960 5 bytes JMP 0000000077d80470
.text C:\Windows\system32\taskhost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c1f970 5 bytes JMP 0000000077d803e0
.text C:\Windows\system32\taskhost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c1fa20 5 bytes JMP 0000000077d80320
.text C:\Windows\system32\taskhost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c1fa50 5 bytes JMP 0000000077d803b0
.text C:\Windows\system32\taskhost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c1fa70 5 bytes JMP 0000000077d80390
.text C:\Windows\system32\taskhost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c1fab0 5 bytes JMP 0000000077d802e0
.text C:\Windows\system32\taskhost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c1fb30 5 bytes JMP 0000000077d802d0
.text C:\Windows\system32\taskhost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c1fb50 5 bytes JMP 0000000077d80310
.text C:\Windows\system32\taskhost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c1fb90 5 bytes JMP 0000000077d803c0
.text C:\Windows\system32\taskhost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c1fbe0 5 bytes JMP 0000000077d803f0
.text C:\Windows\system32\taskhost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c1fd40 5 bytes JMP 0000000077d80230
.text C:\Windows\system32\taskhost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c1ff00 5 bytes JMP 0000000077d80480
.text C:\Windows\system32\taskhost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c1ff30 5 bytes JMP 0000000077d803a0
.text C:\Windows\system32\taskhost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c20010 5 bytes JMP 0000000077d802f0
.text C:\Windows\system32\taskhost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c20020 5 bytes JMP 0000000077d80350
.text C:\Windows\system32\taskhost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c20080 5 bytes JMP 0000000077d80290
.text C:\Windows\system32\taskhost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c20110 5 bytes JMP 0000000077d802b0
.text C:\Windows\system32\taskhost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c20130 5 bytes JMP 0000000077d803d0
.text C:\Windows\system32\taskhost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c20140 5 bytes JMP 0000000077d80330
.text C:\Windows\system32\taskhost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c201b0 5 bytes JMP 0000000077d80410
.text C:\Windows\system32\taskhost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c201e0 5 bytes JMP 0000000077d80240
.text C:\Windows\system32\taskhost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c204a0 5 bytes JMP 0000000077d801e0
.text C:\Windows\system32\taskhost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c20560 5 bytes JMP 0000000077d80250
.text C:\Windows\system32\taskhost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c20590 5 bytes JMP 0000000077d80490
.text C:\Windows\system32\taskhost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c205a0 5 bytes JMP 0000000077d804a0
.text C:\Windows\system32\taskhost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c205d0 5 bytes JMP 0000000077d80300
.text C:\Windows\system32\taskhost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c205e0 5 bytes JMP 0000000077d80360
.text C:\Windows\system32\taskhost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c20640 5 bytes JMP 0000000077d802a0
.text C:\Windows\system32\taskhost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c20690 5 bytes JMP 0000000077d802c0
.text C:\Windows\system32\taskhost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c206c0 5 bytes JMP 0000000077d80380
.text C:\Windows\system32\taskhost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c206d0 5 bytes JMP 0000000077d80340
.text C:\Windows\system32\taskhost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c209c0 5 bytes JMP 0000000077d80440
.text C:\Windows\system32\taskhost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c20bc0 5 bytes JMP 0000000077d80260
.text C:\Windows\system32\taskhost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c20bd0 5 bytes JMP 0000000077d80270
.text C:\Windows\system32\taskhost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c20be0 5 bytes JMP 0000000077d80400
.text C:\Windows\system32\taskhost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c20da0 5 bytes JMP 0000000077d801f0
.text C:\Windows\system32\taskhost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c20db0 5 bytes JMP 0000000077d80210
.text C:\Windows\system32\taskhost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c20e20 5 bytes JMP 0000000077d80200
.text C:\Windows\system32\taskhost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c20e80 5 bytes JMP 0000000077d80420
.text C:\Windows\system32\taskhost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c20e90 5 bytes JMP 0000000077d80430
.text C:\Windows\system32\taskhost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c20ea0 5 bytes JMP 0000000077d80220
.text C:\Windows\system32\taskhost.exe[4460] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c20f80 5 bytes JMP 0000000077d80280
.text C:\Windows\system32\taskhost.exe[4460] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b0f1fd 1 byte [62]
.text C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe[820] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007758b0c5 1 byte [62]
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[4224] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077b0f1fd 1 byte [62]
.text C:\Windows\SysWOW64\ctfmon.exe[3332] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007758b0c5 1 byte [62]
.text C:\Windows\system32\taskeng.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c1f760 5 bytes JMP 0000000077d80460
.text C:\Windows\system32\taskeng.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c1f7b0 5 bytes JMP 0000000077d80450
.text C:\Windows\system32\taskeng.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c1f910 5 bytes JMP 0000000077d80370
.text C:\Windows\system32\taskeng.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c1f960 5 bytes JMP 0000000077d80470
.text C:\Windows\system32\taskeng.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c1f970 5 bytes JMP 0000000077d803e0
.text C:\Windows\system32\taskeng.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c1fa20 5 bytes JMP 0000000077d80320
.text C:\Windows\system32\taskeng.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c1fa50 5 bytes JMP 0000000077d803b0
.text C:\Windows\system32\taskeng.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c1fa70 5 bytes JMP 0000000077d80390
.text C:\Windows\system32\taskeng.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c1fab0 5 bytes JMP 0000000077d802e0
.text C:\Windows\system32\taskeng.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c1fb30 5 bytes JMP 0000000077d802d0
.text C:\Windows\system32\taskeng.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c1fb50 5 bytes JMP 0000000077d80310
.text C:\Windows\system32\taskeng.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c1fb90 5 bytes JMP 0000000077d803c0
.text C:\Windows\system32\taskeng.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c1fbe0 5 bytes JMP 0000000077d803f0
.text C:\Windows\system32\taskeng.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c1fd40 5 bytes JMP 0000000077d80230
.text C:\Windows\system32\taskeng.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c1ff00 5 bytes JMP 0000000077d80480
.text C:\Windows\system32\taskeng.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c1ff30 5 bytes JMP 0000000077d803a0
.text C:\Windows\system32\taskeng.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c20010 5 bytes JMP 0000000077d802f0
.text C:\Windows\system32\taskeng.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c20020 5 bytes JMP 0000000077d80350
.text C:\Windows\system32\taskeng.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c20080 5 bytes JMP 0000000077d80290
.text C:\Windows\system32\taskeng.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c20110 5 bytes JMP 0000000077d802b0
.text C:\Windows\system32\taskeng.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c20130 5 bytes JMP 0000000077d803d0
.text C:\Windows\system32\taskeng.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c20140 5 bytes JMP 0000000077d80330
.text C:\Windows\system32\taskeng.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c201b0 5 bytes JMP 0000000077d80410
.text C:\Windows\system32\taskeng.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c201e0 5 bytes JMP 0000000077d80240
.text C:\Windows\system32\taskeng.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c204a0 5 bytes JMP 0000000077d801e0
.text C:\Windows\system32\taskeng.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c20560 5 bytes JMP 0000000077d80250
.text C:\Windows\system32\taskeng.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c20590 5 bytes JMP 0000000077d80490
.text C:\Windows\system32\taskeng.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c205a0 5 bytes JMP 0000000077d804a0
.text C:\Windows\system32\taskeng.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c205d0 5 bytes JMP 0000000077d80300
.text C:\Windows\system32\taskeng.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c205e0 5 bytes JMP 0000000077d80360
.text C:\Windows\system32\taskeng.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c20640 5 bytes JMP 0000000077d802a0
.text C:\Windows\system32\taskeng.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c20690 5 bytes JMP 0000000077d802c0
.text C:\Windows\system32\taskeng.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c206c0 5 bytes JMP 0000000077d80380
.text C:\Windows\system32\taskeng.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c206d0 5 bytes JMP 0000000077d80340
.text C:\Windows\system32\taskeng.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c209c0 5 bytes JMP 0000000077d80440
.text C:\Windows\system32\taskeng.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c20bc0 5 bytes JMP 0000000077d80260
.text C:\Windows\system32\taskeng.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c20bd0 5 bytes JMP 0000000077d80270
.text C:\Windows\system32\taskeng.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c20be0 5 bytes JMP 0000000077d80400
.text C:\Windows\system32\taskeng.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c20da0 5 bytes JMP 0000000077d801f0
.text C:\Windows\system32\taskeng.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c20db0 5 bytes JMP 0000000077d80210
.text C:\Windows\system32\taskeng.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c20e20 5 bytes JMP 0000000077d80200
.text C:\Windows\system32\taskeng.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c20e80 5 bytes JMP 0000000077d80420
.text C:\Windows\system32\taskeng.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c20e90 5 bytes JMP 0000000077d80430
.text C:\Windows\system32\taskeng.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c20ea0 5 bytes JMP 0000000077d80220
.text C:\Windows\system32\taskeng.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c20f80 5 bytes JMP 0000000077d80280
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c1f760 5 bytes JMP 0000000077d80460
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c1f7b0 5 bytes JMP 0000000077d80450
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c1f910 5 bytes JMP 0000000077d80370
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c1f960 5 bytes JMP 0000000077d80470
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c1f970 5 bytes JMP 0000000077d803e0
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c1fa20 5 bytes JMP 0000000077d80320
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c1fa50 5 bytes JMP 0000000077d803b0
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c1fa70 5 bytes JMP 0000000077d80390
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c1fab0 5 bytes JMP 0000000077d802e0
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c1fb30 5 bytes JMP 0000000077d802d0
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c1fb50 5 bytes JMP 0000000077d80310
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c1fb90 5 bytes JMP 0000000077d803c0
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c1fbe0 5 bytes JMP 0000000077d803f0
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c1fd40 5 bytes JMP 0000000077d80230
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c1ff00 5 bytes JMP 0000000077d80480
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c1ff30 5 bytes JMP 0000000077d803a0
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c20010 5 bytes JMP 0000000077d802f0
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c20020 5 bytes JMP 0000000077d80350
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c20080 5 bytes JMP 0000000077d80290
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c20110 5 bytes JMP 0000000077d802b0
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c20130 5 bytes JMP 0000000077d803d0
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c20140 5 bytes JMP 0000000077d80330
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c201b0 5 bytes JMP 0000000077d80410
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c201e0 5 bytes JMP 0000000077d80240
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c204a0 5 bytes JMP 0000000077d801e0
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c20560 5 bytes JMP 0000000077d80250
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c20590 5 bytes JMP 0000000077d80490
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c205a0 5 bytes JMP 0000000077d804a0
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c205d0 5 bytes JMP 0000000077d80300
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c205e0 5 bytes JMP 0000000077d80360
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c20640 5 bytes JMP 0000000077d802a0
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c20690 5 bytes JMP 0000000077d802c0
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c206c0 5 bytes JMP 0000000077d80380
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c206d0 5 bytes JMP 0000000077d80340
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c209c0 5 bytes JMP 0000000077d80440
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c20bc0 5 bytes JMP 0000000077d80260
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c20bd0 5 bytes JMP 0000000077d80270
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c20be0 5 bytes JMP 0000000077d80400
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c20da0 5 bytes JMP 0000000077d801f0
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c20db0 5 bytes JMP 0000000077d80210
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c20e20 5 bytes JMP 0000000077d80200
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c20e80 5 bytes JMP 0000000077d80420
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c20e90 5 bytes JMP 0000000077d80430
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c20ea0 5 bytes JMP 0000000077d80220
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3704] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c20f80 5 bytes JMP 0000000077d80280
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3704] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077b0f1fd 1 byte [62]
.text C:\Users\Burak\Downloads\gmer_2.1.19163.exe[3000] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007758b0c5 1 byte [62]
---- Devices - GMER 2.1 ----
Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-7 fffffa80073462c0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 fffffa80073462c0
Device \Driver\atapi \Device\Ide\IdePort0 fffffa80073462c0
Device \Driver\atapi \Device\Ide\IdePort1 fffffa80073462c0
Device \Driver\atapi \Device\Ide\IdePort2 fffffa80073462c0
Device \Driver\atapi \Device\Ide\IdePort3 fffffa80073462c0
Device \Driver\a18b5mvf \Device\Scsi\a18b5mvf1 fffffa800845d2c0
Device \FileSystem\Ntfs \Ntfs fffffa800734a2c0
Device \FileSystem\fastfat \Fat fffffa80071202c0
Device \Driver\dtsoftbus01 \Device\0000007a fffffa8007bf32c0
Device \Driver\usbohci \Device\USBFDO-3 fffffa800840f2c0
Device \Driver\usbehci \Device\USBPDO-5 fffffa80084182c0
Device \Driver\usbohci \Device\USBPDO-1 fffffa800840f2c0
Device \Driver\cdrom \Device\CdRom0 fffffa80081cb2c0
Device \Driver\cdrom \Device\CdRom1 fffffa80081cb2c0
Device \Driver\usbohci \Device\USBFDO-4 fffffa800840f2c0
Device \Driver\usbohci \Device\USBPDO-6 fffffa800840f2c0
Device \Driver\usbehci \Device\USBPDO-2 fffffa80084182c0
Device \Driver\usbohci \Device\USBFDO-0 fffffa800840f2c0
Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl fffffa8007bf32c0
Device \Driver\usbehci \Device\USBFDO-5 fffffa80084182c0
Device \Driver\usbohci \Device\USBFDO-1 fffffa800840f2c0
Device \Driver\usbohci \Device\USBPDO-3 fffffa800840f2c0
Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa80082c82c0
Device \Driver\usbohci \Device\USBFDO-6 fffffa800840f2c0
Device \Driver\usbehci \Device\USBFDO-2 fffffa80084182c0
Device \Driver\atapi \Device\ScsiPort0 fffffa80073462c0
Device \Driver\usbohci \Device\USBPDO-4 fffffa800840f2c0
Device \Driver\atapi \Device\ScsiPort1 fffffa80073462c0
Device \Driver\usbohci \Device\USBPDO-0 fffffa800840f2c0
Device \Driver\atapi \Device\ScsiPort2 fffffa80073462c0
Device \Driver\atapi \Device\ScsiPort3 fffffa80073462c0
Device \Driver\a18b5mvf \Device\ScsiPort4 fffffa800845d2c0
---- Trace I/O - GMER 2.1 ----
Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80073462c0]<< sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys fffffa80073462c0
Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007a14060] fffffa8007a14060
Trace 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa800793c9b0] fffffa800793c9b0
Trace 5 ACPI.sys[fffff88000e0b781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007a09060] fffffa8007a09060
Trace \Driver\atapi[0xfffffa80073da5f0] -> IRP_MJ_CREATE -> 0xfffffa80073462c0 fffffa80073462c0
---- Modules - GMER 2.1 ----
Module \SystemRoot\System32\Drivers\a18b5mvf.SYS fffff88006e00000-fffff88006e4d000 (315392 bytes)
---- Services - GMER 2.1 ----
Service C:\Windows\system32\drivers\aswFsBlk.sys (*** hidden *** ) [AUTO] aswFsBlk <-- ROOTKIT !!!
Service C:\Windows\system32\drivers\aswMonFlt.sys (*** hidden *** ) [AUTO] aswMonFlt <-- ROOTKIT !!!
Service C:\Windows\system32\drivers\aswRdr2.sys (*** hidden *** ) [SYSTEM] aswRdr <-- ROOTKIT !!!
Service C:\Windows\system32\drivers\aswRvrt.sys (*** hidden *** ) [BOOT] aswRvrt <-- ROOTKIT !!!
Service C:\Windows\system32\drivers\aswSnx.sys (*** hidden *** ) [SYSTEM] aswSnx <-- ROOTKIT !!!
Service C:\Windows\system32\drivers\aswSP.sys (*** hidden *** ) [SYSTEM] aswSP <-- ROOTKIT !!!
Service C:\Windows\system32\drivers\aswTdi.sys (*** hidden *** ) [SYSTEM] aswTdi <-- ROOTKIT !!!
Service C:\Windows\system32\drivers\aswVmm.sys (*** hidden *** ) [BOOT] aswVmm <-- ROOTKIT !!!
Service C:\Program Files\AVAST Software\Avast\AvastSvc.exe (*** hidden *** ) [AUTO] avast! Antivirus <-- ROOTKIT !!!
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description Avast! Mini-filter Driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ImagePath \??\C:\Windows\system32\drivers\aswFsBlk.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \??\C:\Windows\system32\drivers\aswRdr2.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName avast! Revert
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 71
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition1\Windows
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 1544696
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1382438094
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1382438094@ Commited
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1382438094@BootTimeout 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1382438094@TickTimeout 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1382438094@CreationTime 0x34 0xB6 0x80 0x59 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1382438094@SetupOperations MoveFile("\??\c:\program files\avast software\avast\ashwebsv.dll.1382438094","\??\c:\program files\avast software\avast\ashwebsv.dll",TRUE)?MoveFile("\??\c:\program files\avast software\avast\ashwebsv.dll.sum.1382438094","\??\c:\program files\avast software\avast\ashwebsv.dll.sum",TRUE)?MoveFile("\??\c:\program files\avast software\avast\avastui.exe.1382438094","\??\c:\program files\avast software\avast\avastui.exe",TRUE)?MoveFile("\??\c:\program files\avast software\avast\avastui.exe.sum.1382438094","\??\c:\program files\avast software\avast\avastui.exe.sum",TRUE)?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1382438094@StartBootCounter 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1382438094@StartTickCounter 15564
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383950116
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383950116@ Commited
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383950116@BootTimeout 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383950116@TickTimeout 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383950116@CreationTime 0xCC 0xA8 0x7A 0xCC ...
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383950116@SetupOperations DeleteFile("\??\c:\program files\avast software\avast\setup\inf\x64\aswsp.sys.1383950116")?DeleteFile("\??\c:\windows\system32\drivers\aswsp.sys.1383950116")?DeleteFile("\??\c:\program files\avast software\avast\setup\inf\x64\aswsp.sys.sum.1383950116")?DeleteFile("\??\c:\program files\avast software\avast\setup\inf\aswsp.inf.1383950116")?DeleteFile("\??\c:\program files\avast software\avast\setup\inf\aswsp.inf.sum.1383950116")?DeleteFile("\??\c:\program files\avast software\avast\setup\inf\aswsp.cat.1383950116")?DeleteFile("\??\c:\program files\avast software\avast\setup\inf\aswsp.cat.sum.1383950116")?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383950116@StartBootCounter 32
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383950116@StartTickCounter 671942
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383950116@LastPackageError -1073741772
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ImagePath \??\C:\Windows\system32\drivers\aswSnx.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ImagePath \??\C:\Windows\system32\drivers\aswSP.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@NoWelcomeScreen 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \??\C:\Program Files
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \??\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName aswTdi
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description aswTdi
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 11
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ImagePath \??\C:\Windows\system32\drivers\aswTdi.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName avast! VM Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 288
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Verwaltet und implementiert die avast! Antivirus Dienste auf diesem Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus Container sowie die Zeitplan.
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0011671c5ddb
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x97 0x2B 0xC8 0x9B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9D 0x80 0xF4 0x8A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x40 0xEF 0xAF 0xA0 ...
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description Avast! Mini-filter Driver
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ImagePath \??\C:\Windows\system32\drivers\aswFsBlk.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \??\C:\Windows\system32\drivers\aswRdr2.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName avast! Revert
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 71
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition1\Windows
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 1544696
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1382438094 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1382438094@ Commited
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1382438094@BootTimeout 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1382438094@TickTimeout 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1382438094@CreationTime 0x34 0xB6 0x80 0x59 ...
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1382438094@SetupOperations MoveFile("\??\c:\program files\avast software\avast\ashwebsv.dll.1382438094","\??\c:\program files\avast software\avast\ashwebsv.dll",TRUE)?MoveFile("\??\c:\program files\avast software\avast\ashwebsv.dll.sum.1382438094","\??\c:\program files\avast software\avast\ashwebsv.dll.sum",TRUE)?MoveFile("\??\c:\program files\avast software\avast\avastui.exe.1382438094","\??\c:\program files\avast software\avast\avastui.exe",TRUE)?MoveFile("\??\c:\program files\avast software\avast\avastui.exe.sum.1382438094","\??\c:\program files\avast software\avast\avastui.exe.sum",TRUE)?
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1382438094@StartBootCounter 2
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1382438094@StartTickCounter 15564
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383950116 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383950116@ Commited
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383950116@BootTimeout 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383950116@TickTimeout 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383950116@CreationTime 0xCC 0xA8 0x7A 0xCC ...
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383950116@SetupOperations DeleteFile("\??\c:\program files\avast software\avast\setup\inf\x64\aswsp.sys.1383950116")?DeleteFile("\??\c:\windows\system32\drivers\aswsp.sys.1383950116")?DeleteFile("\??\c:\program files\avast software\avast\setup\inf\x64\aswsp.sys.sum.1383950116")?DeleteFile("\??\c:\program files\avast software\avast\setup\inf\aswsp.inf.1383950116")?DeleteFile("\??\c:\program files\avast software\avast\setup\inf\aswsp.inf.sum.1383950116")?DeleteFile("\??\c:\program files\avast software\avast\setup\inf\aswsp.cat.1383950116")?DeleteFile("\??\c:\program files\avast software\avast\setup\inf\aswsp.cat.sum.1383950116")?
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383950116@StartBootCounter 32
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383950116@StartTickCounter 671942
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383950116@LastPackageError -1073741772
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ImagePath \??\C:\Windows\system32\drivers\aswSnx.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ImagePath \??\C:\Windows\system32\drivers\aswSP.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 0
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@NoWelcomeScreen 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \??\C:\Program Files
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \??\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName aswTdi
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description aswTdi
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 11
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ImagePath \??\C:\Windows\system32\drivers\aswTdi.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName avast! VM Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 288
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Verwaltet und implementiert die avast! Antivirus Dienste auf diesem Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus Container sowie die Zeitplan.
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0011671c5ddb (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x97 0x2B 0xC8 0x9B ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9D 0x80 0xF4 0x8A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x40 0xEF 0xAF 0xA0 ...
---- EOF - GMER 2.1 ----
|
|
06.12.2013, 10:47
| #8 |
| /// the machine /// TB-Ausbilder | Windows 7: Internetseiten öffnen sich langsam hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.12.2013, 15:04
| #9 |
| | Windows 7: Internetseiten öffnen sich langsamCode:
ATTFilter Combofix Logfile: |
|
07.12.2013, 11:59
| #10 |
| /// the machine /// TB-Ausbilder | Windows 7: Internetseiten öffnen sich langsam Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 7: Internetseiten öffnen sich langsam |
| antiviren, avast, ccleaner, durchgeführt, eingefangen, file, gefangen, geladen, gmer, google, interne, internetseite, internetseiten, internetseiten öffnen sich, knapp, langsam, langsamer, leute, opera, seite, seiten, seiten öffnen sich, speedtest, thread, verbindung, windows, windows 7, öffnen |
Linear-Darstellung
