| |
| |||||||
Log-Analyse und Auswertung: HitmanPro hat ein Trojaner enteckt... Winsysfilter.dllWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
08.01.2014, 21:10
| #1 |
 |  HitmanPro hat ein Trojaner enteckt... Winsysfilter.dll Hallo, aufgrund des SaferSave Virus habe ich heute AntiMalware durchlaufen lassen, die enteckten Schädlinge hab ich gelöscht, Nachher habe ich noch adwcleaner durchlaufen lassen, und auch die hier enteckten Schädlingen entfernen lassen... Danach hab ich den PC mit HitmanPro gescannt und der hat dann ein Trojaner entdeckt, aber wie ich diesen jetzt loswerde hab ich keinen Plan... Außerdem hab ich den Pc noch mit FRST gescannt, und mit GMER.. was mir auch noch auffiel, obwohl ich den SaferSave deinstalliert habe taucht das Addon nach jedem Starten des Google Chrome Browsers wieder auf die LogsFile sind im Anhang ich wäre dankbar für jede Hilfe lg chaaali |
|
08.01.2014, 22:47
| #2 |
| /// the machine /// TB-Ausbilder    | HitmanPro hat ein Trojaner enteckt... Winsysfilter.dll Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
08.01.2014, 22:54
| #3 |
| | HitmanPro hat ein Trojaner enteckt... Winsysfilter.dll Anti-Malwar Logfile:
__________________Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.08.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16750 Charlie :: CHARLIE-VAIO [Administrator] 08.01.2014 15:13:42 mbam-log-2014-01-08 (15-13-42).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|M:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 619014 Laufzeit: 2 Stunde(n), 47 Minute(n), 15 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 25 HKCR\CLSID\{2C805D62-2703-F2E5-DCD4-0239AEA49A03} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C805D62-2703-F2E5-DCD4-0239AEA49A03} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2C805D62-2703-F2E5-DCD4-0239AEA49A03} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C805D62-2703-F2E5-DCD4-0239AEA49A03} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2C805D62-2703-F2E5-DCD4-0239AEA49A03} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{1576E68C-2DA7-962E-2453-0A5827EF7F4C} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1576E68C-2DA7-962E-2453-0A5827EF7F4C} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1576E68C-2DA7-962E-2453-0A5827EF7F4C} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1576E68C-2DA7-962E-2453-0A5827EF7F4C} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1576E68C-2DA7-962E-2453-0A5827EF7F4C} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{77CA3678-3090-C527-7918-27D7B78D4A8E} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77CA3678-3090-C527-7918-27D7B78D4A8E} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{77CA3678-3090-C527-7918-27D7B78D4A8E} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77CA3678-3090-C527-7918-27D7B78D4A8E} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{77CA3678-3090-C527-7918-27D7B78D4A8E} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{E62BCD8F-2460-7E01-529D-3EB6E8EF3C72} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E62BCD8F-2460-7E01-529D-3EB6E8EF3C72} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E62BCD8F-2460-7E01-529D-3EB6E8EF3C72} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E62BCD8F-2460-7E01-529D-3EB6E8EF3C72} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E62BCD8F-2460-7E01-529D-3EB6E8EF3C72} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252} (PUP.Optional.GreatSaver.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{4102A1B4-22BB-A431-A4CF-D6C3E2D7A547} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4102A1B4-22BB-A431-A4CF-D6C3E2D7A547} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{F2B2A7FF-B93B-2F87-4D95-C16E16A6DB01} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F2B2A7FF-B93B-2F87-4D95-C16E16A6DB01} (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 13 C:\ProgramData\SHaoppDRop\H7YuTsJgnw.dll (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\HappY2Save\bGeK_PvhbO.dll (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\CoupExtenesiOn\q.dll (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\SavERExtension\4IPdsdMDGz.dll (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\CoupExtenesiOn\q.x64.dll (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\DealExpreSs\tG8_DB8qO.dll (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\DealExpreSs\tG8_DB8qO.x64.dll (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\HappY2Save\bGeK_PvhbO.x64.dll (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\SavERExtension\4IPdsdMDGz.x64.dll (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\SaverExxtuension\MGEP_.dll (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\SaverExxtuension\MGEP_.x64.dll (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\SHaoppDRop\H7YuTsJgnw.x64.dll (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Charlie\AppData\Local\Temp\bundlesweetimsetup.exe (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter HitmanPro 3.7.8.208
www.hitmanpro.com
Computer name . . . . : CHARLIE-VAIO
Windows . . . . . . . : 6.1.1.7601.X64/4
User name . . . . . . : Charlie-VAIO\Charlie
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2014-01-08 19:47:29
Scan mode . . . . . . : Normal
Scan duration . . . . : 23m 41s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 2
Traces . . . . . . . : 80
Objects scanned . . . : 2.570.799
Files scanned . . . . : 167.435
Remnants scanned . . : 987.981 files / 1.415.383 keys
Malware _____________________________________________________________________
C:\ProgramData\Win sys filter\Winsysfilter.dll
Size . . . . . . . : 4.270.592 bytes
Age . . . . . . . : 8.3 days (2013-12-31 11:26:02)
Entropy . . . . . : 7.1
SHA-256 . . . . . : 2C5B2F2B7090BEFB39AA3CA124CDCEEFB4A758FCD24B10DCB087F75F16A4C16A
> Kaspersky . . . . : HEUR:Trojan.Win32.Generic
Fuzzy . . . . . . : 103.0
Forensic Cluster
-0.0s C:\ProgramData\Win sys filter\
0.0s C:\ProgramData\Win sys filter\Winsysfilter.dll
3.2s C:\ProgramData\Win sys filter\Winsysfilter_x64.dll
3.7s C:\ProgramData\Win sys filter\WinsysfilterSvc.dll
5.0s C:\Windows\Prefetch\DN1EDE.TMP-1E10FACE.pf
6.5s C:\Users\Charlie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I35YJHG6\statusCA6VAPYH.json
C:\Users\Charlie\AppData\Local\Temp\dnE699.tmp
Size . . . . . . . : 4.776.448 bytes
Age . . . . . . . : 8.8 days (2013-12-31 01:09:19)
Entropy . . . . . : 7.9
SHA-256 . . . . . : 14F1F92178661F746D628BF4FE8ECF6ABC5BCE4F8C2504399E952B2CF864F89E
> Bitdefender . . . : Gen:Variant.Kazy.316599
Fuzzy . . . . . . : 114.0
Forensic Cluster
-0.4s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.665.Crwl
0.0s C:\Users\Charlie\AppData\Local\Temp\dnE699.tmp
Cookies _____________________________________________________________________
C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad-emea.doubleclick.net
C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.123-template.com
C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.ad-srv.net
C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com
C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.escinteractive.com
C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserverpub.com
C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising-support.com
C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com
C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Cookies:de.sitestat.com
C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Cookies:eas.apm.emediate.eu
C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Cookies:emjcd.com
C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Cookies:pool-eu-ie.creative-serving.com
C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Cookies:premiumtv.122.2o7.net
C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com
C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Cookies:ww251.smartadserver.com
C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Cookies:www6.smartadserver.com
C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\2OFVBP8F.txt
C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\3LCB7HJV.txt
C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\9ROO2WI0.txt
C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\9YKYZ137.txt
C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\B3UDWRQE.txt
C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\DTELU11K.txt
C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\PAIT0UY3.txt
C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\PQCJP6OM.txt
C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\QV69PBEM.txt
C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\R9L9AQFL.txt
C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\SVDHDMBF.txt
C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\T65DL2E1.txt
C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\TTB8Y5LB.txt
C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Cookies\WBZY9K8I.txt
C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\vz8eyhrb.default\cookies.sqlite:ad.yieldmanager.com
C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\vz8eyhrb.default\cookies.sqlite:ad.zanox.com
C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\vz8eyhrb.default\cookies.sqlite:adtech.de
C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\vz8eyhrb.default\cookies.sqlite:advertising.com
C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\vz8eyhrb.default\cookies.sqlite:apmebf.com
C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\vz8eyhrb.default\cookies.sqlite:atdmt.com
C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\vz8eyhrb.default\cookies.sqlite:doubleclick.net
C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\vz8eyhrb.default\cookies.sqlite:ero-advertising.com
C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\vz8eyhrb.default\cookies.sqlite:invitemedia.com
C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\vz8eyhrb.default\cookies.sqlite:mediaplex.com
C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\vz8eyhrb.default\cookies.sqlite:premiumtv.122.2o7.net
C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\vz8eyhrb.default\cookies.sqlite:revsci.net
C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\vz8eyhrb.default\cookies.sqlite:sexad.net
C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\vz8eyhrb.default\cookies.sqlite:stats.betradar.com
C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\vz8eyhrb.default\cookies.sqlite:statse.webtrendslive.com
C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\vz8eyhrb.default\cookies.sqlite:streamate.doublepimp.com
C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\vz8eyhrb.default\cookies.sqlite:track.adform.net
C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\vz8eyhrb.default\cookies.sqlite:www.etracker.de
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:06 on 08/01/2014 (Charlie)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Log: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-01-2014 01
Ran by Charlie (administrator) on CHARLIE-VAIO on 08-01-2014 20:26:56
Running from C:\Users\Charlie\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
() C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Dropbox, Inc.) C:\Users\Charlie\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Google Inc.) C:\Users\Charlie\AppData\Local\Google\Chrome\Application\chrome.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(Google Inc.) C:\Users\Charlie\AppData\Local\Google\Chrome\Application\chrome.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Google Inc.) C:\Users\Charlie\AppData\Local\Google\Chrome\Application\chrome.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Google Inc.) C:\Users\Charlie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Charlie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Charlie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Charlie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Charlie\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe [518784 2011-03-29] (Conexant Systems, Inc.)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [790176 2011-03-31] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [657056 2011-03-31] (Atheros Commnucations)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [226672 2011-02-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [Cm112Sound] - C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm112.dll,CMICtrlWnd
HKLM\...\Run: [Cm112GX] - C:\Windows\SysWOW64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cm112GX64] - C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [Cm108Sound] - C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2757312 2011-02-15] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-26] (Sony Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-26] (AVAST Software)
HKCU\...\Run: [Google Update] - C:\Users\Charlie\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-08-27] (Google Inc.)
AppInit_DLLs: C:\ProgramData\Win sys filter\Winsysfilter_x64.dll [4539904 2013-12-31] ()
AppInit_DLLs-x32: c:\progra~3\webtect\webtect.dll c:\progra~3\winsys~1\winsys~1.dll [ ] ()
Startup: C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Charlie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE9475A899D9ECE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://startsear.ch/?aff=1&q={searchTerms}
SearchScopes: HKCU - {408B6B9F-154A-48A3-8E6A-92804D1F51B0} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
SearchScopes: HKCU - {7C2F6073-2FC5-43D2-9D96-8840CFA6F129} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-21/4?satitle={searchTerms}
SearchScopes: HKCU - {AC457CC2-2E7A-4F6A-825D-25123C566EF2} URL = hxxp://de.shopping.com/?linkin_id=8056363
BHO: HappY2Save - {1576E68C-2DA7-962E-2453-0A5827EF7F4C} - C:\ProgramData\HappY2Save\bGeK_PvhbO.x64.dll No File
BHO: SHaoppDRop - {2C805D62-2703-F2E5-DCD4-0239AEA49A03} - C:\ProgramData\SHaoppDRop\H7YuTsJgnw.x64.dll No File
BHO: CoupExtenesiOn - {77CA3678-3090-C527-7918-27D7B78D4A8E} - C:\ProgramData\CoupExtenesiOn\q.x64.dll No File
BHO: SavERExtension - {E62BCD8F-2460-7E01-529D-3EB6E8EF3C72} - C:\ProgramData\SavERExtension\4IPdsdMDGz.x64.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\vz8eyhrb.default
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Keyword.URL: user_pref("keyword.URL", "");
FF Homepage: user_pref("browser.startup.homepage", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - M:\Programme\Pdfviewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - M:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - M:\Programme\Pdfviewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - M:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - M:\Programme\WebDivix\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - M:\Programme\WebDivix\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - M:\Programme\Pdfviewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Windows\system32\TVUAx\npTVUAx.dll No File
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - M:\Programme\Pdfviewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Charlie\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Charlie\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Charlie\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Charlie\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF Extension: No Name - C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\vz8eyhrb.default\Extensions\staged
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - M:\Programme\WebDivix\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - M:\Programme\WebDivix\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
Chrome:
=======
CHR HomePage:
CHR RestoreOnStartup: ""
CHR Plugin: (Shockwave Flash) - C:\Users\Charlie\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Charlie\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Charlie\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (PDF-XChange Viewer) - C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (vShare.tv plug-in) - C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U4) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live\u00C3\u0082\u00C2\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Desktop) - C:\Users\Charlie\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Charlie\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Google Update) - C:\Users\Charlie\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (TVU Web Player for FireFox) - C:\Windows\system32\TVUAx\npTVUAx.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - M:\Programme\WebDivix\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - M:\Programme\WebDivix\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (iTunes Application Detector) - M:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Veetle TV Player) - M:\Programme\veetle\Player\npvlc.dll No File
CHR Plugin: (Veetle TV Core) - M:\Programme\veetle\plugins\npVeetle.dll No File
CHR Extension: (AdBlock) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0
CHR Extension: (Google Wallet) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - M:\Programme\WebDivix\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Charlie\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 05837205; C:\Windows\system32\rundll32.exe [45568 2009-07-14] (Microsoft Corporation)
R2 05837205; C:\Windows\SysWow64\rundll32.exe [44544 2009-07-14] (Microsoft Corporation)
R2 25e4f9bf; C:\Windows\system32\rundll32.exe [45568 2009-07-14] (Microsoft Corporation)
R2 25e4f9bf; C:\Windows\SysWow64\rundll32.exe [44544 2009-07-14] (Microsoft Corporation)
R2 5717af3d; C:\Windows\system32\rundll32.exe [45568 2009-07-14] (Microsoft Corporation)
R2 5717af3d; C:\Windows\SysWow64\rundll32.exe [44544 2009-07-14] (Microsoft Corporation)
S2 8ffb8f2d; C:\Windows\system32\rundll32.exe [45568 2009-07-14] (Microsoft Corporation)
S2 8ffb8f2d; C:\Windows\SysWow64\rundll32.exe [44544 2009-07-14] (Microsoft Corporation)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-03-31] (Atheros)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-26] (AVAST Software)
S2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [26600 2013-10-08] (CyberGhost S.R.L)
S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [104096 2011-07-19] (Atheros Communication Inc.)
R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2011-10-03] (Firebird Project)
R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3764224 2011-10-03] (Firebird Project)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; M:\Programme\Microsoft Office 2010\Office14\GROOVE.EXE [50899608 2012-09-20] (Microsoft Corporation)
S3 OpenVPNService; C:\Program Files (x86)\FH-Aachen OpenVPN\bin\openvpnserv.exe [38926 2011-05-20] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-07-29] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-07-29] (Secunia)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1368624 2013-08-01] (Sony Corporation)
S3 w7Svc; C:\Program Files (x86)\webcam 7\wService.exe [4999680 2011-07-27] (Moonware Studios)
==================== Drivers (Whitelisted) ====================
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S3 ASUSU1; C:\Windows\System32\drivers\cm11264.sys [1312256 2010-12-15] (C-Media Electronics Inc)
R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-11-26] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-11-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-11-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-11-26] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2013-11-26] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-11-26] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-07-01] (DT Soft Ltd)
S3 GemCCID; C:\Windows\System32\DRIVERS\GemCCID.sys [129792 2013-04-24] (Gemalto)
R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-01-08] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-08 20:26 - 2014-01-08 20:27 - 00024969 _____ C:\Users\Charlie\Downloads\FRST.txt
2014-01-08 20:26 - 2014-01-08 20:26 - 00000000 ____D C:\FRST
2014-01-08 20:25 - 2014-01-08 20:25 - 01931770 _____ (Farbar) C:\Users\Charlie\Downloads\FRST64.exe
2014-01-08 20:21 - 2014-01-08 20:21 - 00290728 _____ C:\Windows\Minidump\010814-40841-01.dmp
2014-01-08 20:21 - 2014-01-08 20:21 - 00032512 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2014-01-08 20:17 - 2014-01-08 20:17 - 00000000 ____D C:\Users\Charlie\AppData\Local\{97F2033A-87F9-41FB-B554-FDAC6358B2C3}
2014-01-08 20:16 - 2014-01-08 20:16 - 00000406 _____ C:\Windows\system32\.crusader
2014-01-08 20:13 - 2014-01-08 20:13 - 00017780 _____ C:\Users\Charlie\Desktop\HitmanPro_20140108_2013.log
2014-01-08 19:47 - 2014-01-08 19:47 - 00000000 ____D C:\Program Files\HitmanPro
2014-01-08 19:45 - 2014-01-08 20:16 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-08 19:45 - 2014-01-08 19:46 - 10264904 _____ (SurfRight B.V.) C:\Users\Charlie\Downloads\HitmanPro_x64.exe
2014-01-08 19:44 - 2014-01-08 19:45 - 09452704 _____ (SurfRight B.V.) C:\Users\Charlie\Downloads\HitmanPro3.7.8.208.exe
2014-01-08 15:04 - 2014-01-08 15:14 - 00000000 ____D C:\AdwCleaner
2014-01-08 15:04 - 2014-01-08 15:04 - 01233962 _____ C:\Users\Charlie\Downloads\adwcleaner.exe
2014-01-05 13:25 - 2014-01-05 13:27 - 00000000 ____D C:\Users\Charlie\AppData\Local\{2059D271-0CF8-4B5A-823E-56D6BC952300}
2014-01-04 16:00 - 2014-01-04 16:02 - 00000000 ____D C:\Users\Charlie\AppData\Local\{F1A5136E-6AAA-4A48-ABDC-CB9891134841}
2014-01-03 23:40 - 2014-01-03 23:40 - 00000000 ____D C:\Users\Charlie\AppData\Local\{F90FAB0F-B667-492E-89D6-28084726F2F8}
2014-01-03 11:38 - 2014-01-03 11:40 - 00000000 ____D C:\Users\Charlie\AppData\Local\{0E800A4D-405D-4963-8F40-D7134BF0BF07}
2014-01-02 10:38 - 2014-01-02 10:38 - 00000000 ____D C:\Users\Charlie\AppData\Local\{CD978F99-34B2-418D-92D1-B8899C3BA276}
2014-01-01 16:17 - 2014-01-08 19:33 - 00000000 ____D C:\ProgramData\SHaoppDRop
2014-01-01 16:17 - 2014-01-08 19:33 - 00000000 ____D C:\ProgramData\SavERExtension
2014-01-01 16:17 - 2014-01-08 19:33 - 00000000 ____D C:\ProgramData\HappY2Save
2014-01-01 16:17 - 2014-01-01 16:17 - 00000000 ____D C:\ProgramData\phmpmlianadbfifbhfcijdlhgcnfjccn
2014-01-01 16:17 - 2014-01-01 16:17 - 00000000 ____D C:\ProgramData\daedbbfaebjgclnoijiekplilobacoia
2014-01-01 16:17 - 2014-01-01 16:17 - 00000000 ____D C:\ProgramData\bddnngaocglmnfhcpcjmoomohjiobgoo
2014-01-01 16:17 - 2014-01-01 16:17 - 00000000 ____D C:\ProgramData\22542c9f2b1e72fe
2014-01-01 16:16 - 2014-01-08 19:33 - 00000000 ____D C:\ProgramData\SaverExxtuension
2014-01-01 16:16 - 2014-01-08 19:33 - 00000000 ____D C:\ProgramData\DealExpreSs
2014-01-01 16:16 - 2014-01-08 19:33 - 00000000 ____D C:\ProgramData\CoupExtenesiOn
2014-01-01 16:05 - 2014-01-01 16:06 - 00000000 ____D C:\Users\Charlie\AppData\Local\{5DD9B7D8-4BD4-4788-96FA-8385C4ECAAE9}
2014-01-01 16:05 - 2014-01-01 16:05 - 00000000 ____D C:\ProgramData\Browser Enhancer
2013-12-31 13:38 - 2013-12-31 13:38 - 00000000 ____D C:\Users\Charlie\AppData\Local\{779DC68C-497B-4966-AF57-9A257C318056}
2013-12-31 13:18 - 2013-12-31 13:18 - 00000000 ____D C:\ProgramData\Browser faster
2013-12-31 11:26 - 2014-01-08 20:20 - 00000000 ____D C:\ProgramData\Win sys filter
2013-12-31 01:09 - 2013-12-31 01:09 - 00000000 ____D C:\ProgramData\WebTect
2013-12-30 18:46 - 2013-12-30 18:46 - 00000000 ____D C:\Users\Charlie\AppData\Local\{4E2AB506-78A4-44D3-850A-51ED90F674CA}
2013-12-26 00:11 - 2013-12-26 00:12 - 00000000 ____D C:\Users\Charlie\AppData\Local\{848A083E-E5BA-4B32-AA7E-2CC0CF71BE60}
2013-12-24 20:13 - 2014-01-06 22:23 - 00000000 ____D C:\Users\Charlie\AppData\Roaming\ihelper
2013-12-24 19:54 - 2013-12-24 19:55 - 00000000 ____D C:\Users\Charlie\AppData\Local\{5B7B4DC7-F531-4488-A335-8F9F1CA01076}
2013-12-18 08:28 - 2013-12-18 08:28 - 00000000 ____D C:\Users\Charlie\AppData\Local\{D3FAEEC9-0596-42A1-A0ED-3B90A006DFE2}
2013-12-17 15:38 - 2013-12-17 15:38 - 01640448 _____ C:\Users\Charlie\Downloads\371800_Hausubung9_b.fem
2013-12-15 17:14 - 2013-12-15 17:14 - 00000000 ____D C:\Users\Charlie\AppData\Local\{AFEA1299-9DAD-4C77-B85A-DD2173B9E0F0}
2013-12-14 15:10 - 2013-12-16 21:21 - 00000000 ____D C:\Users\Charlie\AppData\Roaming\.ACEStream
2013-12-14 15:09 - 2013-12-15 16:28 - 00000000 ____D C:\Users\Charlie\AppData\Roaming\ACEStream
2013-12-12 17:57 - 2013-12-12 17:57 - 00000000 ____D C:\Users\Charlie\AppData\Roaming\AVAST Software
2013-12-12 13:36 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 13:36 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 13:36 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-12 13:36 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-12 13:34 - 2014-01-06 21:18 - 00029514 _____ C:\Windows\IE11_main.log
2013-12-12 13:33 - 2013-10-25 07:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 13:33 - 2013-10-25 07:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 13:33 - 2013-10-25 07:19 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 13:33 - 2013-10-25 07:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-12 13:33 - 2013-10-25 07:17 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 13:33 - 2013-10-25 07:17 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 13:33 - 2013-10-25 07:17 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-12 13:33 - 2013-10-25 07:17 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 13:33 - 2013-10-25 07:17 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-12 13:33 - 2013-10-25 07:17 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 13:33 - 2013-10-25 07:17 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 13:33 - 2013-10-25 07:17 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 13:33 - 2013-10-25 05:45 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-12 13:33 - 2013-10-25 05:44 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-12 13:33 - 2013-10-25 05:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-12 13:33 - 2013-10-25 05:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-12 13:33 - 2013-10-25 05:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-12 13:33 - 2013-10-25 05:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-12 13:33 - 2013-10-25 05:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-12 13:33 - 2013-10-25 05:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-12 13:33 - 2013-10-25 05:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-12 13:33 - 2013-10-25 05:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-12 13:33 - 2013-10-25 05:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-12 13:33 - 2013-10-25 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 13:33 - 2013-10-25 04:41 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-12 13:33 - 2013-10-25 04:17 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-12 13:33 - 2013-10-25 03:49 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-12 13:32 - 2013-10-25 07:18 - 19271168 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 13:32 - 2013-10-25 07:17 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 13:32 - 2013-10-25 05:44 - 14356992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-12 13:32 - 2013-10-25 05:43 - 13761536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-11 08:59 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 08:59 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 08:59 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 08:59 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 08:59 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 08:59 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 08:59 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 08:59 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 08:59 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 08:59 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 08:59 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 08:59 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 08:59 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 08:59 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 08:59 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 08:59 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-11 08:58 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 08:58 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 08:58 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-10 20:56 - 2013-12-10 20:56 - 00000000 ____D C:\Users\Charlie\AppData\Local\{D6D40D54-5338-4C4D-9571-B3F13089D9CC}
2013-12-10 08:54 - 2013-12-10 08:56 - 00000000 ____D C:\Users\Charlie\AppData\Local\{66ED8E0A-8D23-4A1A-8ED7-5EF04F98519A}
2013-12-09 10:47 - 2013-12-09 10:47 - 00000000 ____D C:\Users\Charlie\AppData\Local\{E1561607-14F8-404D-956F-2982AD0A7D96}
2013-12-09 10:43 - 2013-12-09 10:43 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-09 10:43 - 2013-12-09 10:43 - 00000000 ____D C:\Program Files\iTunes
2013-12-09 10:43 - 2013-12-09 10:43 - 00000000 ____D C:\Program Files\iPod
==================== One Month Modified Files and Folders =======
2014-01-08 20:27 - 2014-01-08 20:26 - 00024969 _____ C:\Users\Charlie\Downloads\FRST.txt
2014-01-08 20:26 - 2014-01-08 20:26 - 00000000 ____D C:\FRST
2014-01-08 20:26 - 2011-07-01 17:45 - 01462751 _____ C:\Windows\WindowsUpdate.log
2014-01-08 20:25 - 2014-01-08 20:25 - 01931770 _____ (Farbar) C:\Users\Charlie\Downloads\FRST64.exe
2014-01-08 20:25 - 2011-11-26 12:18 - 00000000 ____D C:\Users\Charlie\AppData\Roaming\Dropbox
2014-01-08 20:22 - 2011-11-26 12:20 - 00000000 ___RD C:\Users\Charlie\Dropbox
2014-01-08 20:21 - 2014-01-08 20:21 - 00290728 _____ C:\Windows\Minidump\010814-40841-01.dmp
2014-01-08 20:21 - 2014-01-08 20:21 - 00032512 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2014-01-08 20:21 - 2012-11-21 19:38 - 673884333 _____ C:\Windows\MEMORY.DMP
2014-01-08 20:21 - 2012-11-18 12:11 - 00034261 _____ C:\Windows\setupact.log
2014-01-08 20:21 - 2011-07-15 06:59 - 00000000 ____D C:\Windows\Minidump
2014-01-08 20:21 - 2011-05-10 04:36 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-08 20:21 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-08 20:20 - 2013-12-31 11:26 - 00000000 ____D C:\ProgramData\Win sys filter
2014-01-08 20:17 - 2014-01-08 20:17 - 00000000 ____D C:\Users\Charlie\AppData\Local\{97F2033A-87F9-41FB-B554-FDAC6358B2C3}
2014-01-08 20:16 - 2014-01-08 20:16 - 00000406 _____ C:\Windows\system32\.crusader
2014-01-08 20:16 - 2014-01-08 19:45 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-08 20:13 - 2014-01-08 20:13 - 00017780 _____ C:\Users\Charlie\Desktop\HitmanPro_20140108_2013.log
2014-01-08 20:02 - 2011-08-27 13:28 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1747016203-3155398904-578371931-1000UA.job
2014-01-08 19:57 - 2013-09-13 22:17 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-08 19:47 - 2014-01-08 19:47 - 00000000 ____D C:\Program Files\HitmanPro
2014-01-08 19:46 - 2014-01-08 19:45 - 10264904 _____ (SurfRight B.V.) C:\Users\Charlie\Downloads\HitmanPro_x64.exe
2014-01-08 19:45 - 2014-01-08 19:44 - 09452704 _____ (SurfRight B.V.) C:\Users\Charlie\Downloads\HitmanPro3.7.8.208.exe
2014-01-08 19:44 - 2009-07-14 05:45 - 00020928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-08 19:44 - 2009-07-14 05:45 - 00020928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-08 19:35 - 2013-01-11 23:53 - 00050274 _____ C:\Windows\PFRO.log
2014-01-08 19:33 - 2014-01-01 16:17 - 00000000 ____D C:\ProgramData\SHaoppDRop
2014-01-08 19:33 - 2014-01-01 16:17 - 00000000 ____D C:\ProgramData\SavERExtension
2014-01-08 19:33 - 2014-01-01 16:17 - 00000000 ____D C:\ProgramData\HappY2Save
2014-01-08 19:33 - 2014-01-01 16:16 - 00000000 ____D C:\ProgramData\SaverExxtuension
2014-01-08 19:33 - 2014-01-01 16:16 - 00000000 ____D C:\ProgramData\DealExpreSs
2014-01-08 19:33 - 2014-01-01 16:16 - 00000000 ____D C:\ProgramData\CoupExtenesiOn
2014-01-08 19:33 - 2012-10-22 11:07 - 00000660 _____ C:\Windows\Tasks\WebContent AutoUpdate 2012.job
2014-01-08 19:33 - 2011-10-12 17:25 - 00000642 _____ C:\Windows\Tasks\WebContent AutoUpdate 2011.job
2014-01-08 19:33 - 2011-05-10 14:19 - 00697082 _____ C:\Windows\system32\perfh007.dat
2014-01-08 19:33 - 2011-05-10 14:19 - 00148346 _____ C:\Windows\system32\perfc007.dat
2014-01-08 19:33 - 2009-07-14 06:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-08 17:53 - 2011-07-06 23:44 - 00001146 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1747016203-3155398904-578371931-1000UA.job
2014-01-08 15:14 - 2014-01-08 15:04 - 00000000 ____D C:\AdwCleaner
2014-01-08 15:11 - 2012-08-05 03:26 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-08 15:04 - 2014-01-08 15:04 - 01233962 _____ C:\Users\Charlie\Downloads\adwcleaner.exe
2014-01-08 14:30 - 2011-07-01 17:47 - 00000000 ___RD C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-08 14:29 - 2011-11-26 12:19 - 00000000 ____D C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-08 09:16 - 2011-07-06 23:44 - 00001124 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1747016203-3155398904-578371931-1000Core.job
2014-01-08 09:08 - 2012-10-22 11:07 - 00000504 _____ C:\Windows\Tasks\AutoUpdate Allplan 2012.job
2014-01-08 09:08 - 2011-10-12 17:25 - 00000496 _____ C:\Windows\Tasks\Allplan AutoUpdate 2011-1.job
2014-01-08 09:07 - 2011-08-27 13:28 - 00001076 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1747016203-3155398904-578371931-1000Core.job
2014-01-08 09:07 - 2011-07-01 17:52 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2ABB2932-AA29-4351-B409-8136CB98F6A6}
2014-01-06 22:23 - 2013-12-24 20:13 - 00000000 ____D C:\Users\Charlie\AppData\Roaming\ihelper
2014-01-06 21:18 - 2013-12-12 13:34 - 00029514 _____ C:\Windows\IE11_main.log
2014-01-06 00:02 - 2011-07-15 07:39 - 00007446 _____ C:\test.xml
2014-01-05 13:27 - 2014-01-05 13:25 - 00000000 ____D C:\Users\Charlie\AppData\Local\{2059D271-0CF8-4B5A-823E-56D6BC952300}
2014-01-04 16:07 - 2013-08-31 11:25 - 00000000 ____D C:\Users\Charlie\AppData\Roaming\vlc
2014-01-04 16:02 - 2014-01-04 16:00 - 00000000 ____D C:\Users\Charlie\AppData\Local\{F1A5136E-6AAA-4A48-ABDC-CB9891134841}
2014-01-03 23:40 - 2014-01-03 23:40 - 00000000 ____D C:\Users\Charlie\AppData\Local\{F90FAB0F-B667-492E-89D6-28084726F2F8}
2014-01-03 11:40 - 2014-01-03 11:38 - 00000000 ____D C:\Users\Charlie\AppData\Local\{0E800A4D-405D-4963-8F40-D7134BF0BF07}
2014-01-02 10:38 - 2014-01-02 10:38 - 00000000 ____D C:\Users\Charlie\AppData\Local\{CD978F99-34B2-418D-92D1-B8899C3BA276}
2014-01-01 16:17 - 2014-01-01 16:17 - 00000000 ____D C:\ProgramData\phmpmlianadbfifbhfcijdlhgcnfjccn
2014-01-01 16:17 - 2014-01-01 16:17 - 00000000 ____D C:\ProgramData\daedbbfaebjgclnoijiekplilobacoia
2014-01-01 16:17 - 2014-01-01 16:17 - 00000000 ____D C:\ProgramData\bddnngaocglmnfhcpcjmoomohjiobgoo
2014-01-01 16:17 - 2014-01-01 16:17 - 00000000 ____D C:\ProgramData\22542c9f2b1e72fe
2014-01-01 16:06 - 2014-01-01 16:05 - 00000000 ____D C:\Users\Charlie\AppData\Local\{5DD9B7D8-4BD4-4788-96FA-8385C4ECAAE9}
2014-01-01 16:05 - 2014-01-01 16:05 - 00000000 ____D C:\ProgramData\Browser Enhancer
2013-12-31 13:38 - 2013-12-31 13:38 - 00000000 ____D C:\Users\Charlie\AppData\Local\{779DC68C-497B-4966-AF57-9A257C318056}
2013-12-31 13:18 - 2013-12-31 13:18 - 00000000 ____D C:\ProgramData\Browser faster
2013-12-31 01:09 - 2013-12-31 01:09 - 00000000 ____D C:\ProgramData\WebTect
2013-12-30 18:46 - 2013-12-30 18:46 - 00000000 ____D C:\Users\Charlie\AppData\Local\{4E2AB506-78A4-44D3-850A-51ED90F674CA}
2013-12-26 00:12 - 2013-12-26 00:11 - 00000000 ____D C:\Users\Charlie\AppData\Local\{848A083E-E5BA-4B32-AA7E-2CC0CF71BE60}
2013-12-24 19:55 - 2013-12-24 19:54 - 00000000 ____D C:\Users\Charlie\AppData\Local\{5B7B4DC7-F531-4488-A335-8F9F1CA01076}
2013-12-18 09:18 - 2013-11-20 12:38 - 00000000 ____D C:\Users\Charlie\.maplesoft
2013-12-18 08:28 - 2013-12-18 08:28 - 00000000 ____D C:\Users\Charlie\AppData\Local\{D3FAEEC9-0596-42A1-A0ED-3B90A006DFE2}
2013-12-17 15:38 - 2013-12-17 15:38 - 01640448 _____ C:\Users\Charlie\Downloads\371800_Hausubung9_b.fem
2013-12-16 21:21 - 2013-12-14 15:10 - 00000000 ____D C:\Users\Charlie\AppData\Roaming\.ACEStream
2013-12-15 17:14 - 2013-12-15 17:14 - 00000000 ____D C:\Users\Charlie\AppData\Local\{AFEA1299-9DAD-4C77-B85A-DD2173B9E0F0}
2013-12-15 16:28 - 2013-12-14 15:09 - 00000000 ____D C:\Users\Charlie\AppData\Roaming\ACEStream
2013-12-15 13:51 - 2013-09-13 22:17 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-15 13:51 - 2013-03-03 13:07 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-15 13:51 - 2011-07-02 00:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-15 13:31 - 2013-08-22 20:30 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 03:01 - 2011-07-01 19:06 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-14 15:35 - 2011-07-02 00:52 - 00000000 ____D C:\Users\Charlie\AppData\Local\CrashDumps
2013-12-13 12:43 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-13 11:39 - 2011-07-01 17:45 - 00000000 ____D C:\Users\Charlie
2013-12-12 17:57 - 2013-12-12 17:57 - 00000000 ____D C:\Users\Charlie\AppData\Roaming\AVAST Software
2013-12-12 17:56 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-12 17:51 - 2009-07-14 05:45 - 00556072 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-12 13:32 - 2011-07-01 20:19 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-10 20:56 - 2013-12-10 20:56 - 00000000 ____D C:\Users\Charlie\AppData\Local\{D6D40D54-5338-4C4D-9571-B3F13089D9CC}
2013-12-10 17:31 - 2013-11-29 11:06 - 00000000 ____D C:\Users\Charlie\Desktop\FH AACHEN MASTER
2013-12-10 08:57 - 2011-08-27 13:28 - 00004102 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1747016203-3155398904-578371931-1000UA
2013-12-10 08:57 - 2011-08-27 13:28 - 00003706 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1747016203-3155398904-578371931-1000Core
2013-12-10 08:56 - 2013-12-10 08:54 - 00000000 ____D C:\Users\Charlie\AppData\Local\{66ED8E0A-8D23-4A1A-8ED7-5EF04F98519A}
2013-12-09 19:44 - 2012-11-18 19:32 - 00000000 ____D C:\Users\Charlie\Desktop\Bachelorarbeit
2013-12-09 10:47 - 2013-12-09 10:47 - 00000000 ____D C:\Users\Charlie\AppData\Local\{E1561607-14F8-404D-956F-2982AD0A7D96}
2013-12-09 10:43 - 2013-12-09 10:43 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-09 10:43 - 2013-12-09 10:43 - 00000000 ____D C:\Program Files\iTunes
2013-12-09 10:43 - 2013-12-09 10:43 - 00000000 ____D C:\Program Files\iPod
Files to move or delete:
====================
C:\ProgramData\UninstallFrilo.Exe
Some content of TEMP:
====================
C:\Users\Charlie\AppData\Local\Temp\CGVPNPatch_4719.exe
C:\Users\Charlie\AppData\Local\Temp\eydb2udr.dll
C:\Users\Charlie\AppData\Local\Temp\gk2sbqqe.dll
C:\Users\Charlie\AppData\Local\Temp\JavaRa.exe
C:\Users\Charlie\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Charlie\AppData\Local\Temp\jre-7u45-windows-i586.exe
C:\Users\Charlie\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe
C:\Users\Charlie\AppData\Local\Temp\MsgPlusUninstall.exe
C:\Users\Charlie\AppData\Local\Temp\ogsvm7gd.dll
C:\Users\Charlie\AppData\Local\Temp\rmup.exe
C:\Users\Charlie\AppData\Local\Temp\Setup-Foto-Mosaik-Edda.exe
C:\Users\Charlie\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Charlie\AppData\Local\Temp\twbu0-f5.dll
C:\Users\Charlie\AppData\Local\Temp\wusetup.exE
C:\Users\Charlie\AppData\Local\Temp\{35A6AE81-4359-4101-A44B-EAEAECE9B832}-25.0.1364.97_24.0.1312.57_chrome_updater.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-24 14:19
==================== End Of Log ============================
--- --- --- Addition Log: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-01-2014 01
Ran by Charlie at 2014-01-08 20:28:55
Running from C:\Users\Charlie\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
Adobe AIR (x32 Version: 3.8.0.1430 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.8.0.1430 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.8.638 - Adobe Systems, Inc.)
Alps Pointing-device for VAIO (Version: - ALPS ELECTRIC CO., LTD.)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
ArcSoft Magic-i Visual Effects 2 (x32 Version: 2.0.1.142 - ArcSoft)
ArcSoft WebCam Companion 4 (x32 Version: 4.0.21.444 - ArcSoft)
ASUS Xonar U3 Audio (Version: - )
Atheros WiFi Driver Installation (x32 Version: 3.0 - Atheros)
AutoCAD 2012 - Deutsch (Version: 18.2.51.0 - Autodesk)
AutoCAD 2012 - Deutsch (Version: 18.2.51.0 - Autodesk) Hidden
AutoCAD 2012 Language Pack - Deutsch (Version: 18.2.51.0 - Autodesk) Hidden
Autodesk Content Service (x32 Version: 2.0.90 - Autodesk)
Autodesk Inventor Fusion 2012 (Version: 1.0.0.79 - Autodesk, Inc.)
Autodesk Inventor Fusion 2012 (Version: 1.0.0.79 - Autodesk, Inc.) Hidden
Autodesk Inventor Fusion 2012 Language Pack (Version: 1.0.0.79 - Autodesk, Inc.) Hidden
Autodesk Inventor Fusion plug-in for AutoCAD 2012 (Version: 0.0.1.138 - Autodesk)
Autodesk Inventor Fusion Plugin for AutoCAD 2012 (Version: 0.0.1.138 - Autodesk) Hidden
Autodesk Inventor Fusion Plugin Language Pack for AutoCAD 2012 (Version: 0.0.1.138 - Autodesk) Hidden
Autodesk Material Library 2012 (x32 Version: 2.5.0.8 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2012 (x32 Version: 2.5.0.8 - Autodesk)
avast! Free Antivirus (x32 Version: 9.0.2008 - Avast Software)
Bluetooth Win7 Suite (64) (Version: 7.3.0.95 - Atheros Communications)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Browser Enhancer (x32 Version: - Goingo)
Browser faster (x32 Version: - Surfnet)
Canon MG5100 series Benutzerregistrierung (x32 Version: - )
Canon MG5100 series MP Drivers (Version: - )
Canon MP490 series MP Drivers (Version: - )
CCleaner (Version: 3.12 - Piriform)
Conexant HD Audio (Version: 8.54.0.53 - Conexant)
CyberGhost 5 (Version: - CyberGhost S.R.L.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (x32 Version: 4.40.2.0131 - DT Soft Ltd)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (Version: - Microsoft)
Defraggler (Version: 2.08 - Piriform)
DivX-Setup (x32 Version: 2.6.1.9 - DivX, LLC)
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
eDocPrinter PDF Pro 6.83(x64) MSI (Version: 6.83.6171 - ITeksoft Corporation)
eDocPrintPro v3.17.0 (Version: 3.17.0 - MAY-Computer)
Epson Easy Photo Print 2 (x32 Version: 2.1.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (x32 Version: 2.30.00 - SEIKO EPSON Corporation)
EPSON Scan (x32 Version: - )
Epson Stylus SX510W_TX550W Handbuch (x32 Version: - )
EPSON SX510W Series Printer Uninstall (Version: - SEIKO EPSON Corporation)
EpsonNet Setup (x32 Version: 3.1a - SEIKO EPSON CORPORATION)
ESET Online Scanner v3 (x32 Version: - )
ESS Energie Indikator (x32 Version: 2011.0 - Nemetschek Allplan GmbH)
Facebook Messenger 2.1.4814.0 (x32 Version: 2.1.4814.0 - Facebook)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287 - Skype Limited)
FARO LS 1.1.406.58 (x32 Version: 4.6.58.2 - FARO Scanner Production)
FH-Aachen OpenVPN 2.2.0 (x32 Version: 2.2.0 - )
FILSHtray (x32 Version: 0.12 - FILSH Media GmbH)
Firebird 2.5.1.26351 (Win32) (x32 Version: 2.5.1.26351 - Firebird Project)
Foto-Mosaik-Edda Standard V6.8.12318.1 (x32 Version: - Steffen Schirmer)
FreeOCR 3.0 (Version: 3.0 - Free OCR)
FreePDF (Remove only) (x32 Version: - )
Frilo (x32 Version: - )
Frilo Installation (x32 Version: 1.0.0 - Frilo)
Frilo.System.Next (x32 Version: 2.12.11 - Friedrich + Lochner GmbH)
FriloBase (x32 Version: 1.0.0 - Friedrich + Lochner GmbH)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
General Runtime Files for Allplan 2011-1-5 (x32 Version: 1.3.0.0 - Nemetschek Allplan GmbH) Hidden
General Runtime Files for Allplan 2012-1 Release (x32 Version: 1.6.0.0 - Nemetschek Allplan GmbH) Hidden
Google Chrome (HKCU Version: 31.0.1650.63 - Google Inc.)
GPL Ghostscript (Version: 9.04 - Artifex Software Inc.)
gs_x64 (Version: 9.00 - MAY-Computer)
HitmanPro 3.7 (Version: 3.7.8.208 - SurfRight B.V.)
HP Officejet 6500 E710n-z - Grundlegende Software für das Gerät (Version: 28.0.1315.0 - Hewlett-Packard Co.)
iFunbox (v2.0.2103.725), iFunbox DevTeam (x32 Version: v2.0.2103.725 - )
ImgBurn (x32 Version: 2.5.6.0 - LIGHTNING UK!)
InfoCAD Studienversion 13.0a (x32 Version: - InfoGraph GmbH, Kackertstrasse 10, 52072 Aachen, Germany)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 10.0.0.1046 - Intel Corporation)
-isb cad- 2013 Academy (x32 Version: 26.00.0000 - GLASER -isb cad- Programmsysteme GmbH) Hidden
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 25 (64-bit) (Version: 1.7.0.250 - Oracle)
Java(TM) 6 Update 29 (x32 Version: 6.0.290 - Oracle)
Java(TM) SE Development Kit 7 Update 1 (64-bit) (Version: 1.7.0.10 - Oracle)
Java(TM) SE Development Kit 7 Update 3 (64-bit) (Version: 1.7.0.30 - Oracle)
JavaFX 2.0.3 (64-bit) (Version: 2.0.3 - Oracle Corporation)
JavaFX 2.0.3 SDK (64-bit) (Version: 2.0.3 - Oracle Corporation)
JavaFX 2.1.0 (x32 Version: 2.1.0 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Maple 16 (Version: - Maplesoft)
Maple 16 (x32 Version: 16.0.0.0 - Maplesoft)
Media Gallery (Version: 1.5.0.17050 - Your Company Name) Hidden
MediaMonkey 3.2 (x32 Version: 3.2 - Ventis Media Inc.)
Mepla Iso (x32 Version: 1.2.2 - Mepla Software)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (Version: - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Report Viewer Redistributable 2008 (KB971119) (x32 Version: - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 (KB971119) (x32 Version: 9.0.30731 - Microsoft Corporation) Hidden
Microsoft Report Viewer Redistributable 2008 SP1 (x32 Version: - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 SP1 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual Basic Power Packs 3.0 (x32 Version: 9.0.30214 - Microsoft)
Microsoft Visual Basic PowerPacks 10.0 (x32 Version: 10.0.20911 - Microsoft)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 24.0 (x86 en-US) (x32 Version: 24.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 24.0 - Mozilla)
MSI to redistribute MS VS2005 CRT libraries (x32 Version: 8.0.50727.42 - The Firebird Project)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)
Nemetschek Allplan 2011 (x32 Version: 2011.0 - Nemetschek Allplan GmbH)
Nemetschek Allplan 2012 (x32 Version: 2012.0 - Nemetschek Allplan GmbH)
Nemetschek SoftLock 2006 (x32 Version: 1.26.55 - )
Nur Entfernen der CopyTrans Suite möglich (HKCU Version: 2.37 - WindSolutions)
NVIDIA 3D Vision Treiber 269.73 (Version: 269.73 - NVIDIA Corporation)
NVIDIA Grafiktreiber 269.73 (Version: 269.73 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.2.24.0 (Version: 1.2.24.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.265.42.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0507 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.0507 (Version: 9.12.0507 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6973 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 269.73 (Version: 269.73 - NVIDIA Corporation) Hidden
PDF Architect (x32 Version: 1.0.52.8917 - pdfforge)
PDF Blender (x32 Version: - )
PDFCreator (x32 Version: 1.6.2 - pdfforge)
PDF-XChange Viewer (Version: 2.5.199.0 - Tracker Software Products Ltd.)
PMB (x32 Version: 5.5.02.12220 - Sony Corporation)
PMB VAIO Edition Guide (x32 Version: 1.5.00.02250 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (Version: 1.5.10.05300 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (x32 Version: 1.5.00.02250 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (x32 Version: 1.5.10.06150 - Sony Corporation) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PPÖúÊÖ PC°æ 1.1.0.2 (x32 Version: 1.1.0.2 - ¹ãÖÝÌúÈËÍøÂç¿Æ¼¼ÓÐÏÞ¹«Ë¾)
Qualcomm Atheros Direct Connect (x32 Version: 3.0 - Qualcomm Atheros) Hidden
Quick Web Access (x32 Version: 1.4.6.9 - Sony Corporation)
Quick Web Access (x32 Version: 1.4.6.9 - Sony Corporation) Hidden
QuickTime (x32 Version: 7.71.80.42 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek PCIE Card Reader (x32 Version: 6.1.7601.92 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (Version: - )
Remote Keyboard (x32 Version: 1.1.1.07060 - Sony Corporation) Hidden
Remote Play with PlayStation 3 (x32 Version: 1.1.0.15070 - Sony Corporation) Hidden
RuckZuck Student (x32 Version: 6.0.11 - MURSOFT)
Secunia PSI (2.0.0.4002) (x32 Version: - )
Skype™ 6.3 (x32 Version: 6.3.105 - Skype Technologies S.A.)
Sony Corporation (Version: 1.0.0 - Default Company Name) Hidden
SopCast 3.4.0 (x32 Version: 3.4.0 - www.sopcast.com)
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.9.2 (Version: 9.9.2 - )
TeamViewer 8 (x32 Version: 8.0.22298 - TeamViewer)
UltraVnc (Version: 1.0.9.6.1 - uvnc bvba)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 64-Bit Edition (Version: - Microsoft)
USB PnP Sound Device (Version: - )
VAIO - Media Gallery (x32 Version: 1.5.1.17050 - Sony Corporation)
VAIO - PMB VAIO Edition Guide (x32 Version: 1.5.00.02250 - Sony Corporation)
VAIO - PMB VAIO Edition Plug-in (x32 Version: 1.6.10.11160 - Sony Corporation)
VAIO - Remote Play mit PlayStation®3 (x32 Version: 1.1.0.15070 - Sony Corporation)
VAIO - Remote-Tastatur (x32 Version: 1.1.0.07060 - Sony Corporation)
VAIO Care (x32 Version: 6.4.2.11150 - Sony Corporation) Hidden
VAIO Control Center (x32 Version: 4.5.0.03040 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.6.0.13140 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.6.0.13140 - Sony Corporation) Hidden
VAIO Easy Connect (x32 Version: 1.1.2.01120 - Sony Corporation)
VAIO Easy Connect (x32 Version: 1.1.2.01120 - Sony Corporation) Hidden
VAIO Event Service (x32 Version: 5.5.0.03040 - Sony Corporation)
VAIO Gate (x32 Version: 2.4.0.06210 - Sony Corporation)
VAIO Gate Default (x32 Version: 2.4.0.03240 - Sony Corporation)
VAIO Hardware Diagnostics (x32 Version: 4.2.0.14280 - Sony Corporation) Hidden
VAIO Hero Screensaver - Summer 2011 Screensaver (x32 Version: - )
VAIO Improvement (x32 Version: 1.0.0.14150 - Sony Corporation)
VAIO Improvement Validation (Version: 1.0.4.01190 - Sony Corporation)
VAIO Sample Contents (x32 Version: 1.4.2.09010 - Sony Corporation)
VAIO Smart Network (x32 Version: 3.8.1.08270 - Sony Corporation)
VAIO Update (x32 Version: 6.3.0.08010 - Sony Corporation)
VAIO-Handbuch (x32 Version: 2.0.0.02250 - Sony Corporation)
VAIO-Support für Übertragungen (x32 Version: 1.4.0.14230 - Sony Corporation)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VESx64 (Version: 1.0.0 - Sony Corporation) Hidden
VESx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Virtual DJ - Atomix Productions (x32 Version: - )
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player 2.1.1 (Version: 2.1.1 - VideoLAN)
VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden
VSNx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
webcam 7 (x32 Version: 0.9.9.22 - Moonware Studios)
WebTect (x32 Version: - Succes Stream)
Win sys filter (x32 Version: - Appdev Ltd)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Корпорація Майкрософт) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Корпорация Майкрософт) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Корпорація Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile-Gerätecenter (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 4.01 (32-Bit) (x32 Version: 4.01.0 - win.rar GmbH)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основи Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотоколекція Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Restore Points =========================
14-12-2013 08:36:22 Windows Update
15-12-2013 02:00:15 Windows Update
15-12-2013 15:19:37 Windows Update
16-12-2013 07:55:35 Windows Update
22-12-2013 13:59:14 Windows Update
30-12-2013 17:55:43 Windows Update
01-01-2014 15:05:21 Windows Update
04-01-2014 15:01:13 Windows Update
06-01-2014 20:14:49 Windows Update
==================== Hosts content: ==========================
2009-07-14 03:34 - 2013-06-16 17:22 - 00000081 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {00C76439-EFC1-466F-8DEC-53D714897F33} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2013-08-01] (Sony Corporation)
Task: {0F3405DB-A7DD-4530-9A0F-DCA526AC30A0} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2011-02-16] (Sony Corporation)
Task: {1CA46AD9-19CB-4D14-AFB2-C14B74AAB7EE} - System32\Tasks\Allplan AutoUpdate 2011-1 => C:\Program Files (x86)\Nemetschek\Allplan\Prg\NemDownloadHandler.exe [2012-01-30] (Nemetschek Allplan GmbH)
Task: {210A544D-764A-4DF3-88C7-35BAA13F9161} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1747016203-3155398904-578371931-1000Core => C:\Users\Charlie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-27] (Google Inc.)
Task: {2BEB40A9-C3FC-4F88-93CC-13F8D427342F} - System32\Tasks\WebContent AutoUpdate 2011 => C:\Program Files (x86)\Nemetschek\Allplan\Prg\NemDownloadHandler.exe [2012-01-30] (Nemetschek Allplan GmbH)
Task: {35AAC1E7-0D37-4C4C-90E0-3658545157FF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-11-26] (AVAST Software)
Task: {5A497CC6-D250-47A3-BA55-D6F02952D348} - System32\Tasks\WebContent AutoUpdate 2012 => C:\Program Files (x86)\Nemetschek\Allplan_1\Prg\NemDownloadHandler.exe [2012-03-21] (Nemetschek Allplan GmbH)
Task: {726F6F97-44DD-45CA-A7F6-A2F9DB43873D} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2011-08-01] (Microsoft Corporation)
Task: {74ED0844-1807-465F-8C50-B53E5C7C99BB} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2011-06-21] (Sony Corporation)
Task: {8FC439DD-E29B-4E99-97A6-9B2094BF7F7C} - System32\Tasks\Sony Corporation\VAIO Improvement Validation\VAIO Improvement Validation => C:\Program Files\Sony\VAIO Improvement Validation\viv.exe [2011-01-20] (Sony Corporation)
Task: {9BCDAD67-FDF2-4DE8-A1D3-B8158CA9DB4F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-15] (Adobe Systems Incorporated)
Task: {9D15F457-6214-47ED-B671-9E8518EF366C} - System32\Tasks\AutoUpdate Allplan 2012 => C:\Program Files (x86)\Nemetschek\Allplan_1\Prg\NemDownloadHandler.exe [2012-03-21] (Nemetschek Allplan GmbH)
Task: {A8F4A950-7C02-46C8-9B76-20AEFF15A51B} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-02-15] (Sony Corporation)
Task: {B9759462-045D-4D13-A974-74012A8EAA30} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => C:\Program Files\Sony\VAIO Smart Network\VSNClient
Task: {BD588BF4-14ED-4F1E-881E-05E35BF02FD5} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1747016203-3155398904-578371931-1000Core => C:\Users\Charlie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {C3D4DCFB-7C8F-4375-8FDB-34AF2E57B5DC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C929619F-63D0-4215-9DA6-5DA5A3D8B9A1} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2013-08-01] (Sony Corporation)
Task: {D2BA3FD6-698D-44D5-9A1B-EA1D5CCAF4EC} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2011-06-21] (Sony Corporation)
Task: {D363324A-A57A-450D-B957-77317C3F56AF} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCOneClick.exe [2011-02-16] (Sony Corporation)
Task: {D6387372-4A70-4A75-AE95-F9C467546B43} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1747016203-3155398904-578371931-1000UA => C:\Users\Charlie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-27] (Google Inc.)
Task: {F74BF3CC-C03D-41B9-B61F-55FAE5ED7621} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1747016203-3155398904-578371931-1000UA => C:\Users\Charlie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Allplan AutoUpdate 2011-1.job => C:\Program Files (x86)\Nemetschek\Allplan\prg\NemDownloadHandler.exe
Task: C:\Windows\Tasks\AutoUpdate Allplan 2012.job => C:\Program Files (x86)\Nemetschek\Allplan_1\prg\NemDownloadHandler.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1747016203-3155398904-578371931-1000Core.job => C:\Users\Charlie\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1747016203-3155398904-578371931-1000UA.job => C:\Users\Charlie\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1747016203-3155398904-578371931-1000Core.job => C:\Users\Charlie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1747016203-3155398904-578371931-1000UA.job => C:\Users\Charlie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\WebContent AutoUpdate 2011.job => C:\Program Files (x86)\Nemetschek\Allplan\prg\NemDownloadHandler.exe
Task: C:\Windows\Tasks\WebContent AutoUpdate 2012.job => C:\Program Files (x86)\Nemetschek\Allplan_1\prg\NemDownloadHandler.exe
==================== Loaded Modules (whitelisted) =============
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-07-01 19:57 - 2011-05-28 21:05 - 00164864 _____ () M:\Programme\WinRar\rarext64.dll
2014-01-08 13:41 - 2014-01-08 12:03 - 02153472 _____ () C:\Program Files\AVAST Software\Avast\defs\14010800\algo.dll
2013-12-31 01:09 - 2013-12-31 01:09 - 04140032 _____ () C:\ProgramData\WebTect\WebTect.dll
2013-12-31 13:18 - 2013-12-31 13:18 - 00179024 _____ () C:\ProgramData\Browser faster\BrowserfasterSvc.dll
2013-12-31 13:18 - 2013-12-31 13:18 - 04134912 _____ () C:\ProgramData\Browser faster\Browserfaster.dll
2013-12-31 01:09 - 2013-12-31 01:09 - 00179536 _____ () C:\ProgramData\WebTect\WebTectSvc.dll
2014-01-01 16:05 - 2014-01-01 16:05 - 00177488 _____ () C:\ProgramData\Browser Enhancer\BrowserEnhancerSvc.dll
2014-01-01 16:05 - 2014-01-01 16:05 - 04331520 _____ () C:\ProgramData\Browser Enhancer\BrowserEnhancer.dll
2011-09-27 06:23 - 2011-09-27 06:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 06:22 - 2011-09-27 06:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-05-10 04:41 - 2011-03-05 15:42 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\libcef.dll
2013-11-26 21:32 - 2013-11-26 21:32 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-12-05 11:53 - 2013-12-04 03:47 - 00702416 _____ () C:\Users\Charlie\AppData\Local\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-05 11:53 - 2013-12-04 03:47 - 00099792 _____ () C:\Users\Charlie\AppData\Local\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-05 11:53 - 2013-12-04 03:48 - 04055504 _____ () C:\Users\Charlie\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-05 11:53 - 2013-12-04 03:48 - 00399312 _____ () C:\Users\Charlie\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-05 11:53 - 2013-12-04 03:47 - 01619408 _____ () C:\Users\Charlie\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2011-05-10 04:30 - 2010-09-13 17:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
==================== Faulty Device Manager Devices =============
Name: Microsoft Virtual WiFi Miniport Adapter #2
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/08/2014 08:23:17 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/08/2014 07:37:05 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/08/2014 06:03:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2153
Error: (01/08/2014 06:03:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2153
Error: (01/08/2014 06:03:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/08/2014 06:03:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 998
Error: (01/08/2014 06:03:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 998
Error: (01/08/2014 06:03:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/08/2014 03:10:07 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/08/2014 09:18:33 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1014
System errors:
=============
Error: (01/08/2014 08:23:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HitmanPro 3.7 Crusader (Boot)" wurde mit folgendem dienstspezifischem Fehler beendet: %%0.
Error: (01/08/2014 08:22:29 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "CyberGhost VPN 5 Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/08/2014 08:22:29 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst CyberGhost VPN 5 Client Service erreicht.
Error: (01/08/2014 08:22:28 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (01/08/2014 08:21:19 PM) (Source: BTHUSB) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.
Error: (01/08/2014 08:21:33 PM) (Source: BugCheck) (User: )
Description: 0x0000007e (0xffffffffc0000005, 0x0000000000000000, 0xfffff880031bd8e8, 0xfffff880031bd140)C:\Windows\MEMORY.DMP010814-40841-01
Error: (01/08/2014 08:21:12 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 08.01.2014 um 20:19:11 unerwartet heruntergefahren.
Error: (01/08/2014 07:37:15 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (01/08/2014 07:31:45 PM) (Source: BTHUSB) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.
Error: (01/08/2014 03:10:31 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "CyberGhost VPN 5 Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Microsoft Office Sessions:
=========================
Error: (01/08/2014 08:23:17 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/08/2014 07:37:05 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/08/2014 06:03:10 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2153
Error: (01/08/2014 06:03:10 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2153
Error: (01/08/2014 06:03:10 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/08/2014 06:03:09 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 998
Error: (01/08/2014 06:03:09 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 998
Error: (01/08/2014 06:03:09 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/08/2014 03:10:07 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/08/2014 09:18:33 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1014
CodeIntegrity Errors:
===================================
Date: 2013-02-11 10:41:43.791
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-02-11 10:41:43.664
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-02-11 10:41:39.307
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-02-11 10:41:39.184
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-02-11 10:41:37.014
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-02-11 10:41:36.907
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-11-10 22:02:38.011
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-11-10 22:02:37.997
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 55%
Total physical RAM: 4077.86 MB
Available physical RAM: 1833.54 MB
Total Pagefile: 8153.9 MB
Available Pagefile: 5441.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:291.83 GB) (Free:116.92 GB) NTFS
Drive m: (Volume) (Fixed) (Total:290.73 GB) (Free:274.44 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 99DAAE85)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=292 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=291 GB) - (Type=OF Extended)
==================== End Of Log ============================
|
|
08.01.2014, 22:59
| #4 |
| | HitmanPro hat ein Trojaner enteckt... Winsysfilter.dll gmer log1 Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2014-01-08 20:54:46
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596,17GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Charlie\AppData\Local\Temp\pxdiqkob.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800033f1000 16 bytes [8B, E3, 41, 5F, 41, 5E, 41, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 545 fffff800033f1011 35 bytes {LEA ECX, [RSP+0x70]; CALL 0x3d64f}
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000149940460
.text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000149940450
.text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000149940370
.text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000149940470
.text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 00000001499403e0
.text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000149940320
.text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 00000001499403b0
.text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000149940390
.text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 00000001499402e0
.text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 00000001499402d0
.text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000149940310
.text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 00000001499403c0
.text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 00000001499403f0
.text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000149940230
.text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000149940480
.text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 00000001499403a0
.text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 00000001499402f0
.text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000149940350
.text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000149940290
.text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 00000001499402b0
.text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 00000001499403d0
.text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000149940330
.text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000149940410
.text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000149940240
.text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 00000001499401e0
.text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000149940250
.text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000149940490
.text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 00000001499404a0
.text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000149940300
.text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000149940360
.text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 00000001499402a0
.text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 00000001499402c0
.text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000149940380
.text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000149940340
.text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000149940440
.text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000149940260
.text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000149940270
.text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000149940400
.text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 00000001499401f0
.text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000149940210
.text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000149940200
.text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000149940420
.text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000149940430
.text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000149940220
.text C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000149940280
.text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000076ef0460
.text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000076ef0450
.text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000076ef0370
.text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000076ef0470
.text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 0000000076ef03e0
.text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000076ef0320
.text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 0000000076ef03b0
.text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000076ef0390
.text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 0000000076ef02e0
.text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 0000000076ef02d0
.text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000076ef0310
.text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 0000000076ef03c0
.text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 0000000076ef03f0
.text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000076ef0230
.text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000076ef0480
.text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 0000000076ef03a0
.text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 0000000076ef02f0
.text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000076ef0350
.text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000076ef0290
.text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 0000000076ef02b0
.text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 0000000076ef03d0
.text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000076ef0330
.text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000076ef0410
.text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000076ef0240
.text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 0000000076ef01e0
.text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000076ef0250
.text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000076ef0490
.text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 0000000076ef04a0
.text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000076ef0300
.text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000076ef0360
.text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 0000000076ef02a0
.text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 0000000076ef02c0
.text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000076ef0380
.text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000076ef0340
.text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000076ef0440
.text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000076ef0260
.text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000076ef0270
.text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000076ef0400
.text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 0000000076ef01f0
.text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000076ef0210
.text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000076ef0200
.text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000076ef0420
.text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000076ef0430
.text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000076ef0220
.text C:\Windows\system32\wininit.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000076ef0280
.text C:\Windows\system32\wininit.exe[588] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62]
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000149940460
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000149940450
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000149940370
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000149940470
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 00000001499403e0
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000149940320
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 00000001499403b0
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000149940390
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 00000001499402e0
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 00000001499402d0
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000149940310
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 00000001499403c0
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 00000001499403f0
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000149940230
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000149940480
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 00000001499403a0
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 00000001499402f0
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000149940350
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000149940290
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 00000001499402b0
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 00000001499403d0
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000149940330
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000149940410
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000149940240
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 00000001499401e0
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000149940250
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000149940490
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 00000001499404a0
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000149940300
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000149940360
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 00000001499402a0
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 00000001499402c0
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000149940380
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000149940340
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000149940440
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000149940260
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000149940270
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000149940400
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 00000001499401f0
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000149940210
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000149940200
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000149940420
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000149940430
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000149940220
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000149940280
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000076ef0460
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000076ef0450
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000076ef0370
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000076ef0470
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 0000000076ef03e0
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000076ef0320
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 0000000076ef03b0
Code:
ATTFilter .text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000076ef0390
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 0000000076ef02e0
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 0000000076ef02d0
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000076ef0310
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 0000000076ef03c0
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 0000000076ef03f0
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000076ef0230
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000076ef0480
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 0000000076ef03a0
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 0000000076ef02f0
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000076ef0350
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000076ef0290
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 0000000076ef02b0
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 0000000076ef03d0
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000076ef0330
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000076ef0410
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000076ef0240
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 0000000076ef01e0
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000076ef0250
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000076ef0490
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 0000000076ef04a0
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000076ef0300
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000076ef0360
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 0000000076ef02a0
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 0000000076ef02c0
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000076ef0380
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000076ef0340
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000076ef0440
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000076ef0260
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000076ef0270
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000076ef0400
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 0000000076ef01f0
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000076ef0210
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000076ef0200
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000076ef0420
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000076ef0430
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000076ef0220
.text C:\Windows\system32\services.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000076ef0280
.text C:\Windows\system32\services.exe[656] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62]
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000076ef0460
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000076ef0450
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000076ef0370
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000076ef0470
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 0000000076ef03e0
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000076ef0320
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 0000000076ef03b0
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000076ef0390
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 0000000076ef02e0
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 0000000076ef02d0
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000076ef0310
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 0000000076ef03c0
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 0000000076ef03f0
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000076ef0230
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000076ef0480
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 0000000076ef03a0
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 0000000076ef02f0
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000076ef0350
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000076ef0290
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 0000000076ef02b0
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 0000000076ef03d0
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000076ef0330
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000076ef0410
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000076ef0240
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 0000000076ef01e0
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000076ef0250
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000076ef0490
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 0000000076ef04a0
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000076ef0300
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000076ef0360
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 0000000076ef02a0
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 0000000076ef02c0
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000076ef0380
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000076ef0340
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000076ef0440
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000076ef0260
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000076ef0270
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000076ef0400
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 0000000076ef01f0
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000076ef0210
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000076ef0200
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000076ef0420
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000076ef0430
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000076ef0220
.text C:\Windows\system32\lsass.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000076ef0280
.text C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000076ef0460
.text C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000076ef0450
.text C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000076ef0370
.text C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000076ef0470
.text C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 0000000076ef03e0
.text C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000076ef0320
.text C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 0000000076ef03b0
.text C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000076ef0390
.text C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 0000000076ef02e0
.text C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 0000000076ef02d0
.text C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000076ef0310
.text C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 0000000076ef03c0
.text C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 0000000076ef03f0
.text C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000076ef0230
.text C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000076ef0480
.text C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 0000000076ef03a0
.text C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 0000000076ef02f0
.text C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000076ef0350
.text C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000076ef0290
.text C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 0000000076ef02b0
.text C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 0000000076ef03d0
.text C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000076ef0330
.text C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000076ef0410
.text C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000076ef0240
.text C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 0000000076ef01e0
.text C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000076ef0250
.text C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000076ef0490
.text C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 0000000076ef04a0
.text C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000076ef0300
.text C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000076ef0360
.text C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 0000000076ef02a0
.text C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 0000000076ef02c0
.text C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000076ef0380
.text C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000076ef0340
.text C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000076ef0440
.text C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000076ef0260
.text C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000076ef0270
.text C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000076ef0400
.text C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 0000000076ef01f0
.text C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000076ef0210
.text C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000076ef0200
.text C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000076ef0420
.text C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000076ef0430
.text C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000076ef0220
.text C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000076ef0280
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000076ef0460
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000076ef0450
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000076ef0370
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000076ef0470
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 0000000076ef03e0
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000076ef0320
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 0000000076ef03b0
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000076ef0390
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 0000000076ef02e0
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 0000000076ef02d0
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000076ef0310
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 0000000076ef03c0
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 0000000076ef03f0
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000076ef0230
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000076ef0480
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 0000000076ef03a0
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 0000000076ef02f0
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000076ef0350
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000076ef0290
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 0000000076ef02b0
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 0000000076ef03d0
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000076ef0330
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000076ef0410
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000076ef0240
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 0000000076ef01e0
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000076ef0250
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000076ef0490
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 0000000076ef04a0
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000076ef0300
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000076ef0360
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 0000000076ef02a0
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 0000000076ef02c0
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000076ef0380
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000076ef0340
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000076ef0440
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000076ef0260
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000076ef0270
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000076ef0400
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 0000000076ef01f0
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000076ef0210
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000076ef0200
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000076ef0420
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000076ef0430
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000076ef0220
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000076ef0280
.text C:\Windows\system32\svchost.exe[800] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000076ef0460
.text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000076ef0450
.text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000076ef0370
.text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000076ef0470
.text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 0000000076ef03e0
.text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000076ef0320
.text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 0000000076ef03b0
.text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000076ef0390
.text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 0000000076ef02e0
.text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 0000000076ef02d0
.text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000076ef0310
.text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 0000000076ef03c0
.text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 0000000076ef03f0
.text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000076ef0230
.text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000076ef0480
.text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 0000000076ef03a0
.text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 0000000076ef02f0
.text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000076ef0350
.text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000076ef0290
.text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 0000000076ef02b0
.text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 0000000076ef03d0
.text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000076ef0330
.text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000076ef0410
.text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000076ef0240
.text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 0000000076ef01e0
.text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000076ef0250
.text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000076ef0490
.text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 0000000076ef04a0
.text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000076ef0300
.text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000076ef0360
.text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 0000000076ef02a0
.text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 0000000076ef02c0
.text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000076ef0380
.text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000076ef0340
.text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000076ef0440
.text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000076ef0260
.text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000076ef0270
.text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000076ef0400
.text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 0000000076ef01f0
.text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000076ef0210
.text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000076ef0200
.text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000076ef0420
.text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000076ef0430
.text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000076ef0220
.text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000076ef0280
.text C:\Windows\system32\nvvsvc.exe[884] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000076ef0460
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000076ef0450
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000076ef0370
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000076ef0470
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 0000000076ef03e0
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000076ef0320
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 0000000076ef03b0
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000076ef0390
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 0000000076ef02e0
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 0000000076ef02d0
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000076ef0310
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 0000000076ef03c0
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 0000000076ef03f0
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000076ef0230
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000076ef0480
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 0000000076ef03a0
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 0000000076ef02f0
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000076ef0350
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000076ef0290
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 0000000076ef02b0
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 0000000076ef03d0
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000076ef0330
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000076ef0410
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000076ef0240
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 0000000076ef01e0
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000076ef0250
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000076ef0490
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 0000000076ef04a0
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000076ef0300
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000076ef0360
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 0000000076ef02a0
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 0000000076ef02c0
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000076ef0380
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000076ef0340
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000076ef0440
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000076ef0260
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000076ef0270
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000076ef0400
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 0000000076ef01f0
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000076ef0210
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000076ef0200
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000076ef0420
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000076ef0430
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000076ef0220
.text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000076ef0280
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000076ef0460
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000076ef0450
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000076ef0370
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000076ef0470
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 0000000076ef03e0
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000076ef0320
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 0000000076ef03b0
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000076ef0390
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 0000000076ef02e0
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 0000000076ef02d0
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000076ef0310
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 0000000076ef03c0
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 0000000076ef03f0
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000076ef0230
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000076ef0480
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 0000000076ef03a0
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 0000000076ef02f0
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000076ef0350
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000076ef0290
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 0000000076ef02b0
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 0000000076ef03d0
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000076ef0330
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000076ef0410
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000076ef0240
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 0000000076ef01e0
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000076ef0250
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000076ef0490
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 0000000076ef04a0
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000076ef0300
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000076ef0360
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 0000000076ef02a0
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 0000000076ef02c0
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000076ef0380
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000076ef0340
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000076ef0440
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000076ef0260
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000076ef0270
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000076ef0400
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 0000000076ef01f0
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000076ef0210
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000076ef0200
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000076ef0420
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000076ef0430
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000076ef0220
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000076ef0280
.text C:\Windows\System32\svchost.exe[984] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000100070460
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000100070450
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000100070370
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000100070470
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 00000001000703e0
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000100070320
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 00000001000703b0
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000100070390
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 00000001000702e0
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 00000001000702d0
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000100070310
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 00000001000703c0
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 00000001000703f0
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000100070230
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000100070480
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 00000001000703a0
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 00000001000702f0
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000100070350
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000100070290
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 00000001000702b0
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 00000001000703d0
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000100070330
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000100070410
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000100070240
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 00000001000701e0
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000100070250
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000100070490
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 00000001000704a0
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000100070300
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000100070360
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 00000001000702a0
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 00000001000702c0
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000100070380
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000100070340
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000100070440
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000100070260
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000100070270
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000100070400
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 00000001000701f0
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000100070210
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000100070200
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000100070420
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000100070430
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000100070220
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000100070280
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000100070460
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000100070450
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000100070370
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000100070470
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000100070320
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000100070390
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000100070310
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000100070230
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000100070480
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000100070350
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000100070290
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000100070330
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000100070410
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000100070240
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000100070250
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000100070490
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 00000001000704a0
|
|
08.01.2014, 23:00
| #5 |
| | HitmanPro hat ein Trojaner enteckt... Winsysfilter.dll gmer4 Code:
ATTFilter .text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000100070300
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000100070360
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000100070380
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000100070340
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000100070440
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000100070260
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000100070270
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000100070400
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000100070210
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000100070200
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000100070420
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000100070430
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000100070220
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000100070280
.text C:\Windows\system32\svchost.exe[440] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62]
.text C:\Windows\system32\winlogon.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000076ef0460
.text C:\Windows\system32\winlogon.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000076ef0450
.text C:\Windows\system32\winlogon.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000076ef0370
.text C:\Windows\system32\winlogon.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000076ef0470
.text C:\Windows\system32\winlogon.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 0000000076ef03e0
.text C:\Windows\system32\winlogon.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000076ef0320
.text C:\Windows\system32\winlogon.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 0000000076ef03b0
.text C:\Windows\system32\winlogon.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000076ef0390
.text C:\Windows\system32\winlogon.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 0000000076ef02e0
.text C:\Windows\system32\winlogon.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 0000000076ef02d0
.text C:\Windows\system32\winlogon.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000076ef0310
.text C:\Windows\system32\winlogon.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 0000000076ef03c0
.text C:\Windows\system32\winlogon.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 0000000076ef03f0
.text C:\Windows\system32\winlogon.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000076ef0230
.text C:\Windows\system32\winlogon.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000076ef0480
.text C:\Windows\system32\winlogon.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 0000000076ef03a0
.text C:\Windows\system32\winlogon.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 0000000076ef02f0
.text C:\Windows\system32\winlogon.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000076ef0350
.text C:\Windows\system32\winlogon.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000076ef0290
.text C:\Windows\system32\winlogon.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 0000000076ef02b0
.text C:\Windows\system32\winlogon.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 0000000076ef03d0
.text C:\Windows\system32\winlogon.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000076ef0330
.text C:\Windows\system32\winlogon.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000076ef0410
.text C:\Windows\system32\winlogon.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000076ef0240
.text C:\Windows\system32\winlogon.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 0000000076ef01e0
.text C:\Windows\system32\winlogon.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000076ef0250
.text C:\Windows\system32\winlogon.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000076ef0490
.text C:\Windows\system32\winlogon.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 0000000076ef04a0
.text C:\Windows\system32\winlogon.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000076ef0300
.text C:\Windows\system32\winlogon.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000076ef0360
.text C:\Windows\system32\winlogon.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 0000000076ef02a0
.text C:\Windows\system32\winlogon.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 0000000076ef02c0
.text C:\Windows\system32\winlogon.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000076ef0380
.text C:\Windows\system32\winlogon.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000076ef0340
.text C:\Windows\system32\winlogon.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000076ef0440
.text C:\Windows\system32\winlogon.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000076ef0260
.text C:\Windows\system32\winlogon.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000076ef0270
.text C:\Windows\system32\winlogon.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000076ef0400
.text C:\Windows\system32\winlogon.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 0000000076ef01f0
.text C:\Windows\system32\winlogon.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000076ef0210
.text C:\Windows\system32\winlogon.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000076ef0200
.text C:\Windows\system32\winlogon.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000076ef0420
.text C:\Windows\system32\winlogon.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000076ef0430
.text C:\Windows\system32\winlogon.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000076ef0220
.text C:\Windows\system32\winlogon.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000076ef0280
.text C:\Windows\system32\winlogon.exe[480] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000076ef0460
.text C:\Windows\system32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000076ef0450
.text C:\Windows\system32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000076ef0370
.text C:\Windows\system32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000076ef0470
.text C:\Windows\system32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 0000000076ef03e0
.text C:\Windows\system32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000076ef0320
.text C:\Windows\system32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 0000000076ef03b0
.text C:\Windows\system32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000076ef0390
.text C:\Windows\system32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 0000000076ef02e0
.text C:\Windows\system32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 0000000076ef02d0
.text C:\Windows\system32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000076ef0310
.text C:\Windows\system32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 0000000076ef03c0
.text C:\Windows\system32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 0000000076ef03f0
.text C:\Windows\system32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000076ef0230
.text C:\Windows\system32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000076ef0480
.text C:\Windows\system32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 0000000076ef03a0
.text C:\Windows\system32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 0000000076ef02f0
.text C:\Windows\system32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000076ef0350
.text C:\Windows\system32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000076ef0290
.text C:\Windows\system32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 0000000076ef02b0
.text C:\Windows\system32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 0000000076ef03d0
.text C:\Windows\system32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000076ef0330
.text C:\Windows\system32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000076ef0410
.text C:\Windows\system32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000076ef0240
.text C:\Windows\system32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 0000000076ef01e0
.text C:\Windows\system32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000076ef0250
.text C:\Windows\system32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000076ef0490
.text C:\Windows\system32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 0000000076ef04a0
.text C:\Windows\system32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000076ef0300
.text C:\Windows\system32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000076ef0360
.text C:\Windows\system32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 0000000076ef02a0
.text C:\Windows\system32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 0000000076ef02c0
.text C:\Windows\system32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000076ef0380
.text C:\Windows\system32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000076ef0340
.text C:\Windows\system32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000076ef0440
.text C:\Windows\system32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000076ef0260
.text C:\Windows\system32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000076ef0270
.text C:\Windows\system32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000076ef0400
.text C:\Windows\system32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 0000000076ef01f0
.text C:\Windows\system32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000076ef0210
.text C:\Windows\system32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000076ef0200
.text C:\Windows\system32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000076ef0420
.text C:\Windows\system32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000076ef0430
.text C:\Windows\system32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000076ef0220
.text C:\Windows\system32\svchost.exe[540] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000076ef0280
.text C:\Windows\system32\svchost.exe[540] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000076ef0460
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000076ef0450
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000076ef0370
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000076ef0470
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 0000000076ef03e0
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000076ef0320
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 0000000076ef03b0
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000076ef0390
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 0000000076ef02e0
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 0000000076ef02d0
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000076ef0310
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 0000000076ef03c0
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 0000000076ef03f0
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000076ef0230
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000076ef0480
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 0000000076ef03a0
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 0000000076ef02f0
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000076ef0350
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000076ef0290
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 0000000076ef02b0
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 0000000076ef03d0
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000076ef0330
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000076ef0410
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000076ef0240
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 0000000076ef01e0
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000076ef0250
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000076ef0490
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 0000000076ef04a0
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000076ef0300
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000076ef0360
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 0000000076ef02a0
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 0000000076ef02c0
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000076ef0380
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000076ef0340
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000076ef0440
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000076ef0260
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000076ef0270
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000076ef0400
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 0000000076ef01f0
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000076ef0210
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000076ef0200
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000076ef0420
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000076ef0430
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000076ef0220
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000076ef0280
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1224] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000076ef0460
.text C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000076ef0450
.text C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000076ef0370
.text C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000076ef0470
.text C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 0000000076ef03e0
.text C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000076ef0320
.text C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 0000000076ef03b0
.text C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000076ef0390
.text C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 0000000076ef02e0
.text C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 0000000076ef02d0
.text C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000076ef0310
.text C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 0000000076ef03c0
.text C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 0000000076ef03f0
.text C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000076ef0230
.text C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000076ef0480
.text C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 0000000076ef03a0
.text C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 0000000076ef02f0
.text C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000076ef0350
.text C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000076ef0290
.text C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 0000000076ef02b0
.text C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 0000000076ef03d0
.text C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000076ef0330
.text C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000076ef0410
.text C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000076ef0240
.text C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 0000000076ef01e0
.text C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000076ef0250
.text C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000076ef0490
.text C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 0000000076ef04a0
.text C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000076ef0300
.text C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000076ef0360
.text C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 0000000076ef02a0
.text C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 0000000076ef02c0
.text C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000076ef0380
.text C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000076ef0340
.text C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000076ef0440
.text C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000076ef0260
.text C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000076ef0270
.text C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000076ef0400
.text C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 0000000076ef01f0
.text C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000076ef0210
.text C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000076ef0200
.text C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000076ef0420
.text C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000076ef0430
.text C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000076ef0220
.text C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000076ef0280
.text C:\Windows\system32\nvvsvc.exe[1236] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000076ef0460
.text C:\Windows\system32\svchost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000076ef0450
.text C:\Windows\system32\svchost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000076ef0370
.text C:\Windows\system32\svchost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000076ef0470
.text C:\Windows\system32\svchost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 0000000076ef03e0
.text C:\Windows\system32\svchost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000076ef0320
.text C:\Windows\system32\svchost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 0000000076ef03b0
.text C:\Windows\system32\svchost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000076ef0390
.text C:\Windows\system32\svchost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 0000000076ef02e0
.text C:\Windows\system32\svchost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 0000000076ef02d0
.text C:\Windows\system32\svchost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000076ef0310
.text C:\Windows\system32\svchost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 0000000076ef03c0
.text C:\Windows\system32\svchost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 0000000076ef03f0
.text C:\Windows\system32\svchost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000076ef0230
.text C:\Windows\system32\svchost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000076ef0480
.text C:\Windows\system32\svchost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 0000000076ef03a0
.text C:\Windows\system32\svchost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 0000000076ef02f0
.text C:\Windows\system32\svchost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000076ef0350
.text C:\Windows\system32\svchost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000076ef0290
.text C:\Windows\system32\svchost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 0000000076ef02b0
.text C:\Windows\system32\svchost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 0000000076ef03d0
.text C:\Windows\system32\svchost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000076ef0330
.text C:\Windows\system32\svchost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000076ef0410
.text C:\Windows\system32\svchost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000076ef0240
.text C:\Windows\system32\svchost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 0000000076ef01e0
.text C:\Windows\system32\svchost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000076ef0250
.text C:\Windows\system32\svchost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000076ef0490
.text C:\Windows\system32\svchost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 0000000076ef04a0
.text C:\Windows\system32\svchost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000076ef0300
.text C:\Windows\system32\svchost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000076ef0360
.text C:\Windows\system32\svchost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 0000000076ef02a0
.text C:\Windows\system32\svchost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 0000000076ef02c0
.text C:\Windows\system32\svchost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000076ef0380
.text C:\Windows\system32\svchost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000076ef0340
.text C:\Windows\system32\svchost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000076ef0440
.text C:\Windows\system32\svchost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000076ef0260
.text C:\Windows\system32\svchost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000076ef0270
.text C:\Windows\system32\svchost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000076ef0400
.text C:\Windows\system32\svchost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 0000000076ef01f0
.text C:\Windows\system32\svchost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000076ef0210
.text C:\Windows\system32\svchost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000076ef0200
.text C:\Windows\system32\svchost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000076ef0420
.text C:\Windows\system32\svchost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000076ef0430
.text C:\Windows\system32\svchost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000076ef0220
.text C:\Windows\system32\svchost.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000076ef0280
.text C:\Windows\system32\svchost.exe[1472] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62]
.text C:\Windows\system32\WLANExt.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000076ef0460
.text C:\Windows\system32\WLANExt.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000076ef0450
.text C:\Windows\system32\WLANExt.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000076ef0370
.text C:\Windows\system32\WLANExt.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000076ef0470
.text C:\Windows\system32\WLANExt.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 0000000076ef03e0
.text C:\Windows\system32\WLANExt.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000076ef0320
.text C:\Windows\system32\WLANExt.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 0000000076ef03b0
.text C:\Windows\system32\WLANExt.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000076ef0390
.text C:\Windows\system32\WLANExt.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 0000000076ef02e0
.text C:\Windows\system32\WLANExt.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 0000000076ef02d0
.text C:\Windows\system32\WLANExt.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000076ef0310
.text C:\Windows\system32\WLANExt.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 0000000076ef03c0
.text C:\Windows\system32\WLANExt.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 0000000076ef03f0
.text C:\Windows\system32\WLANExt.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000076ef0230
.text C:\Windows\system32\WLANExt.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000076ef0480
.text C:\Windows\system32\WLANExt.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 0000000076ef03a0
.text C:\Windows\system32\WLANExt.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 0000000076ef02f0
.text C:\Windows\system32\WLANExt.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000076ef0350
.text C:\Windows\system32\WLANExt.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000076ef0290
.text C:\Windows\system32\WLANExt.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 0000000076ef02b0
.text C:\Windows\system32\WLANExt.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 0000000076ef03d0
.text C:\Windows\system32\WLANExt.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000076ef0330
.text C:\Windows\system32\WLANExt.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000076ef0410
.text C:\Windows\system32\WLANExt.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000076ef0240
.text C:\Windows\system32\WLANExt.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 0000000076ef01e0
.text C:\Windows\system32\WLANExt.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000076ef0250
.text C:\Windows\system32\WLANExt.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000076ef0490
.text C:\Windows\system32\WLANExt.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 0000000076ef04a0
.text C:\Windows\system32\WLANExt.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000076ef0300
.text C:\Windows\system32\WLANExt.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000076ef0360
.text C:\Windows\system32\WLANExt.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 0000000076ef02a0
.text C:\Windows\system32\WLANExt.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 0000000076ef02c0
.text C:\Windows\system32\WLANExt.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000076ef0380
.text C:\Windows\system32\WLANExt.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000076ef0340
.text C:\Windows\system32\WLANExt.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000076ef0440
.text C:\Windows\system32\WLANExt.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000076ef0260
.text C:\Windows\system32\WLANExt.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000076ef0270
.text C:\Windows\system32\WLANExt.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000076ef0400
.text C:\Windows\system32\WLANExt.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 0000000076ef01f0
.text C:\Windows\system32\WLANExt.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000076ef0210
.text C:\Windows\system32\WLANExt.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000076ef0200
.text C:\Windows\system32\WLANExt.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000076ef0420
.text C:\Windows\system32\WLANExt.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000076ef0430
.text C:\Windows\system32\WLANExt.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000076ef0220
.text C:\Windows\system32\WLANExt.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000076ef0280
.text C:\Windows\system32\WLANExt.exe[1568] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000076ef0460
.text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000076ef0450
.text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000076ef0370
.text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000076ef0470
.text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 0000000076ef03e0
.text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000076ef0320
.text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 0000000076ef03b0
.text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000076ef0390
.text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 0000000076ef02e0
.text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 0000000076ef02d0
.text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000076ef0310
.text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 0000000076ef03c0
.text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 0000000076ef03f0
.text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000076ef0230
.text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000076ef0480
.text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 0000000076ef03a0
.text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 0000000076ef02f0
.text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000076ef0350
.text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000076ef0290
.text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 0000000076ef02b0
.text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 0000000076ef03d0
.text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000076ef0330
.text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000076ef0410
.text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000076ef0240
.text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 0000000076ef01e0
.text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000076ef0250
.text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000076ef0490
.text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 0000000076ef04a0
.text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000076ef0300
.text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000076ef0360
.text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 0000000076ef02a0
.text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 0000000076ef02c0
.text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000076ef0380
.text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000076ef0340
.text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000076ef0440
.text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000076ef0260
.text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000076ef0270
.text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000076ef0400
.text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 0000000076ef01f0
.text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000076ef0210
.text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000076ef0200
.text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000076ef0420
.text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000076ef0430
.text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000076ef0220
.text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000076ef0280
.text C:\Windows\System32\spoolsv.exe[1724] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000076ef0460
.text C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000076ef0450
.text C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000076ef0370
.text C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000076ef0470
.text C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 0000000076ef03e0
.text C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000076ef0320
.text C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 0000000076ef03b0
.text C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000076ef0390
.text C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 0000000076ef02e0
.text C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 0000000076ef02d0
.text C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000076ef0310
.text C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 0000000076ef03c0
.text C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 0000000076ef03f0
.text C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000076ef0230
.text C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000076ef0480
.text C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 0000000076ef03a0
.text C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 0000000076ef02f0
.text C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000076ef0350
.text C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000076ef0290
.text C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 0000000076ef02b0
.text C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 0000000076ef03d0
.text C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000076ef0330
.text C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000076ef0410
.text C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000076ef0240
.text C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 0000000076ef01e0
.text C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000076ef0250
.text C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000076ef0490
.text C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 0000000076ef04a0
.text C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000076ef0300
.text C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000076ef0360
.text C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 0000000076ef02a0
.text C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 0000000076ef02c0
.text C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000076ef0380
.text C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000076ef0340
.text C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000076ef0440
.text C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000076ef0260
.text C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000076ef0270
.text C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000076ef0400
.text C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 0000000076ef01f0
.text C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000076ef0210
.text C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000076ef0200
.text C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000076ef0420
.text C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000076ef0430
.text C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000076ef0220
.text C:\Windows\system32\svchost.exe[1768] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000076ef0280
.text C:\Windows\system32\svchost.exe[1768] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000076ef0460
.text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000076ef0450
.text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000076ef0370
.text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000076ef0470
.text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 0000000076ef03e0
.text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000076ef0320
.text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 0000000076ef03b0
.text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000076ef0390
.text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 0000000076ef02e0
.text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 0000000076ef02d0
.text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000076ef0310
.text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 0000000076ef03c0
.text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 0000000076ef03f0
.text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000076ef0230
.text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000076ef0480
.text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 0000000076ef03a0
.text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 0000000076ef02f0
.text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000076ef0350
.text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000076ef0290
.text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 0000000076ef02b0
.text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 0000000076ef03d0
.text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000076ef0330
.text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000076ef0410
.text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000076ef0240
.text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 0000000076ef01e0
.text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000076ef0250
.text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000076ef0490
.text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 0000000076ef04a0
.text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000076ef0300
.text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000076ef0360
.text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 0000000076ef02a0
.text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 0000000076ef02c0
.text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000076ef0380
.text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000076ef0340
.text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000076ef0440
.text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000076ef0260
.text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000076ef0270
.text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000076ef0400
.text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 0000000076ef01f0
.text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000076ef0210
.text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000076ef0200
.text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000076ef0420
.text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000076ef0430
.text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000076ef0220
.text C:\Windows\system32\svchost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000076ef0280
.text C:\Windows\system32\svchost.exe[1796] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62]
.text C:\Windows\system32\rundll32.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000100070460
.text C:\Windows\system32\rundll32.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000100070450
.text C:\Windows\system32\rundll32.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000100070370
.text C:\Windows\system32\rundll32.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000100070470
.text C:\Windows\system32\rundll32.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\rundll32.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000100070320
.text C:\Windows\system32\rundll32.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\rundll32.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000100070390
.text C:\Windows\system32\rundll32.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\rundll32.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\rundll32.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000100070310
.text C:\Windows\system32\rundll32.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\rundll32.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\rundll32.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000100070230
.text C:\Windows\system32\rundll32.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000100070480
.text C:\Windows\system32\rundll32.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\rundll32.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\rundll32.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000100070350
.text C:\Windows\system32\rundll32.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000100070290
.text C:\Windows\system32\rundll32.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\rundll32.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\rundll32.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000100070330
.text C:\Windows\system32\rundll32.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000100070410
.text C:\Windows\system32\rundll32.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000100070240
.text C:\Windows\system32\rundll32.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\rundll32.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000100070250
.text C:\Windows\system32\rundll32.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000100070490
.text C:\Windows\system32\rundll32.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\rundll32.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000100070300
.text C:\Windows\system32\rundll32.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000100070360
.text C:\Windows\system32\rundll32.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\rundll32.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\rundll32.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000100070380
.text C:\Windows\system32\rundll32.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000100070340
.text C:\Windows\system32\rundll32.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000100070440
.text C:\Windows\system32\rundll32.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000100070260
.text C:\Windows\system32\rundll32.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000100070270
.text C:\Windows\system32\rundll32.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000100070400
.text C:\Windows\system32\rundll32.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\rundll32.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000100070210
.text C:\Windows\system32\rundll32.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000100070200
.text C:\Windows\system32\rundll32.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000100070420
.text C:\Windows\system32\rundll32.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000100070430
.text C:\Windows\system32\rundll32.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000100070220
.text C:\Windows\system32\rundll32.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000100070280
.text C:\Windows\system32\rundll32.exe[1876] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62]
.text C:\Windows\SysWOW64\rundll32.exe[1904] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000755fa2ba 1 byte [62]
|
|
08.01.2014, 23:02
| #6 |
| | HitmanPro hat ein Trojaner enteckt... Winsysfilter.dll gmer 5 Code:
ATTFilter .text C:\Windows\system32\rundll32.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000076ef0460
.text C:\Windows\system32\rundll32.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000076ef0450
.text C:\Windows\system32\rundll32.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000076ef0370
.text C:\Windows\system32\rundll32.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000076ef0470
.text C:\Windows\system32\rundll32.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 0000000076ef03e0
.text C:\Windows\system32\rundll32.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000076ef0320
.text C:\Windows\system32\rundll32.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 0000000076ef03b0
.text C:\Windows\system32\rundll32.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000076ef0390
.text C:\Windows\system32\rundll32.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 0000000076ef02e0
.text C:\Windows\system32\rundll32.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 0000000076ef02d0
.text C:\Windows\system32\rundll32.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000076ef0310
.text C:\Windows\system32\rundll32.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 0000000076ef03c0
.text C:\Windows\system32\rundll32.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 0000000076ef03f0
.text C:\Windows\system32\rundll32.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000076ef0230
.text C:\Windows\system32\rundll32.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000076ef0480
.text C:\Windows\system32\rundll32.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 0000000076ef03a0
.text C:\Windows\system32\rundll32.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 0000000076ef02f0
.text C:\Windows\system32\rundll32.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000076ef0350
.text C:\Windows\system32\rundll32.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000076ef0290
.text C:\Windows\system32\rundll32.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 0000000076ef02b0
.text C:\Windows\system32\rundll32.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 0000000076ef03d0
.text C:\Windows\system32\rundll32.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000076ef0330
.text C:\Windows\system32\rundll32.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000076ef0410
.text C:\Windows\system32\rundll32.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000076ef0240
.text C:\Windows\system32\rundll32.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 0000000076ef01e0
.text C:\Windows\system32\rundll32.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000076ef0250
.text C:\Windows\system32\rundll32.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000076ef0490
.text C:\Windows\system32\rundll32.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 0000000076ef04a0
.text C:\Windows\system32\rundll32.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000076ef0300
.text C:\Windows\system32\rundll32.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000076ef0360
.text C:\Windows\system32\rundll32.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 0000000076ef02a0
.text C:\Windows\system32\rundll32.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 0000000076ef02c0
.text C:\Windows\system32\rundll32.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000076ef0380
.text C:\Windows\system32\rundll32.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000076ef0340
.text C:\Windows\system32\rundll32.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000076ef0440
.text C:\Windows\system32\rundll32.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000076ef0260
.text C:\Windows\system32\rundll32.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000076ef0270
.text C:\Windows\system32\rundll32.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000076ef0400
.text C:\Windows\system32\rundll32.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 0000000076ef01f0
.text C:\Windows\system32\rundll32.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000076ef0210
.text C:\Windows\system32\rundll32.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000076ef0200
.text C:\Windows\system32\rundll32.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000076ef0420
.text C:\Windows\system32\rundll32.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000076ef0430
.text C:\Windows\system32\rundll32.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000076ef0220
.text C:\Windows\system32\rundll32.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000076ef0280
.text C:\Windows\system32\rundll32.exe[1924] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62]
.text C:\Windows\SysWOW64\rundll32.exe[1932] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000755fa2ba 1 byte [62]
.text C:\Windows\system32\rundll32.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000076ef0460
.text C:\Windows\system32\rundll32.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000076ef0450
.text C:\Windows\system32\rundll32.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000076ef0370
.text C:\Windows\system32\rundll32.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000076ef0470
.text C:\Windows\system32\rundll32.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 0000000076ef03e0
.text C:\Windows\system32\rundll32.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000076ef0320
.text C:\Windows\system32\rundll32.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 0000000076ef03b0
.text C:\Windows\system32\rundll32.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000076ef0390
.text C:\Windows\system32\rundll32.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 0000000076ef02e0
.text C:\Windows\system32\rundll32.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 0000000076ef02d0
.text C:\Windows\system32\rundll32.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000076ef0310
.text C:\Windows\system32\rundll32.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 0000000076ef03c0
.text C:\Windows\system32\rundll32.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 0000000076ef03f0
.text C:\Windows\system32\rundll32.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000076ef0230
.text C:\Windows\system32\rundll32.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000076ef0480
.text C:\Windows\system32\rundll32.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 0000000076ef03a0
.text C:\Windows\system32\rundll32.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 0000000076ef02f0
.text C:\Windows\system32\rundll32.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000076ef0350
.text C:\Windows\system32\rundll32.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000076ef0290
.text C:\Windows\system32\rundll32.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 0000000076ef02b0
.text C:\Windows\system32\rundll32.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 0000000076ef03d0
.text C:\Windows\system32\rundll32.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000076ef0330
.text C:\Windows\system32\rundll32.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000076ef0410
.text C:\Windows\system32\rundll32.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000076ef0240
.text C:\Windows\system32\rundll32.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 0000000076ef01e0
.text C:\Windows\system32\rundll32.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000076ef0250
.text C:\Windows\system32\rundll32.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000076ef0490
.text C:\Windows\system32\rundll32.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 0000000076ef04a0
.text C:\Windows\system32\rundll32.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000076ef0300
.text C:\Windows\system32\rundll32.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000076ef0360
.text C:\Windows\system32\rundll32.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 0000000076ef02a0
.text C:\Windows\system32\rundll32.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 0000000076ef02c0
.text C:\Windows\system32\rundll32.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000076ef0380
.text C:\Windows\system32\rundll32.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000076ef0340
.text C:\Windows\system32\rundll32.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000076ef0440
.text C:\Windows\system32\rundll32.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000076ef0260
.text C:\Windows\system32\rundll32.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000076ef0270
.text C:\Windows\system32\rundll32.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000076ef0400
.text C:\Windows\system32\rundll32.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 0000000076ef01f0
.text C:\Windows\system32\rundll32.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000076ef0210
.text C:\Windows\system32\rundll32.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000076ef0200
.text C:\Windows\system32\rundll32.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000076ef0420
.text C:\Windows\system32\rundll32.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000076ef0430
.text C:\Windows\system32\rundll32.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000076ef0220
.text C:\Windows\system32\rundll32.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000076ef0280
.text C:\Windows\system32\rundll32.exe[1952] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62]
.text C:\Windows\SysWOW64\rundll32.exe[1960] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000755fa2ba 1 byte [62]
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2008] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000755fa2ba 1 byte [62]
.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2032] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000755fa2ba 1 byte [62]
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000076ef0460
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000076ef0450
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000076ef0370
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000076ef0470
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 0000000076ef03e0
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000076ef0320
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 0000000076ef03b0
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000076ef0390
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 0000000076ef02e0
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 0000000076ef02d0
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000076ef0310
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 0000000076ef03c0
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 0000000076ef03f0
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000076ef0230
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000076ef0480
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 0000000076ef03a0
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 0000000076ef02f0
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000076ef0350
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000076ef0290
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 0000000076ef02b0
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 0000000076ef03d0
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000076ef0330
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000076ef0410
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000076ef0240
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 0000000076ef01e0
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000076ef0250
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000076ef0490
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 0000000076ef04a0
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000076ef0300
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000076ef0360
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 0000000076ef02a0
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 0000000076ef02c0
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000076ef0380
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000076ef0340
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000076ef0440
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000076ef0260
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000076ef0270
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000076ef0400
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 0000000076ef01f0
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000076ef0210
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000076ef0200
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000076ef0420
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000076ef0430
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000076ef0220
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000076ef0280
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1184] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62]
.text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1424] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000755fa2ba 1 byte [62]
.text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075811465 2 bytes [81, 75]
.text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758114bb 2 bytes [81, 75]
.text ... * 2
.text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000076ef0460
.text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000076ef0450
.text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000076ef0370
.text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000076ef0470
.text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 0000000076ef03e0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000076ef0320
.text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 0000000076ef03b0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000076ef0390
.text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 0000000076ef02e0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 0000000076ef02d0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000076ef0310
.text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 0000000076ef03c0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 0000000076ef03f0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000076ef0230
.text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000076ef0480
.text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 0000000076ef03a0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 0000000076ef02f0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000076ef0350
.text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000076ef0290
.text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 0000000076ef02b0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 0000000076ef03d0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000076ef0330
.text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000076ef0410
.text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000076ef0240
.text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 0000000076ef01e0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000076ef0250
.text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000076ef0490
.text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 0000000076ef04a0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000076ef0300
.text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000076ef0360
.text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 0000000076ef02a0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 0000000076ef02c0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000076ef0380
.text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000076ef0340
.text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000076ef0440
.text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000076ef0260
.text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000076ef0270
.text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000076ef0400
.text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 0000000076ef01f0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000076ef0210
.text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000076ef0200
.text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000076ef0420
.text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000076ef0430
.text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000076ef0220
.text C:\Program Files\Bonjour\mDNSResponder.exe[2056] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000076ef0280
.text C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe[2196] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000755fa2ba 1 byte [62]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[2232] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000755fa2ba 1 byte [62]
.text C:\Program Files (x86)\PDF Architect\HelperService.exe[2296] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000755fa2ba 1 byte [62]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2528] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000755fa2ba 1 byte [62]
.text C:\Windows\system32\Dwm.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000076ef0460
.text C:\Windows\system32\Dwm.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000076ef0450
.text C:\Windows\system32\Dwm.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000076ef0370
.text C:\Windows\system32\Dwm.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000076ef0470
.text C:\Windows\system32\Dwm.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 0000000076ef03e0
.text C:\Windows\system32\Dwm.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000076ef0320
.text C:\Windows\system32\Dwm.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 0000000076ef03b0
.text C:\Windows\system32\Dwm.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000076ef0390
.text C:\Windows\system32\Dwm.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 0000000076ef02e0
.text C:\Windows\system32\Dwm.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 0000000076ef02d0
.text C:\Windows\system32\Dwm.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000076ef0310
.text C:\Windows\system32\Dwm.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 0000000076ef03c0
.text C:\Windows\system32\Dwm.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 0000000076ef03f0
.text C:\Windows\system32\Dwm.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000076ef0230
.text C:\Windows\system32\Dwm.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000076ef0480
.text C:\Windows\system32\Dwm.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 0000000076ef03a0
.text C:\Windows\system32\Dwm.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 0000000076ef02f0
.text C:\Windows\system32\Dwm.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000076ef0350
.text C:\Windows\system32\Dwm.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000076ef0290
.text C:\Windows\system32\Dwm.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 0000000076ef02b0
.text C:\Windows\system32\Dwm.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 0000000076ef03d0
.text C:\Windows\system32\Dwm.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000076ef0330
.text C:\Windows\system32\Dwm.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000076ef0410
.text C:\Windows\system32\Dwm.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000076ef0240
.text C:\Windows\system32\Dwm.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 0000000076ef01e0
.text C:\Windows\system32\Dwm.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000076ef0250
.text C:\Windows\system32\Dwm.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000076ef0490
.text C:\Windows\system32\Dwm.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 0000000076ef04a0
.text C:\Windows\system32\Dwm.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000076ef0300
.text C:\Windows\system32\Dwm.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000076ef0360
.text C:\Windows\system32\Dwm.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 0000000076ef02a0
.text C:\Windows\system32\Dwm.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 0000000076ef02c0
.text C:\Windows\system32\Dwm.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000076ef0380
.text C:\Windows\system32\Dwm.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000076ef0340
.text C:\Windows\system32\Dwm.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000076ef0440
.text C:\Windows\system32\Dwm.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000076ef0260
.text C:\Windows\system32\Dwm.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000076ef0270
.text C:\Windows\system32\Dwm.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000076ef0400
.text C:\Windows\system32\Dwm.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 0000000076ef01f0
.text C:\Windows\system32\Dwm.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000076ef0210
.text C:\Windows\system32\Dwm.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000076ef0200
.text C:\Windows\system32\Dwm.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000076ef0420
.text C:\Windows\system32\Dwm.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000076ef0430
.text C:\Windows\system32\Dwm.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000076ef0220
.text C:\Windows\system32\Dwm.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000076ef0280
.text C:\Windows\Explorer.EXE[2648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000100070460
.text C:\Windows\Explorer.EXE[2648] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000100070450
.text C:\Windows\Explorer.EXE[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000100070370
.text C:\Windows\Explorer.EXE[2648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000100070470
.text C:\Windows\Explorer.EXE[2648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 00000001000703e0
.text C:\Windows\Explorer.EXE[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000100070320
.text C:\Windows\Explorer.EXE[2648] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 00000001000703b0
.text C:\Windows\Explorer.EXE[2648] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000100070390
.text C:\Windows\Explorer.EXE[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 00000001000702e0
.text C:\Windows\Explorer.EXE[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 00000001000702d0
.text C:\Windows\Explorer.EXE[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000100070310
.text C:\Windows\Explorer.EXE[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 00000001000703c0
.text C:\Windows\Explorer.EXE[2648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 00000001000703f0
.text C:\Windows\Explorer.EXE[2648] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000100070230
.text C:\Windows\Explorer.EXE[2648] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000100070480
.text C:\Windows\Explorer.EXE[2648] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 00000001000703a0
.text C:\Windows\Explorer.EXE[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 00000001000702f0
.text C:\Windows\Explorer.EXE[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000100070350
.text C:\Windows\Explorer.EXE[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000100070290
.text C:\Windows\Explorer.EXE[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 00000001000702b0
.text C:\Windows\Explorer.EXE[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 00000001000703d0
.text C:\Windows\Explorer.EXE[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000100070330
.text C:\Windows\Explorer.EXE[2648] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000100070410
.text C:\Windows\Explorer.EXE[2648] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000100070240
.text C:\Windows\Explorer.EXE[2648] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 00000001000701e0
.text C:\Windows\Explorer.EXE[2648] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000100070250
.text C:\Windows\Explorer.EXE[2648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000100070490
.text C:\Windows\Explorer.EXE[2648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 00000001000704a0
.text C:\Windows\Explorer.EXE[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000100070300
.text C:\Windows\Explorer.EXE[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000100070360
.text C:\Windows\Explorer.EXE[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 00000001000702a0
.text C:\Windows\Explorer.EXE[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 00000001000702c0
.text C:\Windows\Explorer.EXE[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000100070380
.text C:\Windows\Explorer.EXE[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000100070340
.text C:\Windows\Explorer.EXE[2648] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000100070440
.text C:\Windows\Explorer.EXE[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000100070260
.text C:\Windows\Explorer.EXE[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000100070270
.text C:\Windows\Explorer.EXE[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000100070400
.text C:\Windows\Explorer.EXE[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 00000001000701f0
.text C:\Windows\Explorer.EXE[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000100070210
.text C:\Windows\Explorer.EXE[2648] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000100070200
.text C:\Windows\Explorer.EXE[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000100070420
|
|
08.01.2014, 23:02
| #7 |
| | HitmanPro hat ein Trojaner enteckt... Winsysfilter.dllCode:
ATTFilter .text C:\Windows\Explorer.EXE[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000100070430
.text C:\Windows\Explorer.EXE[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000100070220
.text C:\Windows\Explorer.EXE[2648] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000100070280
.text C:\Windows\Explorer.EXE[2648] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62]
.text C:\Windows\system32\taskhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000076ef0460
.text C:\Windows\system32\taskhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000076ef0450
.text C:\Windows\system32\taskhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000076ef0370
.text C:\Windows\system32\taskhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000076ef0470
.text C:\Windows\system32\taskhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 0000000076ef03e0
.text C:\Windows\system32\taskhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000076ef0320
.text C:\Windows\system32\taskhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 0000000076ef03b0
.text C:\Windows\system32\taskhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000076ef0390
.text C:\Windows\system32\taskhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 0000000076ef02e0
.text C:\Windows\system32\taskhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 0000000076ef02d0
.text C:\Windows\system32\taskhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000076ef0310
.text C:\Windows\system32\taskhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 0000000076ef03c0
.text C:\Windows\system32\taskhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 0000000076ef03f0
.text C:\Windows\system32\taskhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000076ef0230
.text C:\Windows\system32\taskhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000076ef0480
.text C:\Windows\system32\taskhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 0000000076ef03a0
.text C:\Windows\system32\taskhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 0000000076ef02f0
.text C:\Windows\system32\taskhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000076ef0350
.text C:\Windows\system32\taskhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000076ef0290
.text C:\Windows\system32\taskhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 0000000076ef02b0
.text C:\Windows\system32\taskhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 0000000076ef03d0
.text C:\Windows\system32\taskhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000076ef0330
.text C:\Windows\system32\taskhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000076ef0410
.text C:\Windows\system32\taskhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000076ef0240
.text C:\Windows\system32\taskhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 0000000076ef01e0
.text C:\Windows\system32\taskhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000076ef0250
.text C:\Windows\system32\taskhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000076ef0490
.text C:\Windows\system32\taskhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 0000000076ef04a0
.text C:\Windows\system32\taskhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000076ef0300
.text C:\Windows\system32\taskhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000076ef0360
.text C:\Windows\system32\taskhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 0000000076ef02a0
.text C:\Windows\system32\taskhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 0000000076ef02c0
.text C:\Windows\system32\taskhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000076ef0380
.text C:\Windows\system32\taskhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000076ef0340
.text C:\Windows\system32\taskhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000076ef0440
.text C:\Windows\system32\taskhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000076ef0260
.text C:\Windows\system32\taskhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000076ef0270
.text C:\Windows\system32\taskhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000076ef0400
.text C:\Windows\system32\taskhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 0000000076ef01f0
.text C:\Windows\system32\taskhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000076ef0210
.text C:\Windows\system32\taskhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000076ef0200
.text C:\Windows\system32\taskhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000076ef0420
.text C:\Windows\system32\taskhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000076ef0430
.text C:\Windows\system32\taskhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000076ef0220
.text C:\Windows\system32\taskhost.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000076ef0280
.text C:\Windows\system32\taskhost.exe[2784] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62]
.text C:\Windows\system32\taskeng.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000076ef0460
.text C:\Windows\system32\taskeng.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000076ef0450
.text C:\Windows\system32\taskeng.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000076ef0370
.text C:\Windows\system32\taskeng.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000076ef0470
.text C:\Windows\system32\taskeng.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 0000000076ef03e0
.text C:\Windows\system32\taskeng.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000076ef0320
.text C:\Windows\system32\taskeng.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 0000000076ef03b0
.text C:\Windows\system32\taskeng.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000076ef0390
.text C:\Windows\system32\taskeng.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 0000000076ef02e0
.text C:\Windows\system32\taskeng.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 0000000076ef02d0
.text C:\Windows\system32\taskeng.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000076ef0310
.text C:\Windows\system32\taskeng.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 0000000076ef03c0
.text C:\Windows\system32\taskeng.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 0000000076ef03f0
.text C:\Windows\system32\taskeng.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000076ef0230
.text C:\Windows\system32\taskeng.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000076ef0480
.text C:\Windows\system32\taskeng.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 0000000076ef03a0
.text C:\Windows\system32\taskeng.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 0000000076ef02f0
.text C:\Windows\system32\taskeng.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000076ef0350
.text C:\Windows\system32\taskeng.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000076ef0290
.text C:\Windows\system32\taskeng.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 0000000076ef02b0
.text C:\Windows\system32\taskeng.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 0000000076ef03d0
.text C:\Windows\system32\taskeng.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000076ef0330
.text C:\Windows\system32\taskeng.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000076ef0410
.text C:\Windows\system32\taskeng.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000076ef0240
.text C:\Windows\system32\taskeng.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 0000000076ef01e0
.text C:\Windows\system32\taskeng.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000076ef0250
.text C:\Windows\system32\taskeng.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000076ef0490
.text C:\Windows\system32\taskeng.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 0000000076ef04a0
.text C:\Windows\system32\taskeng.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000076ef0300
.text C:\Windows\system32\taskeng.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000076ef0360
.text C:\Windows\system32\taskeng.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 0000000076ef02a0
.text C:\Windows\system32\taskeng.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 0000000076ef02c0
.text C:\Windows\system32\taskeng.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000076ef0380
.text C:\Windows\system32\taskeng.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000076ef0340
.text C:\Windows\system32\taskeng.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000076ef0440
.text C:\Windows\system32\taskeng.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000076ef0260
.text C:\Windows\system32\taskeng.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000076ef0270
.text C:\Windows\system32\taskeng.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000076ef0400
.text C:\Windows\system32\taskeng.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 0000000076ef01f0
.text C:\Windows\system32\taskeng.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000076ef0210
.text C:\Windows\system32\taskeng.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000076ef0200
.text C:\Windows\system32\taskeng.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000076ef0420
.text C:\Windows\system32\taskeng.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000076ef0430
.text C:\Windows\system32\taskeng.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000076ef0220
.text C:\Windows\system32\taskeng.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000076ef0280
.text C:\Program Files (x86)\PDF Architect\ConversionService.exe[2776] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000755fa2ba 1 byte [62]
.text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1656] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000755fa2ba 1 byte [62]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[3104] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000755fa2ba 1 byte [62]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[3104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075811465 2 bytes [81, 75]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[3104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758114bb 2 bytes [81, 75]
.text ... * 2
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000076ef0460
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000076ef0450
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000076ef0370
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000076ef0470
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 0000000076ef03e0
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000076ef0320
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 0000000076ef03b0
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000076ef0390
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 0000000076ef02e0
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 0000000076ef02d0
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000076ef0310
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 0000000076ef03c0
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 0000000076ef03f0
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000076ef0230
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000076ef0480
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 0000000076ef03a0
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 0000000076ef02f0
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000076ef0350
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000076ef0290
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 0000000076ef02b0
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 0000000076ef03d0
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000076ef0330
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000076ef0410
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000076ef0240
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 0000000076ef01e0
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000076ef0250
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000076ef0490
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 0000000076ef04a0
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000076ef0300
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000076ef0360
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 0000000076ef02a0
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 0000000076ef02c0
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000076ef0380
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000076ef0340
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000076ef0440
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000076ef0260
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000076ef0270
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000076ef0400
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 0000000076ef01f0
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000076ef0210
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000076ef0200
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000076ef0420
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000076ef0430
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000076ef0220
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000076ef0280
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3412] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62]
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3492] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000755fa2ba 1 byte [62]
.text C:\Windows\system32\svchost.exe[3520] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62]
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3588] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000755fa2ba 1 byte [62]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[3664] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000755fa2ba 1 byte [62]
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000076ef0460
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000076ef0450
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000076ef0370
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000076ef0470
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 0000000076ef03e0
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000076ef0320
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 0000000076ef03b0
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000076ef0390
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 0000000076ef02e0
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 0000000076ef02d0
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000076ef0310
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 0000000076ef03c0
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 0000000076ef03f0
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000076ef0230
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000076ef0480
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 0000000076ef03a0
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 0000000076ef02f0
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000076ef0350
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000076ef0290
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 0000000076ef02b0
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 0000000076ef03d0
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000076ef0330
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000076ef0410
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000076ef0240
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 0000000076ef01e0
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000076ef0250
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000076ef0490
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 0000000076ef04a0
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000076ef0300
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000076ef0360
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 0000000076ef02a0
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 0000000076ef02c0
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000076ef0380
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000076ef0340
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000076ef0440
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000076ef0260
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000076ef0270
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000076ef0400
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 0000000076ef01f0
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000076ef0210
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000076ef0200
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000076ef0420
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000076ef0430
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000076ef0220
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000076ef0280
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3692] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000076ef0460
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3724] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000076ef0450
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000076ef0370
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000076ef0470
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 0000000076ef03e0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000076ef0320
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3724] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 0000000076ef03b0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3724] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000076ef0390
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 0000000076ef02e0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 0000000076ef02d0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000076ef0310
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 0000000076ef03c0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 0000000076ef03f0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3724] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000076ef0230
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3724] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000076ef0480
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3724] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 0000000076ef03a0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 0000000076ef02f0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000076ef0350
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000076ef0290
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 0000000076ef02b0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 0000000076ef03d0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000076ef0330
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3724] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000076ef0410
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3724] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000076ef0240
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3724] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 0000000076ef01e0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3724] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000076ef0250
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000076ef0490
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 0000000076ef04a0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000076ef0300
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000076ef0360
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 0000000076ef02a0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 0000000076ef02c0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000076ef0380
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000076ef0340
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3724] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000076ef0440
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000076ef0260
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000076ef0270
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3724] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000076ef0400
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 0000000076ef01f0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000076ef0210
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3724] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000076ef0200
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000076ef0420
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000076ef0430
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3724] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000076ef0220
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3724] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000076ef0280
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3724] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3784] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000755fa2ba 1 byte [62]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3796] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000755fa2ba 1 byte [62]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075811465 2 bytes [81, 75]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758114bb 2 bytes [81, 75]
.text ... * 2
.text C:\Windows\SysWOW64\DllHost.exe[3040] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000755fa2ba 1 byte [62]
.text C:\Program Files\Apoint\Apoint.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000076ef0460
.text C:\Program Files\Apoint\Apoint.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000076ef0450
.text C:\Program Files\Apoint\Apoint.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000076ef0370
.text C:\Program Files\Apoint\Apoint.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000076ef0470
.text C:\Program Files\Apoint\Apoint.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 0000000076ef03e0
.text C:\Program Files\Apoint\Apoint.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000076ef0320
.text C:\Program Files\Apoint\Apoint.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 0000000076ef03b0
.text C:\Program Files\Apoint\Apoint.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000076ef0390
.text C:\Program Files\Apoint\Apoint.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 0000000076ef02e0
.text C:\Program Files\Apoint\Apoint.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 0000000076ef02d0
.text C:\Program Files\Apoint\Apoint.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000076ef0310
.text C:\Program Files\Apoint\Apoint.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 0000000076ef03c0
.text C:\Program Files\Apoint\Apoint.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 0000000076ef03f0
.text C:\Program Files\Apoint\Apoint.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000076ef0230
.text C:\Program Files\Apoint\Apoint.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000076ef0480
.text C:\Program Files\Apoint\Apoint.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 0000000076ef03a0
.text C:\Program Files\Apoint\Apoint.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 0000000076ef02f0
.text C:\Program Files\Apoint\Apoint.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000076ef0350
.text C:\Program Files\Apoint\Apoint.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000076ef0290
.text C:\Program Files\Apoint\Apoint.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 0000000076ef02b0
.text C:\Program Files\Apoint\Apoint.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 0000000076ef03d0
.text C:\Program Files\Apoint\Apoint.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000076ef0330
.text C:\Program Files\Apoint\Apoint.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000076ef0410
.text C:\Program Files\Apoint\Apoint.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000076ef0240
.text C:\Program Files\Apoint\Apoint.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 0000000076ef01e0
.text C:\Program Files\Apoint\Apoint.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000076ef0250
.text C:\Program Files\Apoint\Apoint.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000076ef0490
.text C:\Program Files\Apoint\Apoint.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 0000000076ef04a0
.text C:\Program Files\Apoint\Apoint.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000076ef0300
.text C:\Program Files\Apoint\Apoint.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000076ef0360
.text C:\Program Files\Apoint\Apoint.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 0000000076ef02a0
.text C:\Program Files\Apoint\Apoint.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 0000000076ef02c0
.text C:\Program Files\Apoint\Apoint.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000076ef0380
.text C:\Program Files\Apoint\Apoint.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000076ef0340
.text C:\Program Files\Apoint\Apoint.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000076ef0440
.text C:\Program Files\Apoint\Apoint.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000076ef0260
.text C:\Program Files\Apoint\Apoint.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000076ef0270
.text C:\Program Files\Apoint\Apoint.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000076ef0400
.text C:\Program Files\Apoint\Apoint.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 0000000076ef01f0
.text C:\Program Files\Apoint\Apoint.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000076ef0210
.text C:\Program Files\Apoint\Apoint.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000076ef0200
.text C:\Program Files\Apoint\Apoint.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000076ef0420
.text C:\Program Files\Apoint\Apoint.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000076ef0430
.text C:\Program Files\Apoint\Apoint.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000076ef0220
.text C:\Program Files\Apoint\Apoint.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000076ef0280
.text C:\Program Files\Apoint\Apoint.exe[3404] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62]
.text C:\Windows\SysWOW64\DllHost.exe[4156] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000755fa2ba 1 byte [62]
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000076ef0460
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000076ef0450
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000076ef0370
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000076ef0470
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 0000000076ef03e0
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000076ef0320
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 0000000076ef03b0
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000076ef0390
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 0000000076ef02e0
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 0000000076ef02d0
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000076ef0310
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 0000000076ef03c0
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 0000000076ef03f0
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000076ef0230
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000076ef0480
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 0000000076ef03a0
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 0000000076ef02f0
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000076ef0350
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000076ef0290
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 0000000076ef02b0
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 0000000076ef03d0
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000076ef0330
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000076ef0410
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000076ef0240
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 0000000076ef01e0
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000076ef0250
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000076ef0490
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 0000000076ef04a0
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000076ef0300
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000076ef0360
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 0000000076ef02a0
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 0000000076ef02c0
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000076ef0380
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000076ef0340
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000076ef0440
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000076ef0260
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000076ef0270
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000076ef0400
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 0000000076ef01f0
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000076ef0210
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000076ef0200
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000076ef0420
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000076ef0430
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000076ef0220
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4196] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000076ef0280
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[4196] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62]
.text C:\Windows\SysWOW64\rundll32.exe[4208] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000755fa2ba 1 byte [62]
.text C:\Windows\SysWOW64\HsMgr.exe[4272] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000755fa2ba 1 byte [62]
.text C:\Windows\SysWOW64\HsMgr.exe[4272] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074f39d0b 5 bytes JMP 000000011000a4d0
.text C:\Windows\SysWOW64\HsMgr.exe[4272] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000074f39d4e 5 bytes JMP 000000011000a630
.text C:\Windows\SysWOW64\HsMgr.exe[4272] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 00000000718f451e 5 bytes JMP 000000011000ab40
.text C:\Windows\SysWOW64\HsMgr.exe[4272] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 00000000718f4b6d 5 bytes JMP 000000011000abb0
.text C:\Windows\SysWOW64\HsMgr.exe[4272] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 00000000718f4bf2 5 bytes JMP 000000011000ac90
.text C:\Windows\SysWOW64\HsMgr.exe[4272] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 00000000718f4f0f 5 bytes JMP 000000011000ac50
.text C:\Windows\SysWOW64\HsMgr.exe[4272] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 00000000718f4f7b 5 bytes JMP 000000011000ac10
.text C:\Windows\SysWOW64\HsMgr.exe[4272] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 00000000718f9054 5 bytes JMP 000000011000ad10
.text C:\Windows\SysWOW64\HsMgr.exe[4272] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 00000000718fadf9 5 bytes JMP 000000011000abe0
.text C:\Windows\SysWOW64\HsMgr.exe[4272] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 00000000719152e8 5 bytes JMP 000000011000acd0
.text C:\Windows\SysWOW64\HsMgr.exe[4272] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000007191535f 5 bytes JMP 000000011000acf0
.text C:\Windows\SysWOW64\HsMgr.exe[4272] C:\Windows\SysWOW64\WINMM.dll!waveInClose 00000000719159cc 5 bytes JMP 000000011000ae40
.text C:\Windows\SysWOW64\HsMgr.exe[4272] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000071915a6a 5 bytes JMP 000000011000aec0
.text C:\Windows\SysWOW64\HsMgr.exe[4272] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000071915ad7 5 bytes JMP 000000011000af00
.text C:\Windows\SysWOW64\HsMgr.exe[4272] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000071915b5b 5 bytes JMP 000000011000af40
.text C:\Windows\SysWOW64\HsMgr.exe[4272] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000071915bba 5 bytes JMP 000000011000af80
.text C:\Windows\SysWOW64\HsMgr.exe[4272] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000071915bee 5 bytes JMP 000000011000b000
.text C:\Windows\SysWOW64\HsMgr.exe[4272] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000071915c22 5 bytes JMP 000000011000b060
.text C:\Windows\SysWOW64\HsMgr.exe[4272] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000071915c67 5 bytes JMP 000000011000b0d0
.text C:\Windows\SysWOW64\HsMgr.exe[4272] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000069867e3d 5 bytes JMP 000000011000a690
.text C:\Windows\SysWOW64\HsMgr.exe[4272] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006989de69 5 bytes JMP 000000011000a770
.text C:\Windows\SysWOW64\HsMgr.exe[4272] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 00000000698ad2c5 5 bytes JMP 000000011000a8a0
.text C:\Windows\SysWOW64\HsMgr.exe[4272] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 00000000698ad371 5 bytes JMP 000000011000a990
.text C:\Windows\SysWOW64\HsMgr.exe[4272] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 00000000698ad429 5 bytes JMP 000000011000aa80
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000076ef0460
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000076ef0450
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000076ef0370
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000076ef0470
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 0000000076ef03e0
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000076ef0320
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 0000000076ef03b0
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000076ef0390
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 0000000076ef02e0
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 0000000076ef02d0
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000076ef0310
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 0000000076ef03c0
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 0000000076ef03f0
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000076ef0230
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000076ef0480
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 0000000076ef03a0
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 0000000076ef02f0
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000076ef0350
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000076ef0290
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 0000000076ef02b0
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 0000000076ef03d0
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000076ef0330
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000076ef0410
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000076ef0240
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 0000000076ef01e0
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000076ef0250
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000076ef0490
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 0000000076ef04a0
|
|
08.01.2014, 23:03
| #8 |
| | HitmanPro hat ein Trojaner enteckt... Winsysfilter.dllCode:
ATTFilter .text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000076ef0300
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000076ef0360
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 0000000076ef02a0
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 0000000076ef02c0
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000076ef0380
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000076ef0340
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000076ef0440
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000076ef0260
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000076ef0270
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000076ef0400
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 0000000076ef01f0
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000076ef0210
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000076ef0200
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000076ef0420
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000076ef0430
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000076ef0220
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000076ef0280
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62]
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\system32\ole32.dll!CoCreateInstanceEx 000007fefd4ede90 5 bytes JMP 000007fffd080110
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd507490 11 bytes JMP 000007fffd0800d8
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\system32\WINMM.dll!waveOutClose 000007fefa4836ac 5 bytes JMP 000007fefd0801f0
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\system32\WINMM.dll!waveOutUnprepareHeader 000007fefa483770 5 bytes JMP 000007fefd080298
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\system32\WINMM.dll!waveOutOpen 000007fefa4838d0 5 bytes JMP 000007fefd0801b8
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\system32\WINMM.dll!waveOutPrepareHeader 000007fefa483ca4 5 bytes JMP 000007fefd080260
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\system32\WINMM.dll!waveOutWrite 000007fefa483d40 5 bytes JMP 000007fefd080228
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\system32\WINMM.dll!waveInOpen 000007fefa487fe0 7 bytes JMP 000007fefd080378
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\system32\WINMM.dll!waveOutReset 000007fefa48a38c 5 bytes JMP 000007fefd0802d0
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\system32\WINMM.dll!waveOutGetVolume 000007fefa4a49f0 5 bytes JMP 000007fefd080308
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\system32\WINMM.dll!waveOutSetVolume 000007fefa4a4ab0 5 bytes JMP 000007fefd080340
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\system32\WINMM.dll!waveInClose 000007fefa4a52e0 5 bytes JMP 000007fefd0803b0
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\system32\WINMM.dll!waveInPrepareHeader 000007fefa4a53c0 5 bytes JMP 000007fefd080490
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\system32\WINMM.dll!waveInUnprepareHeader 000007fefa4a5454 5 bytes JMP 000007fefd0804c8
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\system32\WINMM.dll!waveInAddBuffer 000007fefa4a5514 5 bytes JMP 000007fefd080500
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\system32\WINMM.dll!waveInStart 000007fefa4a55a4 6 bytes JMP 000007fefd0803e8
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\system32\WINMM.dll!waveInStop 000007fefa4a55e4 6 bytes JMP 000007fefd080420
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\system32\WINMM.dll!waveInReset 000007fefa4a5624 5 bytes JMP 000007fefd080458
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\system32\WINMM.dll!waveInGetPosition 000007fefa4a567c 5 bytes JMP 000007fefd080538
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\system32\DSOUND.dll!DirectSoundCreate8 000007fef52c6944 7 bytes JMP 000007fefd080180
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\system32\DSOUND.dll!DirectSoundCreate 000007fef52e5a84 7 bytes JMP 000007fefd080148
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\system32\DSOUND.dll!DirectSoundCaptureCreate 000007fef52e5b90 7 bytes JMP 000007fefd080570
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\system32\DSOUND.dll!DirectSoundCaptureCreate8 000007fef52e5c94 7 bytes JMP 000007fefd0805a8
.text C:\Windows\system\HsMgr64.exe[4280] C:\Windows\system32\DSOUND.dll!DirectSoundFullDuplexCreate 000007fef52e5da8 5 bytes JMP 000007fefd0805e0
.text C:\Windows\SysWOW64\rundll32.exe[4288] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000755fa2ba 1 byte [62]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4316] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000755fa2ba 1 byte [62]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075811465 2 bytes [81, 75]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758114bb 2 bytes [81, 75]
.text ... * 2
.text C:\Users\Charlie\AppData\Roaming\Dropbox\bin\Dropbox.exe[4380] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000755fa2ba 1 byte [62]
.text C:\Users\Charlie\AppData\Roaming\Dropbox\bin\Dropbox.exe[4380] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074f39d0b 5 bytes JMP 0000000105eea4d0
.text C:\Users\Charlie\AppData\Roaming\Dropbox\bin\Dropbox.exe[4380] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000074f39d4e 5 bytes JMP 0000000105eea630
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000755fa2ba 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074f39d0b 5 bytes JMP 000000011000a4d0
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000074f39d4e 5 bytes JMP 000000011000a630
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 00000000718f451e 5 bytes JMP 000000011000ab40
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 00000000718f4b6d 5 bytes JMP 000000011000abb0
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 00000000718f4bf2 5 bytes JMP 000000011000ac90
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 00000000718f4f0f 5 bytes JMP 000000011000ac50
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 00000000718f4f7b 5 bytes JMP 000000011000ac10
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 00000000718f9054 5 bytes JMP 000000011000ad10
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 00000000718fadf9 5 bytes JMP 000000011000abe0
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 00000000719152e8 5 bytes JMP 000000011000acd0
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000007191535f 5 bytes JMP 000000011000acf0
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\SysWOW64\WINMM.dll!waveInClose 00000000719159cc 5 bytes JMP 000000011000ae40
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000071915a6a 5 bytes JMP 000000011000aec0
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000071915ad7 5 bytes JMP 000000011000af00
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000071915b5b 5 bytes JMP 000000011000af40
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000071915bba 5 bytes JMP 000000011000af80
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000071915bee 5 bytes JMP 000000011000b000
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000071915c22 5 bytes JMP 000000011000b060
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000071915c67 5 bytes JMP 000000011000b0d0
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000069867e3d 5 bytes JMP 000000011000a690
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006989de69 5 bytes JMP 000000011000a770
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 00000000698ad2c5 5 bytes JMP 000000011000a8a0
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 00000000698ad371 5 bytes JMP 000000011000a990
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4728] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 00000000698ad429 5 bytes JMP 000000011000aa80
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4780] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000755fa2ba 1 byte [62]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4780] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074f39d0b 5 bytes JMP 000000011000a4d0
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4780] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000074f39d4e 5 bytes JMP 000000011000a630
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4780] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000069867e3d 5 bytes JMP 000000011000a690
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4780] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006989de69 5 bytes JMP 000000011000a770
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4780] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 00000000698ad2c5 5 bytes JMP 000000011000a8a0
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4780] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 00000000698ad371 5 bytes JMP 000000011000a990
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4780] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 00000000698ad429 5 bytes JMP 000000011000aa80
.text C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe[4792] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000755fa2ba 1 byte [62]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4800] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000755fa2ba 1 byte [62]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4800] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074f39d0b 5 bytes JMP 000000011000a4d0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4800] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000074f39d4e 5 bytes JMP 000000011000a630
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4800] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 00000000718f451e 5 bytes JMP 000000011000ab40
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4800] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 00000000718f4b6d 5 bytes JMP 000000011000abb0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4800] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 00000000718f4bf2 5 bytes JMP 000000011000ac90
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4800] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 00000000718f4f0f 5 bytes JMP 000000011000ac50
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4800] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 00000000718f4f7b 5 bytes JMP 000000011000ac10
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4800] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 00000000718f9054 5 bytes JMP 000000011000ad10
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4800] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 00000000718fadf9 5 bytes JMP 000000011000abe0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4800] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 00000000719152e8 5 bytes JMP 000000011000acd0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4800] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000007191535f 5 bytes JMP 000000011000acf0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4800] C:\Windows\SysWOW64\WINMM.dll!waveInClose 00000000719159cc 5 bytes JMP 000000011000ae40
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4800] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000071915a6a 5 bytes JMP 000000011000aec0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4800] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000071915ad7 5 bytes JMP 000000011000af00
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4800] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000071915b5b 5 bytes JMP 000000011000af40
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4800] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000071915bba 5 bytes JMP 000000011000af80
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4800] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000071915bee 5 bytes JMP 000000011000b000
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4800] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000071915c22 5 bytes JMP 000000011000b060
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4800] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000071915c67 5 bytes JMP 000000011000b0d0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4800] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000069867e3d 5 bytes JMP 000000011000a690
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4800] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006989de69 5 bytes JMP 000000011000a770
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4800] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 00000000698ad2c5 5 bytes JMP 000000011000a8a0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4800] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 00000000698ad371 5 bytes JMP 000000011000a990
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4800] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 00000000698ad429 5 bytes JMP 000000011000aa80
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4844] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000755fa2ba 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075811465 2 bytes [81, 75]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758114bb 2 bytes [81, 75]
.text ... * 2
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2704] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000755fa2ba 1 byte [62]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075811465 2 bytes [81, 75]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758114bb 2 bytes [81, 75]
.text ... * 2
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000076ef0460
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000076ef0450
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000076ef0370
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000076ef0470
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 0000000076ef03e0
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000076ef0320
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 0000000076ef03b0
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000076ef0390
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 0000000076ef02e0
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 0000000076ef02d0
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000076ef0310
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 0000000076ef03c0
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 0000000076ef03f0
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000076ef0230
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000076ef0480
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 0000000076ef03a0
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 0000000076ef02f0
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000076ef0350
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000076ef0290
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 0000000076ef02b0
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 0000000076ef03d0
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000076ef0330
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000076ef0410
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000076ef0240
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 0000000076ef01e0
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000076ef0250
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000076ef0490
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 0000000076ef04a0
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000076ef0300
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000076ef0360
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 0000000076ef02a0
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 0000000076ef02c0
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000076ef0380
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000076ef0340
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000076ef0440
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000076ef0260
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000076ef0270
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000076ef0400
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 0000000076ef01f0
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000076ef0210
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000076ef0200
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000076ef0420
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000076ef0430
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000076ef0220
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000076ef0280
.text C:\Program Files\Sony\VAIO Smart Network\VSNService.exe[1388] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62]
.text C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe[4044] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000755fa2ba 1 byte [62]
.text C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe[4044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075811465 2 bytes [81, 75]
.text C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe[4044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758114bb 2 bytes [81, 75]
.text ... * 2
.text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000076ef0460
.text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000076ef0450
.text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000076ef0370
.text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000076ef0470
.text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 0000000076ef03e0
.text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000076ef0320
.text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 0000000076ef03b0
.text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000076ef0390
.text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 0000000076ef02e0
.text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 0000000076ef02d0
.text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000076ef0310
.text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 0000000076ef03c0
.text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 0000000076ef03f0
.text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000076ef0230
.text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000076ef0480
.text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 0000000076ef03a0
.text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 0000000076ef02f0
.text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000076ef0350
.text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000076ef0290
.text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 0000000076ef02b0
.text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 0000000076ef03d0
.text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000076ef0330
.text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000076ef0410
.text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000076ef0240
.text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 0000000076ef01e0
.text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000076ef0250
.text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000076ef0490
.text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 0000000076ef04a0
.text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000076ef0300
.text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000076ef0360
.text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 0000000076ef02a0
.text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 0000000076ef02c0
.text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000076ef0380
.text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000076ef0340
.text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000076ef0440
.text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000076ef0260
.text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000076ef0270
.text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000076ef0400
.text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 0000000076ef01f0
.text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000076ef0210
.text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000076ef0200
.text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000076ef0420
.text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000076ef0430
.text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000076ef0220
.text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000076ef0280
.text C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe[3356] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62]
.text C:\Windows\system32\SearchIndexer.exe[5244] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000076ef0460
.text C:\Windows\system32\SearchIndexer.exe[5244] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000076ef0450
.text C:\Windows\system32\SearchIndexer.exe[5244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000076ef0370
.text C:\Windows\system32\SearchIndexer.exe[5244] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000076ef0470
.text C:\Windows\system32\SearchIndexer.exe[5244] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 0000000076ef03e0
.text C:\Windows\system32\SearchIndexer.exe[5244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000076ef0320
.text C:\Windows\system32\SearchIndexer.exe[5244] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 0000000076ef03b0
.text C:\Windows\system32\SearchIndexer.exe[5244] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000076ef0390
.text C:\Windows\system32\SearchIndexer.exe[5244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 0000000076ef02e0
.text C:\Windows\system32\SearchIndexer.exe[5244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 0000000076ef02d0
.text C:\Windows\system32\SearchIndexer.exe[5244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000076ef0310
.text C:\Windows\system32\SearchIndexer.exe[5244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 0000000076ef03c0
.text C:\Windows\system32\SearchIndexer.exe[5244] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 0000000076ef03f0
.text C:\Windows\system32\SearchIndexer.exe[5244] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000076ef0230
.text C:\Windows\system32\SearchIndexer.exe[5244] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000076ef0480
.text C:\Windows\system32\SearchIndexer.exe[5244] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 0000000076ef03a0
.text C:\Windows\system32\SearchIndexer.exe[5244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 0000000076ef02f0
.text C:\Windows\system32\SearchIndexer.exe[5244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000076ef0350
.text C:\Windows\system32\SearchIndexer.exe[5244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000076ef0290
.text C:\Windows\system32\SearchIndexer.exe[5244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 0000000076ef02b0
.text C:\Windows\system32\SearchIndexer.exe[5244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 0000000076ef03d0
.text C:\Windows\system32\SearchIndexer.exe[5244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000076ef0330
.text C:\Windows\system32\SearchIndexer.exe[5244] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000076ef0410
.text C:\Windows\system32\SearchIndexer.exe[5244] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000076ef0240
.text C:\Windows\system32\SearchIndexer.exe[5244] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 0000000076ef01e0
.text C:\Windows\system32\SearchIndexer.exe[5244] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000076ef0250
.text C:\Windows\system32\SearchIndexer.exe[5244] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000076ef0490
.text C:\Windows\system32\SearchIndexer.exe[5244] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 0000000076ef04a0
.text C:\Windows\system32\SearchIndexer.exe[5244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000076ef0300
.text C:\Windows\system32\SearchIndexer.exe[5244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000076ef0360
.text C:\Windows\system32\SearchIndexer.exe[5244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 0000000076ef02a0
.text C:\Windows\system32\SearchIndexer.exe[5244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 0000000076ef02c0
.text C:\Windows\system32\SearchIndexer.exe[5244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000076ef0380
.text C:\Windows\system32\SearchIndexer.exe[5244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000076ef0340
.text C:\Windows\system32\SearchIndexer.exe[5244] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000076ef0440
.text C:\Windows\system32\SearchIndexer.exe[5244] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000076ef0260
.text C:\Windows\system32\SearchIndexer.exe[5244] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000076ef0270
.text C:\Windows\system32\SearchIndexer.exe[5244] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000076ef0400
.text C:\Windows\system32\SearchIndexer.exe[5244] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 0000000076ef01f0
.text C:\Windows\system32\SearchIndexer.exe[5244] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000076ef0210
.text C:\Windows\system32\SearchIndexer.exe[5244] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000076ef0200
.text C:\Windows\system32\SearchIndexer.exe[5244] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000076ef0420
.text C:\Windows\system32\SearchIndexer.exe[5244] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000076ef0430
.text C:\Windows\system32\SearchIndexer.exe[5244] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000076ef0220
.text C:\Windows\system32\SearchIndexer.exe[5244] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000076ef0280
.text C:\Windows\system32\SearchIndexer.exe[5244] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000076ef0460
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000076ef0450
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000076ef0370
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000076ef0470
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 0000000076ef03e0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000076ef0320
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 0000000076ef03b0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000076ef0390
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 0000000076ef02e0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 0000000076ef02d0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000076ef0310
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 0000000076ef03c0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 0000000076ef03f0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000076ef0230
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000076ef0480
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 0000000076ef03a0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 0000000076ef02f0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000076ef0350
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000076ef0290
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 0000000076ef02b0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 0000000076ef03d0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000076ef0330
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000076ef0410
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000076ef0240
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 0000000076ef01e0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000076ef0250
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000076ef0490
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 0000000076ef04a0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000076ef0300
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000076ef0360
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 0000000076ef02a0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 0000000076ef02c0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000076ef0380
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000076ef0340
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000076ef0440
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000076ef0260
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000076ef0270
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000076ef0400
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 0000000076ef01f0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000076ef0210
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000076ef0200
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000076ef0420
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000076ef0430
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000076ef0220
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5752] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000076ef0280
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5752] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62]
.text C:\Program Files\Apoint\ApMsgFwd.exe[5848] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62]
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[5956] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000755fa2ba 1 byte [62]
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[5956] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074f39d0b 5 bytes JMP 000000011000a4d0
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe[5956] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000074f39d4e 5 bytes JMP 000000011000a630
.text C:\Windows\system32\taskeng.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000076ef0460
.text C:\Windows\system32\taskeng.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000076ef0450
.text C:\Windows\system32\taskeng.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000076ef0370
.text C:\Windows\system32\taskeng.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000076ef0470
.text C:\Windows\system32\taskeng.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 0000000076ef03e0
.text C:\Windows\system32\taskeng.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000076ef0320
.text C:\Windows\system32\taskeng.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 0000000076ef03b0
.text C:\Windows\system32\taskeng.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000076ef0390
.text C:\Windows\system32\taskeng.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 0000000076ef02e0
.text C:\Windows\system32\taskeng.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 0000000076ef02d0
.text C:\Windows\system32\taskeng.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000076ef0310
.text C:\Windows\system32\taskeng.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 0000000076ef03c0
.text C:\Windows\system32\taskeng.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 0000000076ef03f0
.text C:\Windows\system32\taskeng.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000076ef0230
.text C:\Windows\system32\taskeng.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000076ef0480
.text C:\Windows\system32\taskeng.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 0000000076ef03a0
.text C:\Windows\system32\taskeng.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 0000000076ef02f0
.text C:\Windows\system32\taskeng.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000076ef0350
.text C:\Windows\system32\taskeng.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000076ef0290
.text C:\Windows\system32\taskeng.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 0000000076ef02b0
.text C:\Windows\system32\taskeng.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 0000000076ef03d0
.text C:\Windows\system32\taskeng.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000076ef0330
.text C:\Windows\system32\taskeng.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000076ef0410
.text C:\Windows\system32\taskeng.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000076ef0240
.text C:\Windows\system32\taskeng.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 0000000076ef01e0
.text C:\Windows\system32\taskeng.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000076ef0250
.text C:\Windows\system32\taskeng.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000076ef0490
.text C:\Windows\system32\taskeng.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 0000000076ef04a0
.text C:\Windows\system32\taskeng.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000076ef0300
.text C:\Windows\system32\taskeng.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000076ef0360
.text C:\Windows\system32\taskeng.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 0000000076ef02a0
.text C:\Windows\system32\taskeng.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 0000000076ef02c0
.text C:\Windows\system32\taskeng.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000076ef0380
.text C:\Windows\system32\taskeng.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000076ef0340
.text C:\Windows\system32\taskeng.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000076ef0440
.text C:\Windows\system32\taskeng.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000076ef0260
.text C:\Windows\system32\taskeng.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000076ef0270
.text C:\Windows\system32\taskeng.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000076ef0400
.text C:\Windows\system32\taskeng.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 0000000076ef01f0
.text C:\Windows\system32\taskeng.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000076ef0210
.text C:\Windows\system32\taskeng.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000076ef0200
.text C:\Windows\system32\taskeng.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000076ef0420
.text C:\Windows\system32\taskeng.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000076ef0430
.text C:\Windows\system32\taskeng.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000076ef0220
.text C:\Windows\system32\taskeng.exe[5412] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000076ef0280
.text C:\Program Files\Apoint\Apntex.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000076ef0460
.text C:\Program Files\Apoint\Apntex.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000076ef0450
.text C:\Program Files\Apoint\Apntex.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000076ef0370
.text C:\Program Files\Apoint\Apntex.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000076ef0470
.text C:\Program Files\Apoint\Apntex.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 0000000076ef03e0
.text C:\Program Files\Apoint\Apntex.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000076ef0320
.text C:\Program Files\Apoint\Apntex.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 0000000076ef03b0
.text C:\Program Files\Apoint\Apntex.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000076ef0390
.text C:\Program Files\Apoint\Apntex.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 0000000076ef02e0
.text C:\Program Files\Apoint\Apntex.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 0000000076ef02d0
.text C:\Program Files\Apoint\Apntex.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000076ef0310
.text C:\Program Files\Apoint\Apntex.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 0000000076ef03c0
.text C:\Program Files\Apoint\Apntex.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 0000000076ef03f0
.text C:\Program Files\Apoint\Apntex.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000076ef0230
.text C:\Program Files\Apoint\Apntex.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000076ef0480
.text C:\Program Files\Apoint\Apntex.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 0000000076ef03a0
.text C:\Program Files\Apoint\Apntex.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 0000000076ef02f0
.text C:\Program Files\Apoint\Apntex.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000076ef0350
.text C:\Program Files\Apoint\Apntex.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000076ef0290
.text C:\Program Files\Apoint\Apntex.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 0000000076ef02b0
.text C:\Program Files\Apoint\Apntex.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 0000000076ef03d0
.text C:\Program Files\Apoint\Apntex.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000076ef0330
.text C:\Program Files\Apoint\Apntex.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000076ef0410
.text C:\Program Files\Apoint\Apntex.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000076ef0240
.text C:\Program Files\Apoint\Apntex.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 0000000076ef01e0
.text C:\Program Files\Apoint\Apntex.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000076ef0250
.text C:\Program Files\Apoint\Apntex.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000076ef0490
.text C:\Program Files\Apoint\Apntex.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 0000000076ef04a0
.text C:\Program Files\Apoint\Apntex.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000076ef0300
.text C:\Program Files\Apoint\Apntex.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000076ef0360
.text C:\Program Files\Apoint\Apntex.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 0000000076ef02a0
.text C:\Program Files\Apoint\Apntex.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 0000000076ef02c0
.text C:\Program Files\Apoint\Apntex.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000076ef0380
.text C:\Program Files\Apoint\Apntex.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000076ef0340
.text C:\Program Files\Apoint\Apntex.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000076ef0440
.text C:\Program Files\Apoint\Apntex.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000076ef0260
.text C:\Program Files\Apoint\Apntex.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000076ef0270
.text C:\Program Files\Apoint\Apntex.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000076ef0400
.text C:\Program Files\Apoint\Apntex.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 0000000076ef01f0
.text C:\Program Files\Apoint\Apntex.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000076ef0210
.text C:\Program Files\Apoint\Apntex.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000076ef0200
.text C:\Program Files\Apoint\Apntex.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000076ef0420
.text C:\Program Files\Apoint\Apntex.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000076ef0430
.text C:\Program Files\Apoint\Apntex.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000076ef0220
.text C:\Program Files\Apoint\Apntex.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000076ef0280
.text C:\Program Files\Apoint\Apntex.exe[5812] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62]
.text C:\Windows\system32\conhost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000076ef0460
.text C:\Windows\system32\conhost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000076ef0450
.text C:\Windows\system32\conhost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000076ef0370
.text C:\Windows\system32\conhost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000076ef0470
.text C:\Windows\system32\conhost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 0000000076ef03e0
.text C:\Windows\system32\conhost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000076ef0320
.text C:\Windows\system32\conhost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 0000000076ef03b0
.text C:\Windows\system32\conhost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000076ef0390
.text C:\Windows\system32\conhost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 0000000076ef02e0
.text C:\Windows\system32\conhost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 0000000076ef02d0
.text C:\Windows\system32\conhost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000076ef0310
.text C:\Windows\system32\conhost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 0000000076ef03c0
.text C:\Windows\system32\conhost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 0000000076ef03f0
.text C:\Windows\system32\conhost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000076ef0230
.text C:\Windows\system32\conhost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000076ef0480
.text C:\Windows\system32\conhost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 0000000076ef03a0
.text C:\Windows\system32\conhost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 0000000076ef02f0
.text C:\Windows\system32\conhost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000076ef0350
.text C:\Windows\system32\conhost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000076ef0290
.text C:\Windows\system32\conhost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 0000000076ef02b0
.text C:\Windows\system32\conhost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 0000000076ef03d0
.text C:\Windows\system32\conhost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000076ef0330
.text C:\Windows\system32\conhost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000076ef0410
.text C:\Windows\system32\conhost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000076ef0240
.text C:\Windows\system32\conhost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 0000000076ef01e0
.text C:\Windows\system32\conhost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000076ef0250
.text C:\Windows\system32\conhost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000076ef0490
.text C:\Windows\system32\conhost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 0000000076ef04a0
.text C:\Windows\system32\conhost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000076ef0300
.text C:\Windows\system32\conhost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000076ef0360
.text C:\Windows\system32\conhost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 0000000076ef02a0
.text C:\Windows\system32\conhost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 0000000076ef02c0
.text C:\Windows\system32\conhost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000076ef0380
.text C:\Windows\system32\conhost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000076ef0340
.text C:\Windows\system32\conhost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000076ef0440
.text C:\Windows\system32\conhost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000076ef0260
.text C:\Windows\system32\conhost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000076ef0270
.text C:\Windows\system32\conhost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000076ef0400
.text C:\Windows\system32\conhost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 0000000076ef01f0
.text C:\Windows\system32\conhost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000076ef0210
.text C:\Windows\system32\conhost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000076ef0200
.text C:\Windows\system32\conhost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000076ef0420
.text C:\Windows\system32\conhost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000076ef0430
.text C:\Windows\system32\conhost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000076ef0220
.text C:\Windows\system32\conhost.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000076ef0280
.text C:\Windows\system32\conhost.exe[2568] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62]
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[5316] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000755fa2ba 1 byte [62]
.text C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe[5524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000100070460
.text C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe[5524] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000100070450
.text C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe[5524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000100070370
.text C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe[5524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000100070470
.text C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe[5524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 00000001000703e0
.text C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe[5524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000100070320
.text C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe[5524] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 00000001000703b0
.text C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe[5524] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000100070390
.text C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe[5524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 00000001000702e0
.text C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe[5524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 00000001000702d0
.text C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe[5524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000100070310
.text C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe[5524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 00000001000703c0
.text C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe[5524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 00000001000703f0
.text C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe[5524] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000100070230
.text C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe[5524] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000100070480
.text C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe[5524] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 00000001000703a0
.text C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe[5524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 00000001000702f0
.text C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe[5524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000100070350
.text C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe[5524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000100070290
.text C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe[5524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 00000001000702b0
.text C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe[5524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 00000001000703d0
.text C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe[5524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000100070330
.text C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe[5524] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000100070410
.text C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe[5524] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000100070240
.text C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe[5524] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 00000001000701e0
.text C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe[5524] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000100070250
.text C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe[5524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000100070490
.text C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe[5524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 00000001000704a0
.text C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe[5524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000100070300
.text C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe[5524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000100070360
.text C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe[5524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 00000001000702a0
.text C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe[5524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 00000001000702c0
.text C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe[5524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000100070380
.text C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe[5524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000100070340
.text C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe[5524] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000100070440
.text C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe[5524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000100070260
.text C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe[5524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000100070270
.text C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe[5524] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000100070400
.text C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe[5524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 00000001000701f0
.text C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe[5524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000100070210
.text C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe[5524] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000100070200
.text C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe[5524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000100070420
.text C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe[5524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000100070430
.text C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe[5524] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000100070220
.text C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe[5524] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000100070280
.text C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe[5524] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[7208] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000076ef0460
.text C:\Windows\System32\svchost.exe[7208] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000076ef0450
.text C:\Windows\System32\svchost.exe[7208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000076ef0370
.text C:\Windows\System32\svchost.exe[7208] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000076ef0470
.text C:\Windows\System32\svchost.exe[7208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 0000000076ef03e0
.text C:\Windows\System32\svchost.exe[7208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000076ef0320
.text C:\Windows\System32\svchost.exe[7208] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 0000000076ef03b0
.text C:\Windows\System32\svchost.exe[7208] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000076ef0390
.text C:\Windows\System32\svchost.exe[7208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 0000000076ef02e0
.text C:\Windows\System32\svchost.exe[7208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 0000000076ef02d0
.text C:\Windows\System32\svchost.exe[7208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000076ef0310
.text C:\Windows\System32\svchost.exe[7208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 0000000076ef03c0
.text C:\Windows\System32\svchost.exe[7208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 0000000076ef03f0
.text C:\Windows\System32\svchost.exe[7208] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000076ef0230
.text C:\Windows\System32\svchost.exe[7208] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000076ef0480
.text C:\Windows\System32\svchost.exe[7208] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 0000000076ef03a0
.text C:\Windows\System32\svchost.exe[7208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 0000000076ef02f0
.text C:\Windows\System32\svchost.exe[7208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000076ef0350
.text C:\Windows\System32\svchost.exe[7208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000076ef0290
.text C:\Windows\System32\svchost.exe[7208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 0000000076ef02b0
.text C:\Windows\System32\svchost.exe[7208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 0000000076ef03d0
.text C:\Windows\System32\svchost.exe[7208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000076ef0330
.text C:\Windows\System32\svchost.exe[7208] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000076ef0410
.text C:\Windows\System32\svchost.exe[7208] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000076ef0240
.text C:\Windows\System32\svchost.exe[7208] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 0000000076ef01e0
.text C:\Windows\System32\svchost.exe[7208] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000076ef0250
.text C:\Windows\System32\svchost.exe[7208] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000076ef0490
.text C:\Windows\System32\svchost.exe[7208] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 0000000076ef04a0
.text C:\Windows\System32\svchost.exe[7208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000076ef0300
.text C:\Windows\System32\svchost.exe[7208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000076ef0360
.text C:\Windows\System32\svchost.exe[7208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 0000000076ef02a0
.text C:\Windows\System32\svchost.exe[7208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 0000000076ef02c0
.text C:\Windows\System32\svchost.exe[7208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000076ef0380
.text C:\Windows\System32\svchost.exe[7208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000076ef0340
.text C:\Windows\System32\svchost.exe[7208] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000076ef0440
.text C:\Windows\System32\svchost.exe[7208] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000076ef0260
.text C:\Windows\System32\svchost.exe[7208] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000076ef0270
|
|
08.01.2014, 23:04
| #9 |
| | HitmanPro hat ein Trojaner enteckt... Winsysfilter.dllCode:
ATTFilter .text C:\Windows\System32\svchost.exe[7208] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000076ef0400
.text C:\Windows\System32\svchost.exe[7208] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 0000000076ef01f0
.text C:\Windows\System32\svchost.exe[7208] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000076ef0210
.text C:\Windows\System32\svchost.exe[7208] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000076ef0200
.text C:\Windows\System32\svchost.exe[7208] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000076ef0420
.text C:\Windows\System32\svchost.exe[7208] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000076ef0430
.text C:\Windows\System32\svchost.exe[7208] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000076ef0220
.text C:\Windows\System32\svchost.exe[7208] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000076ef0280
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7904] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000755fa2ba 1 byte [62]
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000076ef0460
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000076ef0450
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000076ef0370
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000076ef0470
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 0000000076ef03e0
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000076ef0320
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 0000000076ef03b0
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000076ef0390
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 0000000076ef02e0
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 0000000076ef02d0
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000076ef0310
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 0000000076ef03c0
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 0000000076ef03f0
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000076ef0230
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000076ef0480
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 0000000076ef03a0
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 0000000076ef02f0
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000076ef0350
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000076ef0290
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 0000000076ef02b0
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 0000000076ef03d0
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000076ef0330
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000076ef0410
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000076ef0240
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 0000000076ef01e0
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000076ef0250
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000076ef0490
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 0000000076ef04a0
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000076ef0300
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000076ef0360
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 0000000076ef02a0
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 0000000076ef02c0
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000076ef0380
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000076ef0340
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000076ef0440
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000076ef0260
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000076ef0270
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000076ef0400
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 0000000076ef01f0
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000076ef0210
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000076ef0200
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000076ef0420
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000076ef0430
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000076ef0220
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7968] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000076ef0280
.text C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe[7968] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8040] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000755fa2ba 1 byte [62]
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[8104] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000100070460
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[8104] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000100070450
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[8104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000100070370
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[8104] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000100070470
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[8104] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 00000001000703e0
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[8104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000100070320
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[8104] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 00000001000703b0
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[8104] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000100070390
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[8104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 00000001000702e0
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[8104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 00000001000702d0
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[8104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000100070310
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[8104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 00000001000703c0
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[8104] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 00000001000703f0
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[8104] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000100070230
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[8104] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000100070480
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[8104] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 00000001000703a0
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[8104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 00000001000702f0
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[8104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000100070350
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[8104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000100070290
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[8104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 00000001000702b0
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[8104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 00000001000703d0
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[8104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000100070330
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[8104] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000100070410
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[8104] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000100070240
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[8104] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 00000001000701e0
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[8104] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000100070250
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[8104] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000100070490
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[8104] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 00000001000704a0
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[8104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000100070300
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[8104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000100070360
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[8104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 00000001000702a0
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[8104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 00000001000702c0
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[8104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000100070380
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[8104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000100070340
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[8104] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000100070440
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[8104] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000100070260
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[8104] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000100070270
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[8104] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000100070400
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[8104] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 00000001000701f0
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[8104] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000100070210
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[8104] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000100070200
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[8104] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000100070420
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[8104] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000100070430
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[8104] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000100070220
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[8104] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000100070280
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[8104] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[8148] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000100070460
.text C:\Windows\system32\svchost.exe[8148] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000100070450
.text C:\Windows\system32\svchost.exe[8148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000100070370
.text C:\Windows\system32\svchost.exe[8148] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000100070470
.text C:\Windows\system32\svchost.exe[8148] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\svchost.exe[8148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000100070320
.text C:\Windows\system32\svchost.exe[8148] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\svchost.exe[8148] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000100070390
.text C:\Windows\system32\svchost.exe[8148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\svchost.exe[8148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\svchost.exe[8148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000100070310
.text C:\Windows\system32\svchost.exe[8148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\svchost.exe[8148] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\svchost.exe[8148] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000100070230
.text C:\Windows\system32\svchost.exe[8148] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000100070480
.text C:\Windows\system32\svchost.exe[8148] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\svchost.exe[8148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\svchost.exe[8148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000100070350
.text C:\Windows\system32\svchost.exe[8148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000100070290
.text C:\Windows\system32\svchost.exe[8148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\svchost.exe[8148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\svchost.exe[8148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000100070330
.text C:\Windows\system32\svchost.exe[8148] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000100070410
.text C:\Windows\system32\svchost.exe[8148] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000100070240
.text C:\Windows\system32\svchost.exe[8148] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\svchost.exe[8148] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000100070250
.text C:\Windows\system32\svchost.exe[8148] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000100070490
.text C:\Windows\system32\svchost.exe[8148] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\svchost.exe[8148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000100070300
.text C:\Windows\system32\svchost.exe[8148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000100070360
.text C:\Windows\system32\svchost.exe[8148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\svchost.exe[8148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\svchost.exe[8148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000100070380
.text C:\Windows\system32\svchost.exe[8148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000100070340
.text C:\Windows\system32\svchost.exe[8148] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000100070440
.text C:\Windows\system32\svchost.exe[8148] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000100070260
.text C:\Windows\system32\svchost.exe[8148] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000100070270
.text C:\Windows\system32\svchost.exe[8148] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000100070400
.text C:\Windows\system32\svchost.exe[8148] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\svchost.exe[8148] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000100070210
.text C:\Windows\system32\svchost.exe[8148] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000100070200
.text C:\Windows\system32\svchost.exe[8148] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000100070420
.text C:\Windows\system32\svchost.exe[8148] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000100070430
.text C:\Windows\system32\svchost.exe[8148] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000100070220
.text C:\Windows\system32\svchost.exe[8148] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000100070280
.text C:\Windows\system32\svchost.exe[8148] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62]
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[7224] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000076ef0460
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[7224] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000076ef0450
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[7224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000076ef0370
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[7224] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000076ef0470
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[7224] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 0000000076ef03e0
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[7224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000076ef0320
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[7224] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 0000000076ef03b0
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[7224] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000076ef0390
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[7224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 0000000076ef02e0
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[7224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 0000000076ef02d0
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[7224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000076ef0310
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[7224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 0000000076ef03c0
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[7224] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 0000000076ef03f0
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[7224] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000076ef0230
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[7224] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000076ef0480
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[7224] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 0000000076ef03a0
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[7224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 0000000076ef02f0
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[7224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000076ef0350
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[7224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000076ef0290
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[7224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 0000000076ef02b0
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[7224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 0000000076ef03d0
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[7224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000076ef0330
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[7224] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000076ef0410
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[7224] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000076ef0240
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[7224] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 0000000076ef01e0
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[7224] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000076ef0250
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[7224] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000076ef0490
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[7224] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 0000000076ef04a0
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[7224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000076ef0300
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[7224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000076ef0360
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[7224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 0000000076ef02a0
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[7224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 0000000076ef02c0
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[7224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000076ef0380
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[7224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000076ef0340
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[7224] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000076ef0440
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[7224] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000076ef0260
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[7224] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000076ef0270
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[7224] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000076ef0400
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[7224] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 0000000076ef01f0
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[7224] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000076ef0210
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[7224] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000076ef0200
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[7224] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000076ef0420
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[7224] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000076ef0430
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[7224] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000076ef0220
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[7224] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000076ef0280
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[7224] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62]
.text C:\Program Files\Sony\VAIO Care\listener.exe[4660] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000755fa2ba 1 byte [62]
.text C:\Program Files\Sony\VAIO Care\listener.exe[4660] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 00000000718f451e 5 bytes JMP 000000011000ab40
.text C:\Program Files\Sony\VAIO Care\listener.exe[4660] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 00000000718f4b6d 5 bytes JMP 000000011000abb0
.text C:\Program Files\Sony\VAIO Care\listener.exe[4660] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 00000000718f4bf2 5 bytes JMP 000000011000ac90
.text C:\Program Files\Sony\VAIO Care\listener.exe[4660] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 00000000718f4f0f 5 bytes JMP 000000011000ac50
.text C:\Program Files\Sony\VAIO Care\listener.exe[4660] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 00000000718f4f7b 5 bytes JMP 000000011000ac10
.text C:\Program Files\Sony\VAIO Care\listener.exe[4660] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 00000000718f9054 5 bytes JMP 000000011000ad10
.text C:\Program Files\Sony\VAIO Care\listener.exe[4660] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 00000000718fadf9 5 bytes JMP 000000011000abe0
.text C:\Program Files\Sony\VAIO Care\listener.exe[4660] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 00000000719152e8 5 bytes JMP 000000011000acd0
.text C:\Program Files\Sony\VAIO Care\listener.exe[4660] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000007191535f 5 bytes JMP 000000011000acf0
.text C:\Program Files\Sony\VAIO Care\listener.exe[4660] C:\Windows\SysWOW64\WINMM.dll!waveInClose 00000000719159cc 5 bytes JMP 000000011000ae40
.text C:\Program Files\Sony\VAIO Care\listener.exe[4660] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000071915a6a 5 bytes JMP 000000011000aec0
.text C:\Program Files\Sony\VAIO Care\listener.exe[4660] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000071915ad7 5 bytes JMP 000000011000af00
.text C:\Program Files\Sony\VAIO Care\listener.exe[4660] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000071915b5b 5 bytes JMP 000000011000af40
.text C:\Program Files\Sony\VAIO Care\listener.exe[4660] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000071915bba 5 bytes JMP 000000011000af80
.text C:\Program Files\Sony\VAIO Care\listener.exe[4660] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000071915bee 5 bytes JMP 000000011000b000
.text C:\Program Files\Sony\VAIO Care\listener.exe[4660] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000071915c22 5 bytes JMP 000000011000b060
.text C:\Program Files\Sony\VAIO Care\listener.exe[4660] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000071915c67 5 bytes JMP 000000011000b0d0
.text C:\Program Files\Sony\VAIO Care\listener.exe[4660] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000069867e3d 5 bytes JMP 000000011000a690
.text C:\Program Files\Sony\VAIO Care\listener.exe[4660] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 000000006989de69 5 bytes JMP 000000011000a770
.text C:\Program Files\Sony\VAIO Care\listener.exe[4660] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 00000000698ad2c5 5 bytes JMP 000000011000a8a0
.text C:\Program Files\Sony\VAIO Care\listener.exe[4660] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 00000000698ad371 5 bytes JMP 000000011000a990
.text C:\Program Files\Sony\VAIO Care\listener.exe[4660] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 00000000698ad429 5 bytes JMP 000000011000aa80
.text C:\Program Files\Sony\VAIO Care\listener.exe[4660] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074f39d0b 5 bytes JMP 000000011000a4d0
.text C:\Program Files\Sony\VAIO Care\listener.exe[4660] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000074f39d4e 5 bytes JMP 000000011000a630
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[4640] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000755fa2ba 1 byte [62]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[4640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075811465 2 bytes [81, 75]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[4640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000758114bb 2 bytes [81, 75]
.text ... * 2
.text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000076ef0460
.text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000076ef0450
.text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000076ef0370
.text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000076ef0470
.text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 0000000076ef03e0
.text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000076ef0320
.text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 0000000076ef03b0
.text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000076ef0390
.text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 0000000076ef02e0
.text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 0000000076ef02d0
.text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000076ef0310
.text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 0000000076ef03c0
.text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 0000000076ef03f0
.text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000076ef0230
.text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000076ef0480
.text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 0000000076ef03a0
.text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 0000000076ef02f0
.text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000076ef0350
.text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000076ef0290
.text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 0000000076ef02b0
.text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 0000000076ef03d0
.text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000076ef0330
.text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000076ef0410
.text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000076ef0240
.text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 0000000076ef01e0
.text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000076ef0250
.text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000076ef0490
.text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 0000000076ef04a0
.text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000076ef0300
.text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000076ef0360
.text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 0000000076ef02a0
.text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 0000000076ef02c0
.text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000076ef0380
.text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000076ef0340
.text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000076ef0440
.text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000076ef0260
.text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000076ef0270
.text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000076ef0400
.text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 0000000076ef01f0
.text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000076ef0210
.text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000076ef0200
.text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000076ef0420
.text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000076ef0430
.text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000076ef0220
.text C:\Windows\System32\svchost.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000076ef0280
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2000] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000755fa2ba 1 byte [62]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[2848] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000755fa2ba 1 byte [62]
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000100130460
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000100130450
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000100130370
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000100130470
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 00000001001303e0
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000100130320
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 00000001001303b0
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000100130390
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 00000001001302e0
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 00000001001302d0
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000100130310
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 00000001001303c0
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 00000001001303f0
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000100130230
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000100130480
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 00000001001303a0
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 00000001001302f0
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000100130350
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000100130290
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 00000001001302b0
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 00000001001303d0
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000100130330
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000100130410
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000100130240
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 00000001001301e0
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000100130250
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000100130490
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 00000001001304a0
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000100130300
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000100130360
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 00000001001302a0
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 00000001001302c0
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000100130380
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000100130340
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000100130440
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000100130260
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000100130270
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000100130400
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 00000001001301f0
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000100130210
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000100130200
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000100130420
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000100130430
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000100130220
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[4336] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000100130280
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[4336] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62]
.text C:\Windows\System32\vds.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000076ef0460
.text C:\Windows\System32\vds.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000076ef0450
.text C:\Windows\System32\vds.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000076ef0370
.text C:\Windows\System32\vds.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000076ef0470
.text C:\Windows\System32\vds.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 0000000076ef03e0
.text C:\Windows\System32\vds.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000076ef0320
.text C:\Windows\System32\vds.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 0000000076ef03b0
.text C:\Windows\System32\vds.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000076ef0390
.text C:\Windows\System32\vds.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 0000000076ef02e0
.text C:\Windows\System32\vds.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 0000000076ef02d0
.text C:\Windows\System32\vds.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000076ef0310
.text C:\Windows\System32\vds.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 0000000076ef03c0
.text C:\Windows\System32\vds.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 0000000076ef03f0
.text C:\Windows\System32\vds.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000076ef0230
.text C:\Windows\System32\vds.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000076ef0480
.text C:\Windows\System32\vds.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 0000000076ef03a0
.text C:\Windows\System32\vds.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 0000000076ef02f0
.text C:\Windows\System32\vds.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000076ef0350
.text C:\Windows\System32\vds.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000076ef0290
.text C:\Windows\System32\vds.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 0000000076ef02b0
.text C:\Windows\System32\vds.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 0000000076ef03d0
.text C:\Windows\System32\vds.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000076ef0330
.text C:\Windows\System32\vds.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000076ef0410
.text C:\Windows\System32\vds.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000076ef0240
.text C:\Windows\System32\vds.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 0000000076ef01e0
.text C:\Windows\System32\vds.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000076ef0250
.text C:\Windows\System32\vds.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000076ef0490
.text C:\Windows\System32\vds.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 0000000076ef04a0
.text C:\Windows\System32\vds.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000076ef0300
.text C:\Windows\System32\vds.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000076ef0360
.text C:\Windows\System32\vds.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 0000000076ef02a0
.text C:\Windows\System32\vds.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 0000000076ef02c0
.text C:\Windows\System32\vds.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000076ef0380
.text C:\Windows\System32\vds.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000076ef0340
.text C:\Windows\System32\vds.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000076ef0440
.text C:\Windows\System32\vds.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000076ef0260
.text C:\Windows\System32\vds.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000076ef0270
.text C:\Windows\System32\vds.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000076ef0400
.text C:\Windows\System32\vds.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 0000000076ef01f0
.text C:\Windows\System32\vds.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000076ef0210
.text C:\Windows\System32\vds.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000076ef0200
.text C:\Windows\System32\vds.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000076ef0420
.text C:\Windows\System32\vds.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000076ef0430
.text C:\Windows\System32\vds.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000076ef0220
.text C:\Windows\System32\vds.exe[6800] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000076ef0280
.text C:\Windows\System32\vds.exe[6800] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62]
.text C:\Windows\system32\notepad.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000076ef0460
.text C:\Windows\system32\notepad.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000076ef0450
.text C:\Windows\system32\notepad.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000076ef0370
.text C:\Windows\system32\notepad.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000076ef0470
.text C:\Windows\system32\notepad.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 0000000076ef03e0
.text C:\Windows\system32\notepad.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000076ef0320
.text C:\Windows\system32\notepad.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 0000000076ef03b0
.text C:\Windows\system32\notepad.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000076ef0390
.text C:\Windows\system32\notepad.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 0000000076ef02e0
.text C:\Windows\system32\notepad.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 0000000076ef02d0
.text C:\Windows\system32\notepad.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000076ef0310
.text C:\Windows\system32\notepad.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 0000000076ef03c0
.text C:\Windows\system32\notepad.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 0000000076ef03f0
.text C:\Windows\system32\notepad.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000076ef0230
.text C:\Windows\system32\notepad.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000076ef0480
.text C:\Windows\system32\notepad.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 0000000076ef03a0
.text C:\Windows\system32\notepad.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 0000000076ef02f0
.text C:\Windows\system32\notepad.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000076ef0350
.text C:\Windows\system32\notepad.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000076ef0290
.text C:\Windows\system32\notepad.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 0000000076ef02b0
.text C:\Windows\system32\notepad.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 0000000076ef03d0
.text C:\Windows\system32\notepad.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000076ef0330
.text C:\Windows\system32\notepad.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000076ef0410
.text C:\Windows\system32\notepad.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000076ef0240
.text C:\Windows\system32\notepad.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 0000000076ef01e0
.text C:\Windows\system32\notepad.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000076ef0250
.text C:\Windows\system32\notepad.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000076ef0490
.text C:\Windows\system32\notepad.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 0000000076ef04a0
.text C:\Windows\system32\notepad.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000076ef0300
.text C:\Windows\system32\notepad.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000076ef0360
.text C:\Windows\system32\notepad.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 0000000076ef02a0
.text C:\Windows\system32\notepad.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 0000000076ef02c0
.text C:\Windows\system32\notepad.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000076ef0380
.text C:\Windows\system32\notepad.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000076ef0340
.text C:\Windows\system32\notepad.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000076ef0440
.text C:\Windows\system32\notepad.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000076ef0260
.text C:\Windows\system32\notepad.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000076ef0270
.text C:\Windows\system32\notepad.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000076ef0400
.text C:\Windows\system32\notepad.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 0000000076ef01f0
.text C:\Windows\system32\notepad.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000076ef0210
.text C:\Windows\system32\notepad.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000076ef0200
.text C:\Windows\system32\notepad.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000076ef0420
.text C:\Windows\system32\notepad.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000076ef0430
.text C:\Windows\system32\notepad.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000076ef0220
.text C:\Windows\system32\notepad.exe[7392] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000076ef0280
.text C:\Windows\system32\notepad.exe[7392] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62]
.text C:\Windows\system32\notepad.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d91360 5 bytes JMP 0000000076ef0460
.text C:\Windows\system32\notepad.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d913b0 5 bytes JMP 0000000076ef0450
.text C:\Windows\system32\notepad.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d91510 5 bytes JMP 0000000076ef0370
.text C:\Windows\system32\notepad.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d91560 5 bytes JMP 0000000076ef0470
.text C:\Windows\system32\notepad.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d91570 5 bytes JMP 0000000076ef03e0
.text C:\Windows\system32\notepad.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d91620 5 bytes JMP 0000000076ef0320
.text C:\Windows\system32\notepad.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d91650 5 bytes JMP 0000000076ef03b0
.text C:\Windows\system32\notepad.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d91670 5 bytes JMP 0000000076ef0390
.text C:\Windows\system32\notepad.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d916b0 5 bytes JMP 0000000076ef02e0
.text C:\Windows\system32\notepad.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d91730 5 bytes JMP 0000000076ef02d0
.text C:\Windows\system32\notepad.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d91750 5 bytes JMP 0000000076ef0310
.text C:\Windows\system32\notepad.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d91790 5 bytes JMP 0000000076ef03c0
.text C:\Windows\system32\notepad.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d917e0 5 bytes JMP 0000000076ef03f0
.text C:\Windows\system32\notepad.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d91940 5 bytes JMP 0000000076ef0230
.text C:\Windows\system32\notepad.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d91b00 5 bytes JMP 0000000076ef0480
.text C:\Windows\system32\notepad.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d91b30 5 bytes JMP 0000000076ef03a0
.text C:\Windows\system32\notepad.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d91c10 5 bytes JMP 0000000076ef02f0
.text C:\Windows\system32\notepad.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d91c20 5 bytes JMP 0000000076ef0350
.text C:\Windows\system32\notepad.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d91c80 5 bytes JMP 0000000076ef0290
.text C:\Windows\system32\notepad.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d91d10 5 bytes JMP 0000000076ef02b0
.text C:\Windows\system32\notepad.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d91d30 5 bytes JMP 0000000076ef03d0
.text C:\Windows\system32\notepad.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d91d40 5 bytes JMP 0000000076ef0330
.text C:\Windows\system32\notepad.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d91db0 5 bytes JMP 0000000076ef0410
.text C:\Windows\system32\notepad.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d91de0 5 bytes JMP 0000000076ef0240
.text C:\Windows\system32\notepad.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d920a0 5 bytes JMP 0000000076ef01e0
.text C:\Windows\system32\notepad.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d92160 5 bytes JMP 0000000076ef0250
.text C:\Windows\system32\notepad.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d92190 5 bytes JMP 0000000076ef0490
.text C:\Windows\system32\notepad.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d921a0 5 bytes JMP 0000000076ef04a0
.text C:\Windows\system32\notepad.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d921d0 5 bytes JMP 0000000076ef0300
.text C:\Windows\system32\notepad.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d921e0 5 bytes JMP 0000000076ef0360
.text C:\Windows\system32\notepad.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d92240 5 bytes JMP 0000000076ef02a0
.text C:\Windows\system32\notepad.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d92290 5 bytes JMP 0000000076ef02c0
.text C:\Windows\system32\notepad.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d922c0 5 bytes JMP 0000000076ef0380
.text C:\Windows\system32\notepad.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d922d0 5 bytes JMP 0000000076ef0340
.text C:\Windows\system32\notepad.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d925c0 5 bytes JMP 0000000076ef0440
.text C:\Windows\system32\notepad.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d927c0 5 bytes JMP 0000000076ef0260
.text C:\Windows\system32\notepad.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d927d0 5 bytes JMP 0000000076ef0270
.text C:\Windows\system32\notepad.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d927e0 5 bytes JMP 0000000076ef0400
.text C:\Windows\system32\notepad.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d929a0 5 bytes JMP 0000000076ef01f0
.text C:\Windows\system32\notepad.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d929b0 5 bytes JMP 0000000076ef0210
.text C:\Windows\system32\notepad.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d92a20 5 bytes JMP 0000000076ef0200
.text C:\Windows\system32\notepad.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d92a80 5 bytes JMP 0000000076ef0420
.text C:\Windows\system32\notepad.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d92a90 5 bytes JMP 0000000076ef0430
.text C:\Windows\system32\notepad.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d92aa0 5 bytes JMP 0000000076ef0220
.text C:\Windows\system32\notepad.exe[3272] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d92b80 5 bytes JMP 0000000076ef0280
.text C:\Windows\system32\notepad.exe[3272] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c7eecd 1 byte [62]
.text C:\Users\Charlie\Downloads\gmer_2.1.19163.exe[7480] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000755fa2ba 1 byte [62]
|
|
08.01.2014, 23:05
| #10 |
| | HitmanPro hat ein Trojaner enteckt... Winsysfilter.dllCode:
ATTFilter ---- Services - GMER 2.1 ----
Service C:\Windows\system32\drivers\aswFsBlk.sys (*** hidden *** ) [AUTO] aswFsBlk <-- ROOTKIT !!!
Service C:\Windows\system32\drivers\aswMonFlt.sys (*** hidden *** ) [AUTO] aswMonFlt <-- ROOTKIT !!!
Service C:\Windows\system32\drivers\aswRdr2.sys (*** hidden *** ) [SYSTEM] aswRdr <-- ROOTKIT !!!
Service C:\Windows\system32\drivers\aswRvrt.sys (*** hidden *** ) [BOOT] aswRvrt <-- ROOTKIT !!!
Service C:\Windows\system32\drivers\aswSnx.sys (*** hidden *** ) [SYSTEM] aswSnx <-- ROOTKIT !!!
Service C:\Windows\system32\drivers\aswSP.sys (*** hidden *** ) [SYSTEM] aswSP <-- ROOTKIT !!!
Service C:\Windows\system32\drivers\aswTdi.sys (*** hidden *** ) [SYSTEM] aswTdi <-- ROOTKIT !!!
Service C:\Windows\system32\drivers\aswVmm.sys (*** hidden *** ) [BOOT] aswVmm <-- ROOTKIT !!!
Service C:\Program Files\AVAST Software\Avast\AvastSvc.exe (*** hidden *** ) [AUTO] avast! Antivirus <-- ROOTKIT !!!
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description Avast! Mini-filter Driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ImagePath \??\C:\Windows\system32\drivers\aswFsBlk.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \??\C:\Windows\system32\drivers\aswRdr2.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName avast! Revert
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 8
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 491967
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition3\Windows
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387291361
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387291361@ Commited
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387291361@BootTimeout 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387291361@TickTimeout 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387291361@CreationTime 0x6C 0xEB 0x30 0x3E ...
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387291361@SetupOperations MoveFile("\??\c:\program files\avast software\avast\setup\instup.dll.1387291361","\??\c:\program files\avast software\avast\setup\instup.dll",TRUE)?MoveFile("\??\c:\program files\avast software\avast\setup\instup.dll.sum.1387291361","\??\c:\program files\avast software\avast\setup\instup.dll.sum",TRUE)?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387291361@StartBootCounter 5
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387291361@StartTickCounter 244551
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ImagePath \??\C:\Windows\system32\drivers\aswSnx.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ImagePath \??\C:\Windows\system32\drivers\aswSP.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \??\C:\Program Files
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \??\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName aswTdi
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description aswTdi
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 13
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ImagePath \??\C:\Windows\system32\drivers\aswTdi.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName avast! VM Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 288
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Verwaltet und implementiert die avast! Antivirus Dienste auf diesem Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus Container sowie die Zeitplan.
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90004eb58d64
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90004eb9e55a
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90004eb9e55a@00bb160002b4 0x4F 0x7D 0x02 0x0F ...
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description Avast! Mini-filter Driver
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ImagePath \??\C:\Windows\system32\drivers\aswFsBlk.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \??\C:\Windows\system32\drivers\aswRdr2.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName avast! Revert
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 8
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 491967
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition3\Windows
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387291361 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387291361@ Commited
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387291361@BootTimeout 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387291361@TickTimeout 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387291361@CreationTime 0x6C 0xEB 0x30 0x3E ...
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387291361@SetupOperations MoveFile("\??\c:\program files\avast software\avast\setup\instup.dll.1387291361","\??\c:\program files\avast software\avast\setup\instup.dll",TRUE)?MoveFile("\??\c:\program files\avast software\avast\setup\instup.dll.sum.1387291361","\??\c:\program files\avast software\avast\setup\instup.dll.sum",TRUE)?
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387291361@StartBootCounter 5
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387291361@StartTickCounter 244551
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ImagePath \??\C:\Windows\system32\drivers\aswSnx.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ImagePath \??\C:\Windows\system32\drivers\aswSP.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 0
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \??\C:\Program Files
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \??\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName aswTdi
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description aswTdi
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 13
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ImagePath \??\C:\Windows\system32\drivers\aswTdi.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName avast! VM Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 288
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Verwaltet und implementiert die avast! Antivirus Dienste auf diesem Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus Container sowie die Zeitplan.
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90004eb58d64 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90004eb9e55a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90004eb9e55a@00bb160002b4 0x4F 0x7D 0x02 0x0F ...
---- EOF - GMER 2.1 ----
|
|
09.01.2014, 13:12
| #11 |
| /// the machine /// TB-Ausbilder | HitmanPro hat ein Trojaner enteckt... Winsysfilter.dll hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.01.2014, 17:16
| #12 |
| | HitmanPro hat ein Trojaner enteckt... Winsysfilter.dll Danke erstmals hier die Log con Combofix: Code:
ATTFilter ComboFix 14-01-08.03 - Charlie 09.01.2014 16:45:19.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4078.1144 [GMT 1:00]
ausgeführt von:: c:\users\Charlie\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FriloUnzipProtocol.txt
c:\users\Charlie\AppData\Roaming\IHelper
c:\users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\vz8eyhrb.default\extensions\staged
c:\users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\vz8eyhrb.default\extensions\staged\eioeio@euaee.net\bootstrap.js
c:\users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\vz8eyhrb.default\extensions\staged\eioeio@euaee.net\chrome.manifest
c:\users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\vz8eyhrb.default\extensions\staged\eioeio@euaee.net\content\bg.js
c:\users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\vz8eyhrb.default\extensions\staged\eioeio@euaee.net\install.rdf
c:\users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\vz8eyhrb.default\extensions\staged\ickpcaty@dop-mb.co.uk\bootstrap.js
c:\users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\vz8eyhrb.default\extensions\staged\ickpcaty@dop-mb.co.uk\chrome.manifest
c:\users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\vz8eyhrb.default\extensions\staged\ickpcaty@dop-mb.co.uk\content\bg.js
c:\users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\vz8eyhrb.default\extensions\staged\ickpcaty@dop-mb.co.uk\install.rdf
c:\users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\vz8eyhrb.default\extensions\staged\my_l@mcvazkwpfrb.com\bootstrap.js
c:\users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\vz8eyhrb.default\extensions\staged\my_l@mcvazkwpfrb.com\chrome.manifest
c:\users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\vz8eyhrb.default\extensions\staged\my_l@mcvazkwpfrb.com\content\bg.js
c:\users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\vz8eyhrb.default\extensions\staged\my_l@mcvazkwpfrb.com\install.rdf
c:\users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\vz8eyhrb.default\extensions\staged\q.pd7p@yi-eiuu.com\bootstrap.js
c:\users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\vz8eyhrb.default\extensions\staged\q.pd7p@yi-eiuu.com\chrome.manifest
c:\users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\vz8eyhrb.default\extensions\staged\q.pd7p@yi-eiuu.com\content\bg.js
c:\users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\vz8eyhrb.default\extensions\staged\q.pd7p@yi-eiuu.com\install.rdf
c:\users\Charlie\Documents\~WRL0003.tmp
M:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-12-09 bis 2014-01-09 ))))))))))))))))))))))))))))))
.
.
2014-01-09 16:01 . 2014-01-09 16:01 -------- d-----w- c:\users\Test1\AppData\Local\temp
2014-01-09 16:01 . 2014-01-09 16:01 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-01-09 16:01 . 2014-01-09 16:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-09 15:48 . 2014-01-09 15:48 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9947A40C-076F-4AD9-B1CB-2669087B3954}\offreg.dll
2014-01-09 15:40 . 2014-01-09 15:39 82744 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-01-08 19:26 . 2014-01-08 19:26 -------- d-----w- C:\FRST
2014-01-08 18:47 . 2014-01-08 18:47 -------- d-----w- c:\program files\HitmanPro
2014-01-08 18:45 . 2014-01-08 20:33 -------- d-----w- c:\programdata\HitmanPro
2014-01-08 14:04 . 2014-01-08 14:14 -------- d-----w- C:\AdwCleaner
2014-01-08 12:41 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9947A40C-076F-4AD9-B1CB-2669087B3954}\mpengine.dll
2014-01-01 15:17 . 2014-01-08 18:33 -------- d-----w- c:\programdata\SHaoppDRop
2014-01-01 15:17 . 2014-01-08 18:33 -------- d-----w- c:\programdata\SavERExtension
2014-01-01 15:17 . 2014-01-01 15:17 -------- d-----w- c:\programdata\phmpmlianadbfifbhfcijdlhgcnfjccn
2014-01-01 15:17 . 2014-01-01 15:17 -------- d-----w- c:\programdata\bddnngaocglmnfhcpcjmoomohjiobgoo
2014-01-01 15:17 . 2014-01-08 18:33 -------- d-----w- c:\programdata\HappY2Save
2014-01-01 15:17 . 2014-01-01 15:17 -------- d-----w- c:\programdata\daedbbfaebjgclnoijiekplilobacoia
2014-01-01 15:17 . 2014-01-01 15:17 -------- d-----w- c:\programdata\22542c9f2b1e72fe
2014-01-01 15:16 . 2014-01-08 18:33 -------- d-----w- c:\programdata\CoupExtenesiOn
2014-01-01 15:16 . 2014-01-08 18:33 -------- d-----w- c:\programdata\SaverExxtuension
2014-01-01 15:16 . 2014-01-08 18:33 -------- d-----w- c:\programdata\DealExpreSs
2014-01-01 15:05 . 2014-01-01 15:05 -------- d-----w- c:\programdata\Browser Enhancer
2013-12-31 12:18 . 2013-12-31 12:18 -------- d-----w- c:\programdata\Browser faster
2013-12-31 10:26 . 2014-01-08 19:20 -------- d-----w- c:\programdata\Win sys filter
2013-12-31 00:09 . 2013-12-31 00:09 -------- d-----w- c:\programdata\WebTect
2013-12-14 14:10 . 2013-12-16 20:21 -------- d-----w- c:\users\Charlie\AppData\Roaming\.ACEStream
2013-12-14 14:09 . 2013-12-15 15:28 -------- d-----w- c:\users\Charlie\AppData\Roaming\ACEStream
2013-12-12 16:57 . 2013-12-12 16:57 -------- d-----w- c:\users\Charlie\AppData\Roaming\AVAST Software
2013-12-12 12:36 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-12 12:36 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 12:36 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-12 12:36 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2013-12-12 12:36 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2013-12-12 12:32 . 2013-10-25 06:17 15404032 ----a-w- c:\windows\system32\ieframe.dll
2013-12-12 12:32 . 2013-10-25 06:18 19271168 ----a-w- c:\windows\system32\mshtml.dll
2013-12-11 07:58 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll
2013-12-11 07:58 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe
2013-12-11 07:58 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-09 15:39 . 2013-07-26 12:01 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-09 15:39 . 2011-07-21 13:30 1034464 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-09 15:39 . 2011-07-21 13:30 422216 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-01-09 15:39 . 2011-07-21 13:30 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-09 15:39 . 2011-07-21 13:30 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-09 15:38 . 2011-07-21 13:29 43152 ----a-w- c:\windows\avastSS.scr
2013-12-15 12:51 . 2013-03-03 12:07 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-15 12:51 . 2011-07-01 23:59 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-15 02:01 . 2011-07-01 18:06 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-11-26 20:32 . 2013-07-26 12:01 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-26 20:32 . 2012-08-05 02:26 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-11-20 12:01 . 2013-11-20 12:01 33280 ----a-w- c:\windows\system32\maplec.dll
2013-11-20 12:01 . 2013-11-20 12:01 281088 ----a-w- c:\windows\system32\WMIMPLEX.dll
2013-11-19 02:33 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-10-18 21:48 . 2013-10-18 21:48 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-12 02:30 . 2013-11-14 13:35 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-14 13:35 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-14 13:35 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-14 13:35 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-14 13:35 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-02-15 2757312]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-26 648032]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-26 3568312]
.
c:\users\Charlie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Charlie\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-7-29 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=0 (0x0)
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 05837205;Browser faster;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R2 25e4f9bf;WebTect;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R2 5717af3d;Browser Enhancer;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R2 8ffb8f2d;Win sys filter;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R3 ASUSU1;ASUS Xonar U3 Audio Interface;c:\windows\system32\drivers\cm11264.sys;c:\windows\SYSNATIVE\drivers\cm11264.sys [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - PXDIQKOB
*Deregistered* - pxdiqkob
.
Inhalt des "geplante Tasks" Ordners
.
2014-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-03 12:51]
.
2014-01-09 c:\windows\Tasks\Allplan AutoUpdate 2011-1.job
- c:\program files (x86)\Nemetschek\Allplan\prg\NemDownloadHandler.exe [2011-10-12 11:29]
.
2014-01-09 c:\windows\Tasks\AutoUpdate Allplan 2012.job
- c:\program files (x86)\Nemetschek\Allplan_1\prg\NemDownloadHandler.exe [2012-10-22 18:38]
.
2014-01-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1747016203-3155398904-578371931-1000Core.job
- c:\users\Charlie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-06 00:48]
.
2014-01-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1747016203-3155398904-578371931-1000UA.job
- c:\users\Charlie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-06 00:48]
.
2014-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1747016203-3155398904-578371931-1000Core.job
- c:\users\Charlie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-27 12:28]
.
2014-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1747016203-3155398904-578371931-1000UA.job
- c:\users\Charlie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-27 12:28]
.
2014-01-09 c:\windows\Tasks\WebContent AutoUpdate 2011.job
- c:\program files (x86)\Nemetschek\Allplan\prg\NemDownloadHandler.exe [2011-10-12 11:29]
.
2014-01-09 c:\windows\Tasks\WebContent AutoUpdate 2012.job
- c:\program files (x86)\Nemetschek\Allplan_1\prg\NemDownloadHandler.exe [2012-10-22 18:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-26 20:32 326944 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-03-29 518784]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-31 790176]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-31 657056]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"Cm112Sound"="c:\windows\Syswow64\cm112.dll" [2009-12-08 8146944]
"Cm112GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cm112GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
"Cm108Sound"="c:\windows\Syswow64\cm108.dll" [2012-04-10 8146944]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page =
IE: An OneNote s&enden - m:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - m:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\vz8eyhrb.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: keyword.URL -
FF - prefs.js: browser.startup.homepage -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{1576E68C-2DA7-962E-2453-0A5827EF7F4C} - c:\programdata\HappY2Save\bGeK_PvhbO.x64.dll
BHO-{2C805D62-2703-F2E5-DCD4-0239AEA49A03} - c:\programdata\SHaoppDRop\H7YuTsJgnw.x64.dll
BHO-{77CA3678-3090-C527-7918-27D7B78D4A8E} - c:\programdata\CoupExtenesiOn\q.x64.dll
BHO-{E62BCD8F-2460-7E01-529D-3EB6E8EF3C72} - c:\programdata\SavERExtension\4IPdsdMDGz.x64.dll
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{8ffb8f2d} - c:\progra~3\WINSYS~1\WINSYS~1.DLL
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\w7Svc]
"ImagePath"="c:\program files (x86)\webcam 7\wService.exe /startedbyscm:5053B757-40E35B3B-webcam7SRV"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-01-09 17:14:30
ComboFix-quarantined-files.txt 2014-01-09 16:14
.
Vor Suchlauf: 23 Verzeichnis(se), 125.264.781.312 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 130.612.744.192 Bytes frei
.
- - End Of File - - 0555B4F4992E81BC3B4503F3AAABE71B
|
|
10.01.2014, 10:47
| #13 |
| /// the machine /// TB-Ausbilder | HitmanPro hat ein Trojaner enteckt... Winsysfilter.dll Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.01.2014, 17:26
| #14 |
| | HitmanPro hat ein Trojaner enteckt... Winsysfilter.dll AntiMalware log: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.10.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16750 Charlie :: CHARLIE-VAIO [Administrator] 10.01.2014 14:04:58 mbam-log-2014-01-10 (14-04-58).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|M:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 603258 Laufzeit: 2 Stunde(n), 38 Minute(n), 9 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\ProgramData\WebTect\WebTect.dll (Spyware.Password) -> Löschen bei Neustart. (Ende) ADWCleaner Log: Code:
ATTFilter # AdwCleaner v3.016 - Bericht erstellt am 10/01/2014 um 16:55:06
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Charlie - CHARLIE-VAIO
# Gestartet von : C:\Users\Charlie\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16750
-\\ Mozilla Firefox v24.0 (en-US)
[ Datei : C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\vz8eyhrb.default\prefs.js ]
-\\ Google Chrome v
[ Datei : C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [6195 octets] - [08/01/2014 15:04:42]
AdwCleaner[R1].txt - [1053 octets] - [08/01/2014 15:12:45]
AdwCleaner[R2].txt - [1114 octets] - [10/01/2014 16:52:56]
AdwCleaner[S0].txt - [6096 octets] - [08/01/2014 15:06:14]
AdwCleaner[S1].txt - [1036 octets] - [10/01/2014 16:55:06]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1096 octets] ##########
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-01-2014
Ran by Charlie (administrator) on CHARLIE-VAIO on 10-01-2014 17:18:14
Running from C:\Users\Charlie\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Dropbox, Inc.) C:\Users\Charlie\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe [518784 2011-03-29] (Conexant Systems, Inc.)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [790176 2011-03-31] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [657056 2011-03-31] (Atheros Commnucations)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [226672 2011-02-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [Cm112Sound] - C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm112.dll,CMICtrlWnd
HKLM\...\Run: [Cm112GX] - C:\Windows\SysWOW64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cm112GX64] - C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [Cm108Sound] - C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2757312 2011-02-15] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-26] (Sony Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-09] (AVAST Software)
Startup: C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Charlie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE9475A899D9ECE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - {408B6B9F-154A-48A3-8E6A-92804D1F51B0} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
SearchScopes: HKCU - {7C2F6073-2FC5-43D2-9D96-8840CFA6F129} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-21/4?satitle={searchTerms}
SearchScopes: HKCU - {AC457CC2-2E7A-4F6A-825D-25123C566EF2} URL = hxxp://de.shopping.com/?linkin_id=8056363
BHO: HappY2Save - {1576E68C-2DA7-962E-2453-0A5827EF7F4C} - C:\ProgramData\HappY2Save\bGeK_PvhbO.x64.dll No File
BHO: SHaoppDRop - {2C805D62-2703-F2E5-DCD4-0239AEA49A03} - C:\ProgramData\SHaoppDRop\H7YuTsJgnw.x64.dll No File
BHO: CoupExtenesiOn - {77CA3678-3090-C527-7918-27D7B78D4A8E} - C:\ProgramData\CoupExtenesiOn\q.x64.dll No File
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: SavERExtension - {E62BCD8F-2460-7E01-529D-3EB6E8EF3C72} - C:\ProgramData\SavERExtension\4IPdsdMDGz.x64.dll No File
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\vz8eyhrb.default
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Keyword.URL: user_pref("keyword.URL", "");
FF Homepage: user_pref("browser.startup.homepage", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - M:\Programme\Pdfviewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - M:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - M:\Programme\Pdfviewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - M:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - M:\Programme\WebDivix\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - M:\Programme\WebDivix\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - M:\Programme\Pdfviewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Windows\system32\TVUAx\npTVUAx.dll No File
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - M:\Programme\Pdfviewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Charlie\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Charlie\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Charlie\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Charlie\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - M:\Programme\WebDivix\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - M:\Programme\WebDivix\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
Chrome:
=======
CHR HomePage:
CHR RestoreOnStartup: ""
CHR Plugin: (Shockwave Flash) - C:\Users\Charlie\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Charlie\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Charlie\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (PDF-XChange Viewer) - C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (vShare.tv plug-in) - C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U4) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live\u00C3\u0082\u00C2\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Desktop) - C:\Users\Charlie\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Charlie\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Google Update) - C:\Users\Charlie\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (TVU Web Player for FireFox) - C:\Windows\system32\TVUAx\npTVUAx.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - M:\Programme\WebDivix\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - M:\Programme\WebDivix\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (iTunes Application Detector) - M:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Veetle TV Player) - M:\Programme\veetle\Player\npvlc.dll No File
CHR Plugin: (Veetle TV Core) - M:\Programme\veetle\plugins\npVeetle.dll No File
CHR Extension: (AdBlock) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0
CHR Extension: (Google Wallet) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - M:\Programme\WebDivix\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Charlie\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
S2 05837205; C:\Windows\system32\rundll32.exe [45568 2009-07-14] (Microsoft Corporation)
S2 05837205; C:\Windows\SysWow64\rundll32.exe [44544 2009-07-14] (Microsoft Corporation)
S2 25e4f9bf; C:\Windows\system32\rundll32.exe [45568 2009-07-14] (Microsoft Corporation)
S2 25e4f9bf; C:\Windows\SysWow64\rundll32.exe [44544 2009-07-14] (Microsoft Corporation)
S2 5717af3d; C:\Windows\system32\rundll32.exe [45568 2009-07-14] (Microsoft Corporation)
S2 5717af3d; C:\Windows\SysWow64\rundll32.exe [44544 2009-07-14] (Microsoft Corporation)
S2 8ffb8f2d; C:\Windows\system32\rundll32.exe [45568 2009-07-14] (Microsoft Corporation)
S2 8ffb8f2d; C:\Windows\SysWow64\rundll32.exe [44544 2009-07-14] (Microsoft Corporation)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-03-31] (Atheros)
S2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-09] (AVAST Software)
S2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [26600 2013-10-08] (CyberGhost S.R.L)
S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [104096 2011-07-19] (Atheros Communication Inc.)
R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2011-10-03] (Firebird Project)
R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3764224 2011-10-03] (Firebird Project)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; M:\Programme\Microsoft Office 2010\Office14\GROOVE.EXE [50899608 2012-09-20] (Microsoft Corporation)
S3 OpenVPNService; C:\Program Files (x86)\FH-Aachen OpenVPN\bin\openvpnserv.exe [38926 2011-05-20] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-07-29] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-07-29] (Secunia)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1368624 2013-08-01] (Sony Corporation)
S3 w7Svc; C:\Program Files (x86)\webcam 7\wService.exe [4999680 2011-07-27] (Moonware Studios)
==================== Drivers (Whitelisted) ====================
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S3 ASUSU1; C:\Windows\System32\drivers\cm11264.sys [1312256 2010-12-15] (C-Media Electronics Inc)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2014-01-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2014-01-09] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2014-01-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-09] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-07-01] (DT Soft Ltd)
S3 GemCCID; C:\Windows\System32\DRIVERS\GemCCID.sys [129792 2013-04-24] (Gemalto)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-10 17:18 - 2014-01-10 17:18 - 00024374 _____ C:\Users\Charlie\Downloads\FRST.txt
2014-01-10 17:17 - 2014-01-10 17:17 - 00000000 ____D C:\Users\Charlie\Downloads\FRST-OlderVersion
2014-01-10 17:16 - 2014-01-10 17:16 - 00149157 _____ C:\Users\Charlie\Desktop\JRT.txt
2014-01-10 17:02 - 2014-01-10 17:02 - 00000000 ____D C:\Windows\ERUNT
2014-01-10 17:01 - 2014-01-10 17:01 - 01037068 _____ (Thisisu) C:\Users\Charlie\Downloads\JRT.exe
2014-01-10 17:01 - 2014-01-10 17:01 - 01037068 _____ (Thisisu) C:\Users\Charlie\Desktop\JRT.exe
2014-01-10 16:59 - 2014-01-10 16:59 - 00001176 _____ C:\Users\Charlie\Desktop\AdwCleaner[S1].txt
2014-01-10 16:48 - 2014-01-10 16:48 - 00000412 _____ C:\Windows\PFRO.log
2014-01-10 14:01 - 2014-01-10 14:02 - 00004127 _____ C:\Windows\IE11_main.log
2014-01-09 22:07 - 2014-01-10 16:56 - 00000280 _____ C:\Windows\setupact.log
2014-01-09 22:07 - 2014-01-09 22:07 - 00000000 _____ C:\Windows\setuperr.log
2014-01-09 17:14 - 2014-01-09 17:14 - 00023634 _____ C:\ComboFix.txt
2014-01-09 16:42 - 2014-01-09 17:14 - 00000000 ____D C:\ComboFix
2014-01-09 16:42 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-09 16:42 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-09 16:42 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-09 16:42 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-09 16:42 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-09 16:42 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-09 16:42 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-09 16:42 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-09 16:40 - 2014-01-09 17:30 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-09 16:40 - 2014-01-09 17:14 - 00000000 ____D C:\Qoobox
2014-01-09 16:36 - 2014-01-09 16:37 - 05162489 ____R (Swearware) C:\Users\Charlie\Desktop\ComboFix.exe
2014-01-08 21:04 - 2014-01-08 21:05 - 00050477 _____ C:\Users\Charlie\Downloads\Defogger.exe
2014-01-08 20:34 - 2014-01-09 16:41 - 00000000 ____D C:\Users\Charlie\Desktop\trojanerboard
2014-01-08 20:34 - 2014-01-08 20:34 - 00377856 _____ C:\Users\Charlie\Downloads\gmer_2.1.19163.exe
2014-01-08 20:26 - 2014-01-10 17:17 - 00000000 ____D C:\FRST
2014-01-08 20:25 - 2014-01-10 17:17 - 01932166 _____ (Farbar) C:\Users\Charlie\Downloads\FRST64.exe
2014-01-08 20:16 - 2014-01-08 20:16 - 00000406 _____ C:\Windows\system32\.crusader
2014-01-08 19:47 - 2014-01-08 19:47 - 00000000 ____D C:\Program Files\HitmanPro
2014-01-08 19:45 - 2014-01-08 21:33 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-08 19:45 - 2014-01-08 19:46 - 10264904 _____ (SurfRight B.V.) C:\Users\Charlie\Downloads\HitmanPro_x64.exe
2014-01-08 19:44 - 2014-01-08 19:45 - 09452704 _____ (SurfRight B.V.) C:\Users\Charlie\Downloads\HitmanPro3.7.8.208.exe
2014-01-08 15:04 - 2014-01-10 16:55 - 00000000 ____D C:\AdwCleaner
2014-01-08 15:04 - 2014-01-08 15:04 - 01233962 _____ C:\Users\Charlie\Downloads\adwcleaner.exe
2014-01-01 16:17 - 2014-01-01 16:17 - 00000000 ____D C:\ProgramData\phmpmlianadbfifbhfcijdlhgcnfjccn
2014-01-01 16:17 - 2014-01-01 16:17 - 00000000 ____D C:\ProgramData\daedbbfaebjgclnoijiekplilobacoia
2014-01-01 16:17 - 2014-01-01 16:17 - 00000000 ____D C:\ProgramData\bddnngaocglmnfhcpcjmoomohjiobgoo
2014-01-01 16:17 - 2014-01-01 16:17 - 00000000 ____D C:\ProgramData\22542c9f2b1e72fe
2014-01-01 16:16 - 2014-01-08 19:33 - 00000000 ____D C:\ProgramData\CoupExtenesiOn
2014-01-01 16:05 - 2014-01-01 16:05 - 00000000 ____D C:\ProgramData\Browser Enhancer
2013-12-31 13:18 - 2013-12-31 13:18 - 00000000 ____D C:\ProgramData\Browser faster
2013-12-31 11:26 - 2014-01-08 20:20 - 00000000 ____D C:\ProgramData\Win sys filter
2013-12-31 01:09 - 2013-12-31 01:09 - 00000000 ____D C:\ProgramData\WebTect
2013-12-17 15:38 - 2013-12-17 15:38 - 01640448 _____ C:\Users\Charlie\Downloads\371800_Hausubung9_b.fem
2013-12-14 15:10 - 2013-12-16 21:21 - 00000000 ____D C:\Users\Charlie\AppData\Roaming\.ACEStream
2013-12-14 15:09 - 2013-12-15 16:28 - 00000000 ____D C:\Users\Charlie\AppData\Roaming\ACEStream
2013-12-12 17:57 - 2013-12-12 17:57 - 00000000 ____D C:\Users\Charlie\AppData\Roaming\AVAST Software
2013-12-12 13:36 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 13:36 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 13:36 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-12 13:36 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-12 13:33 - 2013-10-25 07:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 13:33 - 2013-10-25 07:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 13:33 - 2013-10-25 07:19 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 13:33 - 2013-10-25 07:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-12 13:33 - 2013-10-25 07:17 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 13:33 - 2013-10-25 07:17 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 13:33 - 2013-10-25 07:17 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-12 13:33 - 2013-10-25 07:17 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 13:33 - 2013-10-25 07:17 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-12 13:33 - 2013-10-25 07:17 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 13:33 - 2013-10-25 07:17 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 13:33 - 2013-10-25 07:17 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 13:33 - 2013-10-25 05:45 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-12 13:33 - 2013-10-25 05:44 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-12 13:33 - 2013-10-25 05:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-12 13:33 - 2013-10-25 05:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-12 13:33 - 2013-10-25 05:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-12 13:33 - 2013-10-25 05:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-12 13:33 - 2013-10-25 05:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-12 13:33 - 2013-10-25 05:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-12 13:33 - 2013-10-25 05:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-12 13:33 - 2013-10-25 05:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-12 13:33 - 2013-10-25 05:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-12 13:33 - 2013-10-25 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 13:33 - 2013-10-25 04:41 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-12 13:33 - 2013-10-25 04:17 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-12 13:33 - 2013-10-25 03:49 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-12 13:32 - 2013-10-25 07:18 - 19271168 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 13:32 - 2013-10-25 07:17 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 13:32 - 2013-10-25 05:44 - 14356992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-12 13:32 - 2013-10-25 05:43 - 13761536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-11 08:59 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 08:59 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 08:59 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 08:59 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 08:59 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 08:59 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 08:59 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 08:59 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 08:59 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 08:59 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 08:59 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 08:59 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 08:59 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 08:59 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 08:59 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 08:59 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-11 08:58 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 08:58 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 08:58 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
==================== One Month Modified Files and Folders =======
2014-01-10 17:18 - 2014-01-10 17:18 - 00024374 _____ C:\Users\Charlie\Downloads\FRST.txt
2014-01-10 17:17 - 2014-01-10 17:17 - 00000000 ____D C:\Users\Charlie\Downloads\FRST-OlderVersion
2014-01-10 17:17 - 2014-01-08 20:26 - 00000000 ____D C:\FRST
2014-01-10 17:17 - 2014-01-08 20:25 - 01932166 _____ (Farbar) C:\Users\Charlie\Downloads\FRST64.exe
2014-01-10 17:16 - 2014-01-10 17:16 - 00149157 _____ C:\Users\Charlie\Desktop\JRT.txt
2014-01-10 17:12 - 2011-07-01 17:52 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2ABB2932-AA29-4351-B409-8136CB98F6A6}
2014-01-10 17:07 - 2009-07-14 05:45 - 00020928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-10 17:07 - 2009-07-14 05:45 - 00020928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-10 17:04 - 2011-07-01 17:45 - 02054205 _____ C:\Windows\WindowsUpdate.log
2014-01-10 17:02 - 2014-01-10 17:02 - 00000000 ____D C:\Windows\ERUNT
2014-01-10 17:02 - 2011-11-26 12:18 - 00000000 ____D C:\Users\Charlie\AppData\Roaming\Dropbox
2014-01-10 17:02 - 2011-08-27 13:28 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1747016203-3155398904-578371931-1000UA.job
2014-01-10 17:01 - 2014-01-10 17:01 - 01037068 _____ (Thisisu) C:\Users\Charlie\Downloads\JRT.exe
2014-01-10 17:01 - 2014-01-10 17:01 - 01037068 _____ (Thisisu) C:\Users\Charlie\Desktop\JRT.exe
2014-01-10 17:00 - 2011-11-26 12:20 - 00000000 ___RD C:\Users\Charlie\Dropbox
2014-01-10 16:59 - 2014-01-10 16:59 - 00001176 _____ C:\Users\Charlie\Desktop\AdwCleaner[S1].txt
2014-01-10 16:59 - 2012-10-22 11:07 - 00000660 _____ C:\Windows\Tasks\WebContent AutoUpdate 2012.job
2014-01-10 16:59 - 2012-08-05 03:26 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-10 16:59 - 2011-10-12 17:25 - 00000642 _____ C:\Windows\Tasks\WebContent AutoUpdate 2011.job
2014-01-10 16:58 - 2013-09-13 22:17 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-10 16:57 - 2011-05-10 04:36 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-10 16:56 - 2014-01-09 22:07 - 00000280 _____ C:\Windows\setupact.log
2014-01-10 16:56 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-10 16:55 - 2014-01-08 15:04 - 00000000 ____D C:\AdwCleaner
2014-01-10 16:48 - 2014-01-10 16:48 - 00000412 _____ C:\Windows\PFRO.log
2014-01-10 14:53 - 2011-07-06 23:44 - 00001146 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1747016203-3155398904-578371931-1000UA.job
2014-01-10 14:08 - 2011-07-06 23:44 - 00001124 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1747016203-3155398904-578371931-1000Core.job
2014-01-10 14:03 - 2012-10-22 11:07 - 00000504 _____ C:\Windows\Tasks\AutoUpdate Allplan 2012.job
2014-01-10 14:03 - 2011-10-12 17:25 - 00000496 _____ C:\Windows\Tasks\Allplan AutoUpdate 2011-1.job
2014-01-10 14:03 - 2011-05-10 14:19 - 00697082 _____ C:\Windows\system32\perfh007.dat
2014-01-10 14:03 - 2011-05-10 14:19 - 00148346 _____ C:\Windows\system32\perfc007.dat
2014-01-10 14:03 - 2009-07-14 06:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-10 14:02 - 2014-01-10 14:01 - 00004127 _____ C:\Windows\IE11_main.log
2014-01-10 14:01 - 2011-08-27 13:28 - 00001076 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1747016203-3155398904-578371931-1000Core.job
2014-01-09 22:07 - 2014-01-09 22:07 - 00000000 _____ C:\Windows\setuperr.log
2014-01-09 17:44 - 2011-07-01 18:36 - 00000000 ____D C:\Users\Charlie\AppData\Local\MediaMonkey
2014-01-09 17:30 - 2014-01-09 16:40 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-09 17:27 - 2011-02-10 23:48 - 00000000 ____D C:\Windows\Panther
2014-01-09 17:26 - 2011-07-15 06:59 - 00000000 ____D C:\Windows\Minidump
2014-01-09 17:26 - 2011-07-02 00:52 - 00000000 ____D C:\Users\Charlie\AppData\Local\CrashDumps
2014-01-09 17:14 - 2014-01-09 17:14 - 00023634 _____ C:\ComboFix.txt
2014-01-09 17:14 - 2014-01-09 16:42 - 00000000 ____D C:\ComboFix
2014-01-09 17:14 - 2014-01-09 16:40 - 00000000 ____D C:\Qoobox
2014-01-09 17:06 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2014-01-09 16:41 - 2014-01-08 20:34 - 00000000 ____D C:\Users\Charlie\Desktop\trojanerboard
2014-01-09 16:39 - 2013-07-26 13:01 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-09 16:39 - 2011-07-21 14:30 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-09 16:39 - 2011-07-21 14:30 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-09 16:39 - 2011-07-21 14:30 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-09 16:39 - 2011-07-21 14:30 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-09 16:38 - 2011-11-10 21:55 - 00000000 ____D C:\Windows\ERDNT
2014-01-09 16:38 - 2011-07-21 14:29 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-09 16:37 - 2014-01-09 16:36 - 05162489 ____R (Swearware) C:\Users\Charlie\Desktop\ComboFix.exe
2014-01-08 21:33 - 2014-01-08 19:45 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-08 21:05 - 2014-01-08 21:04 - 00050477 _____ C:\Users\Charlie\Downloads\Defogger.exe
2014-01-08 20:34 - 2014-01-08 20:34 - 00377856 _____ C:\Users\Charlie\Downloads\gmer_2.1.19163.exe
2014-01-08 20:20 - 2013-12-31 11:26 - 00000000 ____D C:\ProgramData\Win sys filter
2014-01-08 20:16 - 2014-01-08 20:16 - 00000406 _____ C:\Windows\system32\.crusader
2014-01-08 19:47 - 2014-01-08 19:47 - 00000000 ____D C:\Program Files\HitmanPro
2014-01-08 19:46 - 2014-01-08 19:45 - 10264904 _____ (SurfRight B.V.) C:\Users\Charlie\Downloads\HitmanPro_x64.exe
2014-01-08 19:45 - 2014-01-08 19:44 - 09452704 _____ (SurfRight B.V.) C:\Users\Charlie\Downloads\HitmanPro3.7.8.208.exe
2014-01-08 19:33 - 2014-01-01 16:16 - 00000000 ____D C:\ProgramData\CoupExtenesiOn
2014-01-08 15:04 - 2014-01-08 15:04 - 01233962 _____ C:\Users\Charlie\Downloads\adwcleaner.exe
2014-01-08 14:30 - 2011-07-01 17:47 - 00000000 ___RD C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-08 14:29 - 2011-11-26 12:19 - 00000000 ____D C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-06 00:02 - 2011-07-15 07:39 - 00007446 _____ C:\test.xml
2014-01-04 16:07 - 2013-08-31 11:25 - 00000000 ____D C:\Users\Charlie\AppData\Roaming\vlc
2014-01-01 16:17 - 2014-01-01 16:17 - 00000000 ____D C:\ProgramData\phmpmlianadbfifbhfcijdlhgcnfjccn
2014-01-01 16:17 - 2014-01-01 16:17 - 00000000 ____D C:\ProgramData\daedbbfaebjgclnoijiekplilobacoia
2014-01-01 16:17 - 2014-01-01 16:17 - 00000000 ____D C:\ProgramData\bddnngaocglmnfhcpcjmoomohjiobgoo
2014-01-01 16:17 - 2014-01-01 16:17 - 00000000 ____D C:\ProgramData\22542c9f2b1e72fe
2014-01-01 16:05 - 2014-01-01 16:05 - 00000000 ____D C:\ProgramData\Browser Enhancer
2013-12-31 13:18 - 2013-12-31 13:18 - 00000000 ____D C:\ProgramData\Browser faster
2013-12-31 01:09 - 2013-12-31 01:09 - 00000000 ____D C:\ProgramData\WebTect
2013-12-18 09:18 - 2013-11-20 12:38 - 00000000 ____D C:\Users\Charlie\.maplesoft
2013-12-17 15:38 - 2013-12-17 15:38 - 01640448 _____ C:\Users\Charlie\Downloads\371800_Hausubung9_b.fem
2013-12-16 21:21 - 2013-12-14 15:10 - 00000000 ____D C:\Users\Charlie\AppData\Roaming\.ACEStream
2013-12-15 16:28 - 2013-12-14 15:09 - 00000000 ____D C:\Users\Charlie\AppData\Roaming\ACEStream
2013-12-15 13:51 - 2013-09-13 22:17 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-15 13:51 - 2013-03-03 13:07 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-15 13:51 - 2011-07-02 00:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-15 13:31 - 2013-08-22 20:30 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 03:01 - 2011-07-01 19:06 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-13 12:43 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-13 11:39 - 2011-07-01 17:45 - 00000000 ____D C:\Users\Charlie
2013-12-12 17:57 - 2013-12-12 17:57 - 00000000 ____D C:\Users\Charlie\AppData\Roaming\AVAST Software
2013-12-12 17:56 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-12 17:51 - 2009-07-14 05:45 - 00556072 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-12 13:32 - 2011-07-01 20:19 - 00000000 ____D C:\ProgramData\Microsoft Help
Files to move or delete:
====================
C:\ProgramData\UninstallFrilo.Exe
Some content of TEMP:
====================
C:\Users\Charlie\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-24 14:19
==================== End Of Log ============================
--- --- --- --- --- --- beim Öffnen von Google Chrome installiert sich SavERExtension immer wieder neu in den Erweiterungen, ständiges löschen bringt nicht, wollte das nur nochmals erwähnen. lg danke JRT Log1: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by Charlie on 10.01.2014 at 17:02:29,02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\cloud software ltd"
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{0008516A-786A-4D02-8F7B-FC16D69A02BD}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{0067E9DE-5098-4023-9E91-F1A0BA2BCFF3}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{00CCCB1C-80ED-4BA2-A28A-FD1288E96E8A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{010CEC57-3BA7-4A77-AE1E-07BA864CA8EB}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{0118A718-66BD-40CF-8DA9-E3A2200B9D8F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{01CBF7FC-116A-41D6-90EB-B7DF11D427AE}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{01D4D52B-C121-4AE7-BB96-5635DA4A11A5}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{01EFF867-72A1-4EEC-BD99-B80B5DA07471}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{0230A8C8-86EC-46FF-90BA-1374599700E8}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{029AA623-0853-42A5-97BC-3C86EF4EC5F5}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{02C96919-7A0C-4480-8AED-E6DD8409FD87}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{033ED583-E401-46B8-A550-793843D86C91}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{034AD5F0-DA66-459A-BB19-07377A6848AD}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{034F2A42-CC4B-488A-8F8F-BA50CB1A0E22}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{035E17BE-2E07-4155-ADC8-1CCC9B17F079}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{03BC1326-CC04-463F-9109-B04CE03D3CAA}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{03DF76BB-F760-48D7-8E9C-5A87AFF92E71}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{040AA9DC-6BAF-4DBB-84E8-297CE5A85C43}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{04321B62-64D2-4F6A-8562-51998C130BC1}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{045EDEE5-3EB7-4D24-A428-5EAE5113A58B}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{049AE2AF-E471-4295-8A4E-D3C5B370C4B9}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{04D86EC5-9676-4D4B-BFCC-AD239779B2AD}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{04E99037-A075-4671-8F2B-8DB91FBD7EA9}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{05118ED8-9052-4F2E-9D62-10DB1958B110}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{05EB3D79-85CF-4657-B9CA-6DF36778FD06}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{062A7D9B-8017-4A4B-983B-2AF0AB1CBA58}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{0648B622-C61B-4EAC-9E0B-62BB19C62E97}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{064DA343-CC6D-4D85-8147-D8A84D65DD56}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{065B3715-C600-42F8-BABF-EDE284E5AF5B}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{065D8E20-F23D-415A-9FD0-36F1A81EE854}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{06A144BE-3199-4396-ACBA-B62F6BDF0823}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{06AEECF0-436D-49A0-949A-8BEC115C8436}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{06B4BF8A-02F3-47E5-8B6E-2F307F8545E4}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{06E99BD8-B3F2-43DB-A1B9-70340E475E3E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{06EB4F8B-7639-43D7-9327-E4675ED0B1D8}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{0717758D-5EB2-427A-9A8F-A44CEC9D8722}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{0722AF52-64D7-47A3-BE71-6BA6745DACCB}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{07B4523D-C415-4D0E-BD6C-ECF90E31C94E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{088A96C2-3797-438A-81F0-19E338720BF0}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{08D3E771-2A8E-48E8-B136-E1FC3A55856C}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{0922B12E-DFB8-4F76-A566-3FCF4252064F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{0954FB41-DECA-4B0D-827E-33A617D0E663}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{095989B8-9490-43F2-8A25-90E82C3FCDED}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{096EB1AA-AD7D-4290-A6DC-8C709A8098DA}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{097D31A0-714C-463C-AC0E-74257DDBB117}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{09D3D749-90F8-4FB6-AA73-A3720D93D56D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{09F69DE5-717C-4BA6-A692-7907802F3A90}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{09F9B734-7D3F-4FD0-A997-8E3BB3FB780D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{0A575577-AC3D-4C8C-90AF-3649FC6F7999}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{0A5AD9EA-7745-4790-9C19-F01BE646A3F7}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{0A7796FB-9C23-4A20-9AA1-534E177B83D3}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{0ADE9D46-A7A8-48A7-AA57-85BDDFED02D8}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{0AE98ED8-82A8-4FF5-97A0-BD5FFBCF6B39}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{0B0AF82C-BA23-4AD3-873A-2BC1CB4556E9}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{0B87D7B3-A75B-44DB-BD2C-04A2DBC9846E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{0B9BA5D2-EC6A-4A56-9003-987D430C07F4}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{0B9EB6A6-C0FF-4DAB-A0BC-E4A28B697FDA}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{0C081F52-5C04-4CCE-AEE4-F38CFF008925}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{0C2F93D0-29D2-4BEE-A6CD-F3E91439695A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{0D0818F9-7555-474B-AD37-EDF2B7B87983}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{0D368545-83D5-429C-90A8-41E8D52C06DE}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{0D5F098A-CA67-4D91-A96F-A46B12178D35}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{0D78A023-11D8-4472-B821-1D7D9A8062C8}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{0DA0ED8E-2186-42C0-A7EA-FD29A7BFA2D8}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{0DB0F0E9-D6AA-4FFD-BAA0-925BE9F121D1}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{0E186A2B-69C0-4759-A918-0D307253AB97}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{0E5BA01D-C748-46DE-A5F2-2E5B1EA85779}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{0E7010C7-5756-40C5-9D34-3A6C4BCAD1E0}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{0E800A4D-405D-4963-8F40-D7134BF0BF07}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{0E950525-85CB-475D-B2B5-B28509A0B284}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{0EBEE6FF-DA7C-4D6E-9ABB-8A576A592A48}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{0EE8691B-FE3A-454A-A261-E149A881DEC8}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{0F0C2609-2353-45AA-835C-8D9AE7D34585}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{0F1F6AC2-3F74-487A-B6F0-194344A30B94}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{0F945155-96BB-4D8B-B913-E4916ABB4E4D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{0FFEDC9D-96A8-41CB-A5C6-85F0163CBB63}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{100D674B-D445-4FE0-BF86-3948A6AB0900}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{1016ACBD-91E1-4C19-BC8E-02A24709B32E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{10353B67-FF20-4463-BFE8-F1D770630131}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{1046570F-F7C4-41C4-951F-6B0CFA80C4B6}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{10547642-478D-41CC-9294-9FA371F0AA90}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{10A4E5A3-E191-41D3-8DEF-E23632835AF6}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{116E8FE4-890C-4100-8670-971E63D4F256}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{1186D78F-4722-432B-BC03-C7EE47B2C68B}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{123B034B-66F8-4CBA-843E-A68B17703C37}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{12552AA3-34C7-4EE4-9480-2DE088C38547}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{12D3AAF4-CAD5-4AC6-ABBF-283B36437896}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{12DC7E89-4A2C-4BE8-8FB3-9E55ED394706}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{12EAC334-5DD1-417D-944D-F153216D3F6F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{133AC396-EF92-4A16-97B7-48236629B6EC}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{13545757-BF53-4E39-8397-FF4F31066BBC}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{139E5CC4-27C9-4D2D-9E7E-415AF164F526}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{13BDD83A-30B9-412B-BCC3-74F6C9C4D7CF}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{13E56A98-AC2B-48E4-9CD1-68A0026D9150}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{13E87BFB-B46E-42E3-9058-D74BFEAD3672}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{144C6F22-6F85-49FB-A82C-5B2D2537521A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{146B731A-FA9E-4F9E-834A-12B859F4FB5D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{14E68E55-7CD3-4B06-8901-6AB94C4A303E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{15054674-C015-48C5-951E-F7EE7B5029D7}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{1550992A-805F-4FFF-AFA1-DF1FC71D5BE4}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{1552FD9D-A0CC-4602-BD18-7EE810B5AFE0}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{158F55F4-F8FF-4E43-A770-368ACB13E63C}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{15AB2A35-80CE-4C14-BE9E-A1AB9B3AB100}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{15AC4315-0C35-4E4B-94D6-218BA87910F6}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{15B798D7-5EBB-47A7-B1DD-54FFB31DF769}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{15CE6FD1-11A8-44D0-8D7A-5041CEC746DC}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{15DE9AB1-816D-4141-8C92-E9683388FAF5}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{15EF6482-EDF9-4C9D-8AF2-130D4A27AB06}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{1636B8F2-CF30-4CF7-860D-E2022C6FBFE9}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{163B1B92-FB95-4DB3-8532-26EE59513451}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{166BF25F-78A5-4C9C-AA44-66F7DC0CA14A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{168E93B4-20D7-4FA1-BB9C-475B718C1A69}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{1697CB92-0EE4-469B-9627-AAB46A11687A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{16B398DD-18B9-4087-8299-AAB3B9A7ED34}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{16E52AD4-DE2D-4327-877A-D285DC293213}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{1763CE83-42C5-4D83-8639-A3698A67490E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{179E84EB-8BFE-4EC9-9DE3-039F34972A1D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{17B46FBF-F982-4215-8D05-1D29ACF10A72}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{17FD3051-A150-4849-A001-8AA7B467F579}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{180687F8-7F38-48D0-A104-A5FFD87B16B6}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{18EF7252-C4BB-4AC4-ABA8-583782FAE38B}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{198555A5-C9D9-4929-AABC-9E226286F4CD}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{19BE8587-28BA-495D-8FFE-168E71449212}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{19E19F00-9767-4508-AEB4-6F4F7DBF7C03}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{1A0BCC04-E1B4-479B-892B-706E13ACD95E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{1A0C341F-2CB6-4BD6-BF9F-B4840CB1C1EB}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{1A130EBF-0850-4319-AD3E-4E9247158780}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{1A215338-CE2C-4166-B83A-5E77493DC867}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{1AAB4F92-C666-4A23-981C-87A08AB4016E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{1AFFB764-5C4A-47B0-BCD1-13880F0A310D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{1B0DC1CA-4F79-4992-BE5A-1B05E6DF4C5F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{1B20C69B-8632-4667-8956-F355EFD6583F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{1B3F9892-0558-4A80-85BF-0B2C530FE834}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{1BC363CF-F8F0-4241-A26C-4657BB4B20C9}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{1BF5EE25-4654-4001-8BB7-076A0B7236E8}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{1C13A0EB-343B-4B2D-9724-BA8B74093D97}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{1C1B8057-BAEA-4898-8A71-D9B7CAFF2BFA}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{1C987361-A912-4327-9097-ECB749986074}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{1CBFDF9D-E954-4787-AF2C-357B38F19D32}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{1CC4D75F-C6F1-49BB-92C1-D3D735FE63D4}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{1D35C8CA-65EC-40B1-858B-EAA8E4AEDDE3}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{1DA553DA-6549-4B83-A1CC-E569B2B5A0B3}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{1DC1043B-8274-47D9-B53A-A9BA65DE33F6}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{1DDFFD16-A9BA-4823-92BB-908D3D491988}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{1DFC8954-62F6-4B7A-A467-F515D1858781}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{1E15A274-F426-4A5E-B9CA-73049A67D892}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{1E31353D-26BE-4DCA-8A62-6EA6B47FDBA4}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{1E34FE1A-FDB0-4ADA-A17E-50AE9CCA994E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{1E9A5937-4CD9-4662-914B-E79D95496CC4}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{1EA55AE6-E7B7-48E9-B89B-DACFF4ECE942}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{1EA91FE8-20BC-4146-A249-9DE55E959452}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{1F19DF79-F82D-465D-8EC9-E92B528C3D11}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{1F459F76-FB42-4C0B-9CAA-DA06BFB5D4F0}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{1F8F41A3-69B6-459F-8794-312D22778478}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{1FAE70CC-604A-4420-AAA6-5105E4D2D930}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{1FB1E457-C420-4A2F-B0F4-24CE1817F192}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{20156B5C-5C2A-468F-9049-5F91ED29C8B3}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{202B8E92-424D-4713-851A-60EB411CCE55}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{202C6434-F5BF-4C8C-B52B-ACB9A5224D18}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{203225EE-75A3-4520-97D7-AD04B39380C8}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{205086A2-97C8-490E-B632-E0649F9732F5}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{205705D9-D62D-4451-AF64-02E293DFF386}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{2059D271-0CF8-4B5A-823E-56D6BC952300}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{21C33D58-1ECB-494A-8F04-D582BCF21947}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{221AC390-8211-418B-A427-B04CD158A8B0}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{22AA6CC8-D8D2-4827-A797-4EB80C821834}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{22ABDCF9-1F26-440A-8744-96A5E3C6C3F7}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{22ECA6EF-0BD9-4B1B-B1EB-FE0DDD62B21C}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{231771E5-5CDF-438A-864E-EADBFCC426DE}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{2333595D-B628-4D6A-81FE-C34525C59B79}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{2365E552-3B9E-425E-9E1F-9C7943FEDAF8}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{2378DC68-1DAA-4C5B-824C-970A977E2F04}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{23848970-2AD4-447B-B2EC-1235C35DB361}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{24647C75-73AE-4DFC-8C4C-DA3F60C309B0}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{249CA003-1ABC-4C09-939D-8D0C1C82DC90}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{24A5C46B-98E2-450D-85AF-B8F218BC2FCF}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{2529A032-2CAC-49B2-9C1C-67CF45E10DE4}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{25926229-7A4E-45F8-AA4E-F4C1E3D2BF97}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{2598C428-6DC5-40F5-860C-4EB2B773E2AD}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{25C7A286-1F98-414C-B232-3D468C0C14C6}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{25CEAF5C-233B-4275-BA05-78DC720805F8}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{25D54E5B-3702-4EFA-869F-6412C5CC9DCD}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{263E87D9-D9D1-4108-A3F3-C255BECEECEB}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{26620DA5-A34C-4976-8D93-6FF971BE2902}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{26627063-E2AE-47CB-8083-FB831BFAC38B}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{26725D39-706F-455C-A18A-751E1F864E0C}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{26744580-8148-4B08-B9D6-C6354A9381E2}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{267473FE-D9CC-4590-85A5-919D7A85CEA1}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{267AB1F8-910F-4C08-9A67-1186E7A398A4}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{26EF5C7B-B8E2-48F8-89BD-E461995846B4}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{2728757A-A221-4CD2-8A0B-D982FBCD5719}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{27512F17-9F20-45F3-9F22-C201F54A5128}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{279B4E2B-2A23-4C9A-B811-A0FBC1CBC40A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{27ABFF56-ABB9-4337-A07F-F5C79626B118}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{27E5687C-41FA-488B-9BC8-203DDAC74CB9}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{27F035C7-C3EB-419C-9BA8-1046F383FB7E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{27F71080-4A24-47D0-BE65-DB4F2ED116A7}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{27FA808C-D389-4AE1-8135-532958558EBC}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{283FBF8D-7490-491B-84FE-F317706C9980}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{28597928-FE23-4092-B496-9FA92E249B34}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{28A3BEA5-1D2D-4931-9D15-0821FD3D441E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{28B2EDA9-2B80-4A1E-8D28-8A1EB9A2B621}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{28D317A8-B237-4051-9194-72653427A1A9}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{28FCE2D9-1E8D-4A5B-AAB0-30E7E5C1752A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{29229899-F76C-4E12-BC3E-CE9CE2627AF7}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{2934041E-4073-4F9A-8EEF-B886906EECE8}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{296CAA7B-5734-4501-B376-61145C43835D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{297138EE-B32E-44F6-8936-A47F887EE2A2}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{29853A66-ED5D-4284-A3F0-2175A9F7281C}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{29BBA189-0E1B-420C-9A5E-F942271437C8}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{29C14BD2-7DEA-410F-B89B-89CAE3166ABC}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{29D3E96C-B116-4AA6-B186-08ED76C99E54}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{29F29E38-EF44-49A5-ACAD-41F2DD7D1BFF}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{2A100A88-AA84-4798-A007-CDE72673088A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{2A1367C4-B537-4935-B36B-F96D2B8B9CDD}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{2A476170-D19C-4767-BBB9-67FDEA84B7DB}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{2A4F4401-76C5-4946-8EAA-67D5E89E01D5}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{2A5B7F51-4102-428A-80FC-385302820F3A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{2B518C4E-3778-4E47-9387-03D65A1D1F88}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{2BCB2E3F-C445-4F41-BA17-313E42F0944D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{2C18FB9F-B195-4CA5-8A45-13A76B04D6D8}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{2C2868D4-C4EC-4EC4-99CD-484819FC8549}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{2C90C9FF-B688-43D5-B3E6-D982C4537AFE}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{2C9DD48B-7F69-4F83-9EDE-6C61E5469BAB}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{2CD10262-827D-4BE1-B8F6-0975392DA188}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{2CEBD680-1215-4BCE-AE3B-B1D8EA865445}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{2D225A05-B4DC-42FD-9854-1D6ACB9EEAB8}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{2DB36426-A2FC-401E-9E8D-5C76E7E466B6}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{2DB5E216-C6F3-4C34-BCB4-805CF8938F4B}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{2DC5BFAD-151B-42B6-8C42-A51D43B6E776}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{2DD76EEF-7B21-4A38-98A1-D66154655A14}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{2E04924A-2ADC-44E4-ADB1-D6014DBF973B}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{2E3AB0A9-34E8-4DC2-B38A-0F1227290D95}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{2E75F00D-E17C-4DFA-9010-5DCDAB567307}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{2E7BE55B-2E34-4064-A5D4-B8A1B9082B68}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{2EABC494-DF62-4A67-8D26-5893F4ECDC9E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{2EED27C1-BEBD-48BB-8A15-E28A06C08891}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{2F0564C3-2F34-4849-99D8-00ABAACA925F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{2F0967E8-D2E3-48FF-BD55-8A67923550B6}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{2F37AC0F-B36B-449D-B300-652D560EA837}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{2F47778D-2983-4A09-857A-FF5960FC6A09}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{2F4AC559-27B0-4D79-83CD-0BDC1D099188}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{2F4AD608-FA4F-4E3F-A366-EC72F3552F06}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{2F6AE102-23CC-492F-B53F-E43FDFC3CDA5}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{2F9F3D91-CC02-4FB6-82FD-8CC070F83143}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{2FA49286-8D4C-4ACA-A187-414300BA7512}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{300956DC-DCDB-4758-99AF-C825C7F666AA}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{309754F1-D2CA-465E-B375-255E4F801F1A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{313FE26B-A48C-40EC-A8E8-09FF332BC427}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{3175269A-8A52-4B14-BF9B-5B2B7F1672B2}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{31929AF2-D30F-4981-9725-2B39F2A0CE3D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{31BC574E-3D60-4698-845B-34335B72BFED}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{31FF67F1-7DAD-43B5-AD5F-B33145B31DFF}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{3206BA65-62B0-4918-BC0E-A4575CBC1F89}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{32380146-C097-4AB6-9939-4DC7A98B325C}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{323FEAC5-E9C0-4AFD-B3B6-8BB4D12C058A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{32555B91-0C5E-461A-989C-A83EBE801549}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{325F40F5-32CB-41B0-886B-8DA9CD943BEB}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{334020FE-231D-4855-829E-810B80200085}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{34260EB7-656D-4A65-8EFE-09BABA32CBA0}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{34808E9C-EBDE-4094-BD12-9590311B2A8D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{349739BE-6003-431A-95FF-314E9C76692E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{34AD5C64-E859-463D-8D60-E35626649563}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{34DD5750-7FF1-4308-A331-F3D9F6250949}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{34F5A456-117C-410B-9998-02B90E7EE52C}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{356E6961-5B13-4BBC-840B-0A308A564151}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{35CAF039-1BD1-45A3-9A80-3FE146AC9D2C}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{35CCA0F7-EDEB-4CF7-B191-EE41FD9D669F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{35F9F78E-DA11-4B33-A576-A74260D7ABF3}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{36316D57-8A5E-436B-973E-B686A6B04951}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{365877D8-E105-4766-BEA3-B85677772AA3}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{36D25303-CC1D-4456-8FD1-3374857EE321}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{3817D085-609B-4EAF-96E4-E8A1A83AE918}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{382B2FB1-15FF-4B97-B505-528FC9BB27D7}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{3849BF12-A30E-41AE-8A0F-7F68D79BF262}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{38914C4C-4352-400A-A728-E0D3549D01D4}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{389FD6F3-AFDE-444E-9AFA-1042345841E4}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{38B4BDD4-AFF1-4C69-A112-976F8626025A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{3914E6CD-35C2-4101-BADC-B205DD91C035}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{393FBDBD-0293-4972-8BB4-0A59BA8F0D74}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{39505F80-64A0-4699-AF43-5A09819C2947}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{396AC51A-7F58-4357-9D3E-D860EEE213C2}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{397A13A7-D31C-4647-B647-5EBA80E2BCA1}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{398E3DA0-20BF-40E2-B2E3-6A378C24DD14}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{39E60A85-C5B6-476A-9597-62156E13A1A5}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{39E9C308-1BA8-4ED5-ACE2-00F9E2FB7EC1}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{39F51A04-23E5-4A7F-9C40-55F22DBD852F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{3A349B37-A7EB-4736-BDB9-701D31A70171}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{3A4324C6-1C64-4BB6-8CA0-F650530C0A13}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{3A4BF303-5B24-450D-BF41-D64619D24D2F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{3A8F5157-7337-4C8B-8A9B-36420AD8FEE2}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{3AB09634-F669-40A5-8788-FFAB66C14FA7}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{3AC2F6C3-85FE-4456-A967-894E52D405F2}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{3ADDF176-598D-4C05-A960-E2138B45437F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{3B4A36C1-9F5D-45A1-9522-4D42160868C2}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{3B8D947C-2984-44DA-B777-572EBB56181D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{3C290275-C8DB-4280-9A84-80E172593798}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{3C8F8B63-4905-4459-AD21-BC51536F29FB}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{3CC5C6A9-EE9F-4810-89BE-8C9D0226EA97}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{3CD3A65E-0AE5-4AF6-9172-EC0A8010424B}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{3CD80263-DC22-40E5-B65B-47CB51D14A4D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{3D028013-419C-40F0-878C-ABC18CC0A6BC}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{3D041FA6-5A8D-4928-A861-CF586EEC6ECF}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{3D361302-F92A-439D-87CE-CAA5694351F9}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{3D3C7883-3E13-4D90-AA5E-26734EEE6051}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{3D7C1247-C5BC-446F-A94F-EB6F14872ECD}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{3DA3E8D6-ADBD-4B2F-A54D-BAF7A9B7A591}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{3E1DD767-F53D-4A95-8E98-484EEA188807}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{3E2E2E4E-A526-4921-9C0C-B5F1A0FEB39A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{3E77A11F-C759-4CB4-9232-36FF95C26A8C}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{3E7EAA41-A693-48AA-8FC2-0BF821432423}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{3E81A009-96CA-41AE-B207-4C16CDE2A19A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{3EA0F4A5-B5F8-4529-B17D-18E67B84FBF2}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{3EEB62F0-72AC-4383-A8DE-FA90D055CA6F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{3EEEE7DF-59FD-4B84-A2CC-0ED1BA7D6E48}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{3F04720E-0C52-4A41-83C6-A8CFCAE9C05F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{3F832405-D577-4AF8-A664-28465EC0A537}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{3FA7C35F-E9CB-4B27-B512-A78A4C711709}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{3FE0703C-D2B8-4560-8463-99CF15B75D88}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{40DF4538-516C-40D0-BDA5-4E6AE7614336}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{412B8725-AC62-491D-8743-F2E5307A7D6E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{415C2845-202A-47EB-AEDD-91661B8A1027}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{41F93A0B-B3C3-4E2D-90F3-7B05C02831EB}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{42564FA2-E219-4D63-A1EF-66C728D0FC1E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{428D5713-D1EE-4530-A297-AECB23DBCF68}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{42958310-BCCA-4C87-9270-04177B764C53}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{42E445B0-3CD4-4E9E-A30C-CF0021BDB744}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{42E6ED4F-9E46-4997-A95F-F01EE74E89E9}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{43119866-FC3D-47F1-8695-7BA014FCF550}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{4326C927-B27D-4207-A1EA-E7E17FBFB86A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{4387E60B-4DB0-41C1-83F3-95DA360481DE}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{43FF38AA-B4DF-4A50-BA05-F9EE6151098E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{4422837B-86BD-4E94-A6A7-9BFEA05E5571}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{44A834FB-77D6-4EF1-AB62-775A1138B5BA}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{44BD0CD8-C4BF-4599-876B-059BB28B7C9A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{44E099B1-4452-407E-AAE3-3539A0F3E4E1}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{44FF1193-CA51-480B-BC23-8992F65D336B}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{450C4ABF-E945-48AC-9512-5F2B3DF339A9}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{45502DDF-76D8-4041-9672-E6B740257156}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{457D830F-3D07-42C7-BCE3-71DC815E1A32}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{45908E0A-6A42-41BE-9B53-4FB8A910C42B}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{45FD3453-9ED3-4D4D-93D9-A8D89016753F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{464E538C-0667-40FF-8B21-18E0C057A277}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{46B95DCA-431F-4107-B5AA-9FC92F665669}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{46C02E68-8DAC-4C5D-A12A-1898EED13DD0}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{46D8DA9F-699C-4174-826F-2D5BAA96DF72}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{46E40CBC-F5D4-4F21-BEEA-BC10BFB3E512}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{46FC086F-8E94-4EF0-A9F4-0BBC14D2848C}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{471B253B-268E-49B8-90CB-B3DBE2AF6246}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{47E1C284-1E7A-4C37-9C41-1447F4C895E2}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{47E956C3-3A99-418A-8786-CFB0465DC7FB}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{4813A47C-6551-4933-AE52-A53659C84ECE}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{481BB433-CD16-4DA2-9B82-0F2C90D75D9D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{48F1691F-517C-452E-AEBC-D6E253580EB5}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{48FB3965-AF3E-4216-9F1D-5A05AE77F564}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{4917E0C2-D6AE-4020-84AF-1768BA7B631F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{49751A17-0F28-4B74-8E8C-922065058EB3}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{4A21C352-2A03-492D-9960-42B6F4DE3998}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{4A4048E3-304B-4BCB-87B2-4A13D8037B57}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{4A8E21CE-48E6-4D73-AF06-82362BC846AA}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{4AAAEF2E-5937-45B2-9567-DEFEE2FEC801}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{4ACD786B-596D-4B24-94BC-3E77DE711DAB}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{4AF4D8F3-ABD8-4E7B-A79C-0B79F9F1F1E0}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{4B4C89AC-21B3-4D76-BAC0-71258FB2F551}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{4B5C1907-AE1A-4F3B-B836-0BEE274BAE91}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{4B7AA55B-A04F-4FD7-BF31-7C5D174BA8D1}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{4B80C5EA-E808-4D92-95FF-991D3EEA58DC}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{4B811891-1486-4DD3-9219-7037CF3ADA00}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{4B8F09D6-95F4-4FB5-9DBA-1858853750D7}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{4B9DC4E7-3346-43AF-A287-0E48B0BAB6DF}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{4C59DDAD-766E-4FFF-AFB9-1ABDEFEAFFC0}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{4C6C2436-FE4D-4A1A-8A0B-1B0D9DCD850F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{4C6D2252-50D7-4D0C-AF87-DEFC2D5F4294}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{4C6E8CCC-E1B7-417E-935A-646ADF9D0955}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{4C92209C-95B1-4379-A43F-405685493948}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{4CD2481B-821B-4932-AFC0-ADBD3D7CB193}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{4CF6A52F-888B-40CA-B341-1A1FC85FFCA8}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{4D4C6BFA-730A-4727-9F97-685AC2B863AD}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{4D7871DA-FD36-4D7D-9C0E-AEDFB5A8041F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{4DA27426-DB2E-495F-A9F2-3C74CCA02F23}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{4DDDCA9A-6DD4-4ABF-9A17-092E07EA9D10}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{4DFDD3C4-2D8A-4293-BC46-283818D8C159}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{4E0344B6-9473-480B-85DD-C2E3EF63AFEE}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{4E074BCC-90DF-43B9-8C66-C10927E51601}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{4E2AB506-78A4-44D3-850A-51ED90F674CA}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{4E4CCC71-25BE-432D-9049-2E9B75FBD499}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{4E51D4AA-DDC0-43EA-A421-0DB98545E4ED}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{4E5DD5AB-32FC-4B04-A599-7333254E59F3}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{4E62A522-B25C-415B-B65E-DD8DCC7AB72F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{4E736D59-2C51-4E67-A430-CD4E17AA0C09}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{4E773ABE-B81B-4390-B3CA-1777B60D689F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{4EF393A2-7FF4-4B22-86F1-40104F4E7597}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{4F0F71AF-F844-4122-A3BD-DC60EB0B64C1}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{4F3EBC4C-FE56-484E-9AF5-17F4E5CC78D7}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{4F7672F9-6BC8-432C-A99F-2E77F8386326}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{4F876538-D08F-4D52-AF37-22A7B4A8902E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{505F8A26-9292-4CBB-8A68-123D6047C0FE}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{50B193D5-783A-4940-974B-9A26E55CE9E3}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{50E29BC7-D6F6-490C-9D60-8FC11D9E1B53}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5100CA3D-CAF2-4089-B733-5AE90F4C49B5}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5120A73B-17AD-4E87-A964-1FC935F7CBBF}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5158B6E1-1C9D-485D-AB41-DC12FE5AC508}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5172CDDE-119F-41F3-8F59-267F59D7A39C}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{518F182C-47FD-4413-B74A-71DF0FF41FB2}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5191CA90-BD73-4394-9767-F9F5D4AF823B}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{519D6650-F2C0-49B3-8A13-EF5038E86F4D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{52140B83-09DF-484B-B66C-9EBAAB3FA798}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{522F6837-B089-4BEC-8643-BE57A8AFE1F1}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5257EAE7-F38A-40D4-967D-18EAFCEF4255}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{52B1D32E-7F0C-4645-A9AF-9DC321C65CF7}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5359316D-4C7E-4A20-ACA8-552663FE6FC1}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5389C2C2-9189-4199-ACDC-62841DFC1380}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{53BF25A6-6572-413C-A4FC-C8FB70865DE2}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{53F0802C-F8B2-4F40-99BD-1FF51A859142}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5453A308-ACD4-4B58-A831-92F0EB34705A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5478980D-956C-48B7-9438-3163D183DD53}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{548371DF-DA79-4045-AF40-2477C4D66ADD}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{549D2BF3-9D2E-47C1-871C-2C6BC46C61ED}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{54D86A8E-D8E4-4A5D-A180-2CD983C6AC5D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{553B0B36-BC11-47DD-B700-BF1085B66749}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{553B8B06-494E-4D73-A58D-E5050003EB19}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{555EA7A7-0AD0-461F-B9D7-CDB51AC6460A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{55B019C1-548F-41B9-A224-52192AE6A62E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{55C2E527-0728-41E5-BA77-7BC1D9A02B69}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5633F4DD-1D94-4F98-8607-31D7B92C8254}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{564AB44D-FD9C-4497-8E51-BA42065E4F84}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{568A2E43-0250-4802-A491-4B168743FBA6}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{56D6306C-DBDE-4FC7-ACD5-AA04FE3F707C}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{56ECC725-ED0F-47AB-898F-24163A4E3546}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{570232E8-6630-40BE-9C3E-6317A1769D73}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5711AF53-D2C8-41E2-A26C-887D8829AF89}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{573B7D02-916F-4D9A-A09B-3D7B65E0A3FD}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5755225E-8357-43B9-A65B-7C5CAC4EBCCD}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{57931CA4-0524-4D7B-A6F8-807B1ED1C9FA}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{579A861A-4CE8-49A2-A767-4B7F4192BE54}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{57A7D0F7-C630-4FB1-9432-94E89AB1308C}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{57CDA4D5-969A-4097-99B5-B04F568D7D88}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5842EE65-8D57-4A61-B4F5-86E59B9A23BF}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{58694657-0916-4CB6-BEDD-CC045147A08E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5872B7D4-9C94-4D58-A93E-29450EC016E7}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{588A7886-09BB-4CB9-A799-D58D6EA2E24C}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5897D56C-FCCC-4C19-8746-1A82C0D7C291}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{58B64910-12CE-481F-8C6B-3D2748E2A619}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{596AAD06-101A-4C47-8090-F14EB7E79A10}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5984ABC5-1D99-4972-9681-3BABD90AAAF6}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{59D110D3-64EA-417C-A8BD-004F25AA168E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{59DF00EE-CDD2-42AA-B5FE-0BBDB75BA65F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{59F17C5C-27CA-4DA3-81BD-75264B76F40D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5A0A75A1-718B-4BF5-A4F3-1598CDFFBE0E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5A14F92F-80A6-4FAD-A4FA-E68C7E937213}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5A221438-76C5-4066-B2FC-18C135590E7F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5AD94430-2850-481E-8A45-A9B5BF9946F9}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5B0EE41B-4393-4C6F-8FB8-BC6DDFB27C40}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5B50E127-2DCB-4379-963E-67E0636B5379}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5B5390A8-CE05-40E1-93EE-978E439F6174}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5B7B4DC7-F531-4488-A335-8F9F1CA01076}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5B7DC3A8-CA35-4CFB-B9F8-6B4B35A5B909}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5B93F04D-BE2B-4AFE-8C93-230C4283A098}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5BD73850-8673-4F13-90D4-58D0D6CDC053}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5CAB4BFE-B99B-448F-8936-322FDFAF68F1}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5D504982-E34F-472A-808F-97F6D4C2A703}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5D627BB0-0C25-4A7D-8830-F4A5798ADB5C}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5D713B89-E2CE-4B20-AE12-05ECA26D2D03}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5D8BD30A-619B-4162-90E3-DC4810F38A96}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5DAFF79F-16E1-4196-B20C-00457883A53B}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5DD9B7D8-4BD4-4788-96FA-8385C4ECAAE9}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5DF59AD4-935C-4948-A248-1DB6562DDA99}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5E041F65-F26B-4F7D-B945-9D42AB5B2146}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5E151342-E0F4-45DA-A45D-F15F9C1F9CB2}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5E226705-4F64-49BB-88B4-C38989839F56}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5E313B19-ED75-4F3C-89B8-4A4E0F9F076B}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5E416133-05F9-4624-BAF3-B90FC869698E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5E5D78DD-06F1-4886-811B-0F8F3130BA6F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5EDE3166-9DEF-40B0-A324-521D77B3E0B2}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5F216021-06CE-4828-BCD4-DDEEA55AFDF3}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5F2BD5E8-7BD4-4F12-8D16-DCEBD46C26ED}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5F4ADE80-C2BA-4001-8456-9475FF7533E6}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5F4BC075-E98F-4F2F-B608-E23013B43E45}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5F834732-5C44-4677-83AC-66911BCEE240}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5F93B3D4-8AE4-4D60-9A1A-9DC3C8147AE0}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5F93BCAE-331E-481E-8AA9-6945D61F7170}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5F976745-2277-4EBD-A233-91821AC6A5FE}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5FC90C67-B920-4D66-8D6F-1A452C88F023}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5FE0598F-3B46-41DD-A919-95FA1C51D483}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{5FE9892B-B9EC-4014-9D79-000F3D74AA5D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{604FBD50-FD74-4E83-AF16-E3FE617BEF60}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{610DFAA2-764B-4F62-8F4B-6E45EBF6AE5B}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{611C9068-27F7-4C44-B754-99F1ED92D11A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{611F06F2-9D91-4E13-9B44-AE7B275F7598}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{61B26C52-6ACA-4E6A-8EB5-9AAD157C2FC1}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{621C63B9-6421-4F3F-B259-DA1A9E66A7DD}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{621D3BE2-A9D9-43C9-B42E-E328D6FE5FE4}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{622566B4-8963-4DBA-A383-A5F676655EF0}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{6234F04D-12FC-44E0-BA68-D175286CC766}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{62A65DBD-4372-4F1F-86EC-8FFDCE0502D4}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{6318B645-6C59-451F-9F9E-972629387CE0}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{6449CC51-7B47-4141-8681-24588FF067A4}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{644B9181-A710-4E2B-B696-2B4395A89FB9}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{647606D8-DC1B-4AD7-B0CB-7CD6C8FC55BE}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{65217A5D-E359-4183-AEDF-10D2EF606DF8}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{65C2C98A-2E8B-4860-912F-D7D5D29FBBD5}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{66039AFC-E127-49A7-A909-3B899EFEE306}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{661AB2DA-7E0C-4819-B812-CD7BB0A6E9FA}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{6627E5E1-3C08-4EE0-A2C6-A3B05B242B0D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{6641338B-5942-4C85-AF65-DCAF923C4235}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{665457C5-4659-44EE-936E-508C7173F1EE}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{66678D76-6488-46E1-ABEB-7C54C75B2251}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{66723FFD-1AAE-49BE-AC99-B357908C2CBF}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{667ED1CE-52E4-42E4-94A6-2982FFAA9A50}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{66830C25-2C34-4485-A0A0-57B1C6652AC4}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{66A5E403-570C-4123-A709-493EE9FB407F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{66B539AF-965B-49A5-867E-B67A2E29FF2D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{66C89244-2D82-4346-AB8C-1E115776108A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{66CD823D-FE84-4F81-976A-B456D03042B9}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{66E76084-8024-40B8-9963-796FA2DAA946}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{66ED8E0A-8D23-4A1A-8ED7-5EF04F98519A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{66FA5D3C-CA90-4A5D-A333-05909751E4BC}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{67795FDA-21F7-4CD3-92DD-DB5C33C0EE25}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{678010B4-70A5-44C9-876F-DDB45DD3E6A9}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{678BF485-E39C-4780-8440-EE78FC19FDE7}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{67973DA5-3E00-4A2A-B589-3052044962A7}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{67E18DAF-C849-41AA-AEAD-3A51211E550B}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{67E619FC-09FB-4CDD-AC81-D9604CD161A5}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{67EE621F-9281-47FC-B57A-548014E10DD0}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{681B11BB-88E5-47E3-8D95-112523A95F40}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{68481DBD-91B6-44DE-88E1-73CB49CBD5D0}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{687C6916-B2E0-4AAF-8682-55E3CC2CCE37}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{68F9D944-3DAD-48D5-8457-731C04559F67}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{6993117F-34C3-469E-A1D2-0A46576B95FB}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{69B05338-94E3-41F9-BA70-EF9B7B22276F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{69D9DD85-3AEA-4FE8-85AF-3066F810EE2F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{6A09F2A0-74F6-417E-9075-E75C7233AA12}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{6A4211F4-D65B-403C-93DE-4F468719835A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{6AC22A21-F941-4E6F-A3A1-7840BF596CBA}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{6AF92030-B805-48AE-9290-326B1E72E873}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{6B1D00D4-DC79-465E-88E2-4A767BDE295C}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{6B3777A3-0602-4D51-916F-1E666D269A98}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{6B669258-6C4F-4A6F-9E38-414549129B2C}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{6B9B9313-36A5-4B18-BD2D-1F47B16B0395}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{6BA97DD0-51A5-4C03-89E9-BC32AB11BCAB}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{6C0A0DF9-DB03-43E8-952F-D130084FBB7D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{6C2D0F71-D900-4115-B3E6-B9454250D578}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{6CA471D3-8F4A-4BD8-BDC0-80CBA87BF9F7}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{6CDE8EEE-643B-42DA-AB4B-0CD2DF22DA5B}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{6D1C88D0-579F-4FBE-8A8E-124034BB1EC8}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{6D23CD86-18ED-4DEB-8A75-89EA250BEDAC}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{6D6A55B0-4FEA-492E-B01B-3B81036020C7}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{6D73FA10-E9D8-4723-9B7D-A92101CC866B}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{6D7D3F78-1A20-4F5B-AB0A-F7271EB0CD25}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{6D8A363A-8A1E-4325-A498-CDCC7EA94B7D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{6D9836FA-DCA8-4CD0-B835-0C1079C0A3E5}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{6DAF5DF4-5E8F-43DC-BBE6-017E8EF7573B}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{6DEB6AAA-DC4D-4D8D-8B97-B8BF34127D9A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{6E50CBD8-52B0-4ADB-A7B5-8216ABA96BED}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{6E635E40-104C-4358-B200-C31FEA8AE09F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{6E8B26D9-E150-4635-BF04-EADDF158EE73}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{6E95CC6A-2CCD-43FC-A01F-B6044FA652D8}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{6EF819CC-9C73-4B15-BB84-4BABFE544EDD}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{6F182E2E-A06B-4CFC-A0B9-AA7286C10F8A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{6F28FC0A-D73A-4571-8243-9309DA570A82}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{6F33D945-71A9-4517-BDB0-34F575DCE017}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{6F57FADB-5091-40BF-8F31-627165BDE1BE}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{6FD948AF-BAC4-4E11-9C71-C5B1F61C9DE1}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{6FE3AEC4-C8D0-40DF-B332-F53FE6B28AF1}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{6FE61D7F-4E50-45F9-A263-53C2FF4831BC}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{6FF2FCFB-7E1B-47D4-B71F-A09FFD34EDD8}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{701E674C-2FDC-4D4E-9B17-72295B5EB0E7}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{705CC6FF-754A-465B-ADCB-629529A09A82}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{70F8D6AF-7C31-4B76-9C22-F1A4571E6AA7}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{70FD2C51-1EE2-46EE-893A-499456491479}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{710B494E-B5A1-4885-A006-93BF120EF525}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{7155B74D-0E49-4AF9-95CC-3F8DE673FA26}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{715ED513-A0FA-419B-82A8-37716708D61C}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{71630FA3-0DAE-4183-B2A8-67A7286146A7}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{7183D852-4A10-4F46-B4F6-CE05E1E4EFDA}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{7183DB76-D4F9-4865-AE68-4A3499824CFD}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{719D5AB8-DE5A-4805-8578-790DC765206D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{71DEA3BA-99ED-4C4A-B2B4-B41AEC2FA003}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{71F88CEA-4EE4-4A5E-898B-0F84BA9350EB}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{72167D8D-9542-4AB2-BF2B-A5B88188D699}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{72A564FB-9A73-46BC-80D3-56796A785B4E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{72CE54BC-D5D0-4D00-8C71-61463C594947}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{734DD907-4FF1-40DB-AEA7-61CE91110334}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{7375162F-EEF1-4DD9-89AB-CAB1D1263339}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{73BD53FA-B3BA-4DE1-89E3-CBAAF2B2B5C3}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{73C27EE3-45E1-44E2-B1EC-F880F759F430}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{73C9D90A-5817-4E97-BCEA-CDD278A52286}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{7421D50C-179E-42A7-B5D3-46C296A02F52}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{745BCDFA-B190-407E-935B-FF1C08DD44E5}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{74681FF6-6C8F-4889-BF14-D343D63D1B9A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{746840B4-9885-4A56-BF6D-13FCA625452C}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{74940015-6B2E-41BC-A6B9-04817A5C10DB}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{74B2E23F-0AB1-461B-88B2-5BEBAF75EEF5}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{74D0ECE0-E48A-45DF-A296-825F0AD490E0}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{74F64A91-C48D-4FFA-927A-CD274C21E1E4}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{75484DB9-E761-4E09-8C67-1EFBDC811D64}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{755409F4-3ACF-4261-87A0-8F678ABB846E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{75561951-7779-40FA-9E58-57FA48CCE580}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{75CDBA69-AF56-4320-9149-0EBE721F1A61}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{75F4EF7D-C541-4146-A036-2584E2DE6830}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{761C33C7-55CD-48AE-9984-EAE8394C56ED}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{768C06D6-F076-45E9-9CE5-BB366DAF3B42}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{76A11BA6-A529-477D-8CD2-57D67CBD5FEF}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{76D75222-8F14-4412-8BFC-2117F752525F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{7738617B-849F-4882-827A-DD8E9BFB8185}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{773DBE2C-E710-4203-92CF-ED50004B6785}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{77651311-2FFB-472C-8A07-D3B1CDD36CB7}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{7787106C-AFC6-4DCD-91C1-0A816A38F88A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{779DC68C-497B-4966-AF57-9A257C318056}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{77AD4424-EBFD-4A77-91C0-C733164F69E9}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{77BFF6F2-3091-40B3-A2CB-FD9622D9F5A1}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{77E67366-E1E8-4B1A-A321-793FD58FA9F8}
|
|
10.01.2014, 17:27
| #15 |
| | HitmanPro hat ein Trojaner enteckt... Winsysfilter.dll JRT Log2: Code:
ATTFilter Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{780A8ADD-AF79-42CE-A673-EC24BE186604}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{781D179C-07EE-41C3-A725-B1E47E1281B2}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{7864ABCE-6B0F-4615-8BF3-6B8E027B2720}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{7869964A-7429-4AC8-81B8-938E5A6D48C5}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{786D0114-798B-49DA-B7F1-E37AFD119074}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{7881E525-2255-48A6-9BBE-8F4A74E20584}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{78EA3090-E47E-43E5-8D6C-42D10CFE4EBA}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{78F1956C-F0A2-428C-851B-03F0533D2D5E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{7913A7AD-88BA-4F71-8A63-CABE81E51A06}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{7920681C-D1D3-4077-9150-269A668799D4}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{79460D02-7BA4-4F6C-99BC-008534CBBE6B}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{79A0EA86-5C79-4889-AF46-EB5C5386097E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{79B6AEF9-1766-4510-8076-1E6ED70A6860}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{79CD5661-966F-4CDA-9EE7-BB5F5D89EBBC}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{79D6E0D8-DDF1-4391-8B49-CF78DAC575C2}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{79F0C4D4-2B5B-480F-A88D-3C1D3DC3C17A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{7A02D17A-BBEB-4A9C-A2DE-C2B448A33084}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{7A48AD3B-66D3-4115-BF53-8F905DD2CF0D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{7AD461DB-550F-4A97-B640-CF1988C5D52E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{7AE41C77-EE98-4516-ABD8-A36503C9BDE9}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{7B53F4F6-9879-485C-B6E0-7954CF0365A8}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{7B622786-55A2-477C-B9C4-95B9E854D5A3}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{7B9493EB-7A90-473E-9D23-6474DEFA551B}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{7BDE053E-77A5-49A4-AD1F-A11D9B9735D0}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{7C23D09A-370C-4DBF-929A-3C60E27BB116}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{7C78A5B5-0C9F-42F5-B168-1006F40C3C80}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{7D3CA770-AC06-4F60-813E-A78785AF3195}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{7D6D5058-FFC8-420C-91BD-65372ACF128B}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{7DECCEEC-0C93-4B9D-8F99-2FC5CE93F344}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{7DF1689E-678B-4400-BB76-6EFF6A8E89C2}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{7E1C6FD2-ED55-49F2-95B9-FBD7A3840C1A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{7EE14585-4B81-42C2-8ED5-A91EAAF946B9}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{7F7CEEC5-9029-4A74-9908-924A25A53DA5}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{7FEE2930-7011-4EA9-A431-3BB21731D79E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{802BFE75-CF76-4BFC-A071-975DB0D5C62F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{805758C5-0817-4D02-95F6-4967A714BCF0}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{80E2F7C1-0C4E-4309-B241-B396F3B425BD}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{80FBD61A-1454-4A60-A212-3CD40D099D34}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{810413D0-3729-43BC-B570-E3021A2E81AF}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{81042940-F0D2-4876-94A6-213C69B086FE}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{810A5B20-2182-47B8-AE14-65DBA494469B}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{812CC8A1-ACA3-49A1-8AE6-150B81B4B3E0}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{813BE4FD-F135-4C98-A2C9-4A0837CE3210}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{81AFCCAD-2E2F-4A64-BF5F-93920A3E7A6A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{81C3C29E-9DD8-49EC-A26E-46A3E7E21802}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{82192C93-F51A-43E0-9A3E-59853151444D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{821ACAAE-890C-4FB5-8EFA-095FA2B857E4}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{822C48E4-ABF1-4A1C-B09D-6478C245E06F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{825F9234-2EAB-4286-BFF9-B2DD00E8849C}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{8263A42C-BD08-4BD6-96C1-FC3E44B8E37F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{82677EF6-92F9-4DC2-89FA-15D77CFEB0DF}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{82EFA97A-AC43-4E76-A0C5-D3B770EB90D9}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{82F7C354-B5A7-4169-8EA3-804B02CA1FEB}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{830CB9F1-E1A2-4DE2-9B59-C60C74077982}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{831A9D79-55B4-4EE1-A679-56E2FF4C3144}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{83290481-F2E5-446B-8FF8-7BC208ADFB4A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{834F5B42-34EA-4266-9AE5-45FD194BB34A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{835F0E4D-033C-4810-A1E8-7BAC21790B7F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{8369BF82-FC6B-4D8F-BA19-EE9E1D4CC637}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{837AF34E-9BA4-494A-80FF-61A95019CDAA}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{838CB163-6A89-43CC-B696-11CE3E5DC52A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{838D2970-FC07-49A3-8674-1EB898C506F4}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{83B52176-BA69-49B9-9E94-45D31B86E6CB}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{83B974FA-84F6-4152-8440-6014DEB7A175}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{83CB51C6-0EE0-4E07-AB5A-35F1E55F82B0}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{8420BECB-4BA1-4BDA-9EE1-1C10F300A49B}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{842EFA7A-AE82-4908-981B-21B572F26075}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{846511AA-48D4-48C9-B095-36B7A6B05EA6}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{8470D169-6F38-4DC8-B437-D8591D10B47A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{848A083E-E5BA-4B32-AA7E-2CC0CF71BE60}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{84911C45-7697-419B-B85D-D30D590215F8}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{84B6652C-8877-4013-8751-DC4328D04DCB}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{8564884F-4E59-4D78-9F9D-57157101E88E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{85CDDD04-4E47-4D45-BB7C-7215B7B4AD86}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{86200277-F428-44DE-A1AF-106F2CD1370E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{86288320-8F98-4DCB-9D06-09F6EE9A1E65}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{863D8A29-A4DC-4BD8-8BA6-22E13120AD0A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{8649096A-B812-4191-80EA-6FFD6A43110E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{8660563F-7B1F-4716-8FC7-C13A10704973}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{868AEFD1-3DF4-45D2-932F-C922FFF03B09}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{869F33B0-9F22-4F0E-AC7E-9B7B16A4C4DE}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{871A194A-1DA8-4137-ACB7-CF86418193A2}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{872A3321-BA49-4A9A-B4A1-13EC95E9E090}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{874B3F37-4022-4545-BE56-3F5AF7F4FEE2}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{87742233-071A-4ECF-96BD-B8F126522821}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{87A7BD09-A538-402D-A3A2-BA77829A058D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{887C646E-035E-4C53-B77C-E624553A2D1D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{8889ED69-002A-4382-9F84-A175114722D1}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{88B1679E-14DB-4510-8ADE-8985595C772A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{88B86CDC-40AE-4FA5-8BF8-19DC5D43722C}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{8936451E-E492-4D2F-94C9-3D2ABB4E5913}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{89794A29-806F-43B9-8C33-256505F51220}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{898EC06E-B65D-4777-8ADC-F8332C443383}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{8A32E8B6-FFAE-4591-834D-236D01B225F3}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{8A55E7CB-71FD-4F20-BBA8-241C22549FF2}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{8A70113B-BC33-4E87-AF7B-49B4AA64F8A6}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{8A9D8D7B-37D5-4283-B415-A3B53FC8CB11}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{8AA3FF9F-D43F-44CF-A0C8-6611ADC7F232}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{8BAD6A68-A74E-4825-9FBD-68A34BD38626}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{8BAF5292-DF7C-4586-AF83-ACDF3791A5F7}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{8C22CFAB-1176-44F0-9557-6D8A93220AAA}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{8C47A1FC-B145-4788-8343-9737188EFD01}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{8C5E73CB-EBFE-4F86-9144-82D9A4CE8255}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{8C6E4B71-E3D0-4E81-99A9-7C67D46BC7C2}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{8CA4A7CA-F8CA-4448-9AB3-0F7BEB4A563B}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{8CF0FE98-60B9-4D9E-90E4-87EBACC15C69}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{8D31D5E1-D685-45FA-8E56-969C2C1B823C}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{8D3BBFD8-F62B-4A7E-95B5-F7CC75A3F494}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{8D594B68-E658-4B13-95C7-4439ADA7428A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{8D6B3D0A-895D-43EE-9620-BE7C00D0B1F9}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{8DCDC07D-E2ED-4F47-8F6E-DA8622792F4A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{8E77BB6B-A1C8-466A-B273-7F6446A65ABF}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{8EC4F112-2A49-4516-AADC-B516B3C5C029}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{8F04CFE3-8063-4B9D-8DE1-09E38FD68FDF}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{8F1E4314-75B3-4530-A014-6698C9D70A47}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{8F80E10F-972E-4954-9A18-5EF5C3F08620}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{8FBF8D19-F7D7-428C-8B7E-8D2DBBA74B6A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{90533A25-725B-4BC5-B1CE-39B4D0CD4412}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{90561079-C0D7-4DA4-B02D-0ACA5CD0FD28}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{909DB457-D521-4D92-9621-8E65784531A3}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{90E8A620-F325-4828-B582-F9E51F3426F9}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{90EBB3AE-2ED2-49FF-8728-395C257C6BC8}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{9114B0C3-C1A8-41E0-9FF9-FC92025302F0}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{916505FB-9B69-4607-95F7-00338B1F95B4}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{916BF51D-3351-4C29-903B-B0D08EAEDEF2}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{919F3DA1-850B-40EA-95A3-5223D452D945}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{92277A7F-154D-47DE-A6A1-3D28E8C63751}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{928ACC48-7F9F-483F-8242-EECA236629F9}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{92C1E339-73F5-4856-8595-EC1B70461852}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{92CA2EC0-BA8B-445B-BBB4-CCAC296925DB}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{93054ACD-B25E-4640-9BCD-B17B03741698}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{931DC805-C28C-45BB-8B19-47227E1ABB0B}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{936323AF-5C53-4A60-820B-50F3F3102E48}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{93A5AA36-4DA8-4DA9-8C97-07CF1A9C9A32}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{93FB6B60-094E-4B9A-B735-8955563EDAD6}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{941AD51A-0B1A-4E6A-A0C0-236A9D5E7AFF}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{946BCD11-B97D-46AA-89F2-1D568A1E9382}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{9487AC8C-1E74-4EE5-AAB4-22BCF31CA1DC}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{94C08B3F-CE8E-4BFC-8046-72C302702018}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{950044C5-7D09-4031-AC4A-4CBBF967A4DD}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{952CC68B-67C1-4A2F-BAB4-15EC65FBA6B4}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{9572C98B-E2E6-4201-9478-D7E1FD0CA511}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{9599792E-CA59-4EA0-A493-0BD32511445D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{959C5D85-7DA2-4A90-9939-AC05E19822C1}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{95DBBAC6-E299-4ADA-8F80-D5A26A6A8220}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{95E33719-F8D0-4F07-B5AF-2F03B9AF047F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{95E3D27A-99F8-413F-B3EA-B360C2AEEDBD}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{95E7AEE1-C3CE-401A-9B3B-988CCD35F0B2}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{962D7428-4F59-442D-AD90-39C5E617784B}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{96CA42DA-B2CC-4170-A9E2-3F79C62D5213}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{96E53BE9-57D6-4B04-A399-D17AE47CB28A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{9734A6C7-7735-40D6-B690-F713B2ACA4B6}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{9739B9DC-EE58-4542-8BB1-70B6AEE6A189}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{974E109C-CD0A-43C3-82F6-5FBAD91E24E1}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{978F2024-B17D-4061-A3F9-C5FDBD4CE1D4}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{97953344-3828-44BF-A389-5D2D46B2C6A0}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{97B1E4A9-D0FD-4027-8685-A51C4B5BC749}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{97D11C9A-9396-40BA-92D1-08D7CCB27482}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{97F2033A-87F9-41FB-B554-FDAC6358B2C3}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{97F7B6EF-2773-4F85-A449-B0E5C1761B10}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{9814F8E4-78C2-4C90-AB30-CD860D24F692}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{982230B2-8448-4146-B17B-D5496ED3BE8D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{9885D82A-1C6A-4863-9677-8D3FF936B03F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{98CE1949-2CAE-4A9E-BC22-F03A20785B2E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{98E72BF6-EDFF-4098-B3FA-9F6DB33F59BF}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{98FFAAEF-354F-4320-A2D6-597D472FAB9F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{99DA9F3E-6AC2-4D02-AD70-C2FCB0792A8B}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{99E86CF4-41D8-4E96-8FEC-E50AE1A131DD}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{9A13D025-7724-42A8-BE10-B1A08956F8B7}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{9A2B48E3-0291-44B1-BAAD-29BA6DF1158C}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{9A9367B2-849B-4C62-97ED-E1AF7CE58223}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{9ADF60A0-1D01-4EEB-AFC8-091C44ECF963}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{9AEB85F7-4D37-4044-BC21-1C98EA610F8C}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{9B1B3C0D-72C8-4AB3-8BB8-6E443941BCEA}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{9B371021-D6FA-4C2A-A072-4B41FDAB2171}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{9B38D5B8-BEE8-47B9-A19A-D049042404CA}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{9B737E93-7742-413E-A2BA-9C0C3DDAA38F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{9B958E47-9C83-4191-B8E0-66014FFAEF61}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{9C05817A-5987-481D-9438-E57D37835C8B}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{9C210EC0-DD08-43D0-BA7B-06F406243AE0}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{9C2E0CC9-B20A-4994-BDFC-0E344C24551B}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{9C48E007-3DA6-4BF8-8325-FD253793C997}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{9C49A3CC-8D68-4CAE-8EBB-4BDFFABBF0F5}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{9C65811B-5DFA-4308-9F0E-3BBAA9C8A4FD}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{9CA90E22-7F55-4E5C-BF86-15F42C050E34}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{9CD3A03F-BAC0-4C6F-9FDD-0ABF1B97194D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{9CE38C5D-AC54-45FB-8D97-9B8723D75CBC}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{9D2B90F4-DD2B-4A99-8991-931484A6F91A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{9D3F64BF-920E-46DD-AE87-C2EB7455D1CE}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{9DE4968B-F70B-498D-BAD5-0A9469A949FD}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{9E146CC9-AEBA-4580-A5E7-76ECFC4A2BC8}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{9E28D14E-85CA-4CFB-99D1-7EC4A29BEA36}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{9E45765C-8EA2-4733-9746-EF56A2ADCBBB}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{9E6511C2-DD7E-4185-992A-7E75C4226825}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{9E684CD8-8ED9-425B-A710-C3AA97FEE201}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{9E93D4C5-EA0E-4A8A-8864-B8ED1E5DA2A8}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{9EC7F304-E0D0-431A-A625-0BCBE91E4F66}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{9F2C5A86-94CC-448F-8131-9407750E1483}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{9F407FFD-A771-4A81-823C-9882B8084296}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{9F48D075-5440-476D-917B-197295C5E959}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{9F6C58D8-6557-476B-9E2C-63680752EE7F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{9FA99D65-76A6-4DF7-8BF6-ADC709D08B0F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{9FAFC6AC-6464-4AA4-9AD6-991AAF02F214}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{9FD746F4-6E6B-45F7-90F1-C39615F13D1A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A0164231-43E4-48F3-B4B8-47694D386F4A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A05F8F14-EE60-4C5D-BCE3-79C130B7E0B4}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A0C736D6-FAC3-4631-BEEB-F5A6D9304581}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A0EF5269-1E5E-4C8B-ACC0-D7E4D523E030}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A0F138E3-0F5C-41BB-AAEE-A6438EED26EF}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A0FD0892-F381-437F-A34E-F7F95A88E208}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A116645E-9611-489D-844D-E0AF886C3E6C}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A1405F1E-D25C-450A-BEF5-2CEFDCA753B1}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A14D2003-0F98-480C-BD52-0A9A8BD57522}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A14E63CD-3943-449F-8E97-706270666050}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A15E200F-5BC8-44A2-AA17-ACB1E0BF6350}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A1601F38-0226-4C11-8BFE-B2BA428A5373}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A1AD853D-BD71-4FD2-9844-AD8EE4AF498E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A1DF917F-C77A-4D1B-9A78-1EA91EA4E711}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A1F9C807-20B7-4380-BABE-5B8A90E42998}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A1FC9274-B7B3-4A43-A6E5-8AE84C1C4095}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A2523DAC-275B-46F9-AC98-93182A268623}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A2840ECF-8433-415B-830B-B166440B9968}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A2DE4B2E-CCAC-4B1F-997B-C73CEB013FA8}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A3000112-2510-45A4-8A4C-7CB18B6ACE48}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A31957BE-BCE0-4062-B2C4-B6D5B4C7D0C6}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A3255059-24CA-49C3-8552-432C3B6EB326}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A357E663-FA5F-481A-ACEF-6F88AF14B6E3}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A358EF9D-48A1-4917-8F3D-17EEC1E663E4}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A3792828-AF71-4199-87E4-EE73F8B11E4D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A3BA4DFC-BD30-46A9-9358-3E7E8E74C599}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A3CA0556-628E-4E22-B019-D4BC5B73F628}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A42D11F8-463B-4E08-93CD-44E2EFEB61CB}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A4656087-045A-4ABF-A628-6CD01445B6DF}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A47DE2B9-7648-42C6-8992-87DC586F8485}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A48ED8B0-A91C-4AAD-A7BA-EE9BB39D31A3}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A56805A1-893F-4F0B-A418-18F2C0953893}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A57A6075-A2CA-438E-8366-EACBF0DDB233}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A5836FD8-F215-46D9-BE02-2E984957D69A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A596A5B6-762E-4397-ADA4-3F8B2D59D90B}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A5B1DD9C-F9BB-4507-9BD8-CBBF4D53E9E8}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A5B392EF-DB18-4997-B851-F0889BE6CDA5}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A5C8F580-E9EE-4A5E-94F3-CE4A974DC7FE}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A60C9FA0-4921-4022-8B3F-D9836B475941}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A64ABC8E-F9E3-4BFA-8D0E-7EF9ACDE48C3}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A6872DBC-9DEB-4120-BF82-823B4A3008AC}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A6B99CA2-295A-4B3A-A603-67B981BA5E52}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A6FA5E7A-3E08-4F22-872E-F3D4E9D0FB28}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A711EDA4-3BAD-4072-8355-C9359B679B01}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A72FBFF7-12AC-4215-81EC-3D21866BCCBF}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A73C88DA-EA1B-4F54-BF35-D89C57D0FD41}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A748CD39-2EBF-4F8A-BD55-5A694E50932A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A77569E6-1322-48D6-96F3-9B44AF96D9E9}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A7A99C6B-9171-4B3F-A1F2-6629FE4CC03C}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A7F12AFF-1236-4CC6-9D9B-57ADDB067DA2}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A813B80F-74AE-4874-B41F-1AC0D4E35518}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A8582E61-09CD-499C-A570-84859977171E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A86C44ED-862A-412C-B387-0B0FCFB13F5A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A87533C8-8184-4200-8207-4F853A7D8812}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A8A1AA5D-83AD-4D45-9C98-68CB3BC744B1}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A8C0CFA6-334C-4BBD-A778-33732C9E019D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A8CA8E34-5946-48D2-94BB-15861C6D9ADF}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A8F93936-BD6F-4B64-A56B-7E717C4660DB}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A8FBF847-37D1-48AB-B386-3C2845BB6DAE}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A91C3FDD-4666-4655-BB7C-778E6CEBE1D3}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A97A0D8F-5466-4B91-922D-66FF656B8DAD}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{A9963C14-7C26-4DAA-9C4D-5F16DEFF0872}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{AA56B13A-E3AD-454F-A810-62DE35DF5942}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{AA6F94B8-7364-4589-AF55-54B1E5AFC1A9}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{AAAC185B-745B-4712-8F2D-B899761BD3B4}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{AAF117AB-63A7-4AEE-8110-3D274B2B9C08}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{AAF848A4-33A5-43C9-9697-6BE771F008B8}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{AB17EDB9-3F01-4D90-8612-088EBD6F803E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{AB267592-65FF-4F1A-B449-5AA7C7BD934A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{AB4B2728-139C-48AC-94D3-0360BA63E01B}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{AB7DD1BC-0BE1-4FC9-B048-577078D2B53D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{AC482C5F-9767-4D75-9379-912B17382BEA}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{ACEBF724-B6A0-4B42-9599-A11DFD7474E6}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{ACF036DB-37BD-4DBB-94B3-C1F5D29532B4}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{AD78258F-BF0D-4408-8545-588F157369D3}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{AD7E9E46-C395-4A1F-98E2-C8F48DC4E6EC}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{ADFE8CE4-47EA-4A5E-8B9C-DD711BB58579}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{AE2C14EF-112C-4E51-A7BA-B61B2747B16C}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{AE32D687-D2FB-4502-8417-E674B2D27C9D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{AE8F42CD-CC8E-443B-B2DA-B65062CBAAFF}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{AEB04FFC-5075-489C-9E0B-A9FEEDB5EB7E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{AEE846B2-4FA7-4904-BF8D-90ECB2ECEE77}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{AEEFD3CC-6621-45E0-BB5A-1AE27D7022AF}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{AF010102-9A1C-44C2-AAF9-839BA4A13B37}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{AF43C041-FDB1-4BC0-85E3-5C0B502867F5}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{AF72B592-5C9B-4C0C-8DA3-F3CC4B110A4D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{AFDD84BE-ADC3-4016-A2C1-B690D17BC138}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{AFEA1299-9DAD-4C77-B85A-DD2173B9E0F0}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B03079BB-A564-4B74-B843-B4A235DE85E5}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B04C4929-9A9C-477E-93EB-049B3AAFB0BC}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B0C16D44-2D98-4CAB-9569-A8F0A4E94CD9}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B0C8913E-A24C-475E-8684-5BAC9F7A1FE8}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B0D45F52-B5C8-4C7D-8BBA-BA05E327E551}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B0DD04BF-795C-40E8-8F37-D6820CC24A55}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B0DFED61-3635-4473-91B9-DD3D13A33D3E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B0EA0256-1111-42BC-A03F-40090E559D03}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B13CA95B-D555-4744-B036-94BE896F3EB6}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B18F7C13-775D-4C7C-B5A5-D5874ADACF8F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B22452F5-2B25-4508-8E61-4F2EB007CF97}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B225ED27-6673-4AF6-A52A-3C88643FB55B}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B23D7821-048C-49D7-9493-74966A9273DD}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B24824B7-36CF-482E-BBE8-62E5B173101E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B267CA6A-BE5E-4AA3-A2FC-EC236828E9FC}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B278BD03-FF5B-451F-8AD0-FDB5504BA115}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B298206D-74BE-49D6-97F8-7E3CE127193C}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B31E615C-B70F-42CD-97CC-76E7C2DF89CA}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B388B749-4BB5-4B83-8697-DA095256A2E7}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B402C79C-C583-48B2-8E89-271297A28F68}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B4076445-0773-4C89-A62A-0B525581DA77}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B4173D84-D835-493E-876C-EDA93B6A1F7A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B4387D37-79E3-42F0-9184-3CBC0E5DCC90}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B43F49E6-2612-49C0-872B-22DA5C7399B4}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B48BC816-2AC6-4A33-AB70-6365BDE23500}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B4BC5B98-26EC-4A08-BE26-CE78BCAC3AB5}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B4C45CE1-C6C2-4D14-8710-17B9D98224A9}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B4C97B26-E7E2-4D30-9536-D216BE5649C9}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B4FCF0E5-B773-4AD8-9775-7E35F00F8B10}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B4FD1364-A1EB-474F-AC15-A5DFF69EF380}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B55532CC-C258-4BF9-855E-3B823AB09FEA}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B55BF6AE-BB95-4824-B975-1F36DDCC92D8}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B59FA3D1-C793-46FB-A22E-4D8D04E16AA8}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B5C67291-0C5F-46F2-A915-EDDD3E0EC837}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B5FB04F9-CE59-40A1-94E5-BEBA2C2B672A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B63A453E-AC7F-427E-A0FB-654D2DEC0EE4}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B66F7B02-E582-483F-A2AA-B524AA45995B}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B6A80A2B-3E94-447A-8FF6-7763EC0C4DD3}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B6F2830F-71F3-4D49-8F56-91FE124DA025}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B6F516DE-021F-4C0D-9659-BF50D1528BDD}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B6F7C680-0751-4DB2-ADE2-6E004E72C28E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B7A38459-9119-4EE1-A33C-13D202F95B80}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B7BC38F8-5BE3-46DB-A0CB-5E2E28ACA357}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B7D10C4B-C206-435C-8431-E7609D6DBAC9}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B7D1AC31-1F5C-485C-97E6-F4AD44C6EC52}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B7E79DF1-053E-4F30-B8D4-46F0A19CF7C0}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B7F6179D-107A-4D16-AA65-EE3B75C959CA}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B7FBE9C2-A4D2-47F1-9981-4589FB6028EC}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B8111B81-27F6-47FA-99AB-E321049A87DB}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B817282B-1E95-4AD8-94DA-DAA340A7D485}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B821FBC4-642E-47C8-AA0E-8E832444BA29}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B8330419-475E-4B29-9ED5-4D0284457F4E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B839BA24-F140-4D3D-8597-9E1C614175D2}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B8E8548A-72AA-4A01-B0D6-C4C53413D322}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B900014A-FAC5-46BB-8BCE-C90510E74C67}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B90D9FDC-B0E1-4192-829F-DE168FD358F7}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B9111C5A-F4F7-430D-AA53-512E57204E48}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B93F3036-0859-4562-A16F-45BBDDBFD09C}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B9609106-5FCF-4FB3-8226-6A85D445223E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B9701781-8152-4573-96F9-D5ADE96D5FD2}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B98E1A63-C764-4847-89CE-B0329CD34E94}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B9BD451F-F1A4-4E57-9BA2-7BCFEA5359FB}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{B9D96FCF-9DA2-4096-B098-3FF8CB7F7226}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{BA5EF45D-074D-4AAB-92EF-9E8533B9B286}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{BA8A782D-0D8E-4B23-A76A-D1839CEC4FC5}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{BAC04395-55F5-4948-B9B6-C20A8F1ED10E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{BB1E000E-EE83-41A2-A601-13660151BE27}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{BB894829-4D18-4FCB-9C42-C9CD61549DDC}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{BBBB69BC-646F-4A80-B8EC-631EA9959951}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{BBC0DBAF-2F45-48A4-85F6-5C0CA20B7B0E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{BBCBD634-434C-4714-B507-0FDC6B38C89D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{BC409BB4-B865-4D51-820A-B68DEC8F1CF4}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{BC4EB75B-4420-4E5A-B663-33A26F454DBD}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{BC6C896D-0298-494F-8209-3442D87C52E1}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{BD095E22-8C87-4355-AAC2-08075870DE59}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{BD73BC0E-143A-41BF-9553-094164A9417F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{BD75EAB0-3AF6-4BD7-9E85-80E6E440CDEA}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{BDA2D329-2244-4B05-B373-3BF03B83F510}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{BDDFA840-2594-4023-929C-B93478A436E6}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{BDFAB4B9-AE34-4A54-86A7-8C7B899D37E4}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{BDFF5CAE-46DF-411B-AA8C-F56AEAD26DF3}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{BE3480A4-B8B7-4714-B30C-51C27ECB284C}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{BE62663A-700B-4EA6-B2F7-9D3956CB7690}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{BE6E1125-6951-4CE7-B73B-A2540698C9FB}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{BE7FC270-3C3F-46B1-A3A7-A443D6DA5ADB}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{BE8E9978-418B-40D3-A0E8-E880FAFEEF1E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{BEEC5C22-9143-4F94-8D30-3A78B8346469}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{BF2D94EC-81C0-4307-9A21-11311589BFA5}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{BF5B3FD3-1B25-4776-8FA8-3AD0D2FB2ED9}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{BF7B24FB-6168-4AA1-8422-964685C4D849}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{BF8898C2-A8CF-4003-BFEF-8A3AE2E5ECD8}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{BFABABAB-2733-4525-B1AB-6B18F628F6D1}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{BFB8F4FD-87EF-4834-B257-29A14821BF2F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C03C5EB3-A857-4B18-80C8-B8317475A69E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C07E3578-AD02-4928-9B1F-4967F57DFF00}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C0804155-C37F-4D06-A681-4F5B22A7CA22}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C0ACA4F1-6495-4A28-9B78-8D390955BC54}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C0B5341C-9070-4CF4-BADF-1FEC2F02A86A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C0CF8CEA-164C-4AD1-A402-170259C8A1C9}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C107209E-FAC0-4DE9-B4B5-6E1480959C4F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C10D059A-3BE9-476A-8D2C-C6B087C43279}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C12C0743-2407-423B-B5E4-443263B1DC67}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C14361FA-2D3C-478B-A5C9-C73E58EBEFA8}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C1986A3D-A1A3-4D28-9E9A-D81655354BBB}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C1B40544-47FC-4B04-AF21-A16566B4AC8A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C1C133C2-7E90-4750-A8E6-51AC1F98E3B9}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C1E8E35F-265D-4045-B89F-25AFE5979AE4}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C21D76E5-18AF-449E-98C4-65FB1AD9BF20}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C25EE3C6-A125-4874-BECC-B5D6A19E9DD4}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C2961440-0EE9-4C9F-88E5-E5AD425D0709}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C29C2333-C247-41C2-8011-DFE2E04967C4}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C2AB651C-496B-4AAC-87F2-18C56E4423FB}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C2D04F45-7CB0-470F-ABB0-22FC2EE4E67A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C3206E61-6AA4-46F4-9AB6-3A804D8C1E5D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C322319C-0880-4772-A966-D77140B1757E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C3939976-6760-45A9-AD7E-F139AC31AF14}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C3B21FA6-DF52-4C3B-BC08-9C93A79D56A8}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C3CBD0D3-835B-409B-8ECB-B3E15C9CC8AD}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C3CFF6E4-BF58-4312-B779-8B5102CE15C6}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C4141B7A-8718-49BC-ABF2-74AB19053C8C}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C41C94AC-2717-4033-B8F0-E8A0C4E64102}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C4273E4A-B0D2-4544-BECB-E60865D4A3EA}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C43A538C-2ED8-42A1-90A2-63032ED458D7}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C43E09F2-7C4F-4BA5-9702-5541DF4FE527}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C4616337-99B6-4543-9B93-E3B8E3A485CA}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C49553CE-63A3-47BF-B666-39626B21E7F0}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C4A62BB6-3C1A-4879-AC32-B147CBCFB523}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C4AD5FA1-23B5-46E8-9597-C971A8DF5793}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C4D9A5A1-62CF-4B04-BCBA-89F71CF324CE}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C4EC8B75-070E-4398-94E0-D816A335DB33}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C53F9C9F-06E5-428A-9063-8DF0045CFC4C}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C5535735-DF63-4A7B-B587-ED98FC671AC5}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C5C196BE-3DC3-4AF2-B048-FFE2DAE89216}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C60D2586-F6E7-4C70-A4D3-DCDB65C0987F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C6229FBB-DDD2-4BA0-BCC8-BCCD9259F38A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C6416B0B-2063-445F-8FCD-C4ACFBDF0A78}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C678059F-0E4F-4825-B1CA-DC151671B007}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C746BB47-A7AB-4A45-810F-DF665488708D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C76CBFFB-713E-4471-9796-2550E6392592}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C7760B5B-B619-490B-B706-AF3A0A354C9C}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C7A25E5E-BB70-45D5-BB4A-3CEA2AA7DF09}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C7A9F11C-95CE-46E4-B74E-FFE9A5A92A81}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C7BFED7D-740D-4810-A4FD-BC8D48BAB76C}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C7F6AE18-4DE4-4C35-948E-68906FB1DAC8}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C84465A5-4322-40CB-BFEC-CC841087E8AD}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C877AFDF-B486-4C9C-9082-041D97C00B7A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C87E19DC-D2E7-43F1-B426-3293A8D4F366}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C8ACC6CA-BE9F-49E9-835A-917CB2CA6088}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C91ECAD2-26D4-4185-87AE-B462EC4E2832}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C93C1EC0-65AD-495A-A12D-F27F85126A0B}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C956C9A9-9EE6-4CD1-8E4F-C6C1227851AA}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C987B6AF-8B21-4A71-B71F-751D467142C9}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C99D0BC5-1786-44FD-82E9-DF6F2D1E0E7D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C9A086D1-2FD8-4138-AB98-5398CA4402F6}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C9AD2D3A-5544-483D-8D8D-08EDAA72A9A1}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C9B3DF37-50FC-4D94-A2FA-746F03F21CA8}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C9D45FB7-77BC-42EA-A2D7-7558E9280BAA}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{C9E15A6D-057C-49A2-881E-E5785DE72506}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{CA068B19-D9B9-48EF-9F98-9521EB38D929}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{CA351AD7-0B19-4D9A-9263-B49CC5BA3189}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{CA6B310F-1BFF-43A4-B50A-BA465FF31AEC}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{CA7FC3C3-BB80-4416-88CE-17306DA3456A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{CAC569D0-468A-474B-A1E1-543CA36BA76F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{CAE01286-2467-4903-8A78-99991DE90E68}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{CAF2A28A-4104-48FC-B2B7-79B2EE2B84B8}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{CAF8C848-CFC5-4CDC-84AC-EF74FFED43FE}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{CB03F407-9FD7-49B0-AE8E-D17466639673}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{CB16C62E-B227-49C5-9099-8146AEC49DC1}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{CB632515-1438-46ED-A8EC-0A47F988AE78}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{CB855242-99CB-44AD-8046-713BCEF4B8AF}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{CBC39DD9-0D6E-4F53-B574-A3CB4DE253AB}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{CC2B3180-D088-4B07-9652-C4470154EC9E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{CC801624-D884-4C14-A892-DB57A3026B3A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{CC98A461-FD36-4E81-822E-CC9EDFE63961}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{CCCD1D21-ED7E-4F6B-9950-A249A0A0DC86}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{CD33069F-757F-4CCE-9BEE-6BF375C4803D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{CD359FD6-D37C-4851-AA32-3266E1123ACD}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{CD3CEE2A-73C4-4F5E-BE2C-80D8D991FB3F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{CD46EB40-F88D-4DF6-82F0-1ABDDB34F1BB}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{CD70CD7B-A2CB-4795-9E50-8379814A271C}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{CD793967-5739-4CA3-9F5D-AF3CD7FF7367}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{CD91F417-6845-490E-98EE-975C951B90C6}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{CD978F99-34B2-418D-92D1-B8899C3BA276}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{CDD265AB-B69A-4575-A810-1A93102C1E65}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{CDE71D43-BF3C-4CF5-8D56-6FFD5AB86FD2}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{CE010A73-0767-4C9B-9203-C94C84129B16}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{CE072B02-7D49-41DF-AF39-71E2284577AC}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{CE44830A-4189-4FB6-A5DC-2B89512EA201}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{CE860019-01E5-49D5-AEF4-B04DCB18707B}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{CE9A2137-8133-4116-8E59-BFF9E898C58B}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{CEDD5EAC-2875-409C-9AAD-B5E6F0FFBE89}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{CF4DD7A6-DE32-47FC-AD0B-125535196845}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{CF503A53-67DC-4910-8277-CA1B80B8AF85}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{CF52C636-AB05-4E10-BACB-9B45884F9905}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{CF77122F-B273-4D73-B577-135E46D48590}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D02294C1-8CEA-46FB-9014-8F32FD0D894E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D023A0DC-F8DF-4217-9F18-270C03BFF515}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D038E80A-8B72-4A86-9638-9F3799C6ED1B}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D04AB890-EEFC-4221-ADAC-7A7AB5FA2AFC}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D04C8330-B82C-4890-9BAA-3F9038BB74F4}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D0A077EB-635C-4B4B-B9D8-D64FDCE1C1B8}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D0B2A28C-45C1-4659-AB7B-5FEB49B5664B}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D0BCF04D-6330-4E8F-ADBB-3B8DBBAF8EA2}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D0E87CDA-BF17-417A-9727-D9C63841A11F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D1019E72-954E-4738-97ED-628EA56C9817}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D13F0D63-4DE8-4189-A8A2-BEF854446DC2}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D1655B0F-A429-40CE-95FA-095CED5C0B1B}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D16E2343-2B8A-4D09-B217-316D349EF758}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D174AC4A-1E7D-4BB5-933E-BF14BE19E1B4}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D19039B1-C409-4926-AB14-26A022C9A827}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D1B5F28C-8404-428C-8321-AC621118BDE5}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D1D97383-B386-4AD4-95AC-51AC39BF15CB}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D1E9E902-6DC4-4BFB-B218-4C5DF027DDD9}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D1FBA5BD-6ED9-4A03-8359-5AE84B7E69DF}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D208D550-3C3C-49BD-A4C0-117DA7DDF569}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D2208FB7-1B44-40A0-8D80-316C6E03D25F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D22520FD-669D-444C-BBCC-D11195372285}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D34E8624-D2DF-4D4B-8148-4B07F9607C2C}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D3A64311-E462-45B1-BB1A-B6B29BAE6C7C}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D3ADF7BD-D221-4F5F-9D18-C0D819725992}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D3C380F1-DDD6-4473-8419-095E64230F4D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D3FAEEC9-0596-42A1-A0ED-3B90A006DFE2}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D4A2C2E7-C4CB-49A2-BFCA-77701876C696}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D4B6D2B2-AF6A-476E-8948-F742BC18AC7D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D50458AA-3A38-4DC1-9C62-E12779EA9232}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D5425579-1E4C-4252-BD7B-96795A90DA78}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D5910E4F-A7F3-45D9-BD57-72572AE7FA52}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D591B828-FB4E-4E9A-9CFC-B28837F32B4E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D592EACC-4137-4BF6-BFD8-57329491EADC}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D5A39D73-507C-4958-8DF1-F4A461216688}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D62274D8-AE81-4899-ABA6-0215E3D6F796}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D634AA8C-AEFD-412F-93F0-F52859701E46}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D654A850-A7B0-4B3F-ACFD-4CDEE0B3A264}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D65FDAE2-A070-4EB4-9174-900C5AAF15AA}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D6805D1C-760C-4762-A26A-47796553C396}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D6932B51-9459-4DD4-80A2-737AB7466A18}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D69AB1E1-648A-4C4D-BD0C-FAB1240970B8}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D6A26B73-75AB-4192-900C-B0D5831712AB}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D6D40D54-5338-4C4D-9571-B3F13089D9CC}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D7169940-9A4C-4A4B-AD6F-F3740A1282C9}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D756E866-4269-4FC9-AD3F-8562967F0ECA}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D75D79D4-35F9-412F-947D-41E57162362A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D7B2A5B7-B721-4C32-AE0C-52951F829410}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D7FB6B5D-50A2-480A-897A-960F556AC4DD}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D8189EED-2A77-41A4-A00C-2D463DAACE0C}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D833141E-8196-4247-BC97-EEA38764BACB}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D8577BE4-F278-41D4-8DED-0E69D88D13D9}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D85D56E9-6B57-42C2-B5F3-07C0F54847FB}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D86C21B0-8F49-4DCA-B2C2-2D6AC3C773E5}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D8761BAB-1B56-4EF2-9BD1-9D20915F4717}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D879F51A-C00C-4641-8FEE-D8A962C90B6E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D8ABB11C-5DE2-4D25-939B-F3A789928127}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D8CE9701-DB96-409B-85B0-22762B2D1C89}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D9092408-8A30-4A7E-BA0D-C10E6EB9FA69}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D90F2691-15D9-467A-A824-6EED95B50A1E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D968390F-CBCE-46DD-B910-46291A633537}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D9781988-3E99-4BA3-A86A-DE892542ACD9}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D9842ECB-EFE2-4FBB-AC20-B973414E209E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D9BC115A-BBDD-4E65-84B6-F32791787DAB}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D9C79217-D6D0-4B1E-814D-FC692FE29043}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D9DE1E74-932B-4831-9961-1C523E2FFD66}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{D9E05BE0-072B-4B71-9FFD-E02085C056DB}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{DA0D2147-1955-4AF2-B2AA-DB3B2E4BAC05}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{DA5F153A-C8E1-440B-A5B8-6D007C5575D1}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{DA9FEAEA-50E0-4D67-8069-D1ADA008793C}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{DAB7EEC5-4D82-4323-AA9D-D59BCB8C3584}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{DB31EC7E-244C-44D7-B102-17C898C40807}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{DBA0FB5E-3A76-4803-84B8-E0F25D660AE9}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{DBB064F2-8256-4022-B6C6-5817B847EDF1}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{DC10BE49-783B-4BEA-AC1E-A8C29E6E088E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{DD6B53E2-F393-4F64-B406-612B66169FF6}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{DD8EDBB9-EA2F-4489-A3A9-79A28994936A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{DDFDE48A-2F80-4C55-AF81-5A13574080DB}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{DE398707-543D-43FF-BA1D-BD59B8418366}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{DE417342-D451-4DE2-B743-DB5E479CE17C}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{DE6E85E4-F039-455E-9ADE-D81BAC1E0344}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{DEA44223-A2C8-4188-91C7-B89636293B74}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{DEB2636A-02B0-4ACF-A981-3205E9E43352}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{DEB5A76A-E775-41B3-8A6B-2C082D602233}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{DEC27C19-DC10-4DDF-BC1F-55E2758FB652}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{DEE8D6C0-0D66-4ABB-9147-E078343E95ED}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{DF1C1D19-BA09-4E97-AE67-770E03F560CC}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{DF32A7B3-D233-4459-9B9E-4FDB6FAF1C71}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{DF56D353-3F44-4672-B159-92F21387C5BD}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{DF6235DE-5176-45F4-800F-0172CBB41928}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E02DCDBA-5730-4F10-BC30-8C4FA9F1BED2}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E046D9DD-9132-4FD1-8798-42D398D3A186}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E0703038-6B22-4520-A48A-5F6681E0EB87}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E07E7ACD-02F5-4AF7-A8C0-1E9C6CE3AB20}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E084B424-C2BF-46C2-A7B8-49CE8D1E5385}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E0BCF077-EC90-49DC-81E0-408AD920B5D1}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E1123DE5-AD99-4B17-82E2-F48497A25C00}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E11E90AF-6AB9-4B9A-BB91-B815DCD1BE5B}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E13D8C0D-B27D-470B-B739-7EF5661A3CF8}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E14D9E23-AF72-4E61-B9DD-A7A60265BE12}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E1534898-A240-4260-BABF-25F9D8D721B7}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E1561607-14F8-404D-956F-2982AD0A7D96}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E1A74ADE-362F-45C4-97B2-79A045869478}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E1C43746-F21D-41DE-B418-A8AADE735FDA}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E1D64F50-E035-4FBB-87B3-4220297F83A7}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E1E5DE85-D83C-450F-A60A-EDD107E84361}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E1E794C6-4EF8-4B21-82DD-DD9598DBB932}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E1FCF2E4-1AC9-4090-B366-A40C0CC642EB}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E212574C-1822-4D60-BBF5-FC89B484E0C0}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E21D9193-9B9E-45E9-8C9A-7FF7B07B5AD0}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E2253755-EAE4-4BE0-B671-4D097C56D77D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E306A175-9C30-43ED-A04F-00EBB755AE54}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E339A550-2447-40D3-A403-3D0187EF0612}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E34E3D8F-9A64-4074-826E-9CE823B2836E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E36FFAA1-53C8-43F5-A702-9FEB5A26D2E1}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E3AB8C0F-6542-4E5A-AA06-F1FC48871897}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E3BADABA-AA79-4B17-93BC-F123C80D4F16}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E3C187DF-B550-4E10-AB1C-881A37D068B5}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E43C0F30-6D7A-40E0-9AF2-4FF1BA898B2F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E4467EC7-A9BD-4490-9384-F083E35BBEEA}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E446D3AF-E993-413E-BC48-92A80DF06656}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E4917F3C-8F4C-4682-9DD0-0E1FBFE7E36E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E51FD0AF-7F0A-4E4F-B9CD-D767EB046EDC}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E5641524-81A3-4BB6-8A7D-5EA497CD094F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E5766338-4823-4513-B91B-A2351AEE7074}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E58B4652-475E-4B00-9C57-520B2EB72BA7}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E5956DD3-7F8C-4EC7-9816-E848E95F65D0}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E5B3C7F7-A7A4-436D-A108-0616057580CE}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E5BFD2D0-D8B6-4CB6-A748-44ECA9213E79}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E5DAFB6B-58F3-4111-AEF4-35C9A7F7B275}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E607BBAF-3059-4C25-96C4-92D5D4106D62}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E61A8DFB-3954-4FA0-BD83-74B2188A7478}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E68A481A-5DE9-4FC2-8F95-8AA924D642CA}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E6AF2FFC-689B-4A5F-BB92-394C79338248}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E73B7046-28D2-4EE0-B477-1FA3415A4657}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E76C7524-EBF6-4726-89DE-A264CED85409}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E777E36C-7D42-4675-AAE7-9C0776A30C16}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E7D3909F-967B-4891-A03F-8032EB23072A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E80FB227-3745-423A-9A47-27DF9DE969BC}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E83B7AF8-7D4D-4718-818E-5924087DD5F8}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E86C3459-13FA-4A19-BD9D-63D2815EC40F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E878B883-7E94-44EB-9722-7576D9840B4D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E8AEF1B2-6BDA-4E2B-A213-2B45CF780943}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E9597B91-0E49-4031-B33F-C1B2E3488FBD}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E96F96A3-49DE-49D0-8F25-60E9F0E9327F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E9AF1A95-9824-4F73-8AA0-34C39656642B}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E9E8BA14-E38C-49DC-836D-18B0581C06C8}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{E9FDC722-5395-44F3-9819-3DF045FCFDEC}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{EA347B0D-4D39-4240-8696-20E2AA335EE1}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{EA4B58C0-2C4B-4645-A680-BB02E3486745}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{EA5FCBED-5C4C-402A-804A-6394BB9BC6D9}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{EA6E83F7-3369-475C-B7D3-4BB4CFBA746D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{EAECC308-FF03-4D0C-A2A7-1E1563549937}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{EB5D8E42-1070-496F-99F0-31374BEE87EF}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{EB6579A3-EC8D-49E8-97A5-F2B35BF8D234}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{EB995436-B0C9-45AC-8AD0-B72D3645E9BB}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{EC43AEF3-8C35-4575-B855-AC68FFA1B5AF}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{EC5B25D5-A4AC-44F8-9B80-79950A3B2BC7}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{EC6988CA-3DE5-40F2-922E-61F4C94428D6}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{ECA0B972-8844-418F-B7AD-B080254F31CA}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{ECA9FBEA-A5CD-4598-A8AB-7CF396451428}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{ECC45CD2-B53A-49F0-91A0-5F9AC2A688B1}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{ECEA37CE-881D-426F-AF4C-62646DE496BD}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{ECF65A80-3350-421F-84BC-3C51CA78BF6B}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{ED259865-B321-40EB-A28F-8BEE1C92C689}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{ED27C57E-41EC-4AFB-A7BB-09197E33C0E9}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{ED344CA3-703E-43F7-A515-CE59CD492D54}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{ED93806F-AA5F-4AF1-A6A4-9B63554F644D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{ED992A3E-057A-408E-93C6-F41CCC1EFF87}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{ED9B5E0C-318F-4698-9DA5-33BD4C720D09}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{EDB40034-D36E-464C-8824-CA5DAF949366}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{EDD7A8AE-57E3-416C-A21D-C20D07C01AE3}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{EDE6E0B7-B3E9-45E8-93CD-CEDAE0043CAA}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{EE2A4335-6D5C-45EB-B5EA-35DE674647E9}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{EE53F35A-8E0C-4364-8FE7-4651C2F8E4AB}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{EE5680B0-BA86-458E-B329-68439B2FCF80}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{EE6E9A9B-D20F-43F5-892A-2A6508A65321}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{EE786F3D-7B6F-4876-B68F-0C8BE946C0AF}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{EEBF9775-5EED-45E7-A665-DED44688DEA3}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{EF21B64D-E21E-4EB2-8B1B-FD07DFC1A20A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{EF8B5980-C9FA-4E3A-A4B7-96DF288FB361}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{EFC1874C-30DC-4198-9A45-2C72D4273335}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{EFCE4F03-F145-4C46-9804-C360C0D7AD1F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{EFEE4762-FF44-4FC9-BDFC-4E0867C42A61}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F044CB67-F0B6-4E3B-B6C6-C4B3367B479D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F069A6D7-8314-4AB8-AA4E-E4671F0ACC21}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F06E5FAC-1A88-4129-9E0D-4EB91711B5E0}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F0802AB7-87EF-4BE1-A050-DDF2485D3471}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F10FCCAC-E54F-4A82-876A-07C2F205C7B3}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F118F8E7-44A1-48F9-9B78-EAF83730AE65}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F127B9A2-9BEF-49F6-BF32-B92C66EA5EC4}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F14CC0DC-9D52-4166-A8EE-A1AA2E5A53CC}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F18CFD5B-8A1C-41E8-AA56-17D4AEA94D19}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F1A5136E-6AAA-4A48-ABDC-CB9891134841}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F1B034B1-1C97-4EBC-8FA0-082323569BDD}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F1C21C3F-0134-4FF0-BB0F-9895DFB389B6}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F1F1E74F-AB90-444B-B4D1-C397616F6879}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F2DE908B-62D8-494A-912D-A59614F47A69}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F3369B6A-0762-40A0-A2AB-B28746E81D8C}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F363D1D3-0644-4E17-8B05-95431F87890F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F392BBA0-3EE2-4F99-9FC2-81B219E7FF40}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F3A28A0F-CE1C-4695-88E9-49C249F6988A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F3B5AB92-D8D3-4398-860E-425375A6F3B2}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F42CCAA2-1C57-43A7-B0F7-925242DE58A1}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F450AAA7-C96B-4FBD-BB99-A3FE721D58DD}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F5022398-D228-43EC-BADE-4D41E8FB1D48}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F5252EFD-5376-4756-9CC1-F0165E1AFD26}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F534ABED-1BAC-4CD8-9202-1F4719405297}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F5376062-BDB9-4DE6-B143-F92A7C97FBEF}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F56873E6-FE09-45B6-B6C0-AC254F01A531}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F5B67A1A-C495-4B0F-A9B6-CB9D235B0665}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F5BE0B07-9B43-4B6D-860F-CCDD31240BE1}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F5C6A042-04E8-4E03-8FC8-375A00549B30}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F5F23BB5-6CDF-443A-9C3C-96469E4EA14D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F5FE3201-1320-4E50-BAC2-4ECBD5FE95B4}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F62C316A-B381-4117-BA82-C97802E1135A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F672ECF3-0F07-476F-A327-A5E8673E9CA3}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F67432F4-74A4-40E0-8CFE-58C1DF28BA11}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F6918E52-EF7E-4E69-8DC6-044E0BC1AFEC}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F6A5F76C-FC1B-4E68-81FA-A529B8A3FDF3}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F70FA77A-999F-4FBF-94E8-80003BA7909B}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F712ED43-FB9D-4A15-A7B6-49910547867C}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F794DE18-F9DE-4CFE-8DE2-84B07E77A0F4}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F7B3BE7C-5DD8-47BA-B834-E1688AF34668}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F819DB1D-DA55-489F-9BEB-76D36B1D4E17}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F888379C-E8D8-40C3-A561-BC7F9E4B0B00}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F8B839C0-CF1F-4083-80A9-D96AA257DC27}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F8E81CF3-AA63-4D5E-B61A-F42AD8AEFDAC}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F8FAE3C3-8610-4AD2-B466-108D4CEF1616}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F90FAB0F-B667-492E-89D6-28084726F2F8}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F93BEAF2-8C86-4F92-AD66-6AD095EF4737}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F972126D-EFA7-409E-98B9-9C5782327F58}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F979F44E-BA75-48F8-998A-251522471C7E}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F99EE740-7C84-49FE-8EB2-8F9CC8955E96}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F9B312F4-73A0-47B0-8C1F-0B462EF75E84}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F9DB71DF-BF89-4E98-9A5E-FD2B6488D955}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F9DB9B4B-A3C7-4BF9-B57F-0CBD9D93B780}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F9F47A54-103E-48B3-B0CF-392C5FAAE75F}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{F9FFE44A-EE4A-439B-94D4-909CCFC6EA85}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{FA211080-7166-4F13-AD4C-0E809060EC41}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{FA96835E-D288-46DE-9467-B49EC6865C67}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{FAAD061E-8228-4524-9C94-401F62B93970}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{FAB3AF1E-255A-4BA5-8BFF-7C22263E774C}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{FAD669A2-77BE-43CD-B919-265986192723}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{FAD90879-88CC-48F3-B0F0-E95A758B9AB5}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{FADC9BC8-A741-4B06-971C-DA714456B494}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{FAED8BA2-BA8D-4B98-B649-19CDAD438631}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{FB246CF6-3392-463D-AA15-8BD3E1327BFC}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{FBC7F2BA-E579-466C-BE40-36A8B0CAAB4A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{FBF4EFF9-2D0A-483C-B6DB-C3CEF5A91699}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{FC158B23-332C-4B78-BF87-FD2FC1EE9A95}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{FC35D4CC-4074-4373-8FF1-C780D7C43118}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{FC7E176E-58C3-4D3C-BDDA-2E4578358C22}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{FCC04D8B-B57F-46BA-80B0-FC61F6DF5CAA}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{FCE85D5F-C979-47CD-B69A-4293C128A976}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{FD2FEFB7-70DB-4149-A2D1-7C4AD219BF41}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{FD399AF6-D9C1-4A0E-AD5A-34DA77DCB24A}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{FD52C47F-97B4-48DE-9DEF-C5775E872292}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{FD8758E2-2774-4169-BEF0-387E954660BD}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{FD9A4172-CB21-4CFA-B304-E68BE52AF07C}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{FDAF00F1-59F9-449C-82C5-C5B2F00DC5CC}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{FE1581DF-3360-42FC-9FA9-C499F6AB73EC}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{FE5C4794-86FC-466C-B964-F8E255CF9EA8}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{FE60EDE6-ACDD-4DE0-9421-FD9BFB5BDF73}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{FE6329BB-CE28-4678-9057-FE37CBC7B93C}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{FE7175BB-0FEE-4ABE-8EA0-1E5F93921697}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{FE7C1F17-7D6A-4319-A33F-10032B618685}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{FEB14758-ACAE-4F97-98B3-3348106BCA26}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{FEE8391A-6919-477D-80EC-FC310EA6435D}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{FFA549CC-B00F-452B-9E78-821061E2E403}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{FFB61F44-EA2A-490B-AFAA-9EC85EACA572}
Successfully deleted: [Empty Folder] C:\Users\Charlie\appdata\local\{FFD5DCEB-06C3-44B1-8760-E81210CFB79F}
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.01.2014 at 17:16:32,47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
| Themen zu HitmanPro hat ein Trojaner enteckt... Winsysfilter.dll |
| addon, antimalware, arten, aufgrund, chrome, dankbar, deinstalliert, entdeck, entdeckt, entferne, entfernen, gelöscht, google, google chrome, pup.optional.greatsaver.a, pup.optional.multiplug.a, pup.optional.sweetim, schädlinge, schädlingen, starte, starten, taucht, trojaner |
Linear-Darstellung
