| |
| |||||||
Log-Analyse und Auswertung: Win7, A1 Rechnung #438192 von 05-02-14Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
10.02.2014, 22:01
| #1 |
 |  Win7, A1 Rechnung #438192 von 05-02-14 Hallo zusammen, Freundin hat im erhaltenen E-Mail (lt. Betreff) leider "irrtümlich" auf den Anhang "quittung2014.05.02.rtf" geklickt, worauf sich ein Excel file öffnete mit der Meldung ~ zum anzeigen doppelklicken, und sich nach dem doppelklick dann aber nichts tat. Danach habe ich avast Überprüfung gestartet mit 3 und nach Neustart und empfohlenem scan vor dem kompletten boot, 34 infizierten Funden, welche dann alle in die Quarantäne verschoben wurden. Leider finde ich keine Logs dazu. Bitte um eure Hilfe. Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:25 on 10/02/2014 (Emanuel Standard)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Vielen Dank vorab |
|
10.02.2014, 22:35
| #2 |
| /// the machine /// TB-Ausbilder    | Win7, A1 Rechnung #438192 von 05-02-14 Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
10.02.2014, 22:48
| #3 |
| | Win7, A1 Rechnung #438192 von 05-02-14 Hi,
__________________ok, bei Vorschau im vorigen post, kam automatisch der Hinweis, man solle die Logs als Archiv anhängen. FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-02-2014
Ran by Emanuel (ATTENTION: The logged in user is not administrator) on EMANUEL-PC on 10-02-2014 20:28:31
Running from C:\Users\Emanuel\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
() C:\Windows\PLFSetI.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
() C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at) C:\Program Files (x86)\A1 Dashboard\Dashboard.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\PMMdatamgr.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7940128 2009-07-06] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-07-06] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [824352 2009-08-29] (Acer Incorporated)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-08-06] (Egis Technology Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2008-01-15] ()
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [825864 2009-08-17] (Dritek System Inc.)
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-31] (AVAST Software)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH)
HKLM-x32\...\RunOnce: [20131224] - C:\Program Files\AVAST Software\Avast\setup\emupdate\d5e90d31-366b-4056-8be5-d7ebddceb493.exe /check [181136 2014-01-26] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-260493348-4011631922-2919077809-1000\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-09-18] (Google Inc.)
HKU\S-1-5-21-260493348-4011631922-2919077809-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-260493348-4011631922-2919077809-1000\...\MountPoints2: D - D:\Autorun.exe
HKU\S-1-5-21-260493348-4011631922-2919077809-1000\...\MountPoints2: E - E:\Windows/AutoRun.exe
HKU\S-1-5-21-260493348-4011631922-2919077809-1000\...\MountPoints2: {52c1f3f7-e2fc-11e1-8275-001e6425277c} - D:\Autorun.exe
HKU\S-1-5-21-260493348-4011631922-2919077809-1000\...\MountPoints2: {c44e7087-f153-11de-b4a5-00269e6d05dc} - E:\LaunchU3.exe -a
HKU\S-1-5-21-260493348-4011631922-2919077809-1000\...\MountPoints2: {d42440c1-8fde-11e3-9d5a-00269e6d05dc} - E:\LaunchU3.exe -a
Startup: C:\Users\Emanuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&m=aspire_1810tz&r=273612090006l03e3z175t4861a37o
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {3D3B42C2-11BF-4732-A304-A01384B70D68} hxxp://picasaweb.google.at/s/v/66.30/uploader2.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{85F828BB-E1B6-4D1B-B9C0-272561C1F5CF}: [NameServer]194.48.139.254 194.48.128.199
FireFox:
========
FF ProfilePath: C:\Users\Emanuel\AppData\Roaming\Mozilla\Firefox\Profiles\qd05e0jn.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-02-08]
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U5) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Skype Click to Call) - C:\Users\Emanuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-04-23]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-31] (AVAST Software)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-06] (Egis Technology Inc.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1024384 2013-01-14] (Enigma Software Group USA, LLC.)
==================== Drivers (Whitelisted) ====================
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-07] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-01-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-01-31] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-01-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-23] ()
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
S3 HSPADataCardusbmdm; C:\Windows\System32\DRIVERS\HSPADataCardusbmdm.sys [123648 2010-12-03] (D-Link Incorporated)
S3 HSPADataCardusbnmea; C:\Windows\System32\DRIVERS\HSPADataCardusbnmea.sys [123648 2010-12-03] (D-Link Incorporated)
S3 HSPADataCardusbser; C:\Windows\System32\DRIVERS\HSPADataCardusbser.sys [123648 2010-12-03] (D-Link Incorporated)
S3 int15.sys; C:\Windows\System32\OEM\Factory\int15.sys [17952 2008-03-28] (Acer, Inc.)
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2010-07-27] (Huawei Technologies Co., Ltd.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-10 20:28 - 2014-02-10 20:29 - 00016973 _____ () C:\Users\Emanuel\Desktop\FRST.txt
2014-02-10 20:27 - 2014-02-10 20:28 - 00000000 ____D () C:\FRST
2014-02-10 20:27 - 2014-02-10 20:27 - 02150400 _____ (Farbar) C:\Users\Emanuel\Desktop\FRST64.exe
2014-02-10 20:25 - 2014-02-10 20:25 - 00000494 _____ () C:\Users\Emanuel\Desktop\defogger_disable.log
2014-02-10 20:25 - 2014-02-10 20:25 - 00000000 _____ () C:\Users\Emanuel Standard\defogger_reenable
2014-02-10 20:24 - 2014-02-10 20:25 - 00050477 _____ () C:\Users\Emanuel\Downloads\Defogger.exe
2014-02-09 20:38 - 2014-02-09 20:38 - 00000000 ____D () C:\Users\Emanuel\AppData\Local\CrashDumps
2014-02-09 19:15 - 2014-02-09 19:16 - 00014848 _____ () C:\Users\Emanuel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-09 19:12 - 2014-02-09 19:12 - 00000000 ____D () C:\Users\Emanuel\Documents\Corel PaintShop Pro
2014-02-09 19:12 - 2014-02-09 19:12 - 00000000 ____D () C:\Users\Emanuel\AppData\Roaming\Ulead Systems
2014-02-09 19:12 - 2014-02-09 19:12 - 00000000 ____D () C:\Users\Emanuel\AppData\Roaming\Corel
2014-02-09 19:12 - 2014-02-09 19:12 - 00000000 ____D () C:\Users\Emanuel\AppData\Local\Corel PaintShop Pro
2014-02-09 19:08 - 2014-02-09 19:08 - 00000000 ____D () C:\Users\Emanuel Standard\Documents\Corel PaintShop Pro
2014-02-09 19:08 - 2014-02-09 19:08 - 00000000 ____D () C:\Users\Emanuel Standard\AppData\Roaming\Ulead Systems
2014-02-09 19:08 - 2014-02-09 19:08 - 00000000 ____D () C:\Users\Emanuel Standard\AppData\Local\Corel PaintShop Pro
2014-02-09 19:07 - 2014-02-09 19:07 - 00000000 ____D () C:\ProgramData\Corel
2014-02-09 19:04 - 2014-02-09 19:04 - 00000000 ____D () C:\Program Files (x86)\Corel
2014-01-31 19:54 - 2014-01-31 19:54 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-01-19 20:19 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-01-19 20:19 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-01-19 20:19 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-01-19 20:19 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-01-19 20:19 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-01-19 20:19 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-01-19 20:19 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-01-19 20:19 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-01-19 20:19 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-01-19 20:19 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-01-19 20:19 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-01-19 20:19 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-01-19 20:19 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-01-19 20:19 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-01-19 20:19 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-01-19 20:19 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-01-19 20:19 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-01-19 20:19 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-01-19 20:19 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-01-19 20:19 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-01-19 20:19 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-01-19 20:19 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-01-19 20:19 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-01-19 20:19 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-01-19 20:19 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-01-19 20:19 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-01-19 20:19 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-01-19 20:19 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-01-19 20:19 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-01-19 20:19 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-01-19 20:19 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-01-19 17:27 - 2014-01-19 17:27 - 00000000 ____D () C:\Users\Emanuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-01-19 17:06 - 2014-01-19 17:16 - 00000000 ____D () C:\Program Files (x86)\PDF Blender
2014-01-19 17:05 - 2014-01-19 17:06 - 00599173 _____ () C:\Users\Emanuel\Downloads\PDFBlenderSetup1.1.2(1).exe
2014-01-19 17:05 - 2014-01-19 17:05 - 00599173 _____ () C:\Users\Emanuel\Downloads\PDFBlenderSetup1.1.2.exe
2014-01-19 03:24 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-01-19 03:17 - 2014-01-19 03:17 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-01-19 03:17 - 2014-01-19 03:17 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-01-19 03:17 - 2014-01-19 03:17 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-01-19 03:17 - 2014-01-19 03:17 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-01-19 03:17 - 2014-01-19 03:17 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-01-19 03:17 - 2014-01-19 03:17 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-01-19 03:17 - 2014-01-19 03:17 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-01-16 21:08 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-16 21:08 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-16 21:08 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-16 21:08 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-16 21:08 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-16 21:08 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-16 21:08 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-16 21:08 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-16 21:08 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
==================== One Month Modified Files and Folders =======
2014-02-10 20:29 - 2014-02-10 20:28 - 00016973 _____ () C:\Users\Emanuel\Desktop\FRST.txt
2014-02-10 20:28 - 2014-02-10 20:27 - 00000000 ____D () C:\FRST
2014-02-10 20:28 - 2009-12-21 08:33 - 00000000 ____D () C:\Users\Emanuel\AppData\Roaming\Skype
2014-02-10 20:27 - 2014-02-10 20:27 - 02150400 _____ (Farbar) C:\Users\Emanuel\Desktop\FRST64.exe
2014-02-10 20:25 - 2014-02-10 20:25 - 00000494 _____ () C:\Users\Emanuel\Desktop\defogger_disable.log
2014-02-10 20:25 - 2014-02-10 20:25 - 00000000 _____ () C:\Users\Emanuel Standard\defogger_reenable
2014-02-10 20:25 - 2014-02-10 20:24 - 00050477 _____ () C:\Users\Emanuel\Downloads\Defogger.exe
2014-02-10 20:25 - 2012-08-09 19:16 - 00000000 ____D () C:\Users\Emanuel Standard
2014-02-10 20:05 - 2012-09-22 18:32 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-10 20:03 - 2012-08-15 20:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-10 20:02 - 2013-02-08 21:35 - 01301016 _____ () C:\Windows\WindowsUpdate.log
2014-02-10 19:05 - 2012-09-22 18:32 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-10 18:30 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-10 18:30 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-10 18:27 - 2009-07-14 06:13 - 01498742 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-10 18:27 - 2008-01-15 17:47 - 00654400 _____ () C:\Windows\system32\perfh007.dat
2014-02-10 18:27 - 2008-01-15 17:47 - 00130240 _____ () C:\Windows\system32\perfc007.dat
2014-02-10 18:23 - 2013-02-08 21:33 - 00020724 _____ () C:\Windows\setupact.log
2014-02-10 18:23 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-09 20:38 - 2014-02-09 20:38 - 00000000 ____D () C:\Users\Emanuel\AppData\Local\CrashDumps
2014-02-09 20:02 - 2010-02-03 22:52 - 00000000 ____D () C:\Users\Emanuel\AppData\Roaming\U3
2014-02-09 19:16 - 2014-02-09 19:15 - 00014848 _____ () C:\Users\Emanuel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-09 19:12 - 2014-02-09 19:12 - 00000000 ____D () C:\Users\Emanuel\Documents\Corel PaintShop Pro
2014-02-09 19:12 - 2014-02-09 19:12 - 00000000 ____D () C:\Users\Emanuel\AppData\Roaming\Ulead Systems
2014-02-09 19:12 - 2014-02-09 19:12 - 00000000 ____D () C:\Users\Emanuel\AppData\Roaming\Corel
2014-02-09 19:12 - 2014-02-09 19:12 - 00000000 ____D () C:\Users\Emanuel\AppData\Local\Corel PaintShop Pro
2014-02-09 19:08 - 2014-02-09 19:08 - 00000000 ____D () C:\Users\Emanuel Standard\Documents\Corel PaintShop Pro
2014-02-09 19:08 - 2014-02-09 19:08 - 00000000 ____D () C:\Users\Emanuel Standard\AppData\Roaming\Ulead Systems
2014-02-09 19:08 - 2014-02-09 19:08 - 00000000 ____D () C:\Users\Emanuel Standard\AppData\Local\Corel PaintShop Pro
2014-02-09 19:07 - 2014-02-09 19:07 - 00000000 ____D () C:\ProgramData\Corel
2014-02-09 19:04 - 2014-02-09 19:04 - 00000000 ____D () C:\Program Files (x86)\Corel
2014-02-05 23:24 - 2013-03-09 21:00 - 00093982 _____ () C:\Windows\PFRO.log
2014-02-05 17:03 - 2012-03-29 20:30 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 17:03 - 2011-05-17 21:28 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-31 19:54 - 2014-01-31 19:54 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-01-31 19:53 - 2013-12-23 15:49 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-31 19:53 - 2013-02-08 23:55 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-31 19:53 - 2013-02-08 23:54 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-31 19:53 - 2013-02-08 23:54 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-31 19:53 - 2013-02-08 23:54 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-31 19:53 - 2010-11-27 23:17 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-31 19:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-01-20 20:56 - 2013-12-15 20:17 - 00000000 ____D () C:\Users\Emanuel\Documents\Bewerbung
2014-01-20 18:45 - 2011-12-06 19:58 - 00000000 ____D () C:\Program Files (x86)\D-Link Connection Manager
2014-01-19 17:27 - 2014-01-19 17:27 - 00000000 ____D () C:\Users\Emanuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-01-19 17:16 - 2014-01-19 17:06 - 00000000 ____D () C:\Program Files (x86)\PDF Blender
2014-01-19 17:06 - 2014-01-19 17:05 - 00599173 _____ () C:\Users\Emanuel\Downloads\PDFBlenderSetup1.1.2(1).exe
2014-01-19 17:05 - 2014-01-19 17:05 - 00599173 _____ () C:\Users\Emanuel\Downloads\PDFBlenderSetup1.1.2.exe
2014-01-19 12:27 - 2011-07-25 17:53 - 00001425 _____ () C:\Users\Emanuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-19 12:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-01-19 03:24 - 2013-12-07 18:25 - 00130254 _____ () C:\Windows\IE11_main.log
2014-01-19 03:17 - 2014-01-19 03:17 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-01-19 03:17 - 2014-01-19 03:17 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-01-19 03:17 - 2014-01-19 03:17 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-01-19 03:17 - 2014-01-19 03:17 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-01-19 03:17 - 2014-01-19 03:17 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-01-19 03:17 - 2014-01-19 03:17 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-01-19 03:17 - 2014-01-19 03:17 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-01-19 03:17 - 2014-01-19 03:17 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-01-19 03:17 - 2014-01-19 03:17 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-01-17 20:29 - 2009-07-14 05:45 - 00369056 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-16 22:22 - 2013-07-31 06:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-16 22:18 - 2009-12-21 08:35 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
Some content of TEMP:
====================
C:\Users\Emanuel\AppData\Local\Temp\install_flashplayer11x32axau_gtbp_chra_aih.exe
C:\Users\Emanuel\AppData\Local\Temp\install_flashplayer12x32au_mssa_awe_aih.exe
C:\Users\Emanuel\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Emanuel Standard\AppData\Local\Temp\RHSetup.exe
C:\Users\Emanuel Standard\AppData\Local\Temp\SHSetup.exe
C:\Users\Emanuel Standard\AppData\Local\Temp\{A3658197-9B1B-434A-9AD6-1D59F528E086}-24.0.1312.57_chrome_installer.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-02-2014
Ran by Emanuel at 2014-02-10 20:29:46
Running from C:\Users\Emanuel\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
A1 Dashboard (x32 Version: 1.16.1.0 - A1 Telekom Austria AG)
A1 Dashboard (x32 Version: 1.16.1.0 - A1 Telekom Austria AG) Hidden
Acer Crystal Eye webcam Ver:1.1.95.714 (x32 Version: 1.1.95.714 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (x32 Version: 4.05.3003 - Acer Incorporated)
Acer eRecovery Management (x32 Version: 4.05.3003 - Acer Incorporated)
Acer GridVista (x32 Version: 3.01.0730 - Acer Inc.)
Acer Registration (x32 Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (x32 Version: 1.06.0804 - Acer Incorporated)
Acer Updater (x32 Version: 1.01.3014 - Acer Incorporated)
Acer VCM (x32 Version: 4.05.3000 - Acer Incorporated)
Acrobat.com (x32 Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.8.0.1280 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.8.0.1280 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (x32 Version: 10.1.9 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (x32 Version: 1.2.17.05001 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.17.05001 - Alcor Micro Corp.) Hidden
aonUpdate (x32 Version: - Telekom Austria TA AG)
aonUpdate (x32 Version: 1.3 - Telekom Austria TA AG) Hidden
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.5 - Atheros Communications Inc.)
avast! Free Antivirus (x32 Version: 9.0.2013 - Avast Software)
CCleaner (Version: 3.21 - Piriform)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Corel PaintShop Pro X5 (x32 Version: 15.0.0.183 - Corel Corporation)
Corel PaintShop Pro X5 (x32 Version: 15.0.0.183 - Corel Corporation) Hidden
Direkt Foto System 3.x (x32 Version: - )
D-Link Connection Manager (x32 Version: 1.0.0.1 - Global Digital)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
FLV Player 2.0 (build 25) (x32 Version: 2.0 (build 25) - Martijn de Visser)
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Earth Plug-in (x32 Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (x32 Version: - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Google+ Auto Backup (x32 Version: 1.0.21.81 - Google)
ICA (x32 Version: 15.0.0.183 - Corel Corporation) Hidden
Identity Card (x32 Version: 1.00.3001 - Acer Incorporated)
Intel(R) Graphics Media Accelerator Driver (Version: - Intel Corporation)
Intel® Matrix Storage Manager (Version: - Intel Corporation)
IPM_PSP_COM (x32 Version: 15.0.0.183 - Corel Corporation) Hidden
Java 7 Update 25 (x32 Version: 7.0.250 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.1 (x32 Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Launch Manager (x32 Version: 3.0.02 - Acer Inc.)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (x32 Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MyWinLocker (x32 Version: 3.1.72.0 - Egis Technology Inc.)
Notepad++ (x32 Version: 5.9.3 - )
OpenOffice.org 3.3 (x32 Version: 3.3.9567 - OpenOffice.org)
PDF24 Creator 6.2.0 (x32 Version: - PDF24.org)
Picasa 3 (x32 Version: 3.9 - Google, Inc.)
PSPPContent (x32 Version: 15.0.0.183 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 15.0.0.183 - Corel Corporation) Hidden
PSPPro64 (Version: 15.0.0.183 - Corel Corporation) Hidden
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5888 - Realtek Semiconductor Corp.)
Setup (x32 Version: 15.0.0.183 - Ihr Firmenname) Hidden
Skype Click to Call (x32 Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
SoulSeek Client 156c (x32 Version: - )
SpyHunter (Version: 4.12.13.4202 - Enigma Software Group USA, LLC)
Synaptics Pointing Device Driver (Version: 13.2.2.0 - Synaptics Incorporated)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
VLC media player 2.0.8 (x32 Version: 2.0.8 - VideoLAN)
Welcome Center (x32 Version: 1.00.3005 - Acer Incorporated)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sync (x32 Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 5.00 (32-bit) (x32 Version: 5.00.0 - win.rar GmbH)
Zattoo4 4.0.5 (x32 Version: 4.0.5 - Zattoo Inc.)
==================== Restore Points =========================
Could not list Restore Points. Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
==================== Loaded Modules (whitelisted) =============
2011-07-18 22:04 - 2011-07-18 22:04 - 00301568 _____ () C:\Program Files (x86)\Notepad++\NppShell_04.dll
2008-01-15 09:02 - 2008-01-15 09:02 - 00200704 _____ () C:\Windows\PLFSetI.exe
2011-12-06 19:58 - 2010-12-03 20:24 - 00128288 _____ () C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe
2013-12-07 18:44 - 2013-12-07 18:44 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2011-01-17 16:19 - 2011-10-30 17:55 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2010-11-19 18:45 - 2011-10-30 17:55 - 00170496 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
2010-09-03 18:37 - 2010-09-03 18:37 - 01097728 _____ () C:\Program Files (x86)\A1 Dashboard\NDISAPI.DLL
2010-08-19 18:32 - 2010-08-19 18:32 - 00086016 _____ () C:\Program Files (x86)\A1 Dashboard\resetregistry.dll
2011-04-18 08:16 - 2011-04-18 08:16 - 01421824 _____ () C:\Program Files (x86)\A1 Dashboard\Skins\A1\A1Skin.dbskin
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:661DFA1C
AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/09/2014 08:38:02 PM) (Source: Application Error) (User: )
Description: Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen werden:
Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten
Speichertreibern, oder der Datenträger fehlt.
Das Programm Creative_Collection.exe wurde wegen dieses Fehlers geschlossen.
Programm: Creative_Collection.exe
Datei:
Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1. Öffnen Sie die Datei erneut.
Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.
2.
Wenn Sie weiterhin nicht auf die Datei zugreifen können und
- diese sich im Netzwerk befindet,
dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann.
- diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.
3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht.
5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.
Zusätzliche Daten
Fehlerwert: C0000098
Datenträgertyp: 0
Error: (02/09/2014 08:38:02 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Creative_Collection.exe, Version: 0.0.0.0, Zeitstempel: 0x482518da
Name des fehlerhaften Moduls: Creative_Collection.exe, Version: 0.0.0.0, Zeitstempel: 0x482518da
Ausnahmecode: 0xc0000006
Fehleroffset: 0x0004457f
ID des fehlerhaften Prozesses: 0x15a8
Startzeit der fehlerhaften Anwendung: 0xCreative_Collection.exe0
Pfad der fehlerhaften Anwendung: Creative_Collection.exe1
Pfad des fehlerhaften Moduls: Creative_Collection.exe2
Berichtskennung: Creative_Collection.exe3
Error: (02/09/2014 07:08:16 PM) (Source: MsiInstaller) (User: Emanuel-PC)
Description: Product: ICA -- Error 1309.Error reading from file: f:\paintshop pro x5\Lang\PL\Required\Help.htm. System error 3. Verify that the file exists and that you can access it.
Error: (02/09/2014 07:01:23 PM) (Source: MsiInstaller) (User: Emanuel-PC)
Description: Product: Setup -- 1: Setup.msi: This installation cannot be run by directly launching the MSI package. You must run setup.exe.
Error: (02/05/2014 11:56:23 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (02/05/2014 11:56:23 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (02/05/2014 11:56:23 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (02/05/2014 11:56:23 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (02/05/2014 11:55:52 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (01/31/2014 06:59:47 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
System errors:
=============
Error: (02/10/2014 07:13:22 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (02/10/2014 07:13:22 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (02/10/2014 06:23:25 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (02/09/2014 11:23:55 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (02/09/2014 11:03:37 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (02/09/2014 09:37:57 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (02/09/2014 08:02:11 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR7 gefunden.
Error: (02/09/2014 08:02:09 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR7 gefunden.
Error: (02/09/2014 07:31:59 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR6 gefunden.
Error: (02/09/2014 07:31:57 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR6 gefunden.
Microsoft Office Sessions:
=========================
Error: (02/09/2014 08:38:02 PM) (Source: Application Error)(User: )
Description: Creative_Collection.exeC00000980
Error: (02/09/2014 08:38:02 PM) (Source: Application Error)(User: )
Description: Creative_Collection.exe0.0.0.0482518daCreative_Collection.exe0.0.0.0482518dac00000060004457f15a801cf25c34582d721F:\Paintshop Pro X5\CD2\CreativeCollection\Creative_Collection.exeF:\Paintshop Pro X5\CD2\CreativeCollection\Creative_Collection.exeafa8fd72-91c1-11e3-9d5a-00269e6d05dc
Error: (02/09/2014 07:08:16 PM) (Source: MsiInstaller)(User: Emanuel-PC)
Description: Product: ICA -- Error 1309.Error reading from file: f:\paintshop pro x5\Lang\PL\Required\Help.htm. System error 3. Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (02/09/2014 07:01:23 PM) (Source: MsiInstaller)(User: Emanuel-PC)
Description: Product: Setup -- 1: Setup.msi: This installation cannot be run by directly launching the MSI package. You must run setup.exe. (NULL)(NULL)(NULL)(NULL)(NULL)
Error: (02/05/2014 11:56:23 PM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe
Error: (02/05/2014 11:56:23 PM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe
Error: (02/05/2014 11:56:23 PM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe
Error: (02/05/2014 11:56:23 PM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe
Error: (02/05/2014 11:55:52 PM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\hartlauerfotoservice3\DelZip179.dllc:\program files (x86)\hartlauerfotoservice3\DelZip179.dll8
Error: (01/31/2014 06:59:47 PM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe
==================== Memory info ===========================
Percentage of memory in use: 58%
Total physical RAM: 1978.91 MB
Available physical RAM: 816.98 MB
Total Pagefile: 3957.83 MB
Available Pagefile: 2312.4 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:220.79 GB) (Free:126.66 GB) NTFS
Drive d: (A1 Dashboard) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
==================== End Of Log ============================
|
|
10.02.2014, 22:52
| #4 |
| | Win7, A1 Rechnung #438192 von 05-02-14 Gmer Teil1 Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-10 20:46:41
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.FBEO 232,89GB
Running: jcm3f2xb.exe; Driver: C:\Users\EMANUE~1\AppData\Local\Temp\kxliyfog.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000149a00460
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000149a00450
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000149a00370
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000149a00470
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000149a003e0
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000149a00320
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000149a003b0
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000149a00390
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000149a002e0
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000149a002d0
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000149a00310
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000149a003c0
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000149a003f0
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000149a00230
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000149a00480
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000149a003a0
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000149a002f0
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000149a00350
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000149a00290
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000149a002b0
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000149a003d0
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000149a00330
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000149a00410
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000149a00240
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000149a001e0
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000149a00250
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000149a00490
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000149a004a0
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000149a00300
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000149a00360
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000149a002a0
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000149a002c0
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000149a00380
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000149a00340
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000149a00440
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000149a00260
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000149a00270
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000149a00400
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000149a001f0
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000149a00210
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000149a00200
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000149a00420
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000149a00430
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000149a00220
.text C:\Windows\system32\csrss.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000149a00280
.text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000077bf0460
.text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000077bf0450
.text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000077bf0370
.text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000077bf0470
.text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000077bf03e0
.text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000077bf0320
.text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000077bf03b0
.text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000077bf0390
.text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000077bf02e0
.text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000077bf02d0
.text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000077bf0310
.text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000077bf03c0
.text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000077bf03f0
.text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000077bf0230
.text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000077bf0480
.text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000077bf03a0
.text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000077bf02f0
.text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000077bf0350
.text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000077bf0290
.text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000077bf02b0
.text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000077bf03d0
.text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000077bf0330
.text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000077bf0410
.text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000077bf0240
.text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000077bf01e0
.text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000077bf0250
.text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000077bf0490
.text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000077bf04a0
.text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000077bf0300
.text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000077bf0360
.text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000077bf02a0
.text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000077bf02c0
.text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000077bf0380
.text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000077bf0340
.text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000077bf0440
.text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000077bf0260
.text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000077bf0270
.text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000077bf0400
.text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000077bf01f0
.text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000077bf0210
.text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000077bf0200
.text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000077bf0420
.text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000077bf0430
.text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000077bf0220
.text C:\Windows\system32\services.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000077bf0280
.text C:\Windows\system32\services.exe[564] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007797eecd 1 byte [62]
.text C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000077bf0460
.text C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000077bf0450
.text C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000077bf0370
.text C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000077bf0470
.text C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000077bf03e0
.text C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000077bf0320
.text C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000077bf03b0
.text C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000077bf0390
.text C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000077bf02e0
.text C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000077bf02d0
.text C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000077bf0310
.text C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000077bf03c0
.text C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000077bf03f0
.text C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000077bf0230
.text C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000077bf0480
.text C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000077bf03a0
.text C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000077bf02f0
.text C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000077bf0350
.text C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000077bf0290
.text C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000077bf02b0
.text C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000077bf03d0
.text C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000077bf0330
.text C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000077bf0410
.text C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000077bf0240
.text C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000077bf01e0
.text C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000077bf0250
.text C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000077bf0490
.text C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000077bf04a0
.text C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000077bf0300
.text C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000077bf0360
.text C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000077bf02a0
.text C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000077bf02c0
.text C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000077bf0380
.text C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000077bf0340
.text C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000077bf0440
.text C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000077bf0260
.text C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000077bf0270
.text C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000077bf0400
.text C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000077bf01f0
.text C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000077bf0210
.text C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000077bf0200
.text C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000077bf0420
.text C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000077bf0430
.text C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000077bf0220
.text C:\Windows\system32\lsass.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000077bf0280
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000077bf0460
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000077bf0450
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000077bf0370
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000077bf0470
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000077bf03e0
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000077bf0320
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000077bf03b0
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000077bf0390
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000077bf02e0
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000077bf02d0
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000077bf0310
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000077bf03c0
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000077bf03f0
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000077bf0230
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000077bf0480
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000077bf03a0
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000077bf02f0
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000077bf0350
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000077bf0290
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000077bf02b0
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000077bf03d0
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000077bf0330
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000077bf0410
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000077bf0240
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000077bf01e0
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000077bf0250
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000077bf0490
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000077bf04a0
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000077bf0300
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000077bf0360
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000077bf02a0
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000077bf02c0
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000077bf0380
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000077bf0340
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000077bf0440
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000077bf0260
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000077bf0270
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000077bf0400
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000077bf01f0
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000077bf0210
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000077bf0200
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000077bf0420
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000077bf0430
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000077bf0220
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000077bf0280
.text C:\Windows\system32\svchost.exe[740] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007797eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000077bf0460
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000077bf0450
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000077bf0370
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000077bf0470
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000077bf03e0
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000077bf0320
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000077bf03b0
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000077bf0390
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000077bf02e0
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000077bf02d0
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000077bf0310
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000077bf03c0
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000077bf03f0
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000077bf0230
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000077bf0480
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000077bf03a0
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000077bf02f0
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000077bf0350
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000077bf0290
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000077bf02b0
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000077bf03d0
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000077bf0330
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000077bf0410
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000077bf0240
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000077bf01e0
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000077bf0250
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000077bf0490
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000077bf04a0
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000077bf0300
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000077bf0360
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000077bf02a0
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000077bf02c0
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000077bf0380
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000077bf0340
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000077bf0440
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000077bf0260
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000077bf0270
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000077bf0400
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000077bf01f0
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000077bf0210
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000077bf0200
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000077bf0420
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000077bf0430
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000077bf0220
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000077bf0280
.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000077bf0460
.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000077bf0450
.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000077bf0370
.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000077bf0470
.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000077bf03e0
.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000077bf0320
.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000077bf03b0
.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000077bf0390
.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000077bf02e0
.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000077bf02d0
.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000077bf0310
.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000077bf03c0
.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000077bf03f0
.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000077bf0230
.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000077bf0480
.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000077bf03a0
.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000077bf02f0
.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000077bf0350
.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000077bf0290
.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000077bf02b0
.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000077bf03d0
.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000077bf0330
.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000077bf0410
.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000077bf0240
.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000077bf01e0
.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000077bf0250
.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000077bf0490
.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000077bf04a0
.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000077bf0300
.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000077bf0360
.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000077bf02a0
.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000077bf02c0
.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000077bf0380
.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000077bf0340
.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000077bf0440
.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000077bf0260
.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000077bf0270
.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000077bf0400
.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000077bf01f0
.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000077bf0210
.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000077bf0200
.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000077bf0420
.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000077bf0430
.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000077bf0220
.text C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000077bf0280
.text C:\Windows\System32\svchost.exe[892] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007797eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000077bf0460
.text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000077bf0450
.text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000077bf0370
.text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000077bf0470
.text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000077bf03e0
.text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000077bf0320
.text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000077bf03b0
.text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000077bf0390
.text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000077bf02e0
.text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000077bf02d0
.text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000077bf0310
.text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000077bf03c0
.text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000077bf03f0
.text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000077bf0230
.text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000077bf0480
.text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000077bf03a0
.text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000077bf02f0
.text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000077bf0350
.text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000077bf0290
.text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000077bf02b0
.text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000077bf03d0
.text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000077bf0330
.text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000077bf0410
.text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000077bf0240
.text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000077bf01e0
.text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000077bf0250
.text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000077bf0490
.text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000077bf04a0
.text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000077bf0300
.text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000077bf0360
.text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000077bf02a0
.text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000077bf02c0
.text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000077bf0380
.text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000077bf0340
.text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000077bf0440
.text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000077bf0260
.text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000077bf0270
.text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000077bf0400
.text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000077bf01f0
.text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000077bf0210
.text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000077bf0200
.text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000077bf0420
.text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000077bf0430
.text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000077bf0220
.text C:\Windows\System32\svchost.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000077bf0280
.text C:\Windows\System32\svchost.exe[944] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007797eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000077bf0460
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000077bf0450
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000077bf0370
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000077bf0470
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000077bf03e0
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000077bf0320
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000077bf03b0
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000077bf0390
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000077bf02e0
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000077bf02d0
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000077bf0310
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000077bf03c0
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000077bf03f0
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000077bf0230
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000077bf0480
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000077bf03a0
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000077bf02f0
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000077bf0350
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000077bf0290
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000077bf02b0
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000077bf03d0
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000077bf0330
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000077bf0410
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000077bf0240
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000077bf01e0
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000077bf0250
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000077bf0490
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000077bf04a0
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000077bf0300
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000077bf0360
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000077bf02a0
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000077bf02c0
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000077bf0380
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000077bf0340
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000077bf0440
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000077bf0260
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000077bf0270
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000077bf0400
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000077bf01f0
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000077bf0210
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000077bf0200
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000077bf0420
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000077bf0430
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000077bf0220
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000077bf0280
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007797eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000100070460
.text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000100070450
.text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000100070370
.text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000100070470
.text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000100070320
.text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000100070390
.text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000100070310
.text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000100070230
.text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000100070480
.text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000100070350
.text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000100070290
.text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000100070330
.text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000100070410
.text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000100070240
.text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000100070250
.text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000100070490
.text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000100070300
.text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000100070360
.text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000100070380
.text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000100070340
.text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000100070440
.text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000100070260
.text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000100070270
.text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000100070400
.text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000100070210
.text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000100070200
.text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000100070420
.text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000100070430
.text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000100070220
.text C:\Windows\system32\svchost.exe[468] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000100070280
.text C:\Windows\system32\svchost.exe[468] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007797eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000077bf0460
.text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000077bf0450
.text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000077bf0370
.text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000077bf0470
.text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000077bf03e0
.text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000077bf0320
.text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000077bf03b0
.text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000077bf0390
.text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000077bf02e0
.text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000077bf02d0
.text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000077bf0310
.text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000077bf03c0
.text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000077bf03f0
.text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000077bf0230
.text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000077bf0480
.text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000077bf03a0
.text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000077bf02f0
.text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000077bf0350
.text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000077bf0290
.text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000077bf02b0
.text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000077bf03d0
.text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000077bf0330
.text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000077bf0410
.text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000077bf0240
.text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000077bf01e0
.text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000077bf0250
.text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000077bf0490
.text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000077bf04a0
.text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000077bf0300
.text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000077bf0360
.text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000077bf02a0
.text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000077bf02c0
.text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000077bf0380
.text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000077bf0340
.text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000077bf0440
.text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000077bf0260
.text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000077bf0270
.text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000077bf0400
.text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000077bf01f0
.text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000077bf0210
.text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000077bf0200
.text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000077bf0420
.text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000077bf0430
.text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000077bf0220
.text C:\Windows\system32\svchost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000077bf0280
.text C:\Windows\system32\svchost.exe[1164] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007797eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000077bf0460
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000077bf0450
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000077bf0370
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000077bf0470
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000077bf03e0
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000077bf0320
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000077bf03b0
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000077bf0390
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000077bf02e0
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000077bf02d0
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000077bf0310
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000077bf03c0
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000077bf03f0
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000077bf0230
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000077bf0480
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000077bf03a0
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000077bf02f0
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000077bf0350
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000077bf0290
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000077bf02b0
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000077bf03d0
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000077bf0330
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000077bf0410
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000077bf0240
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000077bf01e0
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000077bf0250
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000077bf0490
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000077bf04a0
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000077bf0300
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000077bf0360
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000077bf02a0
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000077bf02c0
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000077bf0380
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000077bf0340
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000077bf0440
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000077bf0260
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000077bf0270
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000077bf0400
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000077bf01f0
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000077bf0210
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000077bf0200
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000077bf0420
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000077bf0430
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000077bf0220
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000077bf0280
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1536] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007797eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000100070460
.text C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000100070450
.text C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000100070370
.text C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000100070470
.text C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 00000001000703e0
.text C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000100070320
.text C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 00000001000703b0
.text C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000100070390
.text C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 00000001000702e0
.text C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 00000001000702d0
.text C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000100070310
.text C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 00000001000703c0
.text C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 00000001000703f0
.text C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000100070230
.text C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000100070480
.text C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 00000001000703a0
.text C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 00000001000702f0
.text C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000100070350
.text C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000100070290
.text C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 00000001000702b0
.text C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 00000001000703d0
.text C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000100070330
.text C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000100070410
.text C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000100070240
.text C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 00000001000701e0
.text C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000100070250
.text C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000100070490
.text C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 00000001000704a0
.text C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000100070300
.text C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000100070360
|
|
10.02.2014, 22:53
| #5 |
| | Win7, A1 Rechnung #438192 von 05-02-14 Gmer Teil2 Code:
ATTFilter .text C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 00000001000702a0
.text C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 00000001000702c0
.text C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000100070380
.text C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000100070340
.text C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000100070440
.text C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000100070260
.text C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000100070270
.text C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000100070400
.text C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 00000001000701f0
.text C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000100070210
.text C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000100070200
.text C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000100070420
.text C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000100070430
.text C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000100070220
.text C:\Windows\System32\svchost.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000100070280
.text C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000077bf0460
.text C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000077bf0450
.text C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000077bf0370
.text C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000077bf0470
.text C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000077bf03e0
.text C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000077bf0320
.text C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000077bf03b0
.text C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000077bf0390
.text C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000077bf02e0
.text C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000077bf02d0
.text C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000077bf0310
.text C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000077bf03c0
.text C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000077bf03f0
.text C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000077bf0230
.text C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000077bf0480
.text C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000077bf03a0
.text C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000077bf02f0
.text C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000077bf0350
.text C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000077bf0290
.text C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000077bf02b0
.text C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000077bf03d0
.text C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000077bf0330
.text C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000077bf0410
.text C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000077bf0240
.text C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000077bf01e0
.text C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000077bf0250
.text C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000077bf0490
.text C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000077bf04a0
.text C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000077bf0300
.text C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000077bf0360
.text C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000077bf02a0
.text C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000077bf02c0
.text C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000077bf0380
.text C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000077bf0340
.text C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000077bf0440
.text C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000077bf0260
.text C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000077bf0270
.text C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000077bf0400
.text C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000077bf01f0
.text C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000077bf0210
.text C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000077bf0200
.text C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000077bf0420
.text C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000077bf0430
.text C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000077bf0220
.text C:\Windows\system32\svchost.exe[2416] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000077bf0280
.text C:\Windows\system32\svchost.exe[2416] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007797eecd 1 byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2896] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007797eecd 1 byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000077bf0460
.text C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000077bf0450
.text C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000077bf0370
.text C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000077bf0470
.text C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000077bf03e0
.text C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000077bf0320
.text C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000077bf03b0
.text C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000077bf0390
.text C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000077bf02e0
.text C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000077bf02d0
.text C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000077bf0310
.text C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000077bf03c0
.text C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000077bf03f0
.text C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000077bf0230
.text C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000077bf0480
.text C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000077bf03a0
.text C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000077bf02f0
.text C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000077bf0350
.text C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000077bf0290
.text C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000077bf02b0
.text C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000077bf03d0
.text C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000077bf0330
.text C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000077bf0410
.text C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000077bf0240
.text C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000077bf01e0
.text C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000077bf0250
.text C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000077bf0490
.text C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000077bf04a0
.text C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000077bf0300
.text C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000077bf0360
.text C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000077bf02a0
.text C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000077bf02c0
.text C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000077bf0380
.text C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000077bf0340
.text C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000077bf0440
.text C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000077bf0260
.text C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000077bf0270
.text C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000077bf0400
.text C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000077bf01f0
.text C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000077bf0210
.text C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000077bf0200
.text C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000077bf0420
.text C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000077bf0430
.text C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000077bf0220
.text C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000077bf0280
.text C:\Windows\system32\SearchIndexer.exe[3008] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007797eecd 1 byte [62]
.text C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000077bf0460
.text C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000077bf0450
.text C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000077bf0370
.text C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000077bf0470
.text C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000077bf03e0
.text C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000077bf0320
.text C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000077bf03b0
.text C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000077bf0390
.text C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000077bf02e0
.text C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000077bf02d0
.text C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000077bf0310
.text C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000077bf03c0
.text C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000077bf03f0
.text C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000077bf0230
.text C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000077bf0480
.text C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000077bf03a0
.text C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000077bf02f0
.text C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000077bf0350
.text C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000077bf0290
.text C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000077bf02b0
.text C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000077bf03d0
.text C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000077bf0330
.text C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000077bf0410
.text C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000077bf0240
.text C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000077bf01e0
.text C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000077bf0250
.text C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000077bf0490
.text C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000077bf04a0
.text C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000077bf0300
.text C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000077bf0360
.text C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000077bf02a0
.text C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000077bf02c0
.text C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000077bf0380
.text C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000077bf0340
.text C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000077bf0440
.text C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000077bf0260
.text C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000077bf0270
.text C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000077bf0400
.text C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000077bf01f0
.text C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000077bf0210
.text C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000077bf0200
.text C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000077bf0420
.text C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000077bf0430
.text C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000077bf0220
.text C:\Windows\system32\taskhost.exe[1308] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000077bf0280
.text C:\Windows\system32\taskhost.exe[1308] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007797eecd 1 byte [62]
.text C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000100070460
.text C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000100070450
.text C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000100070370
.text C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000100070470
.text C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 00000001000703e0
.text C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000100070320
.text C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 00000001000703b0
.text C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000100070390
.text C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 00000001000702e0
.text C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 00000001000702d0
.text C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000100070310
.text C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 00000001000703c0
.text C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 00000001000703f0
.text C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000100070230
.text C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000100070480
.text C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 00000001000703a0
.text C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 00000001000702f0
.text C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000100070350
.text C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000100070290
.text C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 00000001000702b0
.text C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 00000001000703d0
.text C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000100070330
.text C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000100070410
.text C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000100070240
.text C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 00000001000701e0
.text C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000100070250
.text C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000100070490
.text C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 00000001000704a0
.text C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000100070300
.text C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000100070360
.text C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 00000001000702a0
.text C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 00000001000702c0
.text C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000100070380
.text C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000100070340
.text C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000100070440
.text C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000100070260
.text C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000100070270
.text C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000100070400
.text C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 00000001000701f0
.text C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000100070210
.text C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000100070200
.text C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000100070420
.text C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000100070430
.text C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000100070220
.text C:\Windows\Explorer.EXE[2512] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000100070280
.text C:\Windows\Explorer.EXE[2512] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007797eecd 1 byte [62]
.text C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe[1984] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007761a2ba 1 byte [62]
.text C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000077bf0460
.text C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000077bf0450
.text C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000077bf0370
.text C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000077bf0470
.text C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000077bf03e0
.text C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000077bf0320
.text C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000077bf03b0
.text C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000077bf0390
.text C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000077bf02e0
.text C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000077bf02d0
.text C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000077bf0310
.text C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000077bf03c0
.text C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000077bf03f0
.text C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000077bf0230
.text C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000077bf0480
.text C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000077bf03a0
.text C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000077bf02f0
.text C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000077bf0350
.text C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000077bf0290
.text C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000077bf02b0
.text C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000077bf03d0
.text C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000077bf0330
.text C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000077bf0410
.text C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000077bf0240
.text C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000077bf01e0
.text C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000077bf0250
.text C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000077bf0490
.text C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000077bf04a0
.text C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000077bf0300
.text C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000077bf0360
.text C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000077bf02a0
.text C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000077bf02c0
.text C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000077bf0380
.text C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000077bf0340
.text C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000077bf0440
.text C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000077bf0260
.text C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000077bf0270
.text C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000077bf0400
.text C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000077bf01f0
.text C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000077bf0210
.text C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000077bf0200
.text C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000077bf0420
.text C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000077bf0430
.text C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000077bf0220
.text C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000077bf0280
.text C:\Windows\system32\igfxsrvc.exe[2848] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007797eecd 1 byte [62]
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2664] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007761a2ba 1 byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000100070460
.text C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000100070450
.text C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000100070370
.text C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000100070470
.text C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 00000001000703e0
.text C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000100070320
.text C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 00000001000703b0
.text C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000100070390
.text C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 00000001000702e0
.text C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 00000001000702d0
.text C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000100070310
.text C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 00000001000703c0
.text C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 00000001000703f0
.text C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000100070230
.text C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000100070480
.text C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 00000001000703a0
.text C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 00000001000702f0
.text C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000100070350
.text C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000100070290
.text C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 00000001000702b0
.text C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 00000001000703d0
.text C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000100070330
.text C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000100070410
.text C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000100070240
.text C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 00000001000701e0
.text C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000100070250
.text C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000100070490
.text C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 00000001000704a0
.text C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000100070300
.text C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000100070360
.text C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 00000001000702a0
.text C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 00000001000702c0
.text C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000100070380
.text C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000100070340
.text C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000100070440
.text C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000100070260
.text C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000100070270
.text C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000100070400
.text C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 00000001000701f0
.text C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000100070210
.text C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000100070200
.text C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000100070420
.text C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000100070430
.text C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000100070220
.text C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000100070280
.text C:\Program Files\Windows Sidebar\sidebar.exe[636] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007797eecd 1 byte [62]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3188] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007761a2ba 1 byte [62]
.text C:\Windows\system32\igfxext.exe[3432] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007797eecd 1 byte [62]
.text C:\Windows\system32\wbem\unsecapp.exe[3504] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007797eecd 1 byte [62]
.text C:\Program Files (x86)\Launch Manager\LManager.EXE[3576] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007761a2ba 1 byte [62]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3640] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007761a2ba 1 byte [62]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2288] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007761a2ba 1 byte [62]
.text C:\Program Files (x86)\A1 Dashboard\Dashboard.exe[4536] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007761a2ba 1 byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[4580] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007797eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000077bf0460
.text C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000077bf0450
.text C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000077bf0370
.text C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000077bf0470
.text C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000077bf03e0
.text C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000077bf0320
.text C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000077bf03b0
.text C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000077bf0390
.text C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000077bf02e0
.text C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000077bf02d0
.text C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000077bf0310
.text C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000077bf03c0
.text C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000077bf03f0
.text C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000077bf0230
.text C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000077bf0480
.text C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000077bf03a0
.text C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000077bf02f0
.text C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000077bf0350
.text C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000077bf0290
.text C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000077bf02b0
.text C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000077bf03d0
.text C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000077bf0330
.text C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000077bf0410
.text C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000077bf0240
.text C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000077bf01e0
.text C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000077bf0250
.text C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000077bf0490
.text C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000077bf04a0
.text C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000077bf0300
.text C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000077bf0360
.text C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000077bf02a0
.text C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000077bf02c0
.text C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000077bf0380
.text C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000077bf0340
.text C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000077bf0440
.text C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000077bf0260
.text C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000077bf0270
.text C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000077bf0400
.text C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000077bf01f0
.text C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000077bf0210
.text C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000077bf0200
.text C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000077bf0420
.text C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000077bf0430
.text C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000077bf0220
.text C:\Windows\System32\svchost.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000077bf0280
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a63b10 6 bytes {NOP ; JMP 0xffffffff8873cc4c}
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077a67ac0 6 bytes {NOP ; JMP 0xffffffff887388e4}
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000100070460
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000100070450
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000100070370
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000100070470
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 00000001000703e0
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000100070320
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 00000001000703b0
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000100070390
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 00000001000702e0
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 00000001000702d0
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000100070310
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 00000001000703c0
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 00000001000703f0
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000100070230
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000100070480
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 00000001000703a0
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 00000001000702f0
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000100070350
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000100070290
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 00000001000702b0
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 00000001000703d0
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000100070330
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000100070410
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000100070240
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 00000001000701e0
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000100070250
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000100070490
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 00000001000704a0
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000100070300
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000100070360
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 00000001000702a0
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 00000001000702c0
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000100070380
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000100070340
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000100070440
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000100070260
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000100070270
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000100070400
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 00000001000701f0
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000100070210
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000100070200
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000100070420
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000100070430
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000100070220
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000100070280
.text C:\Program Files\Internet Explorer\iexplore.exe[876] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007797eecd 1 byte [62]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4708] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077c5c4dd 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4708] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c61287 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4708] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007761a2ba 1 byte [62]
.text C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077a91360 5 bytes JMP 0000000077bf0460
.text C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077a913b0 5 bytes JMP 0000000077bf0450
.text C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a91510 5 bytes JMP 0000000077bf0370
.text C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077a91560 5 bytes JMP 0000000077bf0470
.text C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a91570 5 bytes JMP 0000000077bf03e0
.text C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077a91620 5 bytes JMP 0000000077bf0320
.text C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a91650 5 bytes JMP 0000000077bf03b0
.text C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077a91670 5 bytes JMP 0000000077bf0390
.text C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077a916b0 5 bytes JMP 0000000077bf02e0
.text C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077a91730 5 bytes JMP 0000000077bf02d0
.text C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077a91750 5 bytes JMP 0000000077bf0310
.text C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077a91790 5 bytes JMP 0000000077bf03c0
.text C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077a917e0 5 bytes JMP 0000000077bf03f0
.text C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077a91940 5 bytes JMP 0000000077bf0230
.text C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077a91b00 5 bytes JMP 0000000077bf0480
.text C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077a91b30 5 bytes JMP 0000000077bf03a0
.text C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077a91c10 5 bytes JMP 0000000077bf02f0
.text C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077a91c20 5 bytes JMP 0000000077bf0350
.text C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077a91c80 5 bytes JMP 0000000077bf0290
.text C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077a91d10 5 bytes JMP 0000000077bf02b0
.text C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a91d30 5 bytes JMP 0000000077bf03d0
.text C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077a91d40 5 bytes JMP 0000000077bf0330
.text C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077a91db0 5 bytes JMP 0000000077bf0410
.text C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077a91de0 5 bytes JMP 0000000077bf0240
.text C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077a920a0 5 bytes JMP 0000000077bf01e0
.text C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077a92160 5 bytes JMP 0000000077bf0250
.text C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077a92190 5 bytes JMP 0000000077bf0490
.text C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a921a0 5 bytes JMP 0000000077bf04a0
.text C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077a921d0 5 bytes JMP 0000000077bf0300
.text C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077a921e0 5 bytes JMP 0000000077bf0360
.text C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077a92240 5 bytes JMP 0000000077bf02a0
.text C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077a92290 5 bytes JMP 0000000077bf02c0
.text C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a922c0 5 bytes JMP 0000000077bf0380
.text C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077a922d0 5 bytes JMP 0000000077bf0340
.text C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077a925c0 5 bytes JMP 0000000077bf0440
.text C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077a927c0 5 bytes JMP 0000000077bf0260
.text C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077a927d0 5 bytes JMP 0000000077bf0270
.text C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a927e0 5 bytes JMP 0000000077bf0400
.text C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077a929a0 5 bytes JMP 0000000077bf01f0
.text C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077a929b0 5 bytes JMP 0000000077bf0210
.text C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077a92a20 5 bytes JMP 0000000077bf0200
.text C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077a92a80 5 bytes JMP 0000000077bf0420
.text C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077a92a90 5 bytes JMP 0000000077bf0430
.text C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077a92aa0 5 bytes JMP 0000000077bf0220
.text C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077a92b80 5 bytes JMP 0000000077bf0280
.text C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe[3720] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007797eecd 1 byte [62]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2756] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077c5c4dd 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2756] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c61287 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2756] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007761a2ba 1 byte [62]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d51465 2 bytes [D5, 75]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[2756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d514bb 2 bytes [D5, 75]
.text ... * 2
.text C:\Users\Emanuel\Desktop\FRST64.exe[4956] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007797eecd 1 byte [62]
.text C:\Users\Emanuel\Desktop\jcm3f2xb.exe[5992] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007761a2ba 1 byte [62]
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [944:2620] 000007fef9ba44e0
Thread C:\Windows\System32\svchost.exe [944:4636] 000007fef9fa88f8
Thread C:\Windows\system32\svchost.exe [468:4388] 000007fef8231ab0
Thread C:\Windows\system32\svchost.exe [1164:1692] 000007fef9f5bd88
Thread C:\Windows\system32\svchost.exe [1164:956] 000007fef8f65170
Thread C:\Windows\system32\svchost.exe [1164:2456] 000007fef9dd5124
Thread C:\Windows\system32\svchost.exe [1164:1804] 000007fef08e83d8
Thread C:\Windows\system32\svchost.exe [1164:2596] 000007fef08e83d8
Thread C:\Windows\system32\svchost.exe [1164:3572] 000007feefc73f1c
Thread C:\Windows\system32\svchost.exe [1164:3524] 000007feefc422b8
Thread C:\Windows\system32\svchost.exe [1164:3544] 000007feefc41a38
Thread C:\Windows\system32\svchost.exe [1164:1724] 000007fef0765388
Thread C:\Windows\system32\svchost.exe [1164:852] 000007fef0747738
Thread C:\Windows\system32\svchost.exe [1164:2744] 000007fef0721f90
Thread C:\Windows\System32\spoolsv.exe [1364:1268] 000007fef8c810c8
Thread C:\Windows\System32\spoolsv.exe [1364:1436] 000007fef8c46144
Thread C:\Windows\System32\spoolsv.exe [1364:960] 000007fef8a35fd0
Thread C:\Windows\System32\spoolsv.exe [1364:1464] 000007fef8a23438
Thread C:\Windows\System32\spoolsv.exe [1364:1516] 000007fef8a363ec
Thread C:\Windows\System32\spoolsv.exe [1364:1292] 000007fef8e15e5c
Thread C:\Windows\System32\spoolsv.exe [1364:1276] 000007fef8e45074
Thread C:\Windows\System32\spoolsv.exe [1364:2128] 000007fef8eb2288
Thread C:\Windows\system32\wbem\wmiprvse.exe [1676:1680] 000007fef8811c20
Thread C:\Windows\system32\wbem\wmiprvse.exe [1676:4048] 000007fef56de3c8
---- EOF - GMER 2.1 ----
|
|
11.02.2014, 18:04
| #6 |
| /// the machine /// TB-Ausbilder | Win7, A1 Rechnung #438192 von 05-02-14 Unsere Tools brauchen immer Adminrechte. Scan mit Combofix
__________________ --> Win7, A1 Rechnung #438192 von 05-02-14 |
Linear-Darstellung
