| |
| |||||||
Log-Analyse und Auswertung: Pc Virusbefall/Keylogger durch Survey WebseiteWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.03.2014, 01:44
| #1 |
| |  Pc Virusbefall/Keylogger durch Survey Webseite Guten Tag! Ich habe gestern ein Programm runterladen wollen und bin auf eine Seite gestoßen die dies angeboten hat. Musste dafür ein sogenanntes Survey ausführen damit ich die Datei downloaden kann. Nun hat aber das Programm viele anderer Programme mit installiert die Ich nicht entfernen kann. Für Hilfe wäre ich sehr dankbar! |
|
28.03.2014, 07:32
| #2 |
| /// the machine /// TB-Ausbilder    | Pc Virusbefall/Keylogger durch Survey Webseite Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
28.03.2014, 14:05
| #3 |
| | Pc Virusbefall/Keylogger durch Survey Webseite defogger_disable
__________________Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:49 on 28/03/2014 (********)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by ********** (administrator) on PREDATOR on 28-03-2014 00:58:37
Running from C:\Users\**********\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe
() C:\Program Files (x86)\LPT\srpts.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\LPT\srptm.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2560596042-4137677803-1756835688-1000\...\Policies\Explorer: [NoInstrumentation] 0
HKU\S-1-5-21-2560596042-4137677803-1756835688-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-2560596042-4137677803-1756835688-1000\...409d6c4515e9\InprocServer32: [Default-shell32] <==== ATTENTION!
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => "C:\PROGRA~2\SupTab\SEARCH~1.DLL" File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0D2557572E91CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ReemOOvEAdsTube - {E4D81115-FD03-574E-D51E-4706EE180F36} - C:\ProgramData\ReemOOvEAdsTube\StCs.x64.dll ()
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Windows\SysWOW64\ASProxy.dll [352168] (Astrill)
Winsock: Catalog9 02 C:\Windows\SysWOW64\ASProxy.dll [352168] (Astrill)
Winsock: Catalog9 03 C:\Windows\SysWOW64\ASProxy.dll [352168] (Astrill)
Winsock: Catalog9 04 C:\Windows\SysWOW64\ASProxy.dll [352168] (Astrill)
Winsock: Catalog9 15 C:\Windows\SysWOW64\ASProxy.dll [352168] (Astrill)
Winsock: Catalog9-x64 01 C:\Windows\system32\ASProxy64.dll [468904] (Astrill)
Winsock: Catalog9-x64 02 C:\Windows\system32\ASProxy64.dll [468904] (Astrill)
Winsock: Catalog9-x64 03 C:\Windows\system32\ASProxy64.dll [468904] (Astrill)
Winsock: Catalog9-x64 04 C:\Windows\system32\ASProxy64.dll [468904] (Astrill)
Winsock: Catalog9-x64 15 C:\Windows\system32\ASProxy64.dll [468904] (Astrill)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{24AD4058-5435-490E-8A19-7B6CDF788189}: [NameServer]8.8.8.8
FireFox:
========
FF ProfilePath: C:\Users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\qo5gln1i.default
FF Homepage: https://www.google.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\qo5gln1i.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Amazon-Icon - C:\Users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\qo5gln1i.default\Extensions\amazon-icon@giga.de [2014-03-28]
FF Extension: Popular Website Buddy - C:\Users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\qo5gln1i.default\Extensions\jid1-l6V8exwLVv1lBw@jetpack [2014-03-27]
FF Extension: SparPilot - Gutscheine & mehr... - C:\Users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\qo5gln1i.default\Extensions\sparpilot@sparpilot.com [2014-03-28]
FF Extension: LinkiDoo - C:\Users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\qo5gln1i.default\Extensions\{75edaf6c-4dcf-4f61-a079-f7488c24b3d9}.xpi [2014-03-26]
FF Extension: Adblock Plus - C:\Users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\qo5gln1i.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-09-26]
==================== Services (Whitelisted) =================
S3 ASOVPNHelper; C:\Program Files (x86)\Astrill\ASOvpnSvc.exe [434928 2012-05-25] (Astrill)
S3 ASProxy; C:\Program Files (x86)\Astrill\ASProxy.exe [1918888 2013-02-19] (Astrill)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-02-04] ()
R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [395136 2011-07-04] (cFos Software GmbH)
R2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [32288 2014-02-09] ()
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15125280 2013-11-08] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-07] ()
==================== Drivers (Whitelisted) ====================
R3 asvpndrv; C:\Windows\System32\DRIVERS\asvpndrv.sys [31744 2012-02-29] (Astrill)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
S3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20568 2010-05-25] (Devguru Co., Ltd)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [867824 2012-10-25] (Duplex Secure Ltd.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-28 00:58 - 2014-03-28 00:58 - 00012207 _____ () C:\Users\**********\Desktop\FRST.txt
2014-03-28 00:58 - 2014-03-28 00:58 - 00000000 ____D () C:\FRST
2014-03-28 00:49 - 2014-03-28 00:49 - 00000596 _____ () C:\Users\**********\Desktop\defogger_disable.log
2014-03-28 00:49 - 2014-03-28 00:49 - 00000020 _____ () C:\Users\**********\defogger_reenable
2014-03-28 00:48 - 2014-03-28 00:48 - 02157056 _____ (Farbar) C:\Users\**********\Desktop\FRST64.exe
2014-03-28 00:48 - 2014-03-28 00:48 - 00380416 _____ () C:\Users\**********\Desktop\Gmer-19357.exe
2014-03-28 00:47 - 2014-03-28 00:47 - 00050477 _____ () C:\Users\**********\Desktop\Defogger.exe
2014-03-28 00:22 - 2014-03-28 00:25 - 04918616 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-28 00:21 - 2014-03-28 00:21 - 00005014 _____ () C:\Windows\PFRO.log
2014-03-28 00:13 - 2014-03-28 00:52 - 00000336 _____ () C:\Windows\setupact.log
2014-03-28 00:13 - 2014-03-28 00:13 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-28 00:11 - 2014-03-28 00:11 - 00000000 ____D () C:\Users\**********\AppData\Local\Tempccc444a4d49670cb05f3386d0c986880
2014-03-28 00:11 - 2014-03-28 00:11 - 00000000 ____D () C:\Users\**********\AppData\Local\Temp73e5ec14e567a8817c7604af85241487
2014-03-28 00:10 - 2014-03-28 00:10 - 00000000 ____D () C:\Users\**********\AppData\Local\Tempc54c1f61f356ad2905a826a3efdb3359_
2014-03-28 00:10 - 2014-03-28 00:10 - 00000000 ____D () C:\Users\**********\AppData\Local\Temp306340d9e24edd61c036ed6647592a9c_
2014-03-27 21:17 - 2014-03-27 21:17 - 00000000 ____D () C:\Users\**********\AppData\Local\Temp1728f593f8d2847341145be860e2f174
2014-03-27 21:16 - 2014-03-27 21:16 - 00000000 ____D () C:\Users\**********\ChromeExtensions
2014-03-27 21:16 - 2014-03-27 21:16 - 00000000 ____D () C:\Users\**********\AppData\Local\Tempc54c1f61f356ad2905a826a3efdb3359
2014-03-27 21:16 - 2014-03-27 21:16 - 00000000 ____D () C:\Users\**********\AppData\Local\Temp306340d9e24edd61c036ed6647592a9c
2014-03-27 21:16 - 2014-03-27 21:16 - 00000000 ____D () C:\Users\**********\AppData\Local\Temp1aade29c970773c10219ab2f101ff1cb
2014-03-27 20:27 - 2014-03-27 20:27 - 00000000 ____D () C:\Users\**********\AppData\Roaming\flightgear.org
2014-03-27 20:18 - 2014-03-27 20:18 - 00000000 ____D () C:\ProgramData\ZalmanInstaller_5372
2014-03-27 19:49 - 2014-03-28 00:54 - 00000944 _____ () C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job
2014-03-27 19:49 - 2014-03-27 19:49 - 00003940 _____ () C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineUA
2014-03-27 19:49 - 2012-07-25 12:03 - 00016896 _____ () C:\Windows\system32\sasnative64.exe
2014-03-27 19:45 - 2014-03-27 19:46 - 00000000 ____D () C:\Program Files (x86)\LPT
2014-03-27 19:35 - 2014-03-27 21:32 - 00000000 ____D () C:\Program Files (x86)\LinkiDoo
2014-03-27 19:34 - 2014-03-27 19:51 - 00000000 ____D () C:\Users\**********\AppData\Roaming\qone8
2014-03-27 19:22 - 2014-03-27 19:22 - 00000000 ____D () C:\Users\**********\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
2014-03-26 19:20 - 2014-03-26 19:21 - 00000000 ____D () C:\Users\**********\AppData\Roaming\Screaming Bee
2014-03-26 19:20 - 2014-03-26 19:21 - 00000000 ____D () C:\ProgramData\Screaming Bee
2014-03-26 19:20 - 2014-03-26 19:20 - 00002082 _____ () C:\Users\Public\Desktop\MorphVOX Pro.lnk
2014-03-26 19:20 - 2014-03-26 19:20 - 00000000 ____D () C:\Program Files (x86)\Screaming Bee
2014-03-26 19:18 - 2014-03-26 19:24 - 19866084 _____ () C:\Users\**********\Desktop\SCREAM.by.MORPHEUS.PO.PO.4.rar
2014-03-26 19:18 - 2014-03-26 19:19 - 05384056 _____ () C:\Users\**********\Desktop\MorphVOXPro4_Install-1.de.exe
2014-03-26 15:35 - 2014-03-26 15:36 - 00016965 _____ () C:\Users\**********\Desktop\OpenDocument Text (neu).odt
2014-03-21 21:05 - 2014-03-21 21:05 - 00002788 _____ () C:\Users\**********\Desktop\safersurf-for-free-setup.log
2014-03-21 21:05 - 2014-03-21 21:05 - 00000000 ____D () C:\ProgramData\Nutzwerk
2014-03-21 20:42 - 2014-03-27 22:36 - 00000000 __SHD () C:\Windows\SysWOW64\MPK
2014-03-21 20:42 - 2014-03-21 20:55 - 00000000 __SHD () C:\ProgramData\MPK
2014-03-20 15:13 - 2014-01-09 03:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-03-20 15:13 - 2014-01-03 23:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-03-19 16:55 - 2014-03-19 16:55 - 00000000 ____D () C:\Intel
2014-03-19 16:53 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-03-19 16:53 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-03-19 16:53 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-03-19 16:53 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-03-19 16:53 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-03-19 16:53 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-03-19 16:53 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-03-19 16:53 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-03-19 16:53 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-03-19 16:53 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-03-19 16:53 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-03-19 16:53 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-03-19 16:53 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-03-19 16:53 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-03-19 16:53 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-03-19 16:53 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-03-19 16:53 - 2012-08-23 14:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-03-19 16:52 - 2012-08-23 15:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-03-19 16:52 - 2012-08-23 15:12 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\terminpt.sys
2014-03-19 16:52 - 2012-08-23 15:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-03-19 16:52 - 2012-08-23 15:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-03-19 16:52 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-03-19 16:52 - 2012-08-23 11:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-03-19 16:52 - 2012-08-23 10:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-03-19 16:50 - 2013-09-25 03:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-03-19 16:50 - 2013-09-25 02:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-03-16 18:11 - 2014-03-27 19:52 - 00000218 _____ () C:\Users\**********\Desktop\Neues Textdokument (5).txt
2014-03-12 02:50 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 02:50 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 02:50 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 02:50 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 02:50 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 02:50 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 02:50 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 02:50 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 02:50 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 02:50 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 02:50 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 02:50 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 02:50 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 02:50 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 02:50 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 02:50 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 02:50 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 02:50 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 02:50 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 02:50 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 02:50 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 02:50 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 02:50 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 02:50 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 02:50 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 02:50 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 02:50 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 02:50 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 02:50 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 02:50 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 02:50 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 02:50 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 02:50 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 02:50 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 02:50 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 02:50 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 02:50 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 02:50 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 02:50 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 02:50 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 02:50 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 02:50 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 02:50 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 02:50 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 02:50 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-12 02:50 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 02:50 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 02:50 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-07 23:12 - 2014-03-07 23:12 - 14469376 _____ () C:\Users\**********\Desktop\WhatsApp.apk
2014-03-07 15:44 - 2014-03-28 00:52 - 00000286 _____ () C:\Windows\Tasks\bench-Updater removing.job
2014-03-07 15:44 - 2014-03-07 15:44 - 00003226 _____ () C:\Windows\System32\Tasks\bench-Updater removing
2014-03-03 23:29 - 2014-03-03 23:29 - 00000000 ____D () C:\Program Files (x86)\CoupExiTeenSIona
2014-03-03 22:50 - 2014-03-28 00:25 - 00000000 ____D () C:\Users\**********\.VirtualBox
2014-03-03 22:50 - 2014-03-03 22:50 - 00001076 _____ () C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2014-03-03 22:50 - 2013-04-12 11:41 - 00237840 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2014-03-03 22:49 - 2014-03-03 22:49 - 00000000 ____D () C:\Program Files\Oracle
2014-03-03 22:49 - 2013-04-12 11:40 - 00120080 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2014-03-03 22:48 - 2014-03-03 22:54 - 00000000 ____D () C:\Users\**********\AppData\Local\Genymobile
2014-03-03 22:47 - 2014-03-12 22:30 - 00001025 _____ () C:\Users\Public\Desktop\Genymotion.lnk
2014-03-03 22:47 - 2014-03-12 22:30 - 00001020 _____ () C:\Users\Public\Desktop\Genymotion Shell.lnk
2014-03-03 22:46 - 2014-03-03 22:46 - 00000000 ____D () C:\Program Files\Genymobile
2014-02-27 16:05 - 2014-02-27 16:05 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-27 16:05 - 2014-02-27 16:05 - 00000000 ____D () C:\Users\**********\AppData\Local\Skype
2014-02-27 15:33 - 2014-03-04 14:18 - 00000000 ____D () C:\ProgramData\CoupExiTeenSIona
==================== One Month Modified Files and Folders =======
2014-03-28 00:58 - 2014-03-28 00:58 - 00012207 _____ () C:\Users\**********\Desktop\FRST.txt
2014-03-28 00:58 - 2014-03-28 00:58 - 00000000 ____D () C:\FRST
2014-03-28 00:56 - 2013-08-30 20:07 - 01585779 _____ () C:\Windows\WindowsUpdate.log
2014-03-28 00:54 - 2014-03-27 19:49 - 00000944 _____ () C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job
2014-03-28 00:54 - 2013-01-01 17:12 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-28 00:52 - 2014-03-28 00:13 - 00000336 _____ () C:\Windows\setupact.log
2014-03-28 00:52 - 2014-03-07 15:44 - 00000286 _____ () C:\Windows\Tasks\bench-Updater removing.job
2014-03-28 00:51 - 2012-09-12 19:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-28 00:51 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-28 00:49 - 2014-03-28 00:49 - 00000596 _____ () C:\Users\**********\Desktop\defogger_disable.log
2014-03-28 00:49 - 2014-03-28 00:49 - 00000020 _____ () C:\Users\**********\defogger_reenable
2014-03-28 00:49 - 2012-09-12 22:08 - 00000000 ____D () C:\Users\**********
2014-03-28 00:48 - 2014-03-28 00:48 - 02157056 _____ (Farbar) C:\Users\**********\Desktop\FRST64.exe
2014-03-28 00:48 - 2014-03-28 00:48 - 00380416 _____ () C:\Users\**********\Desktop\Gmer-19357.exe
2014-03-28 00:47 - 2014-03-28 00:47 - 00050477 _____ () C:\Users\**********\Desktop\Defogger.exe
2014-03-28 00:47 - 2012-09-17 03:33 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-03-28 00:31 - 2009-07-14 05:45 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-28 00:31 - 2009-07-14 05:45 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-28 00:25 - 2014-03-28 00:22 - 04918616 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-28 00:25 - 2014-03-03 22:50 - 00000000 ____D () C:\Users\**********\.VirtualBox
2014-03-28 00:21 - 2014-03-28 00:21 - 00005014 _____ () C:\Windows\PFRO.log
2014-03-28 00:17 - 2012-09-13 00:03 - 00000000 ____D () C:\Windows\pss
2014-03-28 00:17 - 2012-09-12 22:08 - 00000000 ___RD () C:\Users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-28 00:13 - 2014-03-28 00:13 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-28 00:12 - 2012-09-12 22:20 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-03-28 00:12 - 2012-09-12 18:53 - 00000000 ____D () C:\Users\**********\AppData\Local\CrashDumps
2014-03-28 00:11 - 2014-03-28 00:11 - 00000000 ____D () C:\Users\**********\AppData\Local\Tempccc444a4d49670cb05f3386d0c986880
2014-03-28 00:11 - 2014-03-28 00:11 - 00000000 ____D () C:\Users\**********\AppData\Local\Temp73e5ec14e567a8817c7604af85241487
2014-03-28 00:10 - 2014-03-28 00:10 - 00000000 ____D () C:\Users\**********\AppData\Local\Tempc54c1f61f356ad2905a826a3efdb3359_
2014-03-28 00:10 - 2014-03-28 00:10 - 00000000 ____D () C:\Users\**********\AppData\Local\Temp306340d9e24edd61c036ed6647592a9c_
2014-03-28 00:10 - 2012-09-17 03:41 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-28 00:05 - 2012-09-12 22:17 - 00003958 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1C3B3B18-0062-4FF6-9196-209A3D88CF3E}
2014-03-27 23:52 - 2013-10-26 21:44 - 00002180 _____ () C:\Users\**********\Desktop\xClient_v1.0_Build_v3.7.zip
2014-03-27 23:51 - 2012-09-16 14:02 - 00000000 ____D () C:\Users\**********\AppData\Roaming\Hiad
2014-03-27 23:50 - 2012-09-16 20:45 - 00000000 ____D () C:\Users\**********\AppData\Roaming\Beaq
2014-03-27 22:36 - 2014-03-21 20:42 - 00000000 __SHD () C:\Windows\SysWOW64\MPK
2014-03-27 22:00 - 2014-02-10 20:48 - 00000000 ____D () C:\ProgramData\ReemOOvEAdsTube
2014-03-27 21:46 - 2012-09-20 16:47 - 00000000 ____D () C:\ProgramData\npsfmipherpgmut
2014-03-27 21:32 - 2014-03-27 19:35 - 00000000 ____D () C:\Program Files (x86)\LinkiDoo
2014-03-27 21:30 - 2012-12-02 17:09 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-03-27 21:23 - 2013-05-27 11:55 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-03-27 21:23 - 2013-01-04 21:27 - 00000000 ____D () C:\Users\**********\AppData\Local\Ubisoft Game Launcher
2014-03-27 21:17 - 2014-03-27 21:17 - 00000000 ____D () C:\Users\**********\AppData\Local\Temp1728f593f8d2847341145be860e2f174
2014-03-27 21:16 - 2014-03-27 21:16 - 00000000 ____D () C:\Users\**********\ChromeExtensions
2014-03-27 21:16 - 2014-03-27 21:16 - 00000000 ____D () C:\Users\**********\AppData\Local\Tempc54c1f61f356ad2905a826a3efdb3359
2014-03-27 21:16 - 2014-03-27 21:16 - 00000000 ____D () C:\Users\**********\AppData\Local\Temp306340d9e24edd61c036ed6647592a9c
2014-03-27 21:16 - 2014-03-27 21:16 - 00000000 ____D () C:\Users\**********\AppData\Local\Temp1aade29c970773c10219ab2f101ff1cb
2014-03-27 20:38 - 2013-08-29 18:10 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-27 20:38 - 2012-09-18 21:27 - 00000000 ____D () C:\Users\**********\AppData\Roaming\TS3Client
2014-03-27 20:27 - 2014-03-27 20:27 - 00000000 ____D () C:\Users\**********\AppData\Roaming\flightgear.org
2014-03-27 20:18 - 2014-03-27 20:18 - 00000000 ____D () C:\ProgramData\ZalmanInstaller_5372
2014-03-27 19:52 - 2014-03-16 18:11 - 00000218 _____ () C:\Users\**********\Desktop\Neues Textdokument (5).txt
2014-03-27 19:51 - 2014-03-27 19:34 - 00000000 ____D () C:\Users\**********\AppData\Roaming\qone8
2014-03-27 19:51 - 2012-09-12 22:08 - 00001425 _____ () C:\Users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-27 19:50 - 2013-03-08 21:22 - 00000000 ____D () C:\Users\**********\AppData\Local\cache
2014-03-27 19:49 - 2014-03-27 19:49 - 00003940 _____ () C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineUA
2014-03-27 19:46 - 2014-03-27 19:45 - 00000000 ____D () C:\Program Files (x86)\LPT
2014-03-27 19:22 - 2014-03-27 19:22 - 00000000 ____D () C:\Users\**********\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
2014-03-27 06:13 - 2012-09-12 19:47 - 00000000 ____D () C:\Users\**********\AppData\Roaming\Skype
2014-03-27 00:52 - 2012-10-03 20:12 - 00000000 ____D () C:\Users\**********\AppData\Roaming\ICQ
2014-03-26 19:24 - 2014-03-26 19:18 - 19866084 _____ () C:\Users\**********\Desktop\SCREAM.by.MORPHEUS.PO.PO.4.rar
2014-03-26 19:21 - 2014-03-26 19:20 - 00000000 ____D () C:\Users\**********\AppData\Roaming\Screaming Bee
2014-03-26 19:21 - 2014-03-26 19:20 - 00000000 ____D () C:\ProgramData\Screaming Bee
2014-03-26 19:20 - 2014-03-26 19:20 - 00002082 _____ () C:\Users\Public\Desktop\MorphVOX Pro.lnk
2014-03-26 19:20 - 2014-03-26 19:20 - 00000000 ____D () C:\Program Files (x86)\Screaming Bee
2014-03-26 19:20 - 2013-09-07 01:36 - 00000000 ____D () C:\ProgramData\Package Cache
2014-03-26 19:19 - 2014-03-26 19:18 - 05384056 _____ () C:\Users\**********\Desktop\MorphVOXPro4_Install-1.de.exe
2014-03-26 15:36 - 2014-03-26 15:35 - 00016965 _____ () C:\Users\**********\Desktop\OpenDocument Text (neu).odt
2014-03-26 07:20 - 2011-04-12 08:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-03-26 07:20 - 2011-04-12 08:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-03-26 07:20 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-25 20:06 - 2014-02-03 21:49 - 00000000 ____D () C:\ProgramData\SmartWeb
2014-03-22 04:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-03-21 21:05 - 2014-03-21 21:05 - 00002788 _____ () C:\Users\**********\Desktop\safersurf-for-free-setup.log
2014-03-21 21:05 - 2014-03-21 21:05 - 00000000 ____D () C:\ProgramData\Nutzwerk
2014-03-21 20:55 - 2014-03-21 20:42 - 00000000 __SHD () C:\ProgramData\MPK
2014-03-19 18:26 - 2014-02-10 20:48 - 00002494 __RSH () C:\ProgramData\ntuser.pol
2014-03-19 16:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-03-19 16:55 - 2014-03-19 16:55 - 00000000 ____D () C:\Intel
2014-03-19 16:52 - 2013-07-24 00:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 16:52 - 2012-10-01 00:41 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-19 16:51 - 2012-09-12 22:52 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-13 23:05 - 2012-10-23 22:11 - 00000000 ____D () C:\Users\**********\AppData\Roaming\vlc
2014-03-12 22:30 - 2014-03-03 22:47 - 00001025 _____ () C:\Users\Public\Desktop\Genymotion.lnk
2014-03-12 22:30 - 2014-03-03 22:47 - 00001020 _____ () C:\Users\Public\Desktop\Genymotion Shell.lnk
2014-03-12 20:10 - 2013-09-10 23:10 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-12 20:10 - 2012-09-17 03:41 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 20:10 - 2012-09-17 03:41 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 20:10 - 2012-09-17 03:41 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-07 23:12 - 2014-03-07 23:12 - 14469376 _____ () C:\Users\**********\Desktop\WhatsApp.apk
2014-03-07 15:44 - 2014-03-07 15:44 - 00003226 _____ () C:\Windows\System32\Tasks\bench-Updater removing
2014-03-05 00:49 - 2014-02-05 17:12 - 00000000 ____D () C:\Users\**********\Desktop\ein lauer sommerabend am see
2014-03-04 14:18 - 2014-02-27 15:33 - 00000000 ____D () C:\ProgramData\CoupExiTeenSIona
2014-03-03 23:29 - 2014-03-03 23:29 - 00000000 ____D () C:\Program Files (x86)\CoupExiTeenSIona
2014-03-03 23:29 - 2014-02-10 20:49 - 00000000 ____D () C:\ProgramData\a5dde32934df4f63
2014-03-03 22:54 - 2014-03-03 22:48 - 00000000 ____D () C:\Users\**********\AppData\Local\Genymobile
2014-03-03 22:50 - 2014-03-03 22:50 - 00001076 _____ () C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2014-03-03 22:49 - 2014-03-03 22:49 - 00000000 ____D () C:\Program Files\Oracle
2014-03-03 22:46 - 2014-03-03 22:46 - 00000000 ____D () C:\Program Files\Genymobile
2014-03-02 18:39 - 2014-02-05 00:20 - 00000874 _____ () C:\Users\**********\Desktop\Neues Textdokument (2).txt
2014-03-01 07:05 - 2014-03-12 02:50 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-12 02:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-12 02:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-12 02:50 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-12 02:50 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-12 02:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-12 02:50 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-12 02:50 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-12 02:50 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-12 02:50 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-12 02:50 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-12 02:50 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-12 02:50 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-12 02:50 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-12 02:50 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-12 02:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-12 02:50 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-12 02:50 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-12 02:50 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-12 02:50 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-12 02:50 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-12 02:50 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-12 02:50 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-12 02:50 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-12 02:50 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-12 02:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-12 02:50 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-12 02:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-12 02:50 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-12 02:50 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-12 02:50 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-12 02:50 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-12 02:50 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-12 02:50 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-12 02:50 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-12 02:50 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-12 02:50 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-12 02:50 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-12 02:50 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-12 02:50 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-27 16:05 - 2014-02-27 16:05 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-27 16:05 - 2014-02-27 16:05 - 00000000 ____D () C:\Users\**********\AppData\Local\Skype
2014-02-27 16:05 - 2012-09-12 19:47 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-27 16:05 - 2012-09-12 19:46 - 00000000 ____D () C:\ProgramData\Skype
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2560596042-4137677803-1756835688-1000\$e7d4392b885fbe193a679e1b051a790d
Some content of TEMP:
====================
C:\Users\**********\AppData\Local\Temp\6_Offer_11.exe
C:\Users\**********\AppData\Local\Temp\amazonicon_v4.exe
C:\Users\**********\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\**********\AppData\Local\Temp\BackupSetup.exe
C:\Users\**********\AppData\Local\Temp\BRSVC_673269_hlp.exe
C:\Users\**********\AppData\Local\Temp\BuenoSearchTB.exe
C:\Users\**********\AppData\Local\Temp\D1395946041.exe
C:\Users\**********\AppData\Local\Temp\GuardICQ.exe
C:\Users\**********\AppData\Local\Temp\nsgC7A0.exe
C:\Users\**********\AppData\Local\Temp\nsmCA7F.exe
C:\Users\**********\AppData\Local\Temp\nso649A.exe
C:\Users\**********\AppData\Local\Temp\nsr9FA3.exe
C:\Users\**********\AppData\Local\Temp\nsrA1C6.exe
C:\Users\**********\AppData\Local\Temp\nst3F8A.exe
C:\Users\**********\AppData\Local\Temp\nst68B0.exe
C:\Users\**********\AppData\Local\Temp\nsy3C00.exe
C:\Users\**********\AppData\Local\Temp\sdanircmdc.exe
C:\Users\**********\AppData\Local\Temp\sdapskill.exe
C:\Users\**********\AppData\Local\Temp\sdaspwn.exe
C:\Users\**********\AppData\Local\Temp\SearchProtectINT.exe
C:\Users\**********\AppData\Local\Temp\vcredist_x64.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-20 16:52
==================== End Of Log ============================
--- --- --- Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by ******* at 2014-03-28 00:59:04
Running from C:\Users\*******\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
64 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASRock App Charger v1.0.4 (HKLM\...\ASRock App Charger_is1) (Version: - ASRock Inc.)
ASRock eXtreme Tuner v0.1.98 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version: - )
ASRock InstantBoot v1.26 (HKLM-x32\...\ASRock InstantBoot_is1) (Version: - )
Astrill (HKLM\...\{A77BCF74-A5A3-441B-9923-305EAD8B7976}_is1) (Version: - Astrill)
avast! Pro Antivirus (HKLM-x32\...\avast) (Version: 8.0.1497.0 - AVAST Software)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.6.1.3 - Broadcom Corporation)
BufferChm (x32 Version: 90.0.146.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.25 - Piriform)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
Crysis® 2 (HKLM-x32\...\{6033673D-2530-4587-8AD0-EB059FC263F9}) (Version: 1.9.0.0 - Electronic Arts)
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.0.0.0 - Electronic Arts)
Crysis®3 Digital Deluxe Edition Content (HKLM-x32\...\{2A8C5AE3-2772-4EB1-8206-D5E53D111A61}) (Version: 1.0.0.0 - Electronic Arts)
DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
Demonbuddy (HKCU\...\{45bb2989-e144-465d-9823-220359687d0e}) (Version: 1.0.1445.316 - Bossland GmbH)
Demonbuddy (x32 Version: 1.0.1445.316 - Bossland GmbH) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.96 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.96 - Etron Technology) Hidden
F4100_doccd (x32 Version: 90.0.200.000 - Hewlett-Packard) Hidden
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.05 - Ubisoft)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.1.1031 - Foxit Corporation)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Genymotion version 2.1.1 (HKLM\...\{6D180286-D4DF-40EF-9227-923B9C07C08A}_is1) (Version: 2.1.1 - Genymobile)
HP Managed Printing Admin (HKLM-x32\...\{7CA4F780-7AD0-417A-82A1-46EB825CFD53}) (Version: 2.5.9 - Hewlett-Packard)
HP Update (HKLM-x32\...\{8C6027FD-53DC-446D-BB75-CACD7028A134}) (Version: 4.000.006.002 - Hewlett-Packard)
HPSSupply (HKLM-x32\...\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}) (Version: 2.2.0.0000 - Ihr Firmenname)
ICQ7M (HKLM-x32\...\{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}) (Version: 7.8 - ICQ)
IsoBuster 3.0 (HKLM-x32\...\IsoBuster_is1) (Version: 3.0 - Smart Projects)
iTunes (HKLM\...\{37D0157F-45C6-4DB2-9AE5-489DD98CE169}) (Version: 11.1.2.31 - Apple Inc.)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 7 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170070}) (Version: 1.7.0.70 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
LPT System Updater Service (x32 Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
MorphVOX Pro (HKLM-x32\...\{ac11d2c6-dc41-405c-96ae-818d062a88ab}) (Version: 4.4.13.23750 - Screaming Bee)
MorphVOX Pro (x32 Version: 4.4.13.23750 - Screaming Bee) Hidden
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
MP4 To MP3 Converter V3.0.5 (HKLM-x32\...\MP4 To MP3 Converter_is1) (Version: - hxxp://www.MP4ToMP3Converter.net)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.65 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.7.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.7.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.140.952 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Update 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.9 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.9 - NVIDIA Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Oracle VM VirtualBox 4.2.12 (HKLM\...\{0C1DE303-E41B-44BA-8ABA-B7F09D857001}) (Version: 4.2.12 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.10.4710 - Electronic Arts, Inc.)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6392 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.0.1.11053_99 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.0.1.11053_99 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
SHIELD Streaming (Version: 1.6.53 - NVIDIA Corporation) Hidden
Shopping Helper Smartbar Engine (HKCU\...\{d0f3a858-25bf-40b1-8446-1b8183a0243e}) (Version: 10.215.63.15249 - ReSoft Ltd.) <==== ATTENTION
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SmartWeb (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{34677ac8}) (Version: - Surfnet) <==== ATTENTION
Speccy (HKLM\...\Speccy) (Version: 1.18 - Piriform)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 7.0.0.31 - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Street Fighter X Tekken (x32 Version: 1.0.0001.130 - CAPCOM U.S.A., INC) Hidden
Street Fighter X Tekken (x32 Version: 1.0.0002.130 - CAPCOM U.S.A., INC) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.11.1 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 7 - Gameforge Productions GmbH)
UnloadSupport (x32 Version: 9.0.0 - Hewlett-Packard) Hidden
VLC media player 2.0.2 (HKLM\...\VLC media player) (Version: 2.0.2 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
XFast LAN v6.61 (HKLM\...\XFast LAN) (Version: 6.61 - cFos Software GmbH, Bonn)
==================== Restore Points =========================
20-03-2014 15:59:30 Geplanter Prüfpunkt
20-03-2014 23:58:48 Windows Update
21-03-2014 19:57:03 Windows Defender Checkpoint
21-03-2014 19:59:55 Removed Microsoft Silverlight
21-03-2014 20:55:35 Removed SaferSurf
25-03-2014 05:52:16 Windows Update
26-03-2014 18:19:29 MorphVOX Pro
27-03-2014 18:23:05 Uniblue SpeedUpMyPC installation
27-03-2014 18:35:44 Uniblue SpeedUpMyPC installation
27-03-2014 19:20:44 Uniblue SpeedUpMyPC installation
27-03-2014 20:22:18 Entfernt THX TruStudio
27-03-2014 23:27:46 Removed Apple Application Support
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {03E3B24D-BEA9-4CD5-8774-302389AD6440} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {109B50D6-6F37-455D-B86C-196AB5675BF5} - System32\Tasks\{F7DFF4E3-6C86-4799-98B0-66026C848DDE} => C:\Program Files (x86)\Origin Games\Crysis 3 - Digital Deluxe Edition Content\Launcher.exe [2013-01-31] (Crytek GmbH)
Task: {3AC169BD-22B2-4C4C-9467-65F5D27CB76D} - \RegClean Pro_UPDATES No Task File
Task: {4E582A10-9161-40C4-95BC-7C4F95A5CB10} - \EPUpdater No Task File
Task: {548D25BA-42E6-46E4-8A74-4C0298BEE0DA} - \RegClean Pro_DEFAULT No Task File
Task: {5B17A072-57FA-4E6E-AAC4-C30ADBD3C8DD} - \SaveSenseLiveUpdateTaskMachineCore No Task File
Task: {748CC972-F906-4E4F-B202-00713AD288F0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-11-23] (Piriform Ltd)
Task: {806A843E-136B-44C4-AD0E-0C0D8666AC08} - \SpeedUpMyPC Maintenance No Task File
Task: {87542AFF-34DC-4258-8200-EB3C7CF62F37} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-30] (AVAST Software)
Task: {8832BA48-BD2F-4BF9-80D9-C974A47AC5A8} - System32\Tasks\SaveSenseLiveUpdateTaskMachineUA => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
Task: {A0AC8125-FDDD-4BB0-9B43-19311F2C48DB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A7C84CD8-DCE2-4A5A-9AF5-5904DD5D157F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {B25889E6-A4B2-43D7-AE1D-2FFB7A564DC1} - \SpeedUpMyPC Startup No Task File
Task: {C3256B8D-B586-400C-8524-68E58DA7EF2E} - \bench-sys No Task File
Task: {C3A7D65D-8A4B-4346-80B7-286A25CE0EC2} - System32\Tasks\bench-Updater removing
Task: {C5B5DC8F-5ECE-4504-A08C-557F3BE507C0} - \Advanced System Protector_startup No Task File
Task: {E654DBE0-864E-4B05-8762-6FF03ED95034} - \RegClean Pro No Task File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\bench-Updater removing.job => ?
Task: C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2012-09-12 19:28 - 2013-10-23 09:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-02-09 12:41 - 2014-02-09 12:41 - 00032288 _____ () C:\Program Files (x86)\LPT\srpts.exe
2013-10-07 23:58 - 2013-10-07 23:58 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-02-09 12:41 - 2014-02-09 12:41 - 00013344 _____ () C:\Program Files (x86)\LPT\srptm.exe
2013-01-01 17:14 - 2012-06-29 13:10 - 00836608 _____ () C:\Program Files\AVAST Software\Avast\VERSION.dll
2014-03-28 00:00 - 2014-03-27 22:10 - 02283520 _____ () C:\Program Files\AVAST Software\Avast\defs\14032701\algo.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-09 12:41 - 2014-02-09 12:41 - 00070176 _____ () C:\Program Files (x86)\LPT\srpt.dll
2014-02-09 12:41 - 2014-02-09 12:41 - 00022048 _____ () C:\Program Files (x86)\LPT\srptc.dll
2014-02-09 12:41 - 2014-02-09 12:41 - 00018976 _____ () C:\Program Files (x86)\LPT\Smartbar.Common.dll
2014-02-15 02:56 - 2014-02-15 02:56 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-02-09 12:41 - 2014-02-09 12:41 - 00052256 _____ () C:\Program Files (x86)\LPT\srut.dll
2014-02-09 12:41 - 2014-02-09 12:41 - 00054304 _____ () C:\Program Files (x86)\LPT\sppsm.dll
2014-02-09 12:41 - 2014-02-09 12:41 - 00152608 _____ () C:\Program Files (x86)\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll
2014-02-09 12:41 - 2014-02-09 12:41 - 00017440 _____ () C:\Program Files (x86)\LPT\Smartbar.Personalization.Common.dll
2014-02-09 12:41 - 2014-02-09 12:41 - 00166432 _____ () C:\Program Files (x86)\LPT\Smartbar.Infrastructure.Utilities.dll
2014-02-09 12:41 - 2014-02-09 12:41 - 00037408 _____ () C:\Program Files (x86)\LPT\srbu.dll
2014-02-09 12:41 - 2014-02-09 12:41 - 00014880 _____ () C:\Program Files (x86)\LPT\srpdm.dll
2014-02-09 12:41 - 2014-02-09 12:41 - 00033824 _____ () C:\Program Files (x86)\LPT\Smartbar.Monetization.Proxy.ProxyService.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ASProxy => ""="service"
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupfolder: C:^Users^*******^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DesktopWeatherAlerts.lnk => C:\Windows\pss\DesktopWeatherAlerts.lnk.Startup
MSCONFIG\startupfolder: C:^Users^*******^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^lollipop.lnk => C:\Windows\pss\lollipop.lnk.Startup
MSCONFIG\startupfolder: C:^Users^*******^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupfolder: C:^Users^*******^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupfolder: C:^Users^*******^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PricePeepUpdater.lnk => C:\Windows\pss\PricePeepUpdater.lnk.Startup
MSCONFIG\startupfolder: C:^Users^*******^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Weather Alerts.lnk => C:\Windows\pss\Weather Alerts.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ASRSetup.exe => C:\Users\*******\AppData\Roaming\49C79A.exe
MSCONFIG\startupreg: Astrill => "C:\Program Files (x86)\Astrill\astrill.exe" /autostart
MSCONFIG\startupreg: Browser Infrastructure Helper => C:\Users\*******\AppData\Local\Smartbar\Application\Smartbar.exe startup
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: Guard.Mail.ru.gui => "C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe" /gui
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: ICQ => "C:\Program Files (x86)\ICQ7M\ICQ.exe" silent loginmode=4
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Iwdis => "C:\Users\*******\AppData\Roaming\Dehaak\itkyo.exe"
MSCONFIG\startupreg: KiesPDLR => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Kuveemokyr => "C:\Users\*******\AppData\Roaming\Etfi\iksi.exe"
MSCONFIG\startupreg: Lycygoq => "C:\Users\*******\AppData\Roaming\Nale\afuqa.exe"
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NVIDIA Corporation => C:\Users\*******\AppData\Roaming\0ACE8B.exe
MSCONFIG\startupreg: Nvtmru => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: Policies => C:\Users\*******\AppData\Roaming\0ACE8B.exe
MSCONFIG\startupreg: Realtek => C:\Users\*******\AppData\Roaming\49C79A.exe
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SmartViewAgent => "C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe"
MSCONFIG\startupreg: SonyAgent => C:\Windows\Temp\temp03.exe
MSCONFIG\startupreg: STCAgent => "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: THX TruStudio NB Settings => "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
MSCONFIG\startupreg: THXCfg64 => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
MSCONFIG\startupreg: Update => C:\Users\*******\AppData\Roaming\system\winlogon.exe
MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE
MSCONFIG\startupreg: wcmhufvvemuvbqq => C:\ProgramData\wcmhufvv.exe
MSCONFIG\startupreg: XFast LAN => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe
MSCONFIG\startupreg: XFastUsb => C:\Program Files (x86)\XFastUsb\XFastUsb.exe
MSCONFIG\startupreg: Xiecut => "C:\Users\*******\AppData\Roaming\Kepyy\otsay.exe"
MSCONFIG\startupreg: ZyngaGamesAgent => "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/28/2014 00:53:41 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/28/2014 00:52:11 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: taskeng.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce79d2c
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeb033f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000027de
ID des fehlerhaften Prozesses: 0x58c
Startzeit der fehlerhaften Anwendung: 0xtaskeng.exe0
Pfad der fehlerhaften Anwendung: taskeng.exe1
Pfad des fehlerhaften Moduls: taskeng.exe2
Berichtskennung: taskeng.exe3
Error: (03/28/2014 00:25:02 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/28/2014 00:23:10 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: taskeng.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce79d2c
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeb033f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000027de
ID des fehlerhaften Prozesses: 0x6b8
Startzeit der fehlerhaften Anwendung: 0xtaskeng.exe0
Pfad der fehlerhaften Anwendung: taskeng.exe1
Pfad des fehlerhaften Moduls: taskeng.exe2
Berichtskennung: taskeng.exe3
Error: (03/28/2014 00:12:33 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: taskeng.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce79d2c
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeb033f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000027de
ID des fehlerhaften Prozesses: 0x1160
Startzeit der fehlerhaften Anwendung: 0xtaskeng.exe0
Pfad der fehlerhaften Anwendung: taskeng.exe1
Pfad des fehlerhaften Moduls: taskeng.exe2
Berichtskennung: taskeng.exe3
Error: (03/28/2014 00:09:00 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: taskeng.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce79d2c
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeb033f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000027de
ID des fehlerhaften Prozesses: 0x1298
Startzeit der fehlerhaften Anwendung: 0xtaskeng.exe0
Pfad der fehlerhaften Anwendung: taskeng.exe1
Pfad des fehlerhaften Moduls: taskeng.exe2
Berichtskennung: taskeng.exe3
Error: (03/27/2014 11:59:03 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000f269
ID des fehlerhaften Prozesses: 0x808
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Error: (03/27/2014 11:58:59 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/27/2014 11:57:26 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: taskeng.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce79d2c
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeb033f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000027de
ID des fehlerhaften Prozesses: 0x59c
Startzeit der fehlerhaften Anwendung: 0xtaskeng.exe0
Pfad der fehlerhaften Anwendung: taskeng.exe1
Pfad des fehlerhaften Moduls: taskeng.exe2
Berichtskennung: taskeng.exe3
Error: (03/27/2014 09:21:19 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (03/28/2014 00:08:16 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (03/28/2014 00:08:08 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Dienst "Bonjour"" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/28/2014 00:08:05 AM) (Source: Service Control Manager) (User: )
Description: Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/28/2014 00:07:52 AM) (Source: Service Control Manager) (User: )
Description: Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/28/2014 00:07:46 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (03/28/2014 00:03:51 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error: (03/27/2014 09:20:24 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Apple Mobile Device" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (03/27/2014 09:20:24 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Apple Mobile Device erreicht.
Error: (03/27/2014 08:13:46 PM) (Source: Service Control Manager) (User: )
Description: Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/27/2014 08:03:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Search Protect by Conduit Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (03/28/2014 00:53:41 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/28/2014 00:52:11 AM) (Source: Application Error)(User: )
Description: taskeng.exe6.1.7601.175144ce79d2cmsvcrt.dll7.0.7601.177444eeb033fc000000500000000000027de58c01cf4a1787ccb63bC:\Windows\system32\taskeng.exeC:\Windows\system32\msvcrt.dllcfc4546b-b60a-11e3-89d4-bc5ff41b60e7
Error: (03/28/2014 00:25:02 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/28/2014 00:23:10 AM) (Source: Application Error)(User: )
Description: taskeng.exe6.1.7601.175144ce79d2cmsvcrt.dll7.0.7601.177444eeb033fc000000500000000000027de6b801cf4a13797579c7C:\Windows\system32\taskeng.exeC:\Windows\system32\msvcrt.dllc2562fe5-b606-11e3-b8a2-bc5ff41b60e7
Error: (03/28/2014 00:12:33 AM) (Source: Application Error)(User: )
Description: taskeng.exe6.1.7601.175144ce79d2cmsvcrt.dll7.0.7601.177444eeb033fc000000500000000000027de116001cf4a11ad558cebC:\Windows\system32\taskeng.exeC:\Windows\system32\msvcrt.dll46a80b91-b605-11e3-87b2-bc5ff41b60e7
Error: (03/28/2014 00:09:00 AM) (Source: Application Error)(User: )
Description: taskeng.exe6.1.7601.175144ce79d2cmsvcrt.dll7.0.7601.177444eeb033fc000000500000000000027de129801cf4a1189926956C:\Windows\system32\taskeng.exeC:\Windows\system32\msvcrt.dllc75474e4-b604-11e3-87b2-bc5ff41b60e7
Error: (03/27/2014 11:59:03 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c0000005000000000000f26980801cf4a0fe1347f3cC:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll63430a3b-b603-11e3-87b2-bc5ff41b60e7
Error: (03/27/2014 11:58:59 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/27/2014 11:57:26 PM) (Source: Application Error)(User: )
Description: taskeng.exe6.1.7601.175144ce79d2cmsvcrt.dll7.0.7601.177444eeb033fc000000500000000000027de59c01cf4a0fe04ffb22C:\Windows\system32\taskeng.exeC:\Windows\system32\msvcrt.dll29c6d6de-b603-11e3-87b2-bc5ff41b60e7
Error: (03/27/2014 09:21:19 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Percentage of memory in use: 13%
Total physical RAM: 15274.58 MB
Available physical RAM: 13146.18 MB
Total Pagefile: 30547.34 MB
Available Pagefile: 28321.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.41 GB) (Free:468.44 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: F66B81DE)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
28.03.2014, 14:10
| #4 |
| | Pc Virusbefall/Keylogger durch Survey Webseite Gmer Teil 1 Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-28 01:22:23
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 ST1000DM005_HD103SJ rev.1AJ10001 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\*********S~1\AppData\Local\Temp\ugtdapob.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 000000014a5a0460
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 000000014a5a0450
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 000000014a5a0370
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 000000014a5a0470
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 000000014a5a03e0
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 000000014a5a0320
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 000000014a5a03b0
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 000000014a5a0390
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 000000014a5a02e0
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 000000014a5a02d0
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 000000014a5a0310
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 000000014a5a03c0
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 000000014a5a03f0
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 000000014a5a0230
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 000000014a5a0480
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 000000014a5a03a0
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 000000014a5a02f0
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 000000014a5a0350
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 000000014a5a0290
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 000000014a5a02b0
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 000000014a5a03d0
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 000000014a5a0330
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 000000014a5a0410
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 000000014a5a0240
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 000000014a5a01e0
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 000000014a5a0250
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 000000014a5a0490
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 000000014a5a04a0
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 000000014a5a0300
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 000000014a5a0360
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 000000014a5a02a0
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 000000014a5a02c0
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 000000014a5a0380
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 000000014a5a0340
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 000000014a5a0440
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 000000014a5a0260
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 000000014a5a0270
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 000000014a5a0400
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 000000014a5a01f0
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 000000014a5a0210
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 000000014a5a0200
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 000000014a5a0420
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 000000014a5a0430
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 000000014a5a0220
.text C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 000000014a5a0280
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 000000014a5a0460
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 000000014a5a0450
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 000000014a5a0370
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 000000014a5a0470
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 000000014a5a03e0
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 000000014a5a0320
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 000000014a5a03b0
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 000000014a5a0390
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 000000014a5a02e0
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 000000014a5a02d0
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 000000014a5a0310
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 000000014a5a03c0
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 000000014a5a03f0
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 000000014a5a0230
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 000000014a5a0480
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 000000014a5a03a0
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 000000014a5a02f0
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 000000014a5a0350
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 000000014a5a0290
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 000000014a5a02b0
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 000000014a5a03d0
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 000000014a5a0330
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 000000014a5a0410
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 000000014a5a0240
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 000000014a5a01e0
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 000000014a5a0250
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 000000014a5a0490
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 000000014a5a04a0
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 000000014a5a0300
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 000000014a5a0360
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 000000014a5a02a0
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 000000014a5a02c0
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 000000014a5a0380
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 000000014a5a0340
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 000000014a5a0440
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 000000014a5a0260
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 000000014a5a0270
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 000000014a5a0400
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 000000014a5a01f0
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 000000014a5a0210
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 000000014a5a0200
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 000000014a5a0420
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 000000014a5a0430
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 000000014a5a0220
.text C:\Windows\system32\csrss.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 000000014a5a0280
.text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460
.text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450
.text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370
.text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470
.text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0
.text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320
.text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0
.text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390
.text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0
.text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0
.text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310
.text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0
.text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0
.text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230
.text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480
.text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0
.text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0
.text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350
.text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290
.text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0
.text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0
.text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330
.text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410
.text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240
.text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0
.text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250
.text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490
.text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0
.text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300
.text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360
.text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0
.text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0
.text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380
.text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340
.text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440
.text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260
.text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270
.text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400
.text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0
.text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210
.text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200
.text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420
.text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430
.text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220
.text C:\Windows\system32\wininit.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280
.text C:\Windows\system32\wininit.exe[640] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743eecd 1 byte [62]
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743eecd 1 byte [62]
.text C:\Windows\system32\services.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460
.text C:\Windows\system32\services.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450
.text C:\Windows\system32\services.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370
.text C:\Windows\system32\services.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470
.text C:\Windows\system32\services.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0
.text C:\Windows\system32\services.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320
.text C:\Windows\system32\services.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0
.text C:\Windows\system32\services.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390
.text C:\Windows\system32\services.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0
.text C:\Windows\system32\services.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0
.text C:\Windows\system32\services.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310
.text C:\Windows\system32\services.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0
.text C:\Windows\system32\services.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0
.text C:\Windows\system32\services.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230
.text C:\Windows\system32\services.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480
.text C:\Windows\system32\services.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0
.text C:\Windows\system32\services.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0
.text C:\Windows\system32\services.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350
.text C:\Windows\system32\services.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290
.text C:\Windows\system32\services.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0
.text C:\Windows\system32\services.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0
.text C:\Windows\system32\services.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330
.text C:\Windows\system32\services.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410
.text C:\Windows\system32\services.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240
.text C:\Windows\system32\services.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0
.text C:\Windows\system32\services.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250
.text C:\Windows\system32\services.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490
.text C:\Windows\system32\services.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0
.text C:\Windows\system32\services.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300
.text C:\Windows\system32\services.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360
.text C:\Windows\system32\services.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0
.text C:\Windows\system32\services.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0
.text C:\Windows\system32\services.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380
.text C:\Windows\system32\services.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340
.text C:\Windows\system32\services.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440
.text C:\Windows\system32\services.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260
.text C:\Windows\system32\services.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270
.text C:\Windows\system32\services.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400
.text C:\Windows\system32\services.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0
.text C:\Windows\system32\services.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210
.text C:\Windows\system32\services.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200
.text C:\Windows\system32\services.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420
.text C:\Windows\system32\services.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430
.text C:\Windows\system32\services.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220
.text C:\Windows\system32\services.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280
.text C:\Windows\system32\services.exe[736] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743eecd 1 byte [62]
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220
.text C:\Windows\system32\lsass.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280
.text C:\Windows\system32\lsass.exe[744] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743eecd 1 byte [62]
.text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460
.text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450
.text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370
.text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470
.text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0
.text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320
.text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0
.text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390
.text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0
.text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0
.text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310
.text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0
.text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0
.text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230
.text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480
.text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0
.text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0
.text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350
.text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290
.text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0
.text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0
.text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330
.text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410
.text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240
.text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0
.text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250
.text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490
.text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0
.text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300
.text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360
.text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0
.text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0
.text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380
.text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340
.text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440
.text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260
.text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270
.text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400
.text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0
.text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210
.text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200
.text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420
.text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430
.text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220
.text C:\Windows\system32\lsm.exe[752] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280
.text C:\Windows\system32\svchost.exe[844] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743eecd 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460
.text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450
.text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370
.text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470
.text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0
.text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320
.text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0
.text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390
.text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0
.text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0
.text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310
.text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0
.text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0
.text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230
.text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480
.text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0
.text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0
.text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350
.text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290
.text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0
.text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0
.text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330
.text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410
.text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240
|
|
28.03.2014, 14:11
| #5 |
| | Pc Virusbefall/Keylogger durch Survey Webseite Gmer Teil 2 Code:
ATTFilter .text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0
.text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250
.text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490
.text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0
.text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300
.text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360
.text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0
.text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0
.text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380
.text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340
.text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440
.text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260
.text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270
.text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400
.text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0
.text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210
.text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200
.text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420
.text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430
.text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220
.text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280
.text C:\Windows\system32\nvvsvc.exe[920] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743eecd 1 byte [62]
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[944] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007597a2ba 1 byte [62]
.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460
.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450
.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370
.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470
.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0
.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320
.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0
.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390
.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0
.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0
.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310
.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0
.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0
.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230
.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480
.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0
.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0
.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350
.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290
.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0
.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0
.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330
.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410
.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240
.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0
.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250
.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490
.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0
.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300
.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360
.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0
.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0
.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380
.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340
.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440
.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260
.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270
.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400
.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0
.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210
.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200
.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420
.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430
.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220
.text C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280
.text C:\Windows\system32\svchost.exe[988] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460
.text C:\Windows\System32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450
.text C:\Windows\System32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370
.text C:\Windows\System32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470
.text C:\Windows\System32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0
.text C:\Windows\System32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320
.text C:\Windows\System32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0
.text C:\Windows\System32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390
.text C:\Windows\System32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0
.text C:\Windows\System32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0
.text C:\Windows\System32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310
.text C:\Windows\System32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0
.text C:\Windows\System32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0
.text C:\Windows\System32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230
.text C:\Windows\System32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480
.text C:\Windows\System32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0
.text C:\Windows\System32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0
.text C:\Windows\System32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350
.text C:\Windows\System32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290
.text C:\Windows\System32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0
.text C:\Windows\System32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0
.text C:\Windows\System32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330
.text C:\Windows\System32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410
.text C:\Windows\System32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240
.text C:\Windows\System32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0
.text C:\Windows\System32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250
.text C:\Windows\System32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490
.text C:\Windows\System32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0
.text C:\Windows\System32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300
.text C:\Windows\System32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360
.text C:\Windows\System32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0
.text C:\Windows\System32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0
.text C:\Windows\System32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380
.text C:\Windows\System32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340
.text C:\Windows\System32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440
.text C:\Windows\System32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260
.text C:\Windows\System32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270
.text C:\Windows\System32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400
.text C:\Windows\System32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0
.text C:\Windows\System32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210
.text C:\Windows\System32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200
.text C:\Windows\System32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420
.text C:\Windows\System32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430
.text C:\Windows\System32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220
.text C:\Windows\System32\svchost.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280
.text C:\Windows\System32\svchost.exe[592] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[624] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460
.text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450
.text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370
.text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470
.text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0
.text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320
.text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0
.text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390
.text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0
.text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0
.text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310
.text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0
.text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0
.text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230
.text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480
.text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0
.text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0
.text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350
.text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290
.text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0
.text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0
.text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330
.text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410
.text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240
.text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0
.text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250
.text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490
.text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0
.text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300
.text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360
.text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0
.text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0
.text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380
.text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340
.text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440
.text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260
.text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270
.text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400
.text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0
.text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210
.text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200
.text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420
.text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430
.text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220
.text C:\Windows\system32\svchost.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280
.text C:\Windows\system32\svchost.exe[748] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1144] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460
.text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450
.text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370
.text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470
.text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0
.text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320
.text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0
.text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390
.text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0
.text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0
.text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310
.text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0
.text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0
.text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230
.text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480
.text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0
.text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0
.text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350
.text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290
.text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0
.text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0
.text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330
.text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410
.text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240
.text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0
.text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250
.text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490
.text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0
.text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300
.text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360
.text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0
.text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0
.text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380
.text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340
.text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440
.text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260
.text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270
.text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400
.text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0
.text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210
.text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200
.text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420
.text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430
.text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220
.text C:\Windows\system32\svchost.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280
.text C:\Windows\system32\svchost.exe[1292] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743eecd 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1472] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1472] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743eecd 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460
.text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450
.text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370
.text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470
.text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0
.text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320
.text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0
.text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390
.text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0
.text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0
.text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310
.text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0
.text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0
.text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230
.text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480
.text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0
.text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0
.text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350
.text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290
.text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0
.text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0
.text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330
.text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410
.text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240
.text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0
.text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250
.text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490
.text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0
.text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300
.text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360
.text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0
.text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0
.text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380
.text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340
.text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440
.text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260
.text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270
.text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400
.text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0
.text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210
.text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200
.text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420
.text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430
.text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220
.text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280
.text C:\Windows\system32\nvvsvc.exe[1484] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743eecd 1 byte [62]
.text C:\Windows\system32\Dwm.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460
.text C:\Windows\system32\Dwm.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450
.text C:\Windows\system32\Dwm.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370
.text C:\Windows\system32\Dwm.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470
.text C:\Windows\system32\Dwm.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0
.text C:\Windows\system32\Dwm.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320
.text C:\Windows\system32\Dwm.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0
.text C:\Windows\system32\Dwm.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390
.text C:\Windows\system32\Dwm.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0
.text C:\Windows\system32\Dwm.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0
.text C:\Windows\system32\Dwm.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310
.text C:\Windows\system32\Dwm.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0
.text C:\Windows\system32\Dwm.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0
.text C:\Windows\system32\Dwm.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230
.text C:\Windows\system32\Dwm.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480
.text C:\Windows\system32\Dwm.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0
.text C:\Windows\system32\Dwm.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0
.text C:\Windows\system32\Dwm.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350
.text C:\Windows\system32\Dwm.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290
.text C:\Windows\system32\Dwm.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0
.text C:\Windows\system32\Dwm.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0
.text C:\Windows\system32\Dwm.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330
.text C:\Windows\system32\Dwm.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410
.text C:\Windows\system32\Dwm.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240
.text C:\Windows\system32\Dwm.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0
.text C:\Windows\system32\Dwm.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250
.text C:\Windows\system32\Dwm.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490
.text C:\Windows\system32\Dwm.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0
.text C:\Windows\system32\Dwm.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300
.text C:\Windows\system32\Dwm.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360
.text C:\Windows\system32\Dwm.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0
.text C:\Windows\system32\Dwm.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0
.text C:\Windows\system32\Dwm.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380
.text C:\Windows\system32\Dwm.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340
.text C:\Windows\system32\Dwm.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440
.text C:\Windows\system32\Dwm.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260
.text C:\Windows\system32\Dwm.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270
.text C:\Windows\system32\Dwm.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400
.text C:\Windows\system32\Dwm.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0
.text C:\Windows\system32\Dwm.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210
.text C:\Windows\system32\Dwm.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200
.text C:\Windows\system32\Dwm.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420
.text C:\Windows\system32\Dwm.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430
.text C:\Windows\system32\Dwm.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220
.text C:\Windows\system32\Dwm.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280
.text C:\Windows\system32\Dwm.exe[1728] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743eecd 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460
.text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450
.text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370
.text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470
.text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0
.text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320
.text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0
.text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390
.text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0
.text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0
.text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310
.text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0
.text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0
.text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230
.text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480
.text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0
.text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0
.text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350
.text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290
.text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0
.text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0
.text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330
.text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410
.text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240
.text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0
.text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250
.text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490
.text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0
.text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300
.text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360
.text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0
.text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0
.text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380
.text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340
.text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440
.text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260
.text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270
.text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400
.text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0
.text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210
.text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200
.text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420
.text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430
.text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220
.text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280
.text C:\Windows\System32\spoolsv.exe[1748] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743eecd 1 byte [62]
.text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460
.text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450
.text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370
.text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470
.text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0
.text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320
.text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0
.text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390
.text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0
.text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0
.text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310
.text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0
.text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0
.text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230
.text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480
.text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0
.text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0
.text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350
.text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290
.text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0
.text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0
.text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330
.text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410
.text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240
.text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0
.text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250
.text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490
.text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0
.text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300
.text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360
.text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0
.text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0
.text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380
.text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340
.text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440
.text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260
.text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270
.text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400
.text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0
.text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210
.text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200
.text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420
.text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430
.text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220
.text C:\Windows\Explorer.EXE[1776] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280
.text C:\Windows\Explorer.EXE[1776] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743eecd 1 byte [62]
.text C:\Windows\system32\taskhost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460
.text C:\Windows\system32\taskhost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450
.text C:\Windows\system32\taskhost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370
.text C:\Windows\system32\taskhost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470
.text C:\Windows\system32\taskhost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0
.text C:\Windows\system32\taskhost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320
.text C:\Windows\system32\taskhost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0
.text C:\Windows\system32\taskhost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390
.text C:\Windows\system32\taskhost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0
.text C:\Windows\system32\taskhost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0
.text C:\Windows\system32\taskhost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310
.text C:\Windows\system32\taskhost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0
.text C:\Windows\system32\taskhost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0
.text C:\Windows\system32\taskhost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230
.text C:\Windows\system32\taskhost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480
.text C:\Windows\system32\taskhost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0
.text C:\Windows\system32\taskhost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0
.text C:\Windows\system32\taskhost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350
.text C:\Windows\system32\taskhost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290
.text C:\Windows\system32\taskhost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0
.text C:\Windows\system32\taskhost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0
.text C:\Windows\system32\taskhost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330
.text C:\Windows\system32\taskhost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410
.text C:\Windows\system32\taskhost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240
.text C:\Windows\system32\taskhost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0
.text C:\Windows\system32\taskhost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250
.text C:\Windows\system32\taskhost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490
.text C:\Windows\system32\taskhost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0
.text C:\Windows\system32\taskhost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300
.text C:\Windows\system32\taskhost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360
.text C:\Windows\system32\taskhost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0
.text C:\Windows\system32\taskhost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0
.text C:\Windows\system32\taskhost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380
.text C:\Windows\system32\taskhost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340
.text C:\Windows\system32\taskhost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440
.text C:\Windows\system32\taskhost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260
.text C:\Windows\system32\taskhost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270
.text C:\Windows\system32\taskhost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400
.text C:\Windows\system32\taskhost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0
.text C:\Windows\system32\taskhost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210
.text C:\Windows\system32\taskhost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200
.text C:\Windows\system32\taskhost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420
.text C:\Windows\system32\taskhost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430
.text C:\Windows\system32\taskhost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220
.text C:\Windows\system32\taskhost.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280
.text C:\Windows\system32\taskhost.exe[1868] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460
.text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450
.text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370
.text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470
.text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0
.text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320
.text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0
.text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390
.text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0
.text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0
.text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310
.text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0
.text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0
.text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230
.text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480
.text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0
.text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0
|
|
28.03.2014, 14:13
| #6 |
| | Pc Virusbefall/Keylogger durch Survey Webseite Gmer Teil 3 Code:
ATTFilter .text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350
.text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290
.text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0
.text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0
.text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330
.text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410
.text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240
.text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0
.text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250
.text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490
.text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0
.text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300
.text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360
.text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0
.text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0
.text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380
.text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340
.text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440
.text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260
.text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270
.text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400
.text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0
.text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210
.text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200
.text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420
.text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430
.text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220
.text C:\Windows\system32\svchost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280
.text C:\Windows\system32\svchost.exe[1920] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743eecd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1380] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007597a2ba 1 byte [62]
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1572] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007597a2ba 1 byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460
.text C:\Program Files\Bonjour\mDNSResponder.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450
.text C:\Program Files\Bonjour\mDNSResponder.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370
.text C:\Program Files\Bonjour\mDNSResponder.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470
.text C:\Program Files\Bonjour\mDNSResponder.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320
.text C:\Program Files\Bonjour\mDNSResponder.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390
.text C:\Program Files\Bonjour\mDNSResponder.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310
.text C:\Program Files\Bonjour\mDNSResponder.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230
.text C:\Program Files\Bonjour\mDNSResponder.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480
.text C:\Program Files\Bonjour\mDNSResponder.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350
.text C:\Program Files\Bonjour\mDNSResponder.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290
.text C:\Program Files\Bonjour\mDNSResponder.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330
.text C:\Program Files\Bonjour\mDNSResponder.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410
.text C:\Program Files\Bonjour\mDNSResponder.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240
.text C:\Program Files\Bonjour\mDNSResponder.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250
.text C:\Program Files\Bonjour\mDNSResponder.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490
.text C:\Program Files\Bonjour\mDNSResponder.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300
.text C:\Program Files\Bonjour\mDNSResponder.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360
.text C:\Program Files\Bonjour\mDNSResponder.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380
.text C:\Program Files\Bonjour\mDNSResponder.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340
.text C:\Program Files\Bonjour\mDNSResponder.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440
.text C:\Program Files\Bonjour\mDNSResponder.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260
.text C:\Program Files\Bonjour\mDNSResponder.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270
.text C:\Program Files\Bonjour\mDNSResponder.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400
.text C:\Program Files\Bonjour\mDNSResponder.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210
.text C:\Program Files\Bonjour\mDNSResponder.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200
.text C:\Program Files\Bonjour\mDNSResponder.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420
.text C:\Program Files\Bonjour\mDNSResponder.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430
.text C:\Program Files\Bonjour\mDNSResponder.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220
.text C:\Program Files\Bonjour\mDNSResponder.exe[1080] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280
.text C:\Program Files\Bonjour\mDNSResponder.exe[1080] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743eecd 1 byte [62]
.text C:\Program Files\ASRock\XFast LAN\spd.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460
.text C:\Program Files\ASRock\XFast LAN\spd.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450
.text C:\Program Files\ASRock\XFast LAN\spd.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370
.text C:\Program Files\ASRock\XFast LAN\spd.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470
.text C:\Program Files\ASRock\XFast LAN\spd.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0
.text C:\Program Files\ASRock\XFast LAN\spd.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320
.text C:\Program Files\ASRock\XFast LAN\spd.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0
.text C:\Program Files\ASRock\XFast LAN\spd.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390
.text C:\Program Files\ASRock\XFast LAN\spd.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0
.text C:\Program Files\ASRock\XFast LAN\spd.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0
.text C:\Program Files\ASRock\XFast LAN\spd.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310
.text C:\Program Files\ASRock\XFast LAN\spd.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0
.text C:\Program Files\ASRock\XFast LAN\spd.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0
.text C:\Program Files\ASRock\XFast LAN\spd.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230
.text C:\Program Files\ASRock\XFast LAN\spd.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480
.text C:\Program Files\ASRock\XFast LAN\spd.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0
.text C:\Program Files\ASRock\XFast LAN\spd.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0
.text C:\Program Files\ASRock\XFast LAN\spd.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350
.text C:\Program Files\ASRock\XFast LAN\spd.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290
.text C:\Program Files\ASRock\XFast LAN\spd.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0
.text C:\Program Files\ASRock\XFast LAN\spd.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0
.text C:\Program Files\ASRock\XFast LAN\spd.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330
.text C:\Program Files\ASRock\XFast LAN\spd.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410
.text C:\Program Files\ASRock\XFast LAN\spd.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240
.text C:\Program Files\ASRock\XFast LAN\spd.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0
.text C:\Program Files\ASRock\XFast LAN\spd.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250
.text C:\Program Files\ASRock\XFast LAN\spd.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490
.text C:\Program Files\ASRock\XFast LAN\spd.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0
.text C:\Program Files\ASRock\XFast LAN\spd.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300
.text C:\Program Files\ASRock\XFast LAN\spd.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360
.text C:\Program Files\ASRock\XFast LAN\spd.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0
.text C:\Program Files\ASRock\XFast LAN\spd.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0
.text C:\Program Files\ASRock\XFast LAN\spd.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380
.text C:\Program Files\ASRock\XFast LAN\spd.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340
.text C:\Program Files\ASRock\XFast LAN\spd.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440
.text C:\Program Files\ASRock\XFast LAN\spd.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260
.text C:\Program Files\ASRock\XFast LAN\spd.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270
.text C:\Program Files\ASRock\XFast LAN\spd.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400
.text C:\Program Files\ASRock\XFast LAN\spd.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0
.text C:\Program Files\ASRock\XFast LAN\spd.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210
.text C:\Program Files\ASRock\XFast LAN\spd.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200
.text C:\Program Files\ASRock\XFast LAN\spd.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420
.text C:\Program Files\ASRock\XFast LAN\spd.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430
.text C:\Program Files\ASRock\XFast LAN\spd.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220
.text C:\Program Files\ASRock\XFast LAN\spd.exe[2088] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280
.text C:\Program Files\ASRock\XFast LAN\spd.exe[2088] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743eecd 1 byte [62]
.text C:\Program Files (x86)\LPT\srpts.exe[2140] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007597a2ba 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2264] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007597a2ba 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2376] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[2632] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743eecd 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2656] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2656] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743eecd 1 byte [62]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2860] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007597a2ba 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2892] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743eecd 1 byte [62]
.text C:\Windows\system32\conhost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460
.text C:\Windows\system32\conhost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450
.text C:\Windows\system32\conhost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370
.text C:\Windows\system32\conhost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470
.text C:\Windows\system32\conhost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0
.text C:\Windows\system32\conhost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320
.text C:\Windows\system32\conhost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0
.text C:\Windows\system32\conhost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390
.text C:\Windows\system32\conhost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0
.text C:\Windows\system32\conhost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0
.text C:\Windows\system32\conhost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310
.text C:\Windows\system32\conhost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0
.text C:\Windows\system32\conhost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0
.text C:\Windows\system32\conhost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230
.text C:\Windows\system32\conhost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480
.text C:\Windows\system32\conhost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0
.text C:\Windows\system32\conhost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0
.text C:\Windows\system32\conhost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350
.text C:\Windows\system32\conhost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290
.text C:\Windows\system32\conhost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0
.text C:\Windows\system32\conhost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0
.text C:\Windows\system32\conhost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330
.text C:\Windows\system32\conhost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410
.text C:\Windows\system32\conhost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240
.text C:\Windows\system32\conhost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0
.text C:\Windows\system32\conhost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250
.text C:\Windows\system32\conhost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490
.text C:\Windows\system32\conhost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0
.text C:\Windows\system32\conhost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300
.text C:\Windows\system32\conhost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360
.text C:\Windows\system32\conhost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0
.text C:\Windows\system32\conhost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0
.text C:\Windows\system32\conhost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380
.text C:\Windows\system32\conhost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340
.text C:\Windows\system32\conhost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440
.text C:\Windows\system32\conhost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260
.text C:\Windows\system32\conhost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270
.text C:\Windows\system32\conhost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400
.text C:\Windows\system32\conhost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0
.text C:\Windows\system32\conhost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210
.text C:\Windows\system32\conhost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200
.text C:\Windows\system32\conhost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420
.text C:\Windows\system32\conhost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430
.text C:\Windows\system32\conhost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220
.text C:\Windows\system32\conhost.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280
.text C:\Windows\system32\conhost.exe[2904] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[2984] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743eecd 1 byte [62]
.text C:\Windows\SysWOW64\PnkBstrA.exe[3004] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007597a2ba 1 byte [62]
.text C:\Windows\SysWOW64\PnkBstrA.exe[3004] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000074d61a22 2 bytes [D6, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[3004] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000074d61ad0 2 bytes [D6, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[3004] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000074d61b08 2 bytes [D6, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[3004] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000074d61bba 2 bytes [D6, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[3004] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000074d61bda 2 bytes [D6, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fd1465 2 bytes [FD, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[3004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fd14bb 2 bytes [FD, 76]
|
|
28.03.2014, 14:14
| #7 |
| | Pc Virusbefall/Keylogger durch Survey Webseite Gmer Teil 4 Code:
ATTFilter .text ... * 2
.text C:\Windows\system32\svchost.exe[1796] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743eecd 1 byte [62]
.text C:\Program Files (x86)\LPT\srptm.exe[3324] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000777ffac0 5 bytes JMP 00000001000a0600
.text C:\Program Files (x86)\LPT\srptm.exe[3324] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000777ffb58 5 bytes JMP 00000001000a0804
.text C:\Program Files (x86)\LPT\srptm.exe[3324] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000777ffcb0 5 bytes JMP 00000001000a0c0c
.text C:\Program Files (x86)\LPT\srptm.exe[3324] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077800038 5 bytes JMP 00000001000a0a08
.text C:\Program Files (x86)\LPT\srptm.exe[3324] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077801920 5 bytes JMP 00000001000a0e10
.text C:\Program Files (x86)\LPT\srptm.exe[3324] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007781c4dd 5 bytes JMP 00000001000a01f8
.text C:\Program Files (x86)\LPT\srptm.exe[3324] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077821287 5 bytes JMP 00000001000a03fc
.text C:\Program Files (x86)\LPT\srptm.exe[3324] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007597a2ba 1 byte [62]
.text C:\Program Files (x86)\LPT\srptm.exe[3324] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076fe5181 5 bytes JMP 00000001000b1014
.text C:\Program Files (x86)\LPT\srptm.exe[3324] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076fe5254 5 bytes JMP 00000001000b0804
.text C:\Program Files (x86)\LPT\srptm.exe[3324] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076fe53d5 5 bytes JMP 00000001000b0a08
.text C:\Program Files (x86)\LPT\srptm.exe[3324] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076fe54c2 5 bytes JMP 00000001000b0c0c
.text C:\Program Files (x86)\LPT\srptm.exe[3324] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076fe55e2 5 bytes JMP 00000001000b0e10
.text C:\Program Files (x86)\LPT\srptm.exe[3324] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076fe567c 5 bytes JMP 00000001000b01f8
.text C:\Program Files (x86)\LPT\srptm.exe[3324] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076fe589f 5 bytes JMP 00000001000b03fc
.text C:\Program Files (x86)\LPT\srptm.exe[3324] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076fe5a22 5 bytes JMP 00000001000b0600
.text C:\Program Files (x86)\LPT\srptm.exe[3324] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007536ee09 5 bytes JMP 00000001000c01f8
.text C:\Program Files (x86)\LPT\srptm.exe[3324] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075373982 5 bytes JMP 00000001000c03fc
.text C:\Program Files (x86)\LPT\srptm.exe[3324] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075377603 5 bytes JMP 00000001000c0804
.text C:\Program Files (x86)\LPT\srptm.exe[3324] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007537835c 5 bytes JMP 00000001000c0600
.text C:\Program Files (x86)\LPT\srptm.exe[3324] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007538f52b 5 bytes JMP 00000001000c0a08
.text C:\Windows\system32\conhost.exe[3332] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007743eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077623b10 5 bytes JMP 000000010034075c
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077627ac0 5 bytes JMP 00000001003403a4
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077651430 5 bytes JMP 0000000100340b14
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077651490 5 bytes JMP 0000000100340ecc
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 000000010034163c
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776517b0 5 bytes JMP 0000000100341284
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000001003419f4
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007743eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd7e6e00 5 bytes JMP 000007ff7d801dac
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd7e6f2c 5 bytes JMP 000007ff7d800ecc
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd7e7220 5 bytes JMP 000007ff7d801284
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd7e739c 5 bytes JMP 000007ff7d80163c
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd7e7538 5 bytes JMP 000007ff7d8019f4
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd7e75e8 5 bytes JMP 000007ff7d8003a4
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd7e790c 5 bytes JMP 000007ff7d80075c
.text C:\Windows\System32\svchost.exe[1232] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd7e7ab4 5 bytes JMP 000007ff7d800b14
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077623b10 5 bytes JMP 00000001002d075c
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077627ac0 5 bytes JMP 00000001002d03a4
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 0000000100070460
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 0000000100070450
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077651430 5 bytes JMP 00000001002d0b14
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077651490 5 bytes JMP 00000001002d0ecc
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 0000000100070370
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 0000000100070470
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000001002d163c
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 0000000100070320
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 0000000100070390
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 0000000100070310
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776517b0 5 bytes JMP 00000001002d1284
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 0000000100070230
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 0000000100070480
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 0000000100070350
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 0000000100070290
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 0000000100070330
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 0000000100070410
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 0000000100070240
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 0000000100070250
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 0000000100070490
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 0000000100070300
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 0000000100070360
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 0000000100070380
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 0000000100070340
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 0000000100070440
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 0000000100070260
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 0000000100070270
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000001002d19f4
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 0000000100070210
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 0000000100070200
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 0000000100070420
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 0000000100070430
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 0000000100070220
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 0000000100070280
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007743eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd7e6e00 5 bytes JMP 000007ff7d801dac
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd7e6f2c 5 bytes JMP 000007ff7d800ecc
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd7e7220 5 bytes JMP 000007ff7d801284
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd7e739c 5 bytes JMP 000007ff7d80163c
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd7e7538 5 bytes JMP 000007ff7d8019f4
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd7e75e8 5 bytes JMP 000007ff7d8003a4
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd7e790c 5 bytes JMP 000007ff7d80075c
.text C:\Windows\system32\svchost.exe[1548] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd7e7ab4 5 bytes JMP 000007ff7d800b14
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077623b10 5 bytes JMP 000000010018075c
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077627ac0 5 bytes JMP 00000001001803a4
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077651430 5 bytes JMP 0000000100180b14
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077651490 5 bytes JMP 0000000100180ecc
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 000000010018163c
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776517b0 5 bytes JMP 0000000100181284
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000001001819f4
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007743eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd7e6e00 5 bytes JMP 000007ff7d801dac
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd7e6f2c 5 bytes JMP 000007ff7d800ecc
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd7e7220 5 bytes JMP 000007ff7d801284
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd7e739c 5 bytes JMP 000007ff7d80163c
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd7e7538 5 bytes JMP 000007ff7d8019f4
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd7e75e8 5 bytes JMP 000007ff7d8003a4
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd7e790c 5 bytes JMP 000007ff7d80075c
.text C:\Windows\System32\svchost.exe[4308] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd7e7ab4 5 bytes JMP 000007ff7d800b14
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4484] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007743eecd 1 byte [62]
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077623b10 5 bytes JMP 00000001003e075c
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077627ac0 5 bytes JMP 00000001003e03a4
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 0000000100060460
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 0000000100060450
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077651430 5 bytes JMP 00000001003e0b14
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077651490 5 bytes JMP 00000001003e0ecc
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 0000000100060370
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 0000000100060470
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000001003e163c
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 0000000100060320
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000001000603b0
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 0000000100060390
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000001000602e0
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000001000602d0
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 0000000100060310
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000001000603c0
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776517b0 5 bytes JMP 00000001003e1284
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000001000603f0
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 0000000100060230
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 0000000100060480
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000001000603a0
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000001000602f0
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 0000000100060350
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 0000000100060290
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000001000602b0
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000001000603d0
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 0000000100060330
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 0000000100060410
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 0000000100060240
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000001000601e0
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 0000000100060250
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 0000000100060490
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000001000604a0
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 0000000100060300
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 0000000100060360
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000001000602a0
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000001000602c0
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 0000000100060380
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 0000000100060340
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 0000000100060440
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 0000000100060260
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 0000000100060270
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000001003e19f4
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000001000601f0
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 0000000100060210
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 0000000100060200
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 0000000100060420
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 0000000100060430
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 0000000100060220
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 0000000100060280
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007743eecd 1 byte [62]
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd7e6e00 5 bytes JMP 000007ff7d801dac
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd7e6f2c 5 bytes JMP 000007ff7d800ecc
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd7e7220 5 bytes JMP 000007ff7d801284
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd7e739c 5 bytes JMP 000007ff7d80163c
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd7e7538 5 bytes JMP 000007ff7d8019f4
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd7e75e8 5 bytes JMP 000007ff7d8003a4
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd7e790c 5 bytes JMP 000007ff7d80075c
.text C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe[2744] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd7e7ab4 5 bytes JMP 000007ff7d800b14
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077623b10 5 bytes JMP 00000001004e075c
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077627ac0 5 bytes JMP 00000001004e03a4
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 0000000100060460
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 0000000100060450
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077651430 5 bytes JMP 00000001004e0b14
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077651490 5 bytes JMP 00000001004e0ecc
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 0000000100060370
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 0000000100060470
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000001004e163c
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 0000000100060320
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000001000603b0
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 0000000100060390
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000001000602e0
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000001000602d0
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 0000000100060310
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000001000603c0
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000776517b0 5 bytes JMP 00000001004e1284
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000001000603f0
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 0000000100060230
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 0000000100060480
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000001000603a0
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000001000602f0
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 0000000100060350
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 0000000100060290
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000001000602b0
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000001000603d0
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 0000000100060330
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 0000000100060410
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 0000000100060240
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000001000601e0
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 0000000100060250
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 0000000100060490
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000001000604a0
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 0000000100060300
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 0000000100060360
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000001000602a0
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000001000602c0
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 0000000100060380
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 0000000100060340
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 0000000100060440
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 0000000100060260
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 0000000100060270
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000001004e19f4
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000001000601f0
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 0000000100060210
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 0000000100060200
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 0000000100060420
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 0000000100060430
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 0000000100060220
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 0000000100060280
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007743eecd 1 byte [62]
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd7e6e00 5 bytes JMP 000007ff7d801dac
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd7e6f2c 5 bytes JMP 000007ff7d800ecc
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd7e7220 5 bytes JMP 000007ff7d801284
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd7e739c 5 bytes JMP 000007ff7d80163c
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd7e7538 5 bytes JMP 000007ff7d8019f4
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd7e75e8 5 bytes JMP 000007ff7d8003a4
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd7e790c 5 bytes JMP 000007ff7d80075c
.text C:\Program Files\Oracle\VirtualBox\VBoxNetDHCP.exe[3080] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd7e7ab4 5 bytes JMP 000007ff7d800b14
.text C:\Windows\system32\AUDIODG.EXE[4064] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 000000007743eecd 1 byte [62]
.text C:\Program Files\Genymobile\Genymotion\tools\adb.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000777ffac0 5 bytes JMP 0000000100030600
.text C:\Program Files\Genymobile\Genymotion\tools\adb.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000777ffb58 5 bytes JMP 0000000100030804
.text C:\Program Files\Genymobile\Genymotion\tools\adb.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000777ffcb0 5 bytes JMP 0000000100030c0c
.text C:\Program Files\Genymobile\Genymotion\tools\adb.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077800038 5 bytes JMP 0000000100030a08
.text C:\Program Files\Genymobile\Genymotion\tools\adb.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077801920 5 bytes JMP 0000000100030e10
.text C:\Program Files\Genymobile\Genymotion\tools\adb.exe[3768] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007781c4dd 5 bytes JMP 00000001000301f8
.text C:\Program Files\Genymobile\Genymotion\tools\adb.exe[3768] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077821287 5 bytes JMP 00000001000303fc
.text C:\Program Files\Genymobile\Genymotion\tools\adb.exe[3768] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007597a2ba 1 byte [62]
.text C:\Program Files\Genymobile\Genymotion\tools\adb.exe[3768] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076fe5181 5 bytes JMP 0000000100331014
.text C:\Program Files\Genymobile\Genymotion\tools\adb.exe[3768] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076fe5254 5 bytes JMP 0000000100330804
.text C:\Program Files\Genymobile\Genymotion\tools\adb.exe[3768] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076fe53d5 5 bytes JMP 0000000100330a08
.text C:\Program Files\Genymobile\Genymotion\tools\adb.exe[3768] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076fe54c2 5 bytes JMP 0000000100330c0c
.text C:\Program Files\Genymobile\Genymotion\tools\adb.exe[3768] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076fe55e2 5 bytes JMP 0000000100330e10
.text C:\Program Files\Genymobile\Genymotion\tools\adb.exe[3768] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076fe567c 5 bytes JMP 00000001003301f8
.text C:\Program Files\Genymobile\Genymotion\tools\adb.exe[3768] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076fe589f 5 bytes JMP 00000001003303fc
.text C:\Program Files\Genymobile\Genymotion\tools\adb.exe[3768] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076fe5a22 5 bytes JMP 0000000100330600
.text C:\Program Files\Genymobile\Genymotion\tools\adb.exe[3768] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007536ee09 5 bytes JMP 00000001003401f8
.text C:\Program Files\Genymobile\Genymotion\tools\adb.exe[3768] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075373982 5 bytes JMP 00000001003403fc
.text C:\Program Files\Genymobile\Genymotion\tools\adb.exe[3768] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075377603 5 bytes JMP 0000000100340804
.text C:\Program Files\Genymobile\Genymotion\tools\adb.exe[3768] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007537835c 5 bytes JMP 0000000100340600
.text C:\Program Files\Genymobile\Genymotion\tools\adb.exe[3768] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007538f52b 5 bytes JMP 0000000100340a08
.text C:\Windows\SysWOW64\ctfmon.exe[3624] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000777ffac0 5 bytes JMP 0000000100030600
.text C:\Windows\SysWOW64\ctfmon.exe[3624] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000777ffb58 5 bytes JMP 0000000100030804
.text C:\Windows\SysWOW64\ctfmon.exe[3624] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000777ffcb0 5 bytes JMP 0000000100030c0c
.text C:\Windows\SysWOW64\ctfmon.exe[3624] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077800038 5 bytes JMP 0000000100030a08
.text C:\Windows\SysWOW64\ctfmon.exe[3624] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077801920 5 bytes JMP 0000000100030e10
.text C:\Windows\SysWOW64\ctfmon.exe[3624] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007781c4dd 5 bytes JMP 00000001000301f8
.text C:\Windows\SysWOW64\ctfmon.exe[3624] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077821287 5 bytes JMP 00000001000303fc
.text C:\Windows\SysWOW64\ctfmon.exe[3624] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007597a2ba 1 byte [62]
.text C:\Windows\SysWOW64\ctfmon.exe[3624] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007536ee09 5 bytes JMP 00000001000e01f8
.text C:\Windows\SysWOW64\ctfmon.exe[3624] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075373982 5 bytes JMP 00000001000e03fc
.text C:\Windows\SysWOW64\ctfmon.exe[3624] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075377603 5 bytes JMP 00000001000e0804
.text C:\Windows\SysWOW64\ctfmon.exe[3624] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007537835c 5 bytes JMP 00000001000e0600
.text C:\Windows\SysWOW64\ctfmon.exe[3624] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007538f52b 5 bytes JMP 00000001000e0a08
.text C:\Windows\SysWOW64\ctfmon.exe[3624] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076fe5181 5 bytes JMP 00000001000f1014
.text C:\Windows\SysWOW64\ctfmon.exe[3624] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076fe5254 5 bytes JMP 00000001000f0804
.text C:\Windows\SysWOW64\ctfmon.exe[3624] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076fe53d5 3 bytes JMP 00000001000f0a08
.text C:\Windows\SysWOW64\ctfmon.exe[3624] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW + 4 0000000076fe53d9 1 byte [89]
.text C:\Windows\SysWOW64\ctfmon.exe[3624] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076fe54c2 5 bytes JMP 00000001000f0c0c
.text C:\Windows\SysWOW64\ctfmon.exe[3624] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076fe55e2 5 bytes JMP 00000001000f0e10
.text C:\Windows\SysWOW64\ctfmon.exe[3624] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076fe567c 5 bytes JMP 00000001000f01f8
.text C:\Windows\SysWOW64\ctfmon.exe[3624] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076fe589f 5 bytes JMP 00000001000f03fc
.text C:\Windows\SysWOW64\ctfmon.exe[3624] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076fe5a22 5 bytes JMP 00000001000f0600
.text C:\Windows\system32\NOTEPAD.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077651360 5 bytes JMP 00000000777b0460
.text C:\Windows\system32\NOTEPAD.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776513b0 5 bytes JMP 00000000777b0450
.text C:\Windows\system32\NOTEPAD.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077651510 5 bytes JMP 00000000777b0370
.text C:\Windows\system32\NOTEPAD.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077651560 5 bytes JMP 00000000777b0470
.text C:\Windows\system32\NOTEPAD.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077651570 5 bytes JMP 00000000777b03e0
.text C:\Windows\system32\NOTEPAD.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077651620 5 bytes JMP 00000000777b0320
.text C:\Windows\system32\NOTEPAD.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077651650 5 bytes JMP 00000000777b03b0
.text C:\Windows\system32\NOTEPAD.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077651670 5 bytes JMP 00000000777b0390
.text C:\Windows\system32\NOTEPAD.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776516b0 5 bytes JMP 00000000777b02e0
.text C:\Windows\system32\NOTEPAD.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077651730 5 bytes JMP 00000000777b02d0
.text C:\Windows\system32\NOTEPAD.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077651750 5 bytes JMP 00000000777b0310
.text C:\Windows\system32\NOTEPAD.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077651790 5 bytes JMP 00000000777b03c0
.text C:\Windows\system32\NOTEPAD.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776517e0 5 bytes JMP 00000000777b03f0
.text C:\Windows\system32\NOTEPAD.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077651940 5 bytes JMP 00000000777b0230
.text C:\Windows\system32\NOTEPAD.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077651b00 5 bytes JMP 00000000777b0480
.text C:\Windows\system32\NOTEPAD.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077651b30 5 bytes JMP 00000000777b03a0
.text C:\Windows\system32\NOTEPAD.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077651c10 5 bytes JMP 00000000777b02f0
.text C:\Windows\system32\NOTEPAD.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077651c20 5 bytes JMP 00000000777b0350
.text C:\Windows\system32\NOTEPAD.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077651c80 5 bytes JMP 00000000777b0290
.text C:\Windows\system32\NOTEPAD.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077651d10 5 bytes JMP 00000000777b02b0
.text C:\Windows\system32\NOTEPAD.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077651d30 5 bytes JMP 00000000777b03d0
.text C:\Windows\system32\NOTEPAD.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077651d40 5 bytes JMP 00000000777b0330
.text C:\Windows\system32\NOTEPAD.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077651db0 5 bytes JMP 00000000777b0410
.text C:\Windows\system32\NOTEPAD.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077651de0 5 bytes JMP 00000000777b0240
.text C:\Windows\system32\NOTEPAD.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776520a0 5 bytes JMP 00000000777b01e0
.text C:\Windows\system32\NOTEPAD.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077652160 5 bytes JMP 00000000777b0250
.text C:\Windows\system32\NOTEPAD.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077652190 5 bytes JMP 00000000777b0490
.text C:\Windows\system32\NOTEPAD.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776521a0 5 bytes JMP 00000000777b04a0
.text C:\Windows\system32\NOTEPAD.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776521d0 5 bytes JMP 00000000777b0300
.text C:\Windows\system32\NOTEPAD.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776521e0 5 bytes JMP 00000000777b0360
.text C:\Windows\system32\NOTEPAD.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077652240 5 bytes JMP 00000000777b02a0
.text C:\Windows\system32\NOTEPAD.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077652290 5 bytes JMP 00000000777b02c0
.text C:\Windows\system32\NOTEPAD.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776522c0 5 bytes JMP 00000000777b0380
.text C:\Windows\system32\NOTEPAD.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776522d0 5 bytes JMP 00000000777b0340
.text C:\Windows\system32\NOTEPAD.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776525c0 5 bytes JMP 00000000777b0440
.text C:\Windows\system32\NOTEPAD.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776527c0 5 bytes JMP 00000000777b0260
.text C:\Windows\system32\NOTEPAD.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776527d0 5 bytes JMP 00000000777b0270
.text C:\Windows\system32\NOTEPAD.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776527e0 5 bytes JMP 00000000777b0400
.text C:\Windows\system32\NOTEPAD.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776529a0 5 bytes JMP 00000000777b01f0
.text C:\Windows\system32\NOTEPAD.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776529b0 5 bytes JMP 00000000777b0210
.text C:\Windows\system32\NOTEPAD.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077652a20 5 bytes JMP 00000000777b0200
.text C:\Windows\system32\NOTEPAD.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077652a80 5 bytes JMP 00000000777b0420
.text C:\Windows\system32\NOTEPAD.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077652a90 5 bytes JMP 00000000777b0430
.text C:\Windows\system32\NOTEPAD.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077652aa0 5 bytes JMP 00000000777b0220
.text C:\Windows\system32\NOTEPAD.EXE[3576] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077652b80 5 bytes JMP 00000000777b0280
.text C:\Windows\system32\NOTEPAD.EXE[3576] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007743eecd 1 byte [62]
.text C:\Users\*********\Desktop\Gmer-19357.exe[4540] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007597a2ba 1 byte [62]
|
|
28.03.2014, 14:15
| #8 |
| | Pc Virusbefall/Keylogger durch Survey Webseite Gmer Teil 5 Code:
ATTFilter ---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [1232:4232] 000007feefa99688
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@DisplayName aswKbd
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Group Keyboard Port
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Description avast! keyboard filter driver (aswKbd)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Tag 7
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 227
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 5914082
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@NoWelcomeScreen 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@Enabled 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 9
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@DisplayName aswKbd
Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Group Keyboard Port
Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Description avast! keyboard filter driver (aswKbd)
Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Tag 7
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 227
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 5914082
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@NoWelcomeScreen 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@Enabled 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 9
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.
---- EOF - GMER 2.1 ----
|
|
29.03.2014, 09:41
| #9 |
| /// the machine /// TB-Ausbilder | Pc Virusbefall/Keylogger durch Survey Webseite hi, Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Pc Virusbefall/Keylogger durch Survey Webseite |
| anderer, angeboten, ausführen, dankbar, datei, downloaden, entferne, entfernen, gestern, guten, hilfe, installier, installiert, programm, programme, runterladen, seite, survey, webseite |
Linear-Darstellung
