| |
| |||||||
Log-Analyse und Auswertung: Windows 7 HP - Win32:Dropper-gen - Softronic uninstall.exe als Bedrohung gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.04.2014, 23:57
| #1 |
 |  Windows 7 HP - Win32:Dropper-gen - Softronic uninstall.exe als Bedrohung gefunden Hallo, habe heute bei einem Scan mit avast-freeAV die Meldung bekommen, dass eine Bedrohung (Win32: Dropper-gen) gefunden wurde (Screenshot im Anhang "avast-Fund"). Bin nun unsicher, ob es eine und wie groß die Bedrohung ist. Verwendetes System: - Windows 7 Home Premium, 64bit - avast! Free Antivirus Habe bereits die Programme entsprechend der Anleitung für Hilfesuchende heruntergeladen und die Informationen gesammelt (hoffe, das stimmt so alles): defogger-disable: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:56 on 23/04/2014 (Weise)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Nur zur Info, falls es zur Problemlösung dient: Der Rechner war in letzter Zeit oft auffällig langsam. Das kann aber auch an einer Überlastung des Systems meinerseits liegen. Wäre nett, wenn Sie mir helfen könnten und mir sagen würden, wie ich nun weiter vorgehen sollte. Vielen Dank im Voraus! |
|
24.04.2014, 06:26
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7 HP - Win32:Dropper-gen - Softronic uninstall.exe als Bedrohung gefunden Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
24.04.2014, 15:10
| #3 |
| | Windows 7 HP - Win32:Dropper-gen - Softronic uninstall.exe als Bedrohung gefunden Ok, hier nun nochmal die Logs, allerdings aufgeteilt, da sie sonst zu groß sind.
__________________FRST: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-04-2014
Ran by Marbach (ATTENTION: The logged in user is not administrator) on WEISE-HP on 23-04-2014 23:58:01
Running from C:\Users\Marbach\Desktop
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6234144 2010-03-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-30] (AVAST Software)
HKLM-x32\...\Runonce: [aswAhAScr.dll] - "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\AhAScr.dll" [X]
HKLM-x32\...\Runonce: [aswasOutExt.dll] - "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\asOutExt.dll" [X]
HKLM-x32\...\RunOnce: [20131224] - C:\Program Files\AVAST Software\Avast\setup\emupdate\1369b9dc-5814-413c-bb0a-3dfbd5018e37.exe /check [181136 2014-03-28] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-4064333300-1550520147-146747255-1003\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {01307296-9682-4A67-A542-5A505A61CE8B} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {7A8F2B8E-4512-4071-9A77-41A8984D1BE7} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {01307296-9682-4A67-A542-5A505A61CE8B} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {7A8F2B8E-4512-4071-9A77-41A8984D1BE7} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - DefaultScope {01307296-9682-4A67-A542-5A505A61CE8B} URL =
SearchScopes: HKCU - {7A8F2B8E-4512-4071-9A77-41A8984D1BE7} URL =
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.8.21.14\bh\Softonic.dll (Softonic.com)
BHO-x32: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.8.21.14\SoftonicTlbr.dll (Softonic.com)
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2010-07-17] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Marbach\AppData\Roaming\Mozilla\Firefox\Profiles\ptl402ue.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Marbach\AppData\Roaming\Mozilla\Firefox\Profiles\ptl402ue.default\searchplugins\startpage-ssl.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Garmin Communicator - C:\Users\Marbach\AppData\Roaming\Mozilla\Firefox\Profiles\ptl402ue.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-20]
FF Extension: WOT - C:\Users\Marbach\AppData\Roaming\Mozilla\Firefox\Profiles\ptl402ue.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-27]
FF Extension: Adblock Plus - C:\Users\Marbach\AppData\Roaming\Mozilla\Firefox\Profiles\ptl402ue.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-01]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-02-15]
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility for IJ) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Softonic Chrome Toolbar) - C:\Users\Marbach\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf [2013-11-11]
CHR Extension: (Google Wallet) - C:\Users\Marbach\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [elchiiiejkobdbblfejjkbphbddgmljf] - C:\Program Files (x86)\Softonic\Softonic\1.8.21.14\Softonic.crx [2013-06-11]
==================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-03-13] (Adobe Systems)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-30] (AVAST Software)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-07-02] ()
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)
==================== Drivers (Whitelisted) ====================
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-11-30] (AVAST Software)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21136 2012-10-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-11-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-11-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-11-30] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2013-11-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-11-30] ()
R3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-23] (Realtek Semiconductor Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-23 23:58 - 2014-04-23 23:58 - 00016213 _____ () C:\Users\Marbach\Desktop\FRST.txt
2014-04-23 23:57 - 2014-04-23 23:58 - 00000000 ____D () C:\FRST
2014-04-23 23:57 - 2014-04-23 23:57 - 02061312 _____ (Farbar) C:\Users\Marbach\Desktop\FRST64.exe
2014-04-23 23:56 - 2014-04-23 23:56 - 00000472 _____ () C:\Users\Marbach\Desktop\defogger_disable.log
2014-04-23 23:54 - 2014-04-23 23:54 - 00380416 _____ () C:\Users\Marbach\Desktop\Gmer-19357.exe
2014-04-23 23:53 - 2014-04-23 23:53 - 00050477 _____ () C:\Users\Marbach\Desktop\Defogger.exe
2014-04-20 13:16 - 2014-04-20 13:51 - 00000000 ____D () C:\Users\Marbach\Desktop\Alles 2
2014-04-20 13:07 - 2014-04-23 22:48 - 00000000 ____D () C:\Users\Marbach\Desktop\Vortrag - Fotografie
2014-04-12 11:11 - 2014-04-12 11:11 - 00016636 _____ () C:\Users\Marbach\AppData\Local\recently-used.xbel
2014-04-12 10:43 - 2014-04-12 10:45 - 00164557 _____ () C:\Users\Marbach\Documents\schlange-viper-33-cm-57-4902662 Kopie.xcf
==================== One Month Modified Files and Folders =======
2014-04-23 23:58 - 2014-04-23 23:58 - 00016213 _____ () C:\Users\Marbach\Desktop\FRST.txt
2014-04-23 23:58 - 2014-04-23 23:57 - 00000000 ____D () C:\FRST
2014-04-23 23:57 - 2014-04-23 23:57 - 02061312 _____ (Farbar) C:\Users\Marbach\Desktop\FRST64.exe
2014-04-23 23:56 - 2014-04-23 23:56 - 00000472 _____ () C:\Users\Marbach\Desktop\defogger_disable.log
2014-04-23 23:56 - 2011-01-22 15:31 - 00000000 ____D () C:\Users\Weise
2014-04-23 23:54 - 2014-04-23 23:54 - 00380416 _____ () C:\Users\Marbach\Desktop\Gmer-19357.exe
2014-04-23 23:53 - 2014-04-23 23:53 - 00050477 _____ () C:\Users\Marbach\Desktop\Defogger.exe
2014-04-23 23:50 - 2012-11-12 17:49 - 00000000 ____D () C:\Users\Marbach\AppData\Roaming\IrfanView
2014-04-23 23:41 - 2012-09-23 11:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-23 23:34 - 2013-03-23 16:15 - 00000000 ____D () C:\Users\Marbach\Desktop\Virus bekämpfung
2014-04-23 23:30 - 2010-09-19 09:37 - 01947852 _____ () C:\Windows\WindowsUpdate.log
2014-04-23 22:48 - 2014-04-20 13:07 - 00000000 ____D () C:\Users\Marbach\Desktop\Vortrag - Fotografie
2014-04-23 22:42 - 2010-07-17 20:47 - 05299540 _____ () C:\Windows\system32\perfh007.dat
2014-04-23 22:42 - 2010-07-17 20:47 - 01617538 _____ () C:\Windows\system32\perfc007.dat
2014-04-23 22:42 - 2009-07-14 07:13 - 00005438 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-23 20:34 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-23 20:33 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-23 10:11 - 2009-07-14 06:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-23 10:11 - 2009-07-14 06:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-23 10:03 - 2012-02-15 17:03 - 00128890 _____ () C:\Windows\setupact.log
2014-04-20 20:55 - 2014-02-06 19:46 - 00000435 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-04-20 13:51 - 2014-04-20 13:16 - 00000000 ____D () C:\Users\Marbach\Desktop\Alles 2
2014-04-20 13:15 - 2013-11-11 20:08 - 00000000 ____D () C:\Users\Marbach\Desktop\Alles
2014-04-12 12:06 - 2013-11-18 20:52 - 00000000 ____D () C:\Users\Marbach\.gimp-2.8
2014-04-12 11:11 - 2014-04-12 11:11 - 00016636 _____ () C:\Users\Marbach\AppData\Local\recently-used.xbel
2014-04-12 11:11 - 2013-11-24 21:33 - 00000000 ____D () C:\Users\Marbach\AppData\Local\gtk-2.0
2014-04-12 10:45 - 2014-04-12 10:43 - 00164557 _____ () C:\Users\Marbach\Documents\schlange-viper-33-cm-57-4902662 Kopie.xcf
2014-04-11 15:05 - 2011-01-23 15:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-10 11:42 - 2013-08-15 09:39 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 11:39 - 2011-08-21 15:04 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-31 09:35 - 2011-01-29 15:02 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================
--- --- --- Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-04-2014
Ran by Marbach at 2014-04-23 23:59:13
Running from C:\Users\Marbach\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe Bridge 1.0 (x32 Version: 001.000.001 - Adobe Systems) Hidden
Adobe Common File Installer (x32 Version: 1.00.001 - Adobe System Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Reader XI (11.0.05) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.)
Adobe Stock Photos 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
ATI Catalyst Install Manager (HKLM\...\{1795BAA8-65EC-66D0-9DA4-D4B1FBE7700E}) (Version: 3.0.778.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2008 - Avast Software)
BEETmobile (HKLM-x32\...\{AC843048-1628-421B-AEEB-F86FFAEBFA91}) (Version: 1.0.21.0 - BEETmobile AG)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.350.6 - Broadcom Corporation)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version: - )
Canon MP550 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0621.2137.36973 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0621.2137.36973 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0621.2137.36973 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0621.2137.36973 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help English (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help French (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help German (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0621.2137.36973 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0621.2137.36973 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.11 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4255 - CDBurnerXP)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CodeMeter Runtime Kit v3.30b (HKLM\...\{F9591D43-9551-4B42-B4AA-405FB58558C4}) (Version: 3.30.0.502 - WIBU-SYSTEMS AG)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3003 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 7.0.3003 - CyberLink Corp.) Hidden
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.4217 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.1.4217 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2511 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.0.2511 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version: - Microsoft)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Elevated Installer (x32 Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Fahren Lernen Offline 2.0 (HKLM-x32\...\{452473D3-1D26-4E61-8060-3B216620D60C}_is1) (Version: - Verlag Heinrich Vogel - Springer Transport Media GmbH)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - )
Free YouTube Download 3 version 3.0.7.718 (HKLM-x32\...\Free YouTube Download 3_is1) (Version: - DVDVideoSoft Limited.)
Free YouTube to MP3 Converter version 3.12.16.1028 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.16.1028 - DVDVideoSoft Ltd.)
Führerschein 2012-2013 Installation & Registrierung (HKLM-x32\...\{E0A5D44A-FBDD-449D-82DF-78273CB86D6D}_is1) (Version: - Abamsoft, dadagoo GmbH)
Garmin Express (HKLM-x32\...\{e47a5c85-88a2-47d2-b380-fc2e763c2e6d}) (Version: 2.1.13 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden
Garmin Update Service (x32 Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden
GIMP 2.8.8 (HKLM\...\GIMP-2_is1) (Version: 2.8.8 - The GIMP Team)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.4 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{69ABD67D-5C2E-4724-B519-695DEF3EC23B}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Game Console (x32 Version: - WildTangent) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
HP Power Manager (HKLM-x32\...\{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}) (Version: 1.0.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{E342D296-DB9D-4FC7-ACB0-39926C0BFA16}) (Version: 2.1.5 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{62BD9D85-46D9-400E-95F1-A09B667CB57F}) (Version: 3.5.23.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{FC17E0A7-EAA9-4902-92F8-C83B9FD02246}) (Version: 5.0.14.2 - Hewlett-Packard Company)
HP Wireless Assistant (HKLM\...\{E342EC6B-5F25-47FE-B92C-DE616149B430}) (Version: 4.0.9.0 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Jewel Quest II (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: - EasyBits Software AS)
Media Player Classic - Home Cinema v1.5.0.2827 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.5.0.2827 - MPC-HC Team)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.0.1 - CEWE COLOR AG u Co. OHG)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MPC-HC 1.7.1 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.1.0 - MPC-HC Team)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
Multimedia-Führerschein & Verkehr 2012-13 (HKLM-x32\...\{EFE197C2-C6C7-47F9-A735-245D35D56E45}) (Version: 1.00.0000 - bhv)
OpenOffice.org 3.4 (HKLM-x32\...\{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}) (Version: 3.4.9590 - OpenOffice.org)
Panda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version: - Panda Security)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3003 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3003 - CyberLink Corp.) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6066 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30105 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden
RtVOsd (HKLM\...\{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}) (Version: 1.0.3 - Realtek Semiconductor Corp.)
Secunia PSI (3.0.0.6001) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.6001 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Softonic toolbar on IE and Chrome (HKLM-x32\...\Softonic) (Version: 1.8.21.14 - Softonic) <==== ATTENTION
SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49 (HKLM-x32\...\{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1) (Version: v2011.build.49 - eRightSoft)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.89 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities 2014) (Version: 14.0.1000.89 - TuneUp Software)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version: - )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
XMedia Recode Version 3.1.5.8 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.5.8 - XMedia Recode)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - )
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
==================== Restore Points =========================
Could not list Restore Points. Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
2009-07-14 04:34 - 2012-09-20 17:53 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
==================== Loaded Modules (whitelisted) =============
2010-06-10 17:12 - 2010-06-10 17:12 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-06-21 21:36 - 2010-06-21 21:36 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupfolder: C:^Users^Weise^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Easybits Recovery => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HPAdvisorDock => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
MSCONFIG\startupreg: HPWirelessAssistant => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: Malwarebytes' Anti-Malware => "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/23/2014 11:37:24 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Garmin.Cartography.MapUpdate.CoreService.exe, Version: 2.1.13.0, Zeitstempel: 0x515361f2
Name des fehlerhaften Moduls: clr.dll, Version: 4.0.30319.296, Zeitstempel: 0x50484aa9
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x00356dad
ID des fehlerhaften Prozesses: 0x76c
Startzeit der fehlerhaften Anwendung: 0xGarmin.Cartography.MapUpdate.CoreService.exe0
Pfad der fehlerhaften Anwendung: Garmin.Cartography.MapUpdate.CoreService.exe1
Pfad des fehlerhaften Moduls: Garmin.Cartography.MapUpdate.CoreService.exe2
Berichtskennung: Garmin.Cartography.MapUpdate.CoreService.exe3
Error: (04/23/2014 10:42:37 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (04/23/2014 10:42:37 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (04/23/2014 10:42:37 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (04/23/2014 08:40:22 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (04/23/2014 08:40:22 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (04/23/2014 08:40:21 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (04/23/2014 08:33:29 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_ProfSvc, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000000000
ID des fehlerhaften Prozesses: 0x1ec
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_ProfSvc0
Pfad der fehlerhaften Anwendung: svchost.exe_ProfSvc1
Pfad des fehlerhaften Moduls: svchost.exe_ProfSvc2
Berichtskennung: svchost.exe_ProfSvc3
Error: (04/23/2014 10:10:01 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (04/23/2014 10:10:01 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
System errors:
=============
Error: (04/23/2014 11:37:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Garmin Core Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/23/2014 08:35:31 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (04/23/2014 08:35:31 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Computerbrowser" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (04/23/2014 08:34:31 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Server" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (04/23/2014 08:33:31 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Update" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/23/2014 08:33:31 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/23/2014 08:33:31 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Designs" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/23/2014 08:33:31 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Shellhardwareerkennung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/23/2014 08:33:31 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Gemeinsame Nutzung der Internetverbindung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/23/2014 08:33:31 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Benachrichtigungsdienst für Systemereignisse" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office Sessions:
=========================
Error: (04/23/2014 11:37:24 PM) (Source: Application Error)(User: )
Description: Garmin.Cartography.MapUpdate.CoreService.exe2.1.13.0515361f2clr.dll4.0.30319.29650484aa9c00000fd00356dad76c01cf5eca80b1836eC:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll750a78eb-cb2f-11e3-96a2-a915b055f6fb
Error: (04/23/2014 10:42:37 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (04/23/2014 10:42:37 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (04/23/2014 10:42:37 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (04/23/2014 08:40:22 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (04/23/2014 08:40:22 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (04/23/2014 08:40:21 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (04/23/2014 08:33:29 PM) (Source: Application Error)(User: )
Description: svchost.exe_ProfSvc6.1.7600.163854a5bc3c1unknown0.0.0.000000000c000000500000000000000001ec01cf5eca7e4ed055C:\Windows\system32\svchost.exeunknownc39de3d2-cb15-11e3-96a2-a915b055f6fb
Error: (04/23/2014 10:10:01 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (04/23/2014 10:10:01 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
CodeIntegrity Errors:
===================================
Date: 2012-09-20 17:50:55.156
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-09-20 17:50:54.969
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 53%
Total physical RAM: 3893.86 MB
Available physical RAM: 1799.13 MB
Total Pagefile: 7785.86 MB
Available Pagefile: 5320.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:281.95 GB) (Free:29.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:15.84 GB) (Free:2.28 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (EOS_DIGITAL) (Removable) (Total:14.83 GB) (Free:8.59 GB) FAT32
==================== MBR & Partition Table ==================
==================== End Of Log ============================
|
|
24.04.2014, 15:14
| #4 |
| | Windows 7 HP - Win32:Dropper-gen - Softronic uninstall.exe als Bedrohung gefunden gmer Teil1: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-24 00:22:28
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PC3O 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\Weise\AppData\Local\Temp\ugtiqpoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007798f760 5 bytes JMP 000000014a4d0460
.text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007798f7b0 5 bytes JMP 000000014a4d0450
.text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007798f910 5 bytes JMP 000000014a4d0370
.text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007798f960 5 bytes JMP 000000014a4d0470
.text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007798f970 5 bytes JMP 000000014a4d03e0
.text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007798fa20 5 bytes JMP 000000014a4d0320
.text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007798fa50 5 bytes JMP 000000014a4d03b0
.text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007798fa70 5 bytes JMP 000000014a4d0390
.text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007798fab0 5 bytes JMP 000000014a4d02e0
.text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007798fb30 5 bytes JMP 000000014a4d02d0
.text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007798fb50 5 bytes JMP 000000014a4d0310
.text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007798fb90 5 bytes JMP 000000014a4d03c0
.text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007798fbe0 5 bytes JMP 000000014a4d03f0
.text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007798fd40 5 bytes JMP 000000014a4d0230
.text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007798ff00 5 bytes JMP 000000014a4d0480
.text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007798ff30 5 bytes JMP 000000014a4d03a0
.text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077990010 5 bytes JMP 000000014a4d02f0
.text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077990020 5 bytes JMP 000000014a4d0350
.text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077990080 5 bytes JMP 000000014a4d0290
.text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077990110 5 bytes JMP 000000014a4d02b0
.text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077990130 5 bytes JMP 000000014a4d03d0
.text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077990140 5 bytes JMP 000000014a4d0330
.text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779901b0 5 bytes JMP 000000014a4d0410
.text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779901e0 5 bytes JMP 000000014a4d0240
.text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779904a0 5 bytes JMP 000000014a4d01e0
.text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077990560 5 bytes JMP 000000014a4d0250
.text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077990590 5 bytes JMP 000000014a4d0490
.text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779905a0 5 bytes JMP 000000014a4d04a0
.text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779905d0 5 bytes JMP 000000014a4d0300
.text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779905e0 5 bytes JMP 000000014a4d0360
.text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077990640 5 bytes JMP 000000014a4d02a0
.text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077990690 5 bytes JMP 000000014a4d02c0
.text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779906c0 5 bytes JMP 000000014a4d0380
.text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779906d0 5 bytes JMP 000000014a4d0340
.text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779909c0 5 bytes JMP 000000014a4d0440
.text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077990bc0 5 bytes JMP 000000014a4d0260
.text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077990bd0 5 bytes JMP 000000014a4d0270
.text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077990be0 5 bytes JMP 000000014a4d0400
.text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077990da0 5 bytes JMP 000000014a4d01f0
.text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077990db0 5 bytes JMP 000000014a4d0210
.text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077990e20 5 bytes JMP 000000014a4d0200
.text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077990e80 5 bytes JMP 000000014a4d0420
.text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077990e90 5 bytes JMP 000000014a4d0430
.text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077990ea0 5 bytes JMP 000000014a4d0220
.text C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077990f80 5 bytes JMP 000000014a4d0280
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007798f760 5 bytes JMP 000000014a4d0460
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007798f7b0 5 bytes JMP 000000014a4d0450
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007798f910 5 bytes JMP 000000014a4d0370
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007798f960 5 bytes JMP 000000014a4d0470
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007798f970 5 bytes JMP 000000014a4d03e0
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007798fa20 5 bytes JMP 000000014a4d0320
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007798fa50 5 bytes JMP 000000014a4d03b0
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007798fa70 5 bytes JMP 000000014a4d0390
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007798fab0 5 bytes JMP 000000014a4d02e0
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007798fb30 5 bytes JMP 000000014a4d02d0
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007798fb50 5 bytes JMP 000000014a4d0310
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007798fb90 5 bytes JMP 000000014a4d03c0
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007798fbe0 5 bytes JMP 000000014a4d03f0
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007798fd40 5 bytes JMP 000000014a4d0230
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007798ff00 5 bytes JMP 000000014a4d0480
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007798ff30 5 bytes JMP 000000014a4d03a0
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077990010 5 bytes JMP 000000014a4d02f0
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077990020 5 bytes JMP 000000014a4d0350
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077990080 5 bytes JMP 000000014a4d0290
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077990110 5 bytes JMP 000000014a4d02b0
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077990130 5 bytes JMP 000000014a4d03d0
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077990140 5 bytes JMP 000000014a4d0330
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779901b0 5 bytes JMP 000000014a4d0410
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779901e0 5 bytes JMP 000000014a4d0240
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779904a0 5 bytes JMP 000000014a4d01e0
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077990560 5 bytes JMP 000000014a4d0250
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077990590 5 bytes JMP 000000014a4d0490
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779905a0 5 bytes JMP 000000014a4d04a0
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779905d0 5 bytes JMP 000000014a4d0300
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779905e0 5 bytes JMP 000000014a4d0360
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077990640 5 bytes JMP 000000014a4d02a0
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077990690 5 bytes JMP 000000014a4d02c0
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779906c0 5 bytes JMP 000000014a4d0380
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779906d0 5 bytes JMP 000000014a4d0340
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779909c0 5 bytes JMP 000000014a4d0440
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077990bc0 5 bytes JMP 000000014a4d0260
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077990bd0 5 bytes JMP 000000014a4d0270
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077990be0 5 bytes JMP 000000014a4d0400
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077990da0 5 bytes JMP 000000014a4d01f0
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077990db0 5 bytes JMP 000000014a4d0210
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077990e20 5 bytes JMP 000000014a4d0200
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077990e80 5 bytes JMP 000000014a4d0420
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077990e90 5 bytes JMP 000000014a4d0430
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077990ea0 5 bytes JMP 000000014a4d0220
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077990f80 5 bytes JMP 000000014a4d0280
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007798f760 5 bytes JMP 0000000077af0460
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007798f7b0 5 bytes JMP 0000000077af0450
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007798f910 5 bytes JMP 0000000077af0370
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007798f960 5 bytes JMP 0000000077af0470
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007798f970 5 bytes JMP 0000000077af03e0
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007798fa20 5 bytes JMP 0000000077af0320
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007798fa50 5 bytes JMP 0000000077af03b0
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007798fa70 5 bytes JMP 0000000077af0390
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007798fab0 5 bytes JMP 0000000077af02e0
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007798fb30 5 bytes JMP 0000000077af02d0
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007798fb50 5 bytes JMP 0000000077af0310
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007798fb90 5 bytes JMP 0000000077af03c0
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007798fbe0 5 bytes JMP 0000000077af03f0
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007798fd40 5 bytes JMP 0000000077af0230
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007798ff00 5 bytes JMP 0000000077af0480
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007798ff30 5 bytes JMP 0000000077af03a0
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077990010 5 bytes JMP 0000000077af02f0
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077990020 5 bytes JMP 0000000077af0350
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077990080 5 bytes JMP 0000000077af0290
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077990110 5 bytes JMP 0000000077af02b0
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077990130 5 bytes JMP 0000000077af03d0
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077990140 5 bytes JMP 0000000077af0330
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779901b0 5 bytes JMP 0000000077af0410
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779901e0 5 bytes JMP 0000000077af0240
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779904a0 5 bytes JMP 0000000077af01e0
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077990560 5 bytes JMP 0000000077af0250
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077990590 5 bytes JMP 0000000077af0490
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779905a0 5 bytes JMP 0000000077af04a0
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779905d0 5 bytes JMP 0000000077af0300
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779905e0 5 bytes JMP 0000000077af0360
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077990640 5 bytes JMP 0000000077af02a0
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077990690 5 bytes JMP 0000000077af02c0
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779906c0 5 bytes JMP 0000000077af0380
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779906d0 5 bytes JMP 0000000077af0340
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779909c0 5 bytes JMP 0000000077af0440
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077990bc0 5 bytes JMP 0000000077af0260
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077990bd0 5 bytes JMP 0000000077af0270
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077990be0 5 bytes JMP 0000000077af0400
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077990da0 5 bytes JMP 0000000077af01f0
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077990db0 5 bytes JMP 0000000077af0210
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077990e20 5 bytes JMP 0000000077af0200
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077990e80 5 bytes JMP 0000000077af0420
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077990e90 5 bytes JMP 0000000077af0430
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077990ea0 5 bytes JMP 0000000077af0220
.text C:\Windows\system32\services.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077990f80 5 bytes JMP 0000000077af0280
.text C:\Windows\system32\services.exe[616] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007777f1fd 1 byte [62]
.text C:\Windows\system32\lsass.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007798f760 5 bytes JMP 0000000077af0460
.text C:\Windows\system32\lsass.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007798f7b0 5 bytes JMP 0000000077af0450
.text C:\Windows\system32\lsass.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007798f910 5 bytes JMP 0000000077af0370
.text C:\Windows\system32\lsass.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007798f960 5 bytes JMP 0000000077af0470
.text C:\Windows\system32\lsass.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007798f970 5 bytes JMP 0000000077af03e0
.text C:\Windows\system32\lsass.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007798fa20 5 bytes JMP 0000000077af0320
.text C:\Windows\system32\lsass.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007798fa50 5 bytes JMP 0000000077af03b0
.text C:\Windows\system32\lsass.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007798fa70 5 bytes JMP 0000000077af0390
.text C:\Windows\system32\lsass.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007798fab0 5 bytes JMP 0000000077af02e0
.text C:\Windows\system32\lsass.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007798fb30 5 bytes JMP 0000000077af02d0
.text C:\Windows\system32\lsass.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007798fb50 5 bytes JMP 0000000077af0310
.text C:\Windows\system32\lsass.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007798fb90 5 bytes JMP 0000000077af03c0
.text C:\Windows\system32\lsass.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007798fbe0 5 bytes JMP 0000000077af03f0
.text C:\Windows\system32\lsass.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007798fd40 5 bytes JMP 0000000077af0230
.text C:\Windows\system32\lsass.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007798ff00 5 bytes JMP 0000000077af0480
.text C:\Windows\system32\lsass.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007798ff30 5 bytes JMP 0000000077af03a0
.text C:\Windows\system32\lsass.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077990010 5 bytes JMP 0000000077af02f0
.text C:\Windows\system32\lsass.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077990020 5 bytes JMP 0000000077af0350
.text C:\Windows\system32\lsass.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077990080 5 bytes JMP 0000000077af0290
.text C:\Windows\system32\lsass.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077990110 5 bytes JMP 0000000077af02b0
.text C:\Windows\system32\lsass.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077990130 5 bytes JMP 0000000077af03d0
.text C:\Windows\system32\lsass.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077990140 5 bytes JMP 0000000077af0330
.text C:\Windows\system32\lsass.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779901b0 5 bytes JMP 0000000077af0410
.text C:\Windows\system32\lsass.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779901e0 5 bytes JMP 0000000077af0240
.text C:\Windows\system32\lsass.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779904a0 5 bytes JMP 0000000077af01e0
.text C:\Windows\system32\lsass.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077990560 5 bytes JMP 0000000077af0250
.text C:\Windows\system32\lsass.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077990590 5 bytes JMP 0000000077af0490
.text C:\Windows\system32\lsass.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779905a0 5 bytes JMP 0000000077af04a0
.text C:\Windows\system32\lsass.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779905d0 5 bytes JMP 0000000077af0300
.text C:\Windows\system32\lsass.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779905e0 5 bytes JMP 0000000077af0360
.text C:\Windows\system32\lsass.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077990640 5 bytes JMP 0000000077af02a0
.text C:\Windows\system32\lsass.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077990690 5 bytes JMP 0000000077af02c0
.text C:\Windows\system32\lsass.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779906c0 5 bytes JMP 0000000077af0380
.text C:\Windows\system32\lsass.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779906d0 5 bytes JMP 0000000077af0340
.text C:\Windows\system32\lsass.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779909c0 5 bytes JMP 0000000077af0440
.text C:\Windows\system32\lsass.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077990bc0 5 bytes JMP 0000000077af0260
.text C:\Windows\system32\lsass.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077990bd0 5 bytes JMP 0000000077af0270
.text C:\Windows\system32\lsass.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077990be0 5 bytes JMP 0000000077af0400
.text C:\Windows\system32\lsass.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077990da0 5 bytes JMP 0000000077af01f0
.text C:\Windows\system32\lsass.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077990db0 5 bytes JMP 0000000077af0210
.text C:\Windows\system32\lsass.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077990e20 5 bytes JMP 0000000077af0200
.text C:\Windows\system32\lsass.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077990e80 5 bytes JMP 0000000077af0420
.text C:\Windows\system32\lsass.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077990e90 5 bytes JMP 0000000077af0430
.text C:\Windows\system32\lsass.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077990ea0 5 bytes JMP 0000000077af0220
.text C:\Windows\system32\lsass.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077990f80 5 bytes JMP 0000000077af0280
.text C:\Windows\system32\lsass.exe[652] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007777f1fd 1 byte [62]
.text C:\Windows\system32\lsm.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007798f760 5 bytes JMP 0000000077af0460
.text C:\Windows\system32\lsm.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007798f7b0 5 bytes JMP 0000000077af0450
.text C:\Windows\system32\lsm.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007798f910 5 bytes JMP 0000000077af0370
.text C:\Windows\system32\lsm.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007798f960 5 bytes JMP 0000000077af0470
.text C:\Windows\system32\lsm.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007798f970 5 bytes JMP 0000000077af03e0
.text C:\Windows\system32\lsm.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007798fa20 5 bytes JMP 0000000077af0320
.text C:\Windows\system32\lsm.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007798fa50 5 bytes JMP 0000000077af03b0
.text C:\Windows\system32\lsm.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007798fa70 5 bytes JMP 0000000077af0390
.text C:\Windows\system32\lsm.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007798fab0 5 bytes JMP 0000000077af02e0
.text C:\Windows\system32\lsm.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007798fb30 5 bytes JMP 0000000077af02d0
.text C:\Windows\system32\lsm.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007798fb50 5 bytes JMP 0000000077af0310
.text C:\Windows\system32\lsm.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007798fb90 5 bytes JMP 0000000077af03c0
.text C:\Windows\system32\lsm.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007798fbe0 5 bytes JMP 0000000077af03f0
.text C:\Windows\system32\lsm.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007798fd40 5 bytes JMP 0000000077af0230
.text C:\Windows\system32\lsm.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007798ff00 5 bytes JMP 0000000077af0480
.text C:\Windows\system32\lsm.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007798ff30 5 bytes JMP 0000000077af03a0
.text C:\Windows\system32\lsm.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077990010 5 bytes JMP 0000000077af02f0
.text C:\Windows\system32\lsm.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077990020 5 bytes JMP 0000000077af0350
.text C:\Windows\system32\lsm.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077990080 5 bytes JMP 0000000077af0290
.text C:\Windows\system32\lsm.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077990110 5 bytes JMP 0000000077af02b0
.text C:\Windows\system32\lsm.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077990130 5 bytes JMP 0000000077af03d0
.text C:\Windows\system32\lsm.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077990140 5 bytes JMP 0000000077af0330
.text C:\Windows\system32\lsm.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779901b0 5 bytes JMP 0000000077af0410
.text C:\Windows\system32\lsm.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779901e0 5 bytes JMP 0000000077af0240
.text C:\Windows\system32\lsm.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779904a0 5 bytes JMP 0000000077af01e0
.text C:\Windows\system32\lsm.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077990560 5 bytes JMP 0000000077af0250
.text C:\Windows\system32\lsm.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077990590 5 bytes JMP 0000000077af0490
.text C:\Windows\system32\lsm.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779905a0 5 bytes JMP 0000000077af04a0
.text C:\Windows\system32\lsm.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779905d0 5 bytes JMP 0000000077af0300
.text C:\Windows\system32\lsm.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779905e0 5 bytes JMP 0000000077af0360
.text C:\Windows\system32\lsm.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077990640 5 bytes JMP 0000000077af02a0
.text C:\Windows\system32\lsm.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077990690 5 bytes JMP 0000000077af02c0
.text C:\Windows\system32\lsm.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779906c0 5 bytes JMP 0000000077af0380
.text C:\Windows\system32\lsm.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779906d0 5 bytes JMP 0000000077af0340
.text C:\Windows\system32\lsm.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779909c0 5 bytes JMP 0000000077af0440
.text C:\Windows\system32\lsm.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077990bc0 5 bytes JMP 0000000077af0260
.text C:\Windows\system32\lsm.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077990bd0 5 bytes JMP 0000000077af0270
.text C:\Windows\system32\lsm.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077990be0 5 bytes JMP 0000000077af0400
.text C:\Windows\system32\lsm.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077990da0 5 bytes JMP 0000000077af01f0
.text C:\Windows\system32\lsm.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077990db0 5 bytes JMP 0000000077af0210
.text C:\Windows\system32\lsm.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077990e20 5 bytes JMP 0000000077af0200
.text C:\Windows\system32\lsm.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077990e80 5 bytes JMP 0000000077af0420
.text C:\Windows\system32\lsm.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077990e90 5 bytes JMP 0000000077af0430
.text C:\Windows\system32\lsm.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077990ea0 5 bytes JMP 0000000077af0220
.text C:\Windows\system32\lsm.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077990f80 5 bytes JMP 0000000077af0280
.text C:\Windows\system32\winlogon.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007798f760 5 bytes JMP 0000000077af0460
.text C:\Windows\system32\winlogon.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007798f7b0 5 bytes JMP 0000000077af0450
.text C:\Windows\system32\winlogon.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007798f910 5 bytes JMP 0000000077af0370
.text C:\Windows\system32\winlogon.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007798f960 5 bytes JMP 0000000077af0470
.text C:\Windows\system32\winlogon.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007798f970 5 bytes JMP 0000000077af03e0
.text C:\Windows\system32\winlogon.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007798fa20 5 bytes JMP 0000000077af0320
.text C:\Windows\system32\winlogon.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007798fa50 5 bytes JMP 0000000077af03b0
.text C:\Windows\system32\winlogon.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007798fa70 5 bytes JMP 0000000077af0390
.text C:\Windows\system32\winlogon.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007798fab0 5 bytes JMP 0000000077af02e0
.text C:\Windows\system32\winlogon.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007798fb30 5 bytes JMP 0000000077af02d0
.text C:\Windows\system32\winlogon.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007798fb50 5 bytes JMP 0000000077af0310
.text C:\Windows\system32\winlogon.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007798fb90 5 bytes JMP 0000000077af03c0
.text C:\Windows\system32\winlogon.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007798fbe0 5 bytes JMP 0000000077af03f0
.text C:\Windows\system32\winlogon.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007798fd40 5 bytes JMP 0000000077af0230
.text C:\Windows\system32\winlogon.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007798ff00 5 bytes JMP 0000000077af0480
.text C:\Windows\system32\winlogon.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007798ff30 5 bytes JMP 0000000077af03a0
.text C:\Windows\system32\winlogon.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077990010 5 bytes JMP 0000000077af02f0
.text C:\Windows\system32\winlogon.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077990020 5 bytes JMP 0000000077af0350
.text C:\Windows\system32\winlogon.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077990080 5 bytes JMP 0000000077af0290
.text C:\Windows\system32\winlogon.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077990110 5 bytes JMP 0000000077af02b0
.text C:\Windows\system32\winlogon.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077990130 5 bytes JMP 0000000077af03d0
.text C:\Windows\system32\winlogon.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077990140 5 bytes JMP 0000000077af0330
.text C:\Windows\system32\winlogon.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779901b0 5 bytes JMP 0000000077af0410
.text C:\Windows\system32\winlogon.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779901e0 5 bytes JMP 0000000077af0240
.text C:\Windows\system32\winlogon.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779904a0 5 bytes JMP 0000000077af01e0
.text C:\Windows\system32\winlogon.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077990560 5 bytes JMP 0000000077af0250
.text C:\Windows\system32\winlogon.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077990590 5 bytes JMP 0000000077af0490
.text C:\Windows\system32\winlogon.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779905a0 5 bytes JMP 0000000077af04a0
.text C:\Windows\system32\winlogon.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779905d0 5 bytes JMP 0000000077af0300
.text C:\Windows\system32\winlogon.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779905e0 5 bytes JMP 0000000077af0360
.text C:\Windows\system32\winlogon.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077990640 5 bytes JMP 0000000077af02a0
.text C:\Windows\system32\winlogon.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077990690 5 bytes JMP 0000000077af02c0
.text C:\Windows\system32\winlogon.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779906c0 5 bytes JMP 0000000077af0380
.text C:\Windows\system32\winlogon.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779906d0 5 bytes JMP 0000000077af0340
.text C:\Windows\system32\winlogon.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779909c0 5 bytes JMP 0000000077af0440
.text C:\Windows\system32\winlogon.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077990bc0 5 bytes JMP 0000000077af0260
.text C:\Windows\system32\winlogon.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077990bd0 5 bytes JMP 0000000077af0270
.text C:\Windows\system32\winlogon.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077990be0 5 bytes JMP 0000000077af0400
.text C:\Windows\system32\winlogon.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077990da0 5 bytes JMP 0000000077af01f0
.text C:\Windows\system32\winlogon.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077990db0 5 bytes JMP 0000000077af0210
.text C:\Windows\system32\winlogon.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077990e20 5 bytes JMP 0000000077af0200
.text C:\Windows\system32\winlogon.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077990e80 5 bytes JMP 0000000077af0420
.text C:\Windows\system32\winlogon.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077990e90 5 bytes JMP 0000000077af0430
.text C:\Windows\system32\winlogon.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077990ea0 5 bytes JMP 0000000077af0220
.text C:\Windows\system32\winlogon.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077990f80 5 bytes JMP 0000000077af0280
.text C:\Windows\system32\winlogon.exe[668] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007777f1fd 1 byte [62]
.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007798f760 5 bytes JMP 0000000077af0460
.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007798f7b0 5 bytes JMP 0000000077af0450
.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007798f910 5 bytes JMP 0000000077af0370
.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007798f960 5 bytes JMP 0000000077af0470
.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007798f970 5 bytes JMP 0000000077af03e0
.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007798fa20 5 bytes JMP 0000000077af0320
.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007798fa50 5 bytes JMP 0000000077af03b0
.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007798fa70 5 bytes JMP 0000000077af0390
.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007798fab0 5 bytes JMP 0000000077af02e0
.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007798fb30 5 bytes JMP 0000000077af02d0
.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007798fb50 5 bytes JMP 0000000077af0310
.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007798fb90 5 bytes JMP 0000000077af03c0
.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007798fbe0 5 bytes JMP 0000000077af03f0
.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007798fd40 5 bytes JMP 0000000077af0230
.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007798ff00 5 bytes JMP 0000000077af0480
.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007798ff30 5 bytes JMP 0000000077af03a0
.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077990010 5 bytes JMP 0000000077af02f0
.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077990020 5 bytes JMP 0000000077af0350
.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077990080 5 bytes JMP 0000000077af0290
.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077990110 5 bytes JMP 0000000077af02b0
.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077990130 5 bytes JMP 0000000077af03d0
.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077990140 5 bytes JMP 0000000077af0330
.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779901b0 5 bytes JMP 0000000077af0410
.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779901e0 5 bytes JMP 0000000077af0240
.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779904a0 5 bytes JMP 0000000077af01e0
.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077990560 5 bytes JMP 0000000077af0250
.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077990590 5 bytes JMP 0000000077af0490
.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779905a0 5 bytes JMP 0000000077af04a0
.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779905d0 5 bytes JMP 0000000077af0300
.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779905e0 5 bytes JMP 0000000077af0360
.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077990640 5 bytes JMP 0000000077af02a0
.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077990690 5 bytes JMP 0000000077af02c0
.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779906c0 5 bytes JMP 0000000077af0380
.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779906d0 5 bytes JMP 0000000077af0340
.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779909c0 5 bytes JMP 0000000077af0440
.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077990bc0 5 bytes JMP 0000000077af0260
.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077990bd0 5 bytes JMP 0000000077af0270
.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077990be0 5 bytes JMP 0000000077af0400
.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077990da0 5 bytes JMP 0000000077af01f0
.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077990db0 5 bytes JMP 0000000077af0210
.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077990e20 5 bytes JMP 0000000077af0200
.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077990e80 5 bytes JMP 0000000077af0420
.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077990e90 5 bytes JMP 0000000077af0430
.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077990ea0 5 bytes JMP 0000000077af0220
.text C:\Windows\system32\svchost.exe[788] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077990f80 5 bytes JMP 0000000077af0280
.text C:\Windows\system32\svchost.exe[788] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007777f1fd 1 byte [62]
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007798f760 5 bytes JMP 0000000077af0460
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007798f7b0 5 bytes JMP 0000000077af0450
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007798f910 5 bytes JMP 0000000077af0370
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007798f960 5 bytes JMP 0000000077af0470
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007798f970 5 bytes JMP 0000000077af03e0
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007798fa20 5 bytes JMP 0000000077af0320
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007798fa50 5 bytes JMP 0000000077af03b0
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007798fa70 5 bytes JMP 0000000077af0390
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007798fab0 5 bytes JMP 0000000077af02e0
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007798fb30 5 bytes JMP 0000000077af02d0
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007798fb50 5 bytes JMP 0000000077af0310
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007798fb90 5 bytes JMP 0000000077af03c0
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007798fbe0 5 bytes JMP 0000000077af03f0
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007798fd40 5 bytes JMP 0000000077af0230
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007798ff00 5 bytes JMP 0000000077af0480
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007798ff30 5 bytes JMP 0000000077af03a0
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077990010 5 bytes JMP 0000000077af02f0
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077990020 5 bytes JMP 0000000077af0350
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077990080 5 bytes JMP 0000000077af0290
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077990110 5 bytes JMP 0000000077af02b0
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077990130 5 bytes JMP 0000000077af03d0
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077990140 5 bytes JMP 0000000077af0330
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779901b0 5 bytes JMP 0000000077af0410
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779901e0 5 bytes JMP 0000000077af0240
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779904a0 5 bytes JMP 0000000077af01e0
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077990560 5 bytes JMP 0000000077af0250
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077990590 5 bytes JMP 0000000077af0490
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779905a0 5 bytes JMP 0000000077af04a0
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779905d0 5 bytes JMP 0000000077af0300
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779905e0 5 bytes JMP 0000000077af0360
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077990640 5 bytes JMP 0000000077af02a0
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077990690 5 bytes JMP 0000000077af02c0
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779906c0 5 bytes JMP 0000000077af0380
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779906d0 5 bytes JMP 0000000077af0340
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779909c0 5 bytes JMP 0000000077af0440
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077990bc0 5 bytes JMP 0000000077af0260
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077990bd0 5 bytes JMP 0000000077af0270
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077990be0 5 bytes JMP 0000000077af0400
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077990da0 5 bytes JMP 0000000077af01f0
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077990db0 5 bytes JMP 0000000077af0210
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077990e20 5 bytes JMP 0000000077af0200
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077990e80 5 bytes JMP 0000000077af0420
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077990e90 5 bytes JMP 0000000077af0430
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077990ea0 5 bytes JMP 0000000077af0220
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077990f80 5 bytes JMP 0000000077af0280
.text C:\Windows\system32\svchost.exe[888] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007777f1fd 1 byte [62]
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007798f760 5 bytes JMP 0000000077af0460
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007798f7b0 5 bytes JMP 0000000077af0450
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007798f910 5 bytes JMP 0000000077af0370
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007798f960 5 bytes JMP 0000000077af0470
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007798f970 5 bytes JMP 0000000077af03e0
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007798fa20 5 bytes JMP 0000000077af0320
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007798fa50 5 bytes JMP 0000000077af03b0
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007798fa70 5 bytes JMP 0000000077af0390
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007798fab0 5 bytes JMP 0000000077af02e0
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007798fb30 5 bytes JMP 0000000077af02d0
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007798fb50 5 bytes JMP 0000000077af0310
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007798fb90 5 bytes JMP 0000000077af03c0
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007798fbe0 5 bytes JMP 0000000077af03f0
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007798fd40 5 bytes JMP 0000000077af0230
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007798ff00 5 bytes JMP 0000000077af0480
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007798ff30 5 bytes JMP 0000000077af03a0
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077990010 5 bytes JMP 0000000077af02f0
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077990020 5 bytes JMP 0000000077af0350
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077990080 5 bytes JMP 0000000077af0290
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077990110 5 bytes JMP 0000000077af02b0
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077990130 5 bytes JMP 0000000077af03d0
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077990140 5 bytes JMP 0000000077af0330
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779901b0 5 bytes JMP 0000000077af0410
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779901e0 5 bytes JMP 0000000077af0240
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779904a0 5 bytes JMP 0000000077af01e0
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077990560 5 bytes JMP 0000000077af0250
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077990590 5 bytes JMP 0000000077af0490
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779905a0 5 bytes JMP 0000000077af04a0
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779905d0 5 bytes JMP 0000000077af0300
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779905e0 5 bytes JMP 0000000077af0360
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077990640 5 bytes JMP 0000000077af02a0
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077990690 5 bytes JMP 0000000077af02c0
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779906c0 5 bytes JMP 0000000077af0380
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779906d0 5 bytes JMP 0000000077af0340
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779909c0 5 bytes JMP 0000000077af0440
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077990bc0 5 bytes JMP 0000000077af0260
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077990bd0 5 bytes JMP 0000000077af0270
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077990be0 5 bytes JMP 0000000077af0400
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077990da0 5 bytes JMP 0000000077af01f0
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077990db0 5 bytes JMP 0000000077af0210
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077990e20 5 bytes JMP 0000000077af0200
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077990e80 5 bytes JMP 0000000077af0420
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077990e90 5 bytes JMP 0000000077af0430
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077990ea0 5 bytes JMP 0000000077af0220
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077990f80 5 bytes JMP 0000000077af0280
.text C:\Windows\system32\atiesrxx.exe[936] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007777f1fd 1 byte [62]
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007798f760 5 bytes JMP 0000000077af0460
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007798f7b0 5 bytes JMP 0000000077af0450
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007798f910 5 bytes JMP 0000000077af0370
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007798f960 5 bytes JMP 0000000077af0470
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007798f970 5 bytes JMP 0000000077af03e0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007798fa20 5 bytes JMP 0000000077af0320
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007798fa50 5 bytes JMP 0000000077af03b0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007798fa70 5 bytes JMP 0000000077af0390
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007798fab0 5 bytes JMP 0000000077af02e0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007798fb30 5 bytes JMP 0000000077af02d0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007798fb50 5 bytes JMP 0000000077af0310
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007798fb90 5 bytes JMP 0000000077af03c0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007798fbe0 5 bytes JMP 0000000077af03f0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007798fd40 5 bytes JMP 0000000077af0230
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort
|
|
24.04.2014, 15:15
| #5 |
| | Windows 7 HP - Win32:Dropper-gen - Softronic uninstall.exe als Bedrohung gefunden gmer Teil2: Code:
ATTFilter 000000007798ff00 5 bytes JMP 0000000077af0480
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007798ff30 5 bytes JMP 0000000077af03a0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077990010 5 bytes JMP 0000000077af02f0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077990020 5 bytes JMP 0000000077af0350
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077990080 5 bytes JMP 0000000077af0290
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077990110 5 bytes JMP 0000000077af02b0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077990130 5 bytes JMP 0000000077af03d0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077990140 5 bytes JMP 0000000077af0330
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779901b0 5 bytes JMP 0000000077af0410
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779901e0 5 bytes JMP 0000000077af0240
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779904a0 5 bytes JMP 0000000077af01e0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077990560 5 bytes JMP 0000000077af0250
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077990590 5 bytes JMP 0000000077af0490
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779905a0 5 bytes JMP 0000000077af04a0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779905d0 5 bytes JMP 0000000077af0300
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779905e0 5 bytes JMP 0000000077af0360
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077990640 5 bytes JMP 0000000077af02a0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077990690 5 bytes JMP 0000000077af02c0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779906c0 5 bytes JMP 0000000077af0380
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779906d0 5 bytes JMP 0000000077af0340
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779909c0 5 bytes JMP 0000000077af0440
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077990bc0 5 bytes JMP 0000000077af0260
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077990bd0 5 bytes JMP 0000000077af0270
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077990be0 5 bytes JMP 0000000077af0400
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077990da0 5 bytes JMP 0000000077af01f0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077990db0 5 bytes JMP 0000000077af0210
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077990e20 5 bytes JMP 0000000077af0200
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077990e80 5 bytes JMP 0000000077af0420
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077990e90 5 bytes JMP 0000000077af0430
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077990ea0 5 bytes JMP 0000000077af0220
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077990f80 5 bytes JMP 0000000077af0280
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007777f1fd 1 byte [62]
.text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007798f760 5 bytes JMP 0000000077af0460
.text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007798f7b0 5 bytes JMP 0000000077af0450
.text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007798f910 5 bytes JMP 0000000077af0370
.text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007798f960 5 bytes JMP 0000000077af0470
.text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007798f970 5 bytes JMP 0000000077af03e0
.text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007798fa20 5 bytes JMP 0000000077af0320
.text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007798fa50 5 bytes JMP 0000000077af03b0
.text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007798fa70 5 bytes JMP 0000000077af0390
.text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007798fab0 5 bytes JMP 0000000077af02e0
.text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007798fb30 5 bytes JMP 0000000077af02d0
.text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007798fb50 5 bytes JMP 0000000077af0310
.text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007798fb90 5 bytes JMP 0000000077af03c0
.text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007798fbe0 5 bytes JMP 0000000077af03f0
.text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007798fd40 5 bytes JMP 0000000077af0230
.text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007798ff00 5 bytes JMP 0000000077af0480
.text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007798ff30 5 bytes JMP 0000000077af03a0
.text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077990010 5 bytes JMP 0000000077af02f0
.text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077990020 5 bytes JMP 0000000077af0350
.text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077990080 5 bytes JMP 0000000077af0290
.text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077990110 5 bytes JMP 0000000077af02b0
.text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077990130 5 bytes JMP 0000000077af03d0
.text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077990140 5 bytes JMP 0000000077af0330
.text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779901b0 5 bytes JMP 0000000077af0410
.text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779901e0 5 bytes JMP 0000000077af0240
.text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779904a0 5 bytes JMP 0000000077af01e0
.text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077990560 5 bytes JMP 0000000077af0250
.text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077990590 5 bytes JMP 0000000077af0490
.text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779905a0 5 bytes JMP 0000000077af04a0
.text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779905d0 5 bytes JMP 0000000077af0300
.text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779905e0 5 bytes JMP 0000000077af0360
.text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077990640 5 bytes JMP 0000000077af02a0
.text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077990690 5 bytes JMP 0000000077af02c0
.text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779906c0 5 bytes JMP 0000000077af0380
.text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779906d0 5 bytes JMP 0000000077af0340
.text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779909c0 5 bytes JMP 0000000077af0440
.text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077990bc0 5 bytes JMP 0000000077af0260
.text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077990bd0 5 bytes JMP 0000000077af0270
.text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077990be0 5 bytes JMP 0000000077af0400
.text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077990da0 5 bytes JMP 0000000077af01f0
.text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077990db0 5 bytes JMP 0000000077af0210
.text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077990e20 5 bytes JMP 0000000077af0200
.text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077990e80 5 bytes JMP 0000000077af0420
.text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077990e90 5 bytes JMP 0000000077af0430
.text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077990ea0 5 bytes JMP 0000000077af0220
.text C:\Windows\System32\svchost.exe[380] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077990f80 5 bytes JMP 0000000077af0280
.text C:\Windows\System32\svchost.exe[380] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007777f1fd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007798f760 5 bytes JMP 0000000077af0460
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007798f7b0 5 bytes JMP 0000000077af0450
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007798f910 5 bytes JMP 0000000077af0370
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007798f960 5 bytes JMP 0000000077af0470
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007798f970 5 bytes JMP 0000000077af03e0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007798fa20 5 bytes JMP 0000000077af0320
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007798fa50 5 bytes JMP 0000000077af03b0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007798fa70 5 bytes JMP 0000000077af0390
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007798fab0 5 bytes JMP 0000000077af02e0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007798fb30 5 bytes JMP 0000000077af02d0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007798fb50 5 bytes JMP 0000000077af0310
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007798fb90 5 bytes JMP 0000000077af03c0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007798fbe0 5 bytes JMP 0000000077af03f0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007798fd40 5 bytes JMP 0000000077af0230
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007798ff00 5 bytes JMP 0000000077af0480
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007798ff30 5 bytes JMP 0000000077af03a0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077990010 5 bytes JMP 0000000077af02f0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077990020 5 bytes JMP 0000000077af0350
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077990080 5 bytes JMP 0000000077af0290
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077990110 5 bytes JMP 0000000077af02b0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077990130 5 bytes JMP 0000000077af03d0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077990140 5 bytes JMP 0000000077af0330
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779901b0 5 bytes JMP 0000000077af0410
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779901e0 5 bytes JMP 0000000077af0240
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779904a0 5 bytes JMP 0000000077af01e0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077990560 5 bytes JMP 0000000077af0250
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077990590 5 bytes JMP 0000000077af0490
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779905a0 5 bytes JMP 0000000077af04a0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779905d0 5 bytes JMP 0000000077af0300
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779905e0 5 bytes JMP 0000000077af0360
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077990640 5 bytes JMP 0000000077af02a0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077990690 5 bytes JMP 0000000077af02c0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779906c0 5 bytes JMP 0000000077af0380
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779906d0 5 bytes JMP 0000000077af0340
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779909c0 5 bytes JMP 0000000077af0440
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077990bc0 5 bytes JMP 0000000077af0260
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077990bd0 5 bytes JMP 0000000077af0270
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077990be0 5 bytes JMP 0000000077af0400
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077990da0 5 bytes JMP 0000000077af01f0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077990db0 5 bytes JMP 0000000077af0210
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077990e20 5 bytes JMP 0000000077af0200
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077990e80 5 bytes JMP 0000000077af0420
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077990e90 5 bytes JMP 0000000077af0430
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077990ea0 5 bytes JMP 0000000077af0220
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077990f80 5 bytes JMP 0000000077af0280
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007777f1fd 1 byte [62]
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007798f760 5 bytes JMP 0000000077af0460
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007798f7b0 5 bytes JMP 0000000077af0450
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007798f910 5 bytes JMP 0000000077af0370
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007798f960 5 bytes JMP 0000000077af0470
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007798f970 5 bytes JMP 0000000077af03e0
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007798fa20 5 bytes JMP 0000000077af0320
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007798fa50 5 bytes JMP 0000000077af03b0
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007798fa70 5 bytes JMP 0000000077af0390
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007798fab0 5 bytes JMP 0000000077af02e0
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007798fb30 5 bytes JMP 0000000077af02d0
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007798fb50 5 bytes JMP 0000000077af0310
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007798fb90 5 bytes JMP 0000000077af03c0
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007798fbe0 5 bytes JMP 0000000077af03f0
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007798fd40 5 bytes JMP 0000000077af0230
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007798ff00 5 bytes JMP 0000000077af0480
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007798ff30 5 bytes JMP 0000000077af03a0
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077990010 5 bytes JMP 0000000077af02f0
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077990020 5 bytes JMP 0000000077af0350
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077990080 5 bytes JMP 0000000077af0290
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077990110 5 bytes JMP 0000000077af02b0
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077990130 5 bytes JMP 0000000077af03d0
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077990140 5 bytes JMP 0000000077af0330
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779901b0 5 bytes JMP 0000000077af0410
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779901e0 5 bytes JMP 0000000077af0240
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779904a0 5 bytes JMP 0000000077af01e0
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077990560 5 bytes JMP 0000000077af0250
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077990590 5 bytes JMP 0000000077af0490
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779905a0 5 bytes JMP 0000000077af04a0
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779905d0 5 bytes JMP 0000000077af0300
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779905e0 5 bytes JMP 0000000077af0360
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077990640 5 bytes JMP 0000000077af02a0
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077990690 5 bytes JMP 0000000077af02c0
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779906c0 5 bytes JMP 0000000077af0380
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779906d0 5 bytes JMP 0000000077af0340
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779909c0 5 bytes JMP 0000000077af0440
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077990bc0 5 bytes JMP 0000000077af0260
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077990bd0 5 bytes JMP 0000000077af0270
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077990be0 5 bytes JMP 0000000077af0400
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077990da0 5 bytes JMP 0000000077af01f0
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077990db0 5 bytes JMP 0000000077af0210
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077990e20 5 bytes JMP 0000000077af0200
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077990e80 5 bytes JMP 0000000077af0420
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077990e90 5 bytes JMP 0000000077af0430
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077990ea0 5 bytes JMP 0000000077af0220
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077990f80 5 bytes JMP 0000000077af0280
.text C:\Windows\system32\atieclxx.exe[1144] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007777f1fd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007798f760 5 bytes JMP 0000000077af0460
.text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007798f7b0 5 bytes JMP 0000000077af0450
.text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007798f910 5 bytes JMP 0000000077af0370
.text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007798f960 5 bytes JMP 0000000077af0470
.text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007798f970 5 bytes JMP 0000000077af03e0
.text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007798fa20 5 bytes JMP 0000000077af0320
.text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007798fa50 5 bytes JMP 0000000077af03b0
.text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007798fa70 5 bytes JMP 0000000077af0390
.text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007798fab0 5 bytes JMP 0000000077af02e0
.text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007798fb30 5 bytes JMP 0000000077af02d0
.text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007798fb50 5 bytes JMP 0000000077af0310
.text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007798fb90 5 bytes JMP 0000000077af03c0
.text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007798fbe0 5 bytes JMP 0000000077af03f0
.text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007798fd40 5 bytes JMP 0000000077af0230
.text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007798ff00 5 bytes JMP 0000000077af0480
.text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007798ff30 5 bytes JMP 0000000077af03a0
.text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077990010 5 bytes JMP 0000000077af02f0
.text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077990020 5 bytes JMP 0000000077af0350
.text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077990080 5 bytes JMP 0000000077af0290
.text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077990110 5 bytes JMP 0000000077af02b0
.text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077990130 5 bytes JMP 0000000077af03d0
.text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077990140 5 bytes JMP 0000000077af0330
.text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779901b0 5 bytes JMP 0000000077af0410
.text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779901e0 5 bytes JMP 0000000077af0240
.text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779904a0 5 bytes JMP 0000000077af01e0
.text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077990560 5 bytes JMP 0000000077af0250
.text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077990590 5 bytes JMP 0000000077af0490
.text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779905a0 5 bytes JMP 0000000077af04a0
.text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779905d0 5 bytes JMP 0000000077af0300
.text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779905e0 5 bytes JMP 0000000077af0360
.text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077990640 5 bytes JMP 0000000077af02a0
.text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077990690 5 bytes JMP 0000000077af02c0
.text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779906c0 5 bytes JMP 0000000077af0380
.text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779906d0 5 bytes JMP 0000000077af0340
.text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779909c0 5 bytes JMP 0000000077af0440
.text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077990bc0 5 bytes JMP 0000000077af0260
.text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077990bd0 5 bytes JMP 0000000077af0270
.text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077990be0 5 bytes JMP 0000000077af0400
.text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077990da0 5 bytes JMP 0000000077af01f0
.text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077990db0 5 bytes JMP 0000000077af0210
.text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077990e20 5 bytes JMP 0000000077af0200
.text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077990e80 5 bytes JMP 0000000077af0420
.text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077990e90 5 bytes JMP 0000000077af0430
.text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077990ea0 5 bytes JMP 0000000077af0220
.text C:\Windows\system32\svchost.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077990f80 5 bytes JMP 0000000077af0280
.text C:\Windows\system32\svchost.exe[1192] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007777f1fd 1 byte [62]
.text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007798f760 5 bytes JMP 0000000077af0460
.text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007798f7b0 5 bytes JMP 0000000077af0450
.text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007798f910 5 bytes JMP 0000000077af0370
.text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007798f960 5 bytes JMP 0000000077af0470
.text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007798f970 5 bytes JMP 0000000077af03e0
.text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007798fa20 5 bytes JMP 0000000077af0320
.text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007798fa50 5 bytes JMP 0000000077af03b0
.text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007798fa70 5 bytes JMP 0000000077af0390
.text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007798fab0 5 bytes JMP 0000000077af02e0
.text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007798fb30 5 bytes JMP 0000000077af02d0
.text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007798fb50 5 bytes JMP 0000000077af0310
.text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007798fb90 5 bytes JMP 0000000077af03c0
.text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007798fbe0 5 bytes JMP 0000000077af03f0
.text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007798fd40 5 bytes JMP 0000000077af0230
.text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007798ff00 5 bytes JMP 0000000077af0480
.text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007798ff30 5 bytes JMP 0000000077af03a0
.text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077990010 5 bytes JMP 0000000077af02f0
.text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077990020 5 bytes JMP 0000000077af0350
.text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077990080 5 bytes JMP 0000000077af0290
.text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077990110 5 bytes JMP 0000000077af02b0
.text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077990130 5 bytes JMP 0000000077af03d0
.text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077990140 5 bytes JMP 0000000077af0330
.text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779901b0 5 bytes JMP 0000000077af0410
.text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779901e0 5 bytes JMP 0000000077af0240
.text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779904a0 5 bytes JMP 0000000077af01e0
.text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077990560 5 bytes JMP 0000000077af0250
.text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077990590 5 bytes JMP 0000000077af0490
.text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779905a0 5 bytes JMP 0000000077af04a0
.text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779905d0 5 bytes JMP 0000000077af0300
.text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779905e0 5 bytes JMP 0000000077af0360
.text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077990640 5 bytes JMP 0000000077af02a0
.text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077990690 5 bytes JMP 0000000077af02c0
.text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779906c0 5 bytes JMP 0000000077af0380
.text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779906d0 5 bytes JMP 0000000077af0340
.text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779909c0 5 bytes JMP 0000000077af0440
.text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077990bc0 5 bytes JMP 0000000077af0260
.text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077990bd0 5 bytes JMP 0000000077af0270
.text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077990be0 5 bytes JMP 0000000077af0400
.text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077990da0 5 bytes JMP 0000000077af01f0
.text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077990db0 5 bytes JMP 0000000077af0210
.text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077990e20 5 bytes JMP 0000000077af0200
.text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077990e80 5 bytes JMP 0000000077af0420
.text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077990e90 5 bytes JMP 0000000077af0430
.text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077990ea0 5 bytes JMP 0000000077af0220
.text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077990f80 5 bytes JMP 0000000077af0280
.text C:\Windows\system32\WLANExt.exe[1352] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007777f1fd 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007798f760 5 bytes JMP 0000000077af0460
.text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007798f7b0 5 bytes JMP 0000000077af0450
.text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007798f910 5 bytes JMP 0000000077af0370
.text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007798f960 5 bytes JMP 0000000077af0470
.text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007798f970 5 bytes JMP 0000000077af03e0
.text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007798fa20 5 bytes JMP 0000000077af0320
.text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007798fa50 5 bytes JMP 0000000077af03b0
.text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007798fa70 5 bytes JMP 0000000077af0390
.text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007798fab0 5 bytes JMP 0000000077af02e0
.text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007798fb30 5 bytes JMP 0000000077af02d0
.text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007798fb50 5 bytes JMP 0000000077af0310
.text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007798fb90 5 bytes JMP 0000000077af03c0
.text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007798fbe0 5 bytes JMP 0000000077af03f0
.text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007798fd40 5 bytes JMP 0000000077af0230
.text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007798ff00 5 bytes JMP 0000000077af0480
.text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007798ff30 5 bytes JMP 0000000077af03a0
.text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077990010 5 bytes JMP 0000000077af02f0
.text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077990020 5 bytes JMP 0000000077af0350
.text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077990080 5 bytes JMP 0000000077af0290
.text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077990110 5 bytes JMP 0000000077af02b0
.text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077990130 5 bytes JMP 0000000077af03d0
.text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077990140 5 bytes JMP 0000000077af0330
.text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779901b0 5 bytes JMP 0000000077af0410
.text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779901e0 5 bytes JMP 0000000077af0240
.text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779904a0 5 bytes JMP 0000000077af01e0
.text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077990560 5 bytes JMP 0000000077af0250
.text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077990590 5 bytes JMP 0000000077af0490
.text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779905a0 5 bytes JMP 0000000077af04a0
.text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779905d0 5 bytes JMP 0000000077af0300
.text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779905e0 5 bytes JMP 0000000077af0360
.text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077990640 5 bytes JMP 0000000077af02a0
.text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077990690 5 bytes JMP 0000000077af02c0
.text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779906c0 5 bytes JMP 0000000077af0380
.text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779906d0 5 bytes JMP 0000000077af0340
.text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779909c0 5 bytes JMP 0000000077af0440
.text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077990bc0 5 bytes JMP 0000000077af0260
.text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077990bd0 5 bytes JMP 0000000077af0270
.text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077990be0 5 bytes JMP 0000000077af0400
.text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077990da0 5 bytes JMP 0000000077af01f0
.text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077990db0 5 bytes JMP 0000000077af0210
.text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077990e20 5 bytes JMP 0000000077af0200
.text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077990e80 5 bytes JMP 0000000077af0420
.text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077990e90 5 bytes JMP 0000000077af0430
.text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077990ea0 5 bytes JMP 0000000077af0220
.text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077990f80 5 bytes JMP 0000000077af0280
.text C:\Windows\System32\spoolsv.exe[1576] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007777f1fd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007798f760 5 bytes JMP 0000000077af0460
.text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007798f7b0 5 bytes JMP 0000000077af0450
.text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007798f910 5 bytes JMP 0000000077af0370
.text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007798f960 5 bytes JMP 0000000077af0470
.text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007798f970 5 bytes JMP 0000000077af03e0
.text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007798fa20 5 bytes JMP 0000000077af0320
.text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007798fa50 5 bytes JMP 0000000077af03b0
.text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007798fa70 5 bytes JMP 0000000077af0390
.text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007798fab0 5 bytes JMP 0000000077af02e0
.text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007798fb30 5 bytes JMP 0000000077af02d0
.text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007798fb50 5 bytes JMP 0000000077af0310
.text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007798fb90 5 bytes JMP 0000000077af03c0
.text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007798fbe0 5 bytes JMP 0000000077af03f0
.text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007798fd40 5 bytes JMP 0000000077af0230
.text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007798ff00 5 bytes JMP 0000000077af0480
.text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007798ff30 5 bytes JMP 0000000077af03a0
.text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077990010 5 bytes JMP 0000000077af02f0
.text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077990020 5 bytes JMP 0000000077af0350
.text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077990080 5 bytes JMP 0000000077af0290
.text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077990110 5 bytes JMP 0000000077af02b0
.text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077990130 5 bytes JMP 0000000077af03d0
.text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077990140 5 bytes JMP 0000000077af0330
.text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779901b0 5 bytes JMP 0000000077af0410
.text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779901e0 5 bytes JMP 0000000077af0240
.text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779904a0 5 bytes JMP 0000000077af01e0
.text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077990560 5 bytes JMP 0000000077af0250
.text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077990590 5 bytes JMP 0000000077af0490
.text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779905a0 5 bytes JMP 0000000077af04a0
.text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779905d0 5 bytes JMP 0000000077af0300
.text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779905e0 5 bytes JMP 0000000077af0360
.text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077990640 5 bytes JMP 0000000077af02a0
.text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077990690 5 bytes JMP 0000000077af02c0
.text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779906c0 5 bytes JMP 0000000077af0380
.text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779906d0 5 bytes JMP 0000000077af0340
.text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779909c0 5 bytes JMP 0000000077af0440
.text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077990bc0 5 bytes JMP 0000000077af0260
.text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077990bd0 5 bytes JMP 0000000077af0270
.text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077990be0 5 bytes JMP 0000000077af0400
.text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077990da0 5 bytes JMP 0000000077af01f0
.text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077990db0 5 bytes JMP 0000000077af0210
.text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077990e20 5 bytes JMP 0000000077af0200
.text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077990e80 5 bytes JMP 0000000077af0420
.text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077990e90 5 bytes JMP 0000000077af0430
.text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077990ea0 5 bytes JMP 0000000077af0220
.text C:\Windows\system32\svchost.exe[1608] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077990f80 5 bytes JMP 0000000077af0280
.text C:\Windows\system32\svchost.exe[1608] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007777f1fd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007798f760 5 bytes JMP 0000000100070460
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007798f7b0 5 bytes JMP 0000000100070450
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007798f910 5 bytes JMP 0000000100070370
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007798f960 5 bytes JMP 0000000100070470
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007798f970 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007798fa20 5 bytes JMP 0000000100070320
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007798fa50 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007798fa70 5 bytes JMP 0000000100070390
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007798fab0 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007798fb30 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007798fb50 5 bytes JMP 0000000100070310
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007798fb90 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007798fbe0 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007798fd40 5 bytes JMP 0000000100070230
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007798ff00 5 bytes JMP 0000000100070480
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007798ff30 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077990010 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077990020 5 bytes JMP 0000000100070350
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077990080 5 bytes JMP 0000000100070290
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077990110 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077990130 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077990140 5 bytes JMP 0000000100070330
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779901b0 5 bytes JMP 0000000100070410
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779901e0 5 bytes JMP 0000000100070240
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779904a0 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077990560 5 bytes JMP 0000000100070250
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077990590 5 bytes JMP 0000000100070490
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779905a0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779905d0 5 bytes JMP 0000000100070300
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779905e0 5 bytes JMP 0000000100070360
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077990640 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077990690 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779906c0 5 bytes JMP 0000000100070380
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779906d0 5 bytes JMP 0000000100070340
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779909c0 5 bytes JMP 0000000100070440
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077990bc0 5 bytes JMP 0000000100070260
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077990bd0 5 bytes JMP 0000000100070270
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077990be0 5 bytes JMP 0000000100070400
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077990da0 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077990db0 5 bytes JMP 0000000100070210
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077990e20 5 bytes JMP 0000000100070200
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077990e80 5 bytes JMP 0000000100070420
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077990e90 5 bytes JMP 0000000100070430
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077990ea0 5 bytes JMP 0000000100070220
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077990f80 5 bytes JMP 0000000100070280
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007777f1fd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1736] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e4b0c5 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007798f760 5 bytes JMP 0000000077af0460
.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007798f7b0 5 bytes JMP 0000000077af0450
.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007798f910 5 bytes JMP 0000000077af0370
.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007798f960 5 bytes JMP 0000000077af0470
.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007798f970 5 bytes JMP 0000000077af03e0
.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007798fa20 5 bytes JMP 0000000077af0320
.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007798fa50 5 bytes JMP 0000000077af03b0
.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007798fa70 5 bytes JMP 0000000077af0390
.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007798fab0 5 bytes JMP 0000000077af02e0
.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007798fb30 5 bytes JMP 0000000077af02d0
.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007798fb50 5 bytes JMP 0000000077af0310
.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007798fb90 5 bytes JMP 0000000077af03c0
.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007798fbe0 5 bytes JMP 0000000077af03f0
.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007798fd40 5 bytes JMP 0000000077af0230
.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007798ff00 5 bytes JMP 0000000077af0480
.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007798ff30 5 bytes JMP 0000000077af03a0
.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077990010 5 bytes JMP 0000000077af02f0
.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077990020 5 bytes JMP 0000000077af0350
.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077990080 5 bytes JMP 0000000077af0290
.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077990110 5 bytes JMP 0000000077af02b0
.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077990130 5 bytes JMP 0000000077af03d0
.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077990140 5 bytes JMP 0000000077af0330
.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779901b0 5 bytes JMP 0000000077af0410
.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779901e0 5 bytes JMP 0000000077af0240
.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779904a0 5 bytes JMP 0000000077af01e0
.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077990560 5 bytes JMP 0000000077af0250
.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077990590 5 bytes JMP 0000000077af0490
.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779905a0 5 bytes JMP 0000000077af04a0
.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779905d0 5 bytes JMP 0000000077af0300
.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779905e0 5 bytes JMP 0000000077af0360
.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077990640 5 bytes JMP 0000000077af02a0
.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077990690 5 bytes JMP 0000000077af02c0
.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779906c0 5 bytes JMP 0000000077af0380
.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779906d0 5 bytes JMP 0000000077af0340
.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779909c0 5 bytes JMP 0000000077af0440
.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077990bc0 5 bytes JMP 0000000077af0260
.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077990bd0 5 bytes JMP 0000000077af0270
.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077990be0 5 bytes JMP 0000000077af0400
.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077990da0 5 bytes JMP 0000000077af01f0
.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077990db0 5 bytes JMP 0000000077af0210
.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077990e20 5 bytes JMP 0000000077af0200
.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077990e80 5 bytes JMP 0000000077af0420
.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077990e90 5 bytes JMP 0000000077af0430
.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077990ea0 5 bytes JMP 0000000077af0220
.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077990f80 5 bytes JMP 0000000077af0280
.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1756] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007777f1fd 1 byte [62]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[1776] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e4b0c5 1 byte [62]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[1776] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 69 00000000756e1465 2 bytes [6E, 75]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[1776] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 155 00000000756e14bb 2 bytes [6E, 75]
.text ...
|
|
24.04.2014, 15:16
| #6 |
| | Windows 7 HP - Win32:Dropper-gen - Softronic uninstall.exe als Bedrohung gefunden gmer Teil3: Code:
ATTFilter .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1844] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e4b0c5 1 byte [62]
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[552] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e4b0c5 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2056] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e4b0c5 1 byte [62]
.text C:\Windows\system32\taskhost.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007798f760 5 bytes JMP 0000000077af0460
.text C:\Windows\system32\taskhost.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007798f7b0 5 bytes JMP 0000000077af0450
.text C:\Windows\system32\taskhost.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007798f910 5 bytes JMP 0000000077af0370
.text C:\Windows\system32\taskhost.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007798f960 5 bytes JMP 0000000077af0470
.text C:\Windows\system32\taskhost.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007798f970 5 bytes JMP 0000000077af03e0
.text C:\Windows\system32\taskhost.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007798fa20 5 bytes JMP 0000000077af0320
.text C:\Windows\system32\taskhost.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007798fa50 5 bytes JMP 0000000077af03b0
.text C:\Windows\system32\taskhost.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007798fa70 5 bytes JMP 0000000077af0390
.text C:\Windows\system32\taskhost.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007798fab0 5 bytes JMP 0000000077af02e0
.text C:\Windows\system32\taskhost.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007798fb30 5 bytes JMP 0000000077af02d0
.text C:\Windows\system32\taskhost.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007798fb50 5 bytes JMP 0000000077af0310
.text C:\Windows\system32\taskhost.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007798fb90 5 bytes JMP 0000000077af03c0
.text C:\Windows\system32\taskhost.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007798fbe0 5 bytes JMP 0000000077af03f0
.text C:\Windows\system32\taskhost.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007798fd40 5 bytes JMP 0000000077af0230
.text C:\Windows\system32\taskhost.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007798ff00 5 bytes JMP 0000000077af0480
.text C:\Windows\system32\taskhost.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007798ff30 5 bytes JMP 0000000077af03a0
.text C:\Windows\system32\taskhost.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077990010 5 bytes JMP 0000000077af02f0
.text C:\Windows\system32\taskhost.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077990020 5 bytes JMP 0000000077af0350
.text C:\Windows\system32\taskhost.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077990080 5 bytes JMP 0000000077af0290
.text C:\Windows\system32\taskhost.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077990110 5 bytes JMP 0000000077af02b0
.text C:\Windows\system32\taskhost.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077990130 5 bytes JMP 0000000077af03d0
.text C:\Windows\system32\taskhost.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077990140 5 bytes JMP 0000000077af0330
.text C:\Windows\system32\taskhost.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779901b0 5 bytes JMP 0000000077af0410
.text C:\Windows\system32\taskhost.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779901e0 5 bytes JMP 0000000077af0240
.text C:\Windows\system32\taskhost.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779904a0 5 bytes JMP 0000000077af01e0
.text C:\Windows\system32\taskhost.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077990560 5 bytes JMP 0000000077af0250
.text C:\Windows\system32\taskhost.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077990590 5 bytes JMP 0000000077af0490
.text C:\Windows\system32\taskhost.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779905a0 5 bytes JMP 0000000077af04a0
.text C:\Windows\system32\taskhost.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779905d0 5 bytes JMP 0000000077af0300
.text C:\Windows\system32\taskhost.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779905e0 5 bytes JMP 0000000077af0360
.text C:\Windows\system32\taskhost.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077990640 5 bytes JMP 0000000077af02a0
.text C:\Windows\system32\taskhost.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077990690 5 bytes JMP 0000000077af02c0
.text C:\Windows\system32\taskhost.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779906c0 5 bytes JMP 0000000077af0380
.text C:\Windows\system32\taskhost.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779906d0 5 bytes JMP 0000000077af0340
.text C:\Windows\system32\taskhost.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779909c0 5 bytes JMP 0000000077af0440
.text C:\Windows\system32\taskhost.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077990bc0 5 bytes JMP 0000000077af0260
.text C:\Windows\system32\taskhost.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077990bd0 5 bytes JMP 0000000077af0270
.text C:\Windows\system32\taskhost.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077990be0 5 bytes JMP 0000000077af0400
.text C:\Windows\system32\taskhost.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077990da0 5 bytes JMP 0000000077af01f0
.text C:\Windows\system32\taskhost.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077990db0 5 bytes JMP 0000000077af0210
.text C:\Windows\system32\taskhost.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077990e20 5 bytes JMP 0000000077af0200
.text C:\Windows\system32\taskhost.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077990e80 5 bytes JMP 0000000077af0420
.text C:\Windows\system32\taskhost.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077990e90 5 bytes JMP 0000000077af0430
.text C:\Windows\system32\taskhost.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077990ea0 5 bytes JMP 0000000077af0220
.text C:\Windows\system32\taskhost.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077990f80 5 bytes JMP 0000000077af0280
.text C:\Windows\system32\taskhost.exe[2280] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007777f1fd 1 byte [62]
.text C:\Windows\system32\Dwm.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007798f760 5 bytes JMP 0000000077af0460
.text C:\Windows\system32\Dwm.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007798f7b0 5 bytes JMP 0000000077af0450
.text C:\Windows\system32\Dwm.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007798f910 5 bytes JMP 0000000077af0370
.text C:\Windows\system32\Dwm.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007798f960 5 bytes JMP 0000000077af0470
.text C:\Windows\system32\Dwm.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007798f970 5 bytes JMP 0000000077af03e0
.text C:\Windows\system32\Dwm.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007798fa20 5 bytes JMP 0000000077af0320
.text C:\Windows\system32\Dwm.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007798fa50 5 bytes JMP 0000000077af03b0
.text C:\Windows\system32\Dwm.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007798fa70 5 bytes JMP 0000000077af0390
.text C:\Windows\system32\Dwm.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007798fab0 5 bytes JMP 0000000077af02e0
.text C:\Windows\system32\Dwm.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007798fb30 5 bytes JMP 0000000077af02d0
.text C:\Windows\system32\Dwm.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007798fb50 5 bytes JMP 0000000077af0310
.text C:\Windows\system32\Dwm.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007798fb90 5 bytes JMP 0000000077af03c0
.text C:\Windows\system32\Dwm.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007798fbe0 5 bytes JMP 0000000077af03f0
.text C:\Windows\system32\Dwm.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007798fd40 5 bytes JMP 0000000077af0230
.text C:\Windows\system32\Dwm.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007798ff00 5 bytes JMP 0000000077af0480
.text C:\Windows\system32\Dwm.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007798ff30 5 bytes JMP 0000000077af03a0
.text C:\Windows\system32\Dwm.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077990010 5 bytes JMP 0000000077af02f0
.text C:\Windows\system32\Dwm.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077990020 5 bytes JMP 0000000077af0350
.text C:\Windows\system32\Dwm.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077990080 5 bytes JMP 0000000077af0290
.text C:\Windows\system32\Dwm.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077990110 5 bytes JMP 0000000077af02b0
.text C:\Windows\system32\Dwm.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077990130 5 bytes JMP 0000000077af03d0
.text C:\Windows\system32\Dwm.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077990140 5 bytes JMP 0000000077af0330
.text C:\Windows\system32\Dwm.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779901b0 5 bytes JMP 0000000077af0410
.text C:\Windows\system32\Dwm.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779901e0 5 bytes JMP 0000000077af0240
.text C:\Windows\system32\Dwm.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779904a0 5 bytes JMP 0000000077af01e0
.text C:\Windows\system32\Dwm.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077990560 5 bytes JMP 0000000077af0250
.text C:\Windows\system32\Dwm.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077990590 5 bytes JMP 0000000077af0490
.text C:\Windows\system32\Dwm.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779905a0 5 bytes JMP 0000000077af04a0
.text C:\Windows\system32\Dwm.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779905d0 5 bytes JMP 0000000077af0300
.text C:\Windows\system32\Dwm.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779905e0 5 bytes JMP 0000000077af0360
.text C:\Windows\system32\Dwm.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077990640 5 bytes JMP 0000000077af02a0
.text C:\Windows\system32\Dwm.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077990690 5 bytes JMP 0000000077af02c0
.text C:\Windows\system32\Dwm.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779906c0 5 bytes JMP 0000000077af0380
.text C:\Windows\system32\Dwm.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779906d0 5 bytes JMP 0000000077af0340
.text C:\Windows\system32\Dwm.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779909c0 5 bytes JMP 0000000077af0440
.text C:\Windows\system32\Dwm.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077990bc0 5 bytes JMP 0000000077af0260
.text C:\Windows\system32\Dwm.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077990bd0 5 bytes JMP 0000000077af0270
.text C:\Windows\system32\Dwm.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077990be0 5 bytes JMP 0000000077af0400
.text C:\Windows\system32\Dwm.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077990da0 5 bytes JMP 0000000077af01f0
.text C:\Windows\system32\Dwm.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077990db0 5 bytes JMP 0000000077af0210
.text C:\Windows\system32\Dwm.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077990e20 5 bytes JMP 0000000077af0200
.text C:\Windows\system32\Dwm.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077990e80 5 bytes JMP 0000000077af0420
.text C:\Windows\system32\Dwm.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077990e90 5 bytes JMP 0000000077af0430
.text C:\Windows\system32\Dwm.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077990ea0 5 bytes JMP 0000000077af0220
.text C:\Windows\system32\Dwm.exe[2364] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077990f80 5 bytes JMP 0000000077af0280
.text C:\Windows\Explorer.EXE[2396] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007798f760 5 bytes JMP 0000000077af0460
.text C:\Windows\Explorer.EXE[2396] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007798f7b0 5 bytes JMP 0000000077af0450
.text C:\Windows\Explorer.EXE[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007798f910 5 bytes JMP 0000000077af0370
.text C:\Windows\Explorer.EXE[2396] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007798f960 5 bytes JMP 0000000077af0470
.text C:\Windows\Explorer.EXE[2396] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007798f970 5 bytes JMP 0000000077af03e0
.text C:\Windows\Explorer.EXE[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007798fa20 5 bytes JMP 0000000077af0320
.text C:\Windows\Explorer.EXE[2396] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007798fa50 5 bytes JMP 0000000077af03b0
.text C:\Windows\Explorer.EXE[2396] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007798fa70 5 bytes JMP 0000000077af0390
.text C:\Windows\Explorer.EXE[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007798fab0 5 bytes JMP 0000000077af02e0
.text C:\Windows\Explorer.EXE[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007798fb30 5 bytes JMP 0000000077af02d0
.text C:\Windows\Explorer.EXE[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007798fb50 5 bytes JMP 0000000077af0310
.text C:\Windows\Explorer.EXE[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007798fb90 5 bytes JMP 0000000077af03c0
.text C:\Windows\Explorer.EXE[2396] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007798fbe0 5 bytes JMP 0000000077af03f0
.text C:\Windows\Explorer.EXE[2396] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007798fd40 5 bytes JMP 0000000077af0230
.text C:\Windows\Explorer.EXE[2396] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007798ff00 5 bytes JMP 0000000077af0480
.text C:\Windows\Explorer.EXE[2396] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007798ff30 5 bytes JMP 0000000077af03a0
.text C:\Windows\Explorer.EXE[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077990010 5 bytes JMP 0000000077af02f0
.text C:\Windows\Explorer.EXE[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077990020 5 bytes JMP 0000000077af0350
.text C:\Windows\Explorer.EXE[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077990080 5 bytes JMP 0000000077af0290
.text C:\Windows\Explorer.EXE[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077990110 5 bytes JMP 0000000077af02b0
.text C:\Windows\Explorer.EXE[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077990130 5 bytes JMP 0000000077af03d0
.text C:\Windows\Explorer.EXE[2396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077990140 5 bytes JMP 0000000077af0330
.text C:\Windows\Explorer.EXE[2396] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779901b0 5 bytes JMP 0000000077af0410
.text C:\Windows\Explorer.EXE[2396] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779901e0 5 bytes JMP 0000000077af0240
.text C:\Windows\Explorer.EXE[2396] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779904a0 5 bytes JMP 0000000077af01e0
.text C:\Windows\Explorer.EXE[2396] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077990560 5 bytes JMP 0000000077af0250
.text C:\Windows\Explorer.EXE[2396] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077990590 5 bytes JMP 0000000077af0490
.text C:\Windows\Explorer.EXE[2396] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779905a0 5 bytes JMP 0000000077af04a0
.text C:\Windows\Explorer.EXE[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779905d0 5 bytes JMP 0000000077af0300
.text C:\Windows\Explorer.EXE[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779905e0 5 bytes JMP 0000000077af0360
.text C:\Windows\Explorer.EXE[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077990640 5 bytes JMP 0000000077af02a0
.text C:\Windows\Explorer.EXE[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077990690 5 bytes JMP 0000000077af02c0
.text C:\Windows\Explorer.EXE[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779906c0 5 bytes JMP 0000000077af0380
.text C:\Windows\Explorer.EXE[2396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779906d0 5 bytes JMP 0000000077af0340
.text C:\Windows\Explorer.EXE[2396] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779909c0 5 bytes JMP 0000000077af0440
.text C:\Windows\Explorer.EXE[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077990bc0 5 bytes JMP 0000000077af0260
.text C:\Windows\Explorer.EXE[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077990bd0 5 bytes JMP 0000000077af0270
.text C:\Windows\Explorer.EXE[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077990be0 5 bytes JMP 0000000077af0400
.text C:\Windows\Explorer.EXE[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077990da0 5 bytes JMP 0000000077af01f0
.text C:\Windows\Explorer.EXE[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077990db0 5 bytes JMP 0000000077af0210
.text C:\Windows\Explorer.EXE[2396] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077990e20 5 bytes JMP 0000000077af0200
.text C:\Windows\Explorer.EXE[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077990e80 5 bytes JMP 0000000077af0420
.text C:\Windows\Explorer.EXE[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077990e90 5 bytes JMP 0000000077af0430
.text C:\Windows\Explorer.EXE[2396] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077990ea0 5 bytes JMP 0000000077af0220
.text C:\Windows\Explorer.EXE[2396] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077990f80 5 bytes JMP 0000000077af0280
.text C:\Windows\Explorer.EXE[2396] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007777f1fd 1 byte [62]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2464] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e4b0c5 1 byte [62]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000756e1465 2 bytes [6E, 75]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756e14bb 2 bytes [6E, 75]
.text ... * 2
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2880] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e4b0c5 1 byte [62]
.text C:\Windows\System32\svchost.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007798f760 5 bytes JMP 0000000077af0460
.text C:\Windows\System32\svchost.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007798f7b0 5 bytes JMP 0000000077af0450
.text C:\Windows\System32\svchost.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007798f910 5 bytes JMP 0000000077af0370
.text C:\Windows\System32\svchost.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007798f960 5 bytes JMP 0000000077af0470
.text C:\Windows\System32\svchost.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007798f970 5 bytes JMP 0000000077af03e0
.text C:\Windows\System32\svchost.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007798fa20 5 bytes JMP 0000000077af0320
.text C:\Windows\System32\svchost.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007798fa50 5 bytes JMP 0000000077af03b0
.text C:\Windows\System32\svchost.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007798fa70 5 bytes JMP 0000000077af0390
.text C:\Windows\System32\svchost.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007798fab0 5 bytes JMP 0000000077af02e0
.text C:\Windows\System32\svchost.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007798fb30 5 bytes JMP 0000000077af02d0
.text C:\Windows\System32\svchost.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007798fb50 5 bytes JMP 0000000077af0310
.text C:\Windows\System32\svchost.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007798fb90 5 bytes JMP 0000000077af03c0
.text C:\Windows\System32\svchost.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007798fbe0 5 bytes JMP 0000000077af03f0
.text C:\Windows\System32\svchost.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007798fd40 5 bytes JMP 0000000077af0230
.text C:\Windows\System32\svchost.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007798ff00 5 bytes JMP 0000000077af0480
.text C:\Windows\System32\svchost.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007798ff30 5 bytes JMP 0000000077af03a0
.text C:\Windows\System32\svchost.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077990010 5 bytes JMP 0000000077af02f0
.text C:\Windows\System32\svchost.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077990020 5 bytes JMP 0000000077af0350
.text C:\Windows\System32\svchost.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077990080 5 bytes JMP 0000000077af0290
.text C:\Windows\System32\svchost.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077990110 5 bytes JMP 0000000077af02b0
.text C:\Windows\System32\svchost.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077990130 5 bytes JMP 0000000077af03d0
.text C:\Windows\System32\svchost.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077990140 5 bytes JMP 0000000077af0330
.text C:\Windows\System32\svchost.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779901b0 5 bytes JMP 0000000077af0410
.text C:\Windows\System32\svchost.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779901e0 5 bytes JMP 0000000077af0240
.text C:\Windows\System32\svchost.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779904a0 5 bytes JMP 0000000077af01e0
.text C:\Windows\System32\svchost.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077990560 5 bytes JMP 0000000077af0250
.text C:\Windows\System32\svchost.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077990590 5 bytes JMP 0000000077af0490
.text C:\Windows\System32\svchost.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779905a0 5 bytes JMP 0000000077af04a0
.text C:\Windows\System32\svchost.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779905d0 5 bytes JMP 0000000077af0300
.text C:\Windows\System32\svchost.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779905e0 5 bytes JMP 0000000077af0360
.text C:\Windows\System32\svchost.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077990640 5 bytes JMP 0000000077af02a0
.text C:\Windows\System32\svchost.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077990690 5 bytes JMP 0000000077af02c0
.text C:\Windows\System32\svchost.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779906c0 5 bytes JMP 0000000077af0380
.text C:\Windows\System32\svchost.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779906d0 5 bytes JMP 0000000077af0340
.text C:\Windows\System32\svchost.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779909c0 5 bytes JMP 0000000077af0440
.text C:\Windows\System32\svchost.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077990bc0 5 bytes JMP 0000000077af0260
.text C:\Windows\System32\svchost.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077990bd0 5 bytes JMP 0000000077af0270
.text C:\Windows\System32\svchost.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077990be0 5 bytes JMP 0000000077af0400
.text C:\Windows\System32\svchost.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077990da0 5 bytes JMP 0000000077af01f0
.text C:\Windows\System32\svchost.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077990db0 5 bytes JMP 0000000077af0210
.text C:\Windows\System32\svchost.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077990e20 5 bytes JMP 0000000077af0200
.text C:\Windows\System32\svchost.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077990e80 5 bytes JMP 0000000077af0420
.text C:\Windows\System32\svchost.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077990e90 5 bytes JMP 0000000077af0430
.text C:\Windows\System32\svchost.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077990ea0 5 bytes JMP 0000000077af0220
.text C:\Windows\System32\svchost.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077990f80 5 bytes JMP 0000000077af0280
.text C:\Windows\System32\svchost.exe[3064] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007777f1fd 1 byte [62]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2492] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e4b0c5 1 byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007798f760 5 bytes JMP 0000000077af0460
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007798f7b0 5 bytes JMP 0000000077af0450
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007798f910 5 bytes JMP 0000000077af0370
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007798f960 5 bytes JMP 0000000077af0470
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007798f970 5 bytes JMP 0000000077af03e0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007798fa20 5 bytes JMP 0000000077af0320
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007798fa50 5 bytes JMP 0000000077af03b0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007798fa70 5 bytes JMP 0000000077af0390
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007798fab0 5 bytes JMP 0000000077af02e0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007798fb30 5 bytes JMP 0000000077af02d0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007798fb50 5 bytes JMP 0000000077af0310
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007798fb90 5 bytes JMP 0000000077af03c0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007798fbe0 5 bytes JMP 0000000077af03f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007798fd40 5 bytes JMP 0000000077af0230
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007798ff00 5 bytes JMP 0000000077af0480
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007798ff30 5 bytes JMP 0000000077af03a0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077990010 5 bytes JMP 0000000077af02f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077990020 5 bytes JMP 0000000077af0350
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077990080 5 bytes JMP 0000000077af0290
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077990110 5 bytes JMP 0000000077af02b0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077990130 5 bytes JMP 0000000077af03d0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077990140 5 bytes JMP 0000000077af0330
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779901b0 5 bytes JMP 0000000077af0410
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779901e0 5 bytes JMP 0000000077af0240
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779904a0 5 bytes JMP 0000000077af01e0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077990560 5 bytes JMP 0000000077af0250
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077990590 5 bytes JMP 0000000077af0490
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779905a0 5 bytes JMP 0000000077af04a0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779905d0 5 bytes JMP 0000000077af0300
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779905e0 5 bytes JMP 0000000077af0360
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077990640 5 bytes JMP 0000000077af02a0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077990690 5 bytes JMP 0000000077af02c0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779906c0 5 bytes JMP 0000000077af0380
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779906d0 5 bytes JMP 0000000077af0340
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779909c0 5 bytes JMP 0000000077af0440
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077990bc0 5 bytes JMP 0000000077af0260
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077990bd0 5 bytes JMP 0000000077af0270
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077990be0 5 bytes JMP 0000000077af0400
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077990da0 5 bytes JMP 0000000077af01f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077990db0 5 bytes JMP 0000000077af0210
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077990e20 5 bytes JMP 0000000077af0200
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077990e80 5 bytes JMP 0000000077af0420
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077990e90 5 bytes JMP 0000000077af0430
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077990ea0 5 bytes JMP 0000000077af0220
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077990f80 5 bytes JMP 0000000077af0280
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1272] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007777f1fd 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007798f760 5 bytes JMP 0000000077af0460
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007798f7b0 5 bytes JMP 0000000077af0450
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007798f910 5 bytes JMP 0000000077af0370
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007798f960 5 bytes JMP 0000000077af0470
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007798f970 5 bytes JMP 0000000077af03e0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007798fa20 5 bytes JMP 0000000077af0320
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007798fa50 5 bytes JMP 0000000077af03b0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007798fa70 5 bytes JMP 0000000077af0390
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007798fab0 5 bytes JMP 0000000077af02e0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007798fb30 5 bytes JMP 0000000077af02d0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007798fb50 5 bytes JMP 0000000077af0310
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007798fb90 5 bytes JMP 0000000077af03c0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007798fbe0 5 bytes JMP 0000000077af03f0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007798fd40 5 bytes JMP 0000000077af0230
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007798ff00 5 bytes JMP 0000000077af0480
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007798ff30 5 bytes JMP 0000000077af03a0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077990010 5 bytes JMP 0000000077af02f0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077990020 5 bytes JMP 0000000077af0350
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077990080 5 bytes JMP 0000000077af0290
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077990110 5 bytes JMP 0000000077af02b0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077990130 5 bytes JMP 0000000077af03d0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077990140 5 bytes JMP 0000000077af0330
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779901b0 5 bytes JMP 0000000077af0410
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779901e0 5 bytes JMP 0000000077af0240
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779904a0 5 bytes JMP 0000000077af01e0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077990560 5 bytes JMP 0000000077af0250
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077990590 5 bytes JMP 0000000077af0490
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779905a0 5 bytes JMP 0000000077af04a0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779905d0 5 bytes JMP 0000000077af0300
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779905e0 5 bytes JMP 0000000077af0360
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077990640 5 bytes JMP 0000000077af02a0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077990690 5 bytes JMP 0000000077af02c0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779906c0 5 bytes JMP 0000000077af0380
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779906d0 5 bytes JMP 0000000077af0340
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779909c0 5 bytes JMP 0000000077af0440
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077990bc0 5 bytes JMP 0000000077af0260
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077990bd0 5 bytes JMP 0000000077af0270
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077990be0 5 bytes JMP 0000000077af0400
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077990da0 5 bytes JMP 0000000077af01f0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077990db0 5 bytes JMP 0000000077af0210
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077990e20 5 bytes JMP 0000000077af0200
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077990e80 5 bytes JMP 0000000077af0420
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077990e90 5 bytes JMP 0000000077af0430
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077990ea0 5 bytes JMP 0000000077af0220
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077990f80 5 bytes JMP 0000000077af0280
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3360] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007777f1fd 1 byte [62]
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007798f760 5 bytes JMP 0000000077af0460
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007798f7b0 5 bytes JMP 0000000077af0450
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007798f910 5 bytes JMP 0000000077af0370
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007798f960 5 bytes JMP 0000000077af0470
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007798f970 5 bytes JMP 0000000077af03e0
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007798fa20 5 bytes JMP 0000000077af0320
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007798fa50 5 bytes JMP 0000000077af03b0
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007798fa70 5 bytes JMP 0000000077af0390
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007798fab0 5 bytes JMP 0000000077af02e0
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007798fb30 5 bytes JMP 0000000077af02d0
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007798fb50 5 bytes JMP 0000000077af0310
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007798fb90 5 bytes JMP 0000000077af03c0
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007798fbe0 5 bytes JMP 0000000077af03f0
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007798fd40 5 bytes JMP 0000000077af0230
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007798ff00 5 bytes JMP 0000000077af0480
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007798ff30 5 bytes JMP 0000000077af03a0
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077990010 5 bytes JMP 0000000077af02f0
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077990020 5 bytes JMP 0000000077af0350
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077990080 5 bytes JMP 0000000077af0290
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077990110 5 bytes JMP 0000000077af02b0
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077990130 5 bytes JMP 0000000077af03d0
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077990140 5 bytes JMP 0000000077af0330
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779901b0 5 bytes JMP 0000000077af0410
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779901e0 5 bytes JMP 0000000077af0240
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779904a0 5 bytes JMP 0000000077af01e0
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077990560 5 bytes JMP 0000000077af0250
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077990590 5 bytes JMP 0000000077af0490
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779905a0 5 bytes JMP 0000000077af04a0
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779905d0 5 bytes JMP 0000000077af0300
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779905e0 5 bytes JMP 0000000077af0360
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077990640 5 bytes JMP 0000000077af02a0
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077990690 5 bytes JMP 0000000077af02c0
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779906c0 5 bytes JMP 0000000077af0380
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779906d0 5 bytes JMP 0000000077af0340
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779909c0 5 bytes JMP 0000000077af0440
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077990bc0 5 bytes JMP 0000000077af0260
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077990bd0 5 bytes JMP 0000000077af0270
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077990be0 5 bytes JMP 0000000077af0400
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077990da0 5 bytes JMP 0000000077af01f0
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077990db0 5 bytes JMP 0000000077af0210
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077990e20 5 bytes JMP 0000000077af0200
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077990e80 5 bytes JMP 0000000077af0420
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077990e90 5 bytes JMP 0000000077af0430
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077990ea0 5 bytes JMP 0000000077af0220
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077990f80 5 bytes JMP 0000000077af0280
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007777f1fd 1 byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007798f760 5 bytes JMP 0000000100070460
.text C:\Program Files\Windows Sidebar\sidebar.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007798f7b0 5 bytes JMP 0000000100070450
.text C:\Program Files\Windows Sidebar\sidebar.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007798f910 5 bytes JMP 0000000100070370
.text C:\Program Files\Windows Sidebar\sidebar.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007798f960 5 bytes JMP 0000000100070470
.text C:\Program Files\Windows Sidebar\sidebar.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007798f970 5 bytes JMP 00000001000703e0
.text C:\Program Files\Windows Sidebar\sidebar.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007798fa20 5 bytes JMP 0000000100070320
.text C:\Program Files\Windows Sidebar\sidebar.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007798fa50 5 bytes JMP 00000001000703b0
.text C:\Program Files\Windows Sidebar\sidebar.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007798fa70 5 bytes JMP 0000000100070390
.text C:\Program Files\Windows Sidebar\sidebar.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007798fab0 5 bytes JMP 00000001000702e0
.text C:\Program Files\Windows Sidebar\sidebar.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007798fb30 5 bytes JMP 00000001000702d0
.text C:\Program Files\Windows Sidebar\sidebar.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007798fb50 5 bytes JMP 0000000100070310
.text C:\Program Files\Windows Sidebar\sidebar.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007798fb90 5 bytes JMP 00000001000703c0
.text C:\Program Files\Windows Sidebar\sidebar.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007798fbe0 5 bytes JMP 00000001000703f0
.text C:\Program Files\Windows Sidebar\sidebar.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007798fd40 5 bytes JMP 0000000100070230
.text C:\Program Files\Windows Sidebar\sidebar.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007798ff00 5 bytes JMP 0000000100070480
.text C:\Program Files\Windows Sidebar\sidebar.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007798ff30 5 bytes JMP 00000001000703a0
.text C:\Program Files\Windows Sidebar\sidebar.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077990010 5 bytes JMP 00000001000702f0
.text C:\Program Files\Windows Sidebar\sidebar.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077990020 5 bytes JMP 0000000100070350
.text C:\Program Files\Windows Sidebar\sidebar.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077990080 5 bytes JMP 0000000100070290
.text C:\Program Files\Windows Sidebar\sidebar.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077990110 5 bytes JMP 00000001000702b0
.text C:\Program Files\Windows Sidebar\sidebar.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077990130 5 bytes JMP 00000001000703d0
.text C:\Program Files\Windows Sidebar\sidebar.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077990140 5 bytes JMP 0000000100070330
.text C:\Program Files\Windows Sidebar\sidebar.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779901b0 5 bytes JMP 0000000100070410
.text C:\Program Files\Windows Sidebar\sidebar.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779901e0 5 bytes JMP 0000000100070240
.text C:\Program Files\Windows Sidebar\sidebar.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779904a0 5 bytes JMP 00000001000701e0
.text C:\Program Files\Windows Sidebar\sidebar.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077990560 5 bytes JMP 0000000100070250
.text C:\Program Files\Windows Sidebar\sidebar.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077990590 5 bytes JMP 0000000100070490
.text C:\Program Files\Windows Sidebar\sidebar.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779905a0 5 bytes JMP 00000001000704a0
.text C:\Program Files\Windows Sidebar\sidebar.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779905d0 5 bytes JMP 0000000100070300
.text C:\Program Files\Windows Sidebar\sidebar.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779905e0 5 bytes JMP 0000000100070360
.text C:\Program Files\Windows Sidebar\sidebar.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077990640 5 bytes JMP 00000001000702a0
.text C:\Program Files\Windows Sidebar\sidebar.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077990690 5 bytes JMP 00000001000702c0
.text C:\Program Files\Windows Sidebar\sidebar.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779906c0 5 bytes JMP 0000000100070380
.text C:\Program Files\Windows Sidebar\sidebar.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779906d0 5 bytes JMP 0000000100070340
.text C:\Program Files\Windows Sidebar\sidebar.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779909c0 5 bytes JMP 0000000100070440
.text C:\Program Files\Windows Sidebar\sidebar.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077990bc0 5 bytes JMP 0000000100070260
.text C:\Program Files\Windows Sidebar\sidebar.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077990bd0 5 bytes JMP 0000000100070270
.text C:\Program Files\Windows Sidebar\sidebar.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077990be0 5 bytes JMP 0000000100070400
.text C:\Program Files\Windows Sidebar\sidebar.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077990da0 5 bytes JMP 00000001000701f0
.text C:\Program Files\Windows Sidebar\sidebar.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077990db0 5 bytes JMP 0000000100070210
.text C:\Program Files\Windows Sidebar\sidebar.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077990e20 5 bytes JMP 0000000100070200
.text C:\Program Files\Windows Sidebar\sidebar.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077990e80 5 bytes JMP 0000000100070420
.text C:\Program Files\Windows Sidebar\sidebar.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077990e90 5 bytes JMP 0000000100070430
.text C:\Program Files\Windows Sidebar\sidebar.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077990ea0 5 bytes JMP 0000000100070220
.text C:\Program Files\Windows Sidebar\sidebar.exe[3412] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077990f80 5 bytes JMP 0000000100070280
.text C:\Program Files\Windows Sidebar\sidebar.exe[3412] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007777f1fd 1 byte [62]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[3840] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e4b0c5 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3856] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076e4b0c5 1 byte [62]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3944] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e4b0c5 1 byte [62]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000756e1465 2 bytes [6E, 75]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3944] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756e14bb 2 bytes [6E, 75]
.text ...
|
|
24.04.2014, 15:17
| #7 |
| | Windows 7 HP - Win32:Dropper-gen - Softronic uninstall.exe als Bedrohung gefunden gmer Teil4: Code:
ATTFilter * 2
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4124] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e4b0c5 1 byte [62]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4296] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e4b0c5 1 byte [62]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000756e1465 2 bytes [6E, 75]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[4296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756e14bb 2 bytes [6E, 75]
.text ... * 2
.text C:\Windows\system32\SearchIndexer.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007798f760 5 bytes JMP 0000000077af0460
.text C:\Windows\system32\SearchIndexer.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007798f7b0 5 bytes JMP 0000000077af0450
.text C:\Windows\system32\SearchIndexer.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007798f910 5 bytes JMP 0000000077af0370
.text C:\Windows\system32\SearchIndexer.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007798f960 5 bytes JMP 0000000077af0470
.text C:\Windows\system32\SearchIndexer.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007798f970 5 bytes JMP 0000000077af03e0
.text C:\Windows\system32\SearchIndexer.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007798fa20 5 bytes JMP 0000000077af0320
.text C:\Windows\system32\SearchIndexer.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007798fa50 5 bytes JMP 0000000077af03b0
.text C:\Windows\system32\SearchIndexer.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007798fa70 5 bytes JMP 0000000077af0390
.text C:\Windows\system32\SearchIndexer.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007798fab0 5 bytes JMP 0000000077af02e0
.text C:\Windows\system32\SearchIndexer.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007798fb30 5 bytes JMP 0000000077af02d0
.text C:\Windows\system32\SearchIndexer.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007798fb50 5 bytes JMP 0000000077af0310
.text C:\Windows\system32\SearchIndexer.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007798fb90 5 bytes JMP 0000000077af03c0
.text C:\Windows\system32\SearchIndexer.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007798fbe0 5 bytes JMP 0000000077af03f0
.text C:\Windows\system32\SearchIndexer.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007798fd40 5 bytes JMP 0000000077af0230
.text C:\Windows\system32\SearchIndexer.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007798ff00 5 bytes JMP 0000000077af0480
.text C:\Windows\system32\SearchIndexer.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007798ff30 5 bytes JMP 0000000077af03a0
.text C:\Windows\system32\SearchIndexer.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077990010 5 bytes JMP 0000000077af02f0
.text C:\Windows\system32\SearchIndexer.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077990020 5 bytes JMP 0000000077af0350
.text C:\Windows\system32\SearchIndexer.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077990080 5 bytes JMP 0000000077af0290
.text C:\Windows\system32\SearchIndexer.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077990110 5 bytes JMP 0000000077af02b0
.text C:\Windows\system32\SearchIndexer.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077990130 5 bytes JMP 0000000077af03d0
.text C:\Windows\system32\SearchIndexer.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077990140 5 bytes JMP 0000000077af0330
.text C:\Windows\system32\SearchIndexer.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779901b0 5 bytes JMP 0000000077af0410
.text C:\Windows\system32\SearchIndexer.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779901e0 5 bytes JMP 0000000077af0240
.text C:\Windows\system32\SearchIndexer.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779904a0 5 bytes JMP 0000000077af01e0
.text C:\Windows\system32\SearchIndexer.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077990560 5 bytes JMP 0000000077af0250
.text C:\Windows\system32\SearchIndexer.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077990590 5 bytes JMP 0000000077af0490
.text C:\Windows\system32\SearchIndexer.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779905a0 5 bytes JMP 0000000077af04a0
.text C:\Windows\system32\SearchIndexer.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779905d0 5 bytes JMP 0000000077af0300
.text C:\Windows\system32\SearchIndexer.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779905e0 5 bytes JMP 0000000077af0360
.text C:\Windows\system32\SearchIndexer.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077990640 5 bytes JMP 0000000077af02a0
.text C:\Windows\system32\SearchIndexer.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077990690 5 bytes JMP 0000000077af02c0
.text C:\Windows\system32\SearchIndexer.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779906c0 5 bytes JMP 0000000077af0380
.text C:\Windows\system32\SearchIndexer.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779906d0 5 bytes JMP 0000000077af0340
.text C:\Windows\system32\SearchIndexer.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779909c0 5 bytes JMP 0000000077af0440
.text C:\Windows\system32\SearchIndexer.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077990bc0 5 bytes JMP 0000000077af0260
.text C:\Windows\system32\SearchIndexer.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077990bd0 5 bytes JMP 0000000077af0270
.text C:\Windows\system32\SearchIndexer.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077990be0 5 bytes JMP 0000000077af0400
.text C:\Windows\system32\SearchIndexer.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077990da0 5 bytes JMP 0000000077af01f0
.text C:\Windows\system32\SearchIndexer.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077990db0 5 bytes JMP 0000000077af0210
.text C:\Windows\system32\SearchIndexer.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077990e20 5 bytes JMP 0000000077af0200
.text C:\Windows\system32\SearchIndexer.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077990e80 5 bytes JMP 0000000077af0420
.text C:\Windows\system32\SearchIndexer.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077990e90 5 bytes JMP 0000000077af0430
.text C:\Windows\system32\SearchIndexer.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077990ea0 5 bytes JMP 0000000077af0220
.text C:\Windows\system32\SearchIndexer.exe[4352] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077990f80 5 bytes JMP 0000000077af0280
.text C:\Windows\system32\SearchIndexer.exe[4352] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007777f1fd 1 byte [62]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3380] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007798f760 5 bytes JMP 0000000077af0460
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3380] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007798f7b0 5 bytes JMP 0000000077af0450
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007798f910 5 bytes JMP 0000000077af0370
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3380] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007798f960 5 bytes JMP 0000000077af0470
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3380] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007798f970 5 bytes JMP 0000000077af03e0
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007798fa20 5 bytes JMP 0000000077af0320
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3380] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007798fa50 5 bytes JMP 0000000077af03b0
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3380] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007798fa70 5 bytes JMP 0000000077af0390
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007798fab0 5 bytes JMP 0000000077af02e0
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007798fb30 5 bytes JMP 0000000077af02d0
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007798fb50 5 bytes JMP 0000000077af0310
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007798fb90 5 bytes JMP 0000000077af03c0
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3380] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007798fbe0 5 bytes JMP 0000000077af03f0
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3380] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007798fd40 5 bytes JMP 0000000077af0230
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3380] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007798ff00 5 bytes JMP 0000000077af0480
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3380] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007798ff30 5 bytes JMP 0000000077af03a0
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077990010 5 bytes JMP 0000000077af02f0
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077990020 5 bytes JMP 0000000077af0350
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077990080 5 bytes JMP 0000000077af0290
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077990110 5 bytes JMP 0000000077af02b0
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077990130 5 bytes JMP 0000000077af03d0
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077990140 5 bytes JMP 0000000077af0330
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3380] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779901b0 5 bytes JMP 0000000077af0410
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3380] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779901e0 5 bytes JMP 0000000077af0240
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3380] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779904a0 5 bytes JMP 0000000077af01e0
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3380] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077990560 5 bytes JMP 0000000077af0250
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3380] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077990590 5 bytes JMP 0000000077af0490
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3380] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779905a0 5 bytes JMP 0000000077af04a0
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779905d0 5 bytes JMP 0000000077af0300
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779905e0 5 bytes JMP 0000000077af0360
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077990640 5 bytes JMP 0000000077af02a0
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077990690 5 bytes JMP 0000000077af02c0
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779906c0 5 bytes JMP 0000000077af0380
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779906d0 5 bytes JMP 0000000077af0340
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3380] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779909c0 5 bytes JMP 0000000077af0440
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3380] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077990bc0 5 bytes JMP 0000000077af0260
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3380] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077990bd0 5 bytes JMP 0000000077af0270
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3380] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077990be0 5 bytes JMP 0000000077af0400
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3380] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077990da0 5 bytes JMP 0000000077af01f0
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3380] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077990db0 5 bytes JMP 0000000077af0210
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3380] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077990e20 5 bytes JMP 0000000077af0200
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3380] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077990e80 5 bytes JMP 0000000077af0420
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3380] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077990e90 5 bytes JMP 0000000077af0430
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3380] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077990ea0 5 bytes JMP 0000000077af0220
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3380] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077990f80 5 bytes JMP 0000000077af0280
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007798f760 5 bytes JMP 0000000077af0460
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007798f7b0 5 bytes JMP 0000000077af0450
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007798f910 5 bytes JMP 0000000077af0370
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007798f960 5 bytes JMP 0000000077af0470
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007798f970 5 bytes JMP 0000000077af03e0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007798fa20 5 bytes JMP 0000000077af0320
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007798fa50 5 bytes JMP 0000000077af03b0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007798fa70 5 bytes JMP 0000000077af0390
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007798fab0 5 bytes JMP 0000000077af02e0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007798fb30 5 bytes JMP 0000000077af02d0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007798fb50 5 bytes JMP 0000000077af0310
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007798fb90 5 bytes JMP 0000000077af03c0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007798fbe0 5 bytes JMP 0000000077af03f0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007798fd40 5 bytes JMP 0000000077af0230
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007798ff00 5 bytes JMP 0000000077af0480
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007798ff30 5 bytes JMP 0000000077af03a0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077990010 5 bytes JMP 0000000077af02f0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077990020 5 bytes JMP 0000000077af0350
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077990080 5 bytes JMP 0000000077af0290
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077990110 5 bytes JMP 0000000077af02b0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077990130 5 bytes JMP 0000000077af03d0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077990140 5 bytes JMP 0000000077af0330
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779901b0 5 bytes JMP 0000000077af0410
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779901e0 5 bytes JMP 0000000077af0240
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779904a0 5 bytes JMP 0000000077af01e0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077990560 5 bytes JMP 0000000077af0250
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077990590 5 bytes JMP 0000000077af0490
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779905a0 5 bytes JMP 0000000077af04a0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779905d0 5 bytes JMP 0000000077af0300
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779905e0 5 bytes JMP 0000000077af0360
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077990640 5 bytes JMP 0000000077af02a0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077990690 5 bytes JMP 0000000077af02c0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779906c0 5 bytes JMP 0000000077af0380
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779906d0 5 bytes JMP 0000000077af0340
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779909c0 5 bytes JMP 0000000077af0440
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077990bc0 5 bytes JMP 0000000077af0260
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077990bd0 5 bytes JMP 0000000077af0270
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077990be0 5 bytes JMP 0000000077af0400
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077990da0 5 bytes JMP 0000000077af01f0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077990db0 5 bytes JMP 0000000077af0210
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077990e20 5 bytes JMP 0000000077af0200
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077990e80 5 bytes JMP 0000000077af0420
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077990e90 5 bytes JMP 0000000077af0430
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077990ea0 5 bytes JMP 0000000077af0220
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[220] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077990f80 5 bytes JMP 0000000077af0280
.text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007798f760 5 bytes JMP 0000000077af0460
.text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007798f7b0 5 bytes JMP 0000000077af0450
.text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007798f910 5 bytes JMP 0000000077af0370
.text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007798f960 5 bytes JMP 0000000077af0470
.text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007798f970 5 bytes JMP 0000000077af03e0
.text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007798fa20 5 bytes JMP 0000000077af0320
.text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007798fa50 5 bytes JMP 0000000077af03b0
.text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007798fa70 5 bytes JMP 0000000077af0390
.text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007798fab0 5 bytes JMP 0000000077af02e0
.text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007798fb30 5 bytes JMP 0000000077af02d0
.text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007798fb50 5 bytes JMP 0000000077af0310
.text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007798fb90 5 bytes JMP 0000000077af03c0
.text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007798fbe0 5 bytes JMP 0000000077af03f0
.text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007798fd40 5 bytes JMP 0000000077af0230
.text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007798ff00 5 bytes JMP 0000000077af0480
.text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007798ff30 5 bytes JMP 0000000077af03a0
.text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077990010 5 bytes JMP 0000000077af02f0
.text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077990020 5 bytes JMP 0000000077af0350
.text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077990080 5 bytes JMP 0000000077af0290
.text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077990110 5 bytes JMP 0000000077af02b0
.text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077990130 5 bytes JMP 0000000077af03d0
.text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077990140 5 bytes JMP 0000000077af0330
.text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779901b0 5 bytes JMP 0000000077af0410
.text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779901e0 5 bytes JMP 0000000077af0240
.text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779904a0 5 bytes JMP 0000000077af01e0
.text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077990560 5 bytes JMP 0000000077af0250
.text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077990590 5 bytes JMP 0000000077af0490
.text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779905a0 5 bytes JMP 0000000077af04a0
.text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779905d0 5 bytes JMP 0000000077af0300
.text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779905e0 5 bytes JMP 0000000077af0360
.text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077990640 5 bytes JMP 0000000077af02a0
.text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077990690 5 bytes JMP 0000000077af02c0
.text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779906c0 5 bytes JMP 0000000077af0380
.text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779906d0 5 bytes JMP 0000000077af0340
.text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779909c0 5 bytes JMP 0000000077af0440
.text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077990bc0 5 bytes JMP 0000000077af0260
.text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077990bd0 5 bytes JMP 0000000077af0270
.text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077990be0 5 bytes JMP 0000000077af0400
.text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077990da0 5 bytes JMP 0000000077af01f0
.text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077990db0 5 bytes JMP 0000000077af0210
.text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077990e20 5 bytes JMP 0000000077af0200
.text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077990e80 5 bytes JMP 0000000077af0420
.text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077990e90 5 bytes JMP 0000000077af0430
.text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077990ea0 5 bytes JMP 0000000077af0220
.text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[5904] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077990f80 5 bytes JMP 0000000077af0280
.text C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe[5904] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007777f1fd 1 byte [62]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007798f760 5 bytes JMP 0000000077af0460
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007798f7b0 5 bytes JMP 0000000077af0450
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007798f910 5 bytes JMP 0000000077af0370
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007798f960 5 bytes JMP 0000000077af0470
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007798f970 5 bytes JMP 0000000077af03e0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007798fa20 5 bytes JMP 0000000077af0320
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007798fa50 5 bytes JMP 0000000077af03b0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007798fa70 5 bytes JMP 0000000077af0390
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007798fab0 5 bytes JMP 0000000077af02e0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007798fb30 5 bytes JMP 0000000077af02d0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007798fb50 5 bytes JMP 0000000077af0310
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007798fb90 5 bytes JMP 0000000077af03c0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007798fbe0 5 bytes JMP 0000000077af03f0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007798fd40 5 bytes JMP 0000000077af0230
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007798ff00 5 bytes JMP 0000000077af0480
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007798ff30 5 bytes JMP 0000000077af03a0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077990010 5 bytes JMP 0000000077af02f0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077990020 5 bytes JMP 0000000077af0350
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077990080 5 bytes JMP 0000000077af0290
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077990110 5 bytes JMP 0000000077af02b0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077990130 5 bytes JMP 0000000077af03d0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077990140 5 bytes JMP 0000000077af0330
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779901b0 5 bytes JMP 0000000077af0410
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779901e0 5 bytes JMP 0000000077af0240
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779904a0 5 bytes JMP 0000000077af01e0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077990560 5 bytes JMP 0000000077af0250
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077990590 5 bytes JMP 0000000077af0490
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779905a0 5 bytes JMP 0000000077af04a0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779905d0 5 bytes JMP 0000000077af0300
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779905e0 5 bytes JMP 0000000077af0360
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077990640 5 bytes JMP 0000000077af02a0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077990690 5 bytes JMP 0000000077af02c0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779906c0 5 bytes JMP 0000000077af0380
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779906d0 5 bytes JMP 0000000077af0340
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779909c0 5 bytes JMP 0000000077af0440
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077990bc0 5 bytes JMP 0000000077af0260
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077990bd0 5 bytes JMP 0000000077af0270
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077990be0 5 bytes JMP 0000000077af0400
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077990da0 5 bytes JMP 0000000077af01f0
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077990db0 5 bytes JMP 0000000077af0210
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077990e20 5 bytes JMP 0000000077af0200
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077990e80 5 bytes JMP 0000000077af0420
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077990e90 5 bytes JMP 0000000077af0430
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077990ea0 5 bytes JMP 0000000077af0220
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077990f80 5 bytes JMP 0000000077af0280
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[5964] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007777f1fd 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6024] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076e4b0c5 1 byte [62]
.text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007798f760 5 bytes JMP 0000000077af0460
.text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007798f7b0 5 bytes JMP 0000000077af0450
.text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007798f910 5 bytes JMP 0000000077af0370
.text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007798f960 5 bytes JMP 0000000077af0470
.text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007798f970 5 bytes JMP 0000000077af03e0
.text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007798fa20 5 bytes JMP 0000000077af0320
.text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007798fa50 5 bytes JMP 0000000077af03b0
.text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007798fa70 5 bytes JMP 0000000077af0390
.text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007798fab0 5 bytes JMP 0000000077af02e0
.text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007798fb30 5 bytes JMP 0000000077af02d0
.text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007798fb50 5 bytes JMP 0000000077af0310
.text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007798fb90 5 bytes JMP 0000000077af03c0
.text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007798fbe0 5 bytes JMP 0000000077af03f0
.text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007798fd40 5 bytes JMP 0000000077af0230
.text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007798ff00 5 bytes JMP 0000000077af0480
.text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007798ff30 5 bytes JMP 0000000077af03a0
.text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077990010 5 bytes JMP 0000000077af02f0
.text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077990020 5 bytes JMP 0000000077af0350
.text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077990080 5 bytes JMP 0000000077af0290
.text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077990110 5 bytes JMP 0000000077af02b0
.text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077990130 5 bytes JMP 0000000077af03d0
.text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077990140 5 bytes JMP 0000000077af0330
.text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779901b0 5 bytes JMP 0000000077af0410
.text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779901e0 5 bytes JMP 0000000077af0240
.text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779904a0 5 bytes JMP 0000000077af01e0
.text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077990560 5 bytes JMP 0000000077af0250
.text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077990590 5 bytes JMP 0000000077af0490
.text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779905a0 5 bytes JMP 0000000077af04a0
.text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779905d0 5 bytes JMP 0000000077af0300
.text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779905e0 5 bytes JMP 0000000077af0360
.text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077990640 5 bytes JMP 0000000077af02a0
.text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077990690 5 bytes JMP 0000000077af02c0
.text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779906c0 5 bytes JMP 0000000077af0380
.text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779906d0 5 bytes JMP 0000000077af0340
.text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779909c0 5 bytes JMP 0000000077af0440
.text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077990bc0 5 bytes JMP 0000000077af0260
.text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077990bd0 5 bytes JMP 0000000077af0270
.text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077990be0 5 bytes JMP 0000000077af0400
.text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077990da0 5 bytes JMP 0000000077af01f0
.text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077990db0 5 bytes JMP 0000000077af0210
.text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077990e20 5 bytes JMP 0000000077af0200
.text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077990e80 5 bytes JMP 0000000077af0420
.text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077990e90 5 bytes JMP 0000000077af0430
.text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077990ea0 5 bytes JMP 0000000077af0220
.text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[1560] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077990f80 5 bytes JMP 0000000077af0280
.text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[1560] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007777f1fd 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3676] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e4b0c5 1 byte [62]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3508] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076e4b0c5 1 byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007798f760 5 bytes JMP 0000000077af0460
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007798f7b0 5 bytes JMP 0000000077af0450
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007798f910 5 bytes JMP 0000000077af0370
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007798f960 5 bytes JMP 0000000077af0470
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007798f970 5 bytes JMP 0000000077af03e0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007798fa20 5 bytes JMP 0000000077af0320
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007798fa50 5 bytes JMP 0000000077af03b0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007798fa70 5 bytes JMP 0000000077af0390
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007798fab0 5 bytes JMP 0000000077af02e0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007798fb30 5 bytes JMP 0000000077af02d0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007798fb50 5 bytes JMP 0000000077af0310
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007798fb90 5 bytes JMP 0000000077af03c0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007798fbe0 5 bytes JMP 0000000077af03f0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007798fd40 5 bytes JMP 0000000077af0230
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007798ff00 5 bytes JMP 0000000077af0480
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007798ff30 5 bytes JMP 0000000077af03a0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077990010 5 bytes JMP 0000000077af02f0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077990020 5 bytes JMP 0000000077af0350
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077990080 5 bytes JMP 0000000077af0290
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077990110 5 bytes JMP 0000000077af02b0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077990130 5 bytes JMP 0000000077af03d0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077990140 5 bytes JMP 0000000077af0330
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779901b0 5 bytes JMP 0000000077af0410
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779901e0 5 bytes JMP 0000000077af0240
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779904a0 5 bytes JMP 0000000077af01e0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077990560 5 bytes JMP 0000000077af0250
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077990590 5 bytes JMP 0000000077af0490
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779905a0 5 bytes JMP 0000000077af04a0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779905d0 5 bytes JMP 0000000077af0300
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779905e0 5 bytes JMP 0000000077af0360
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077990640 5 bytes JMP 0000000077af02a0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077990690 5 bytes JMP 0000000077af02c0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779906c0 5 bytes JMP 0000000077af0380
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779906d0 5 bytes JMP 0000000077af0340
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779909c0 5 bytes JMP 0000000077af0440
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077990bc0 5 bytes JMP 0000000077af0260
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077990bd0 5 bytes JMP 0000000077af0270
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077990be0 5 bytes JMP 0000000077af0400
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077990da0 5 bytes JMP 0000000077af01f0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077990db0 5 bytes JMP 0000000077af0210
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077990e20 5 bytes JMP 0000000077af0200
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077990e80 5 bytes JMP 0000000077af0420
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077990e90 5 bytes JMP 0000000077af0430
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077990ea0 5 bytes JMP 0000000077af0220
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077990f80 5 bytes JMP 0000000077af0280
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3060] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007777f1fd 1 byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5752] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007798f760 5 bytes JMP 0000000077af0460
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5752] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007798f7b0 5 bytes JMP 0000000077af0450
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007798f910 5 bytes JMP 0000000077af0370
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5752] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007798f960 5 bytes JMP 0000000077af0470
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5752] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007798f970 5 bytes JMP 0000000077af03e0
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007798fa20 5 bytes JMP 0000000077af0320
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5752] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007798fa50 5 bytes JMP 0000000077af03b0
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5752] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007798fa70 5 bytes JMP 0000000077af0390
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007798fab0 5 bytes JMP 0000000077af02e0
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007798fb30 5 bytes JMP 0000000077af02d0
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007798fb50 5 bytes JMP 0000000077af0310
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007798fb90 5 bytes JMP 0000000077af03c0
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5752] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007798fbe0 5 bytes JMP 0000000077af03f0
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5752] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007798fd40 5 bytes JMP 0000000077af0230
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5752] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007798ff00 5 bytes JMP 0000000077af0480
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5752] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007798ff30 5 bytes JMP 0000000077af03a0
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077990010 5 bytes JMP 0000000077af02f0
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077990020 5 bytes JMP 0000000077af0350
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077990080 5 bytes JMP 0000000077af0290
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077990110 5 bytes JMP 0000000077af02b0
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077990130 5 bytes JMP 0000000077af03d0
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077990140 5 bytes JMP 0000000077af0330
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5752] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779901b0 5 bytes JMP 0000000077af0410
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5752] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779901e0 5 bytes JMP 0000000077af0240
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5752] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779904a0 5 bytes JMP 0000000077af01e0
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5752] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077990560 5 bytes JMP 0000000077af0250
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5752] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077990590 5 bytes JMP 0000000077af0490
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5752] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779905a0 5 bytes JMP 0000000077af04a0
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779905d0 5 bytes JMP 0000000077af0300
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779905e0 5 bytes JMP 0000000077af0360
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077990640 5 bytes JMP 0000000077af02a0
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077990690 5 bytes JMP 0000000077af02c0
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779906c0 5 bytes JMP 0000000077af0380
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779906d0 5 bytes JMP 0000000077af0340
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5752] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779909c0 5 bytes JMP 0000000077af0440
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5752] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077990bc0 5 bytes JMP 0000000077af0260
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5752] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077990bd0 5 bytes JMP 0000000077af0270
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5752] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077990be0 5 bytes JMP 0000000077af0400
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5752] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077990da0 5 bytes JMP 0000000077af01f0
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5752] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077990db0 5 bytes JMP 0000000077af0210
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5752] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077990e20 5 bytes JMP 0000000077af0200
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5752] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077990e80 5 bytes JMP 0000000077af0420
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5752] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077990e90 5 bytes JMP 0000000077af0430
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5752] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077990ea0 5 bytes JMP 0000000077af0220
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5752] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077990f80 5 bytes JMP 0000000077af0280
.text C:\Windows\System32\WUDFHost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007798f760 5 bytes JMP 0000000077af0460
.text C:\Windows\System32\WUDFHost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007798f7b0 5 bytes JMP 0000000077af0450
.text C:\Windows\System32\WUDFHost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007798f910 5 bytes JMP 0000000077af0370
.text C:\Windows\System32\WUDFHost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007798f960 5 bytes JMP 0000000077af0470
.text C:\Windows\System32\WUDFHost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007798f970 5 bytes JMP 0000000077af03e0
.text C:\Windows\System32\WUDFHost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007798fa20 5 bytes JMP 0000000077af0320
.text C:\Windows\System32\WUDFHost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007798fa50 5 bytes JMP 0000000077af03b0
.text C:\Windows\System32\WUDFHost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007798fa70 5 bytes JMP 0000000077af0390
.text C:\Windows\System32\WUDFHost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007798fab0 5 bytes JMP 0000000077af02e0
.text C:\Windows\System32\WUDFHost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007798fb30 5 bytes JMP 0000000077af02d0
.text C:\Windows\System32\WUDFHost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007798fb50 5 bytes JMP 0000000077af0310
.text C:\Windows\System32\WUDFHost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007798fb90 5 bytes JMP 0000000077af03c0
.text C:\Windows\System32\WUDFHost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007798fbe0 5 bytes JMP 0000000077af03f0
.text C:\Windows\System32\WUDFHost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007798fd40 5 bytes JMP 0000000077af0230
.text C:\Windows\System32\WUDFHost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007798ff00 5 bytes JMP 0000000077af0480
.text C:\Windows\System32\WUDFHost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007798ff30 5 bytes JMP 0000000077af03a0
.text C:\Windows\System32\WUDFHost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077990010 5 bytes JMP 0000000077af02f0
.text C:\Windows\System32\WUDFHost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077990020 5 bytes JMP 0000000077af0350
.text C:\Windows\System32\WUDFHost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077990080 5 bytes JMP 0000000077af0290
.text C:\Windows\System32\WUDFHost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077990110 5 bytes JMP 0000000077af02b0
.text C:\Windows\System32\WUDFHost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077990130 5 bytes JMP 0000000077af03d0
.text C:\Windows\System32\WUDFHost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077990140 5 bytes JMP 0000000077af0330
.text C:\Windows\System32\WUDFHost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779901b0 5 bytes JMP 0000000077af0410
.text C:\Windows\System32\WUDFHost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779901e0 5 bytes JMP 0000000077af0240
.text C:\Windows\System32\WUDFHost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779904a0 5 bytes JMP 0000000077af01e0
.text C:\Windows\System32\WUDFHost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077990560 5 bytes JMP 0000000077af0250
.text C:\Windows\System32\WUDFHost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077990590 5 bytes JMP 0000000077af0490
.text C:\Windows\System32\WUDFHost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779905a0 5 bytes JMP 0000000077af04a0
.text C:\Windows\System32\WUDFHost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779905d0 5 bytes JMP 0000000077af0300
.text C:\Windows\System32\WUDFHost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779905e0 5 bytes JMP 0000000077af0360
.text C:\Windows\System32\WUDFHost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077990640 5 bytes JMP 0000000077af02a0
.text C:\Windows\System32\WUDFHost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077990690 5 bytes JMP 0000000077af02c0
.text C:\Windows\System32\WUDFHost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779906c0 5 bytes JMP 0000000077af0380
.text C:\Windows\System32\WUDFHost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779906d0 5 bytes JMP 0000000077af0340
.text C:\Windows\System32\WUDFHost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779909c0 5 bytes JMP 0000000077af0440
.text C:\Windows\System32\WUDFHost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077990bc0 5 bytes JMP 0000000077af0260
.text C:\Windows\System32\WUDFHost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077990bd0 5 bytes JMP 0000000077af0270
.text C:\Windows\System32\WUDFHost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077990be0 5 bytes JMP 0000000077af0400
.text C:\Windows\System32\WUDFHost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077990da0 5 bytes JMP 0000000077af01f0
.text C:\Windows\System32\WUDFHost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077990db0 5 bytes JMP 0000000077af0210
.text C:\Windows\System32\WUDFHost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077990e20 5 bytes JMP 0000000077af0200
.text C:\Windows\System32\WUDFHost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077990e80 5 bytes JMP 0000000077af0420
.text C:\Windows\System32\WUDFHost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077990e90 5 bytes JMP 0000000077af0430
.text C:\Windows\System32\WUDFHost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077990ea0 5 bytes JMP 0000000077af0220
.text C:\Windows\System32\WUDFHost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077990f80 5 bytes JMP 0000000077af0280
.text C:\Windows\system32\taskhost.exe[3140] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007777f1fd 1 byte [62]
.text C:\Windows\system32\svchost.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000000007798f760 5 bytes JMP 0000000077af0460
.text C:\Windows\system32\svchost.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000000007798f7b0 5 bytes JMP 0000000077af0450
.text C:\Windows\system32\svchost.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007798f910 5 bytes JMP 0000000077af0370
.text C:\Windows\system32\svchost.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000000007798f960 5 bytes JMP 0000000077af0470
.text C:\Windows\system32\svchost.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007798f970 5 bytes JMP 0000000077af03e0
.text C:\Windows\system32\svchost.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007798fa20 5 bytes JMP 0000000077af0320
.text C:\Windows\system32\svchost.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007798fa50 5 bytes JMP 0000000077af03b0
.text C:\Windows\system32\svchost.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007798fa70 5 bytes JMP 0000000077af0390
.text C:\Windows\system32\svchost.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000000007798fab0 5 bytes JMP 0000000077af02e0
.text C:\Windows\system32\svchost.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007798fb30 5 bytes JMP 0000000077af02d0
.text C:\Windows\system32\svchost.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007798fb50 5 bytes JMP 0000000077af0310
.text C:\Windows\system32\svchost.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007798fb90 5 bytes JMP 0000000077af03c0
.text C:\Windows\system32\svchost.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007798fbe0 5 bytes JMP 0000000077af03f0
.text C:\Windows\system32\svchost.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000000007798fd40 5 bytes JMP 0000000077af0230
.text C:\Windows\system32\svchost.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007798ff00 5 bytes JMP 0000000077af0480
.text C:\Windows\system32\svchost.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007798ff30 5 bytes JMP 0000000077af03a0
.text C:\Windows\system32\svchost.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077990010 5 bytes JMP 0000000077af02f0
.text C:\Windows\system32\svchost.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077990020 5 bytes JMP 0000000077af0350
.text C:\Windows\system32\svchost.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077990080 5 bytes JMP 0000000077af0290
.text C:\Windows\system32\svchost.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077990110 5 bytes JMP 0000000077af02b0
.text C:\Windows\system32\svchost.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077990130 5 bytes JMP 0000000077af03d0
.text C:\Windows\system32\svchost.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077990140 5 bytes JMP 0000000077af0330
.text C:\Windows\system32\svchost.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779901b0 5 bytes JMP 0000000077af0410
.text C:\Windows\system32\svchost.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779901e0 5 bytes JMP 0000000077af0240
.text C:\Windows\system32\svchost.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779904a0 5 bytes JMP 0000000077af01e0
.text C:\Windows\system32\svchost.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077990560 5 bytes JMP 0000000077af0250
.text C:\Windows\system32\svchost.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077990590 5 bytes JMP 0000000077af0490
.text C:\Windows\system32\svchost.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779905a0 5 bytes JMP 0000000077af04a0
.text C:\Windows\system32\svchost.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779905d0 5 bytes JMP 0000000077af0300
.text C:\Windows\system32\svchost.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779905e0 5 bytes JMP 0000000077af0360
.text C:\Windows\system32\svchost.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077990640 5 bytes JMP 0000000077af02a0
.text C:\Windows\system32\svchost.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077990690 5 bytes JMP 0000000077af02c0
.text C:\Windows\system32\svchost.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779906c0 5 bytes JMP 0000000077af0380
.text C:\Windows\system32\svchost.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779906d0 5 bytes JMP 0000000077af0340
.text C:\Windows\system32\svchost.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779909c0 5 bytes JMP 0000000077af0440
.text C:\Windows\system32\svchost.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077990bc0 5 bytes JMP 0000000077af0260
.text C:\Windows\system32\svchost.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077990bd0 5 bytes JMP 0000000077af0270
.text C:\Windows\system32\svchost.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077990be0 5 bytes JMP 0000000077af0400
.text C:\Windows\system32\svchost.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077990da0 5 bytes JMP 0000000077af01f0
.text C:\Windows\system32\svchost.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077990db0 5 bytes JMP 0000000077af0210
.text C:\Windows\system32\svchost.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077990e20 5 bytes JMP 0000000077af0200
.text C:\Windows\system32\svchost.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077990e80 5 bytes JMP 0000000077af0420
.text C:\Windows\system32\svchost.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077990e90 5 bytes JMP 0000000077af0430
.text C:\Windows\system32\svchost.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077990ea0 5 bytes JMP 0000000077af0220
.text C:\Windows\system32\svchost.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077990f80 5 bytes JMP 0000000077af0280
.text C:\Windows\system32\svchost.exe[4612] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007777f1fd 1 byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[3172] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007777f1fd 1 byte [62]
.text C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe[2964] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076e4b0c5 1 byte [62]
.text C:\Users\Marbach\Desktop\Gmer-19357.exe[532] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112
|
|
24.04.2014, 15:18
| #8 |
| | Windows 7 HP - Win32:Dropper-gen - Softronic uninstall.exe als Bedrohung gefunden gmer Teil5: Code:
ATTFilter ---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [3064:3536] 000007fef43a9688
Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2492:3324] 000000006c366358
Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2492:3780] 000000006c06f71d
Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2492:4008] 000000006c06f71d
Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2492:4012] 000000006c065b1a
Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2492:4100] 000000006c310b14
Thread C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [4124:4248] 0000000067444c7c
---- Services - GMER 2.1 ----
Service C:\Program Files\AVAST Software\Avast\AvastSvc.exe (*** hidden *** ) [AUTO] avast! Antivirus <-- ROOTKIT !!!
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description Avast! Mini-filter Driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ImagePath \??\C:\Windows\system32\drivers\aswFsBlk.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@DisplayName aswKbd
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Group Keyboard Port
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Description avast! keyboard filter driver (aswKbd)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Tag 7
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \??\C:\Windows\system32\drivers\aswRdr2.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName avast! Revert
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 259
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 2315362
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387295731
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387295731@ Commited
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387295731@BootTimeout 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387295731@TickTimeout 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387295731@CreationTime 0xD7 0x17 0x3A 0x6E ...
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387295731@SetupOperations MoveFile("\??\c:\program files\avast software\avast\setup\instup.dll.1387295731","\??\c:\program files\avast software\avast\setup\instup.dll",TRUE)?MoveFile("\??\c:\program files\avast software\avast\setup\instup.dll.sum.1387295731","\??\c:\program files\avast software\avast\setup\instup.dll.sum",TRUE)?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387295731@StartBootCounter 29
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1387295731@StartTickCounter 333032
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ImagePath \??\C:\Windows\system32\drivers\aswSnx.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ImagePath \??\C:\Windows\system32\drivers\aswSP.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \??\C:\Program Files
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \??\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@NoWelcomeScreen 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName aswTdi
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description aswTdi
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 10
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ImagePath \??\C:\Windows\system32\drivers\aswTdi.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName avast! VM Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 288
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Verwaltet und implementiert die avast! Antivirus Dienste auf diesem Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus Container sowie die Zeitplan.
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713d5d37b
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description Avast! Mini-filter Driver
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ImagePath \??\C:\Windows\system32\drivers\aswFsBlk.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@DisplayName aswKbd
Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Group Keyboard Port
Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Description avast! keyboard filter driver (aswKbd)
Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Tag 7
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \??\C:\Windows\system32\drivers\aswRdr2.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName avast! Revert
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 259
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 2315362
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387295731 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387295731@ Commited
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387295731@BootTimeout 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387295731@TickTimeout 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387295731@CreationTime 0xD7 0x17 0x3A 0x6E ...
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387295731@SetupOperations MoveFile("\??\c:\program files\avast software\avast\setup\instup.dll.1387295731","\??\c:\program files\avast software\avast\setup\instup.dll",TRUE)?MoveFile("\??\c:\program files\avast software\avast\setup\instup.dll.sum.1387295731","\??\c:\program files\avast software\avast\setup\instup.dll.sum",TRUE)?
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387295731@StartBootCounter 29
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1387295731@StartTickCounter 333032
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ImagePath \??\C:\Windows\system32\drivers\aswSnx.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ImagePath \??\C:\Windows\system32\drivers\aswSP.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 0
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \??\C:\Program Files
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \??\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@NoWelcomeScreen 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName aswTdi
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description aswTdi
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 10
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ImagePath \??\C:\Windows\system32\drivers\aswTdi.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName avast! VM Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 288
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Verwaltet und implementiert die avast! Antivirus Dienste auf diesem Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus Container sowie die Zeitplan.
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713d5d37b (not active ControlSet)
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
25.04.2014, 09:24
| #9 |
| /// the machine /// TB-Ausbilder | Windows 7 HP - Win32:Dropper-gen - Softronic uninstall.exe als Bedrohung gefunden Revo Uninstaller - Download - Filepony Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION Mit Revo auch Moderat die Reste entfernen lassen. Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.04.2014, 12:25
| #10 |
| | Windows 7 HP - Win32:Dropper-gen - Softronic uninstall.exe als Bedrohung gefunden Hier nun die angeforderten Logs: mbam: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 26.04.2014 Suchlauf-Zeit: 14:42:00 Logdatei: mbam.txt Administrator: Nein Version: 2.00.1.1004 Malware Datenbank: v2014.04.26.01 Rootkit Datenbank: v2014.03.27.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Chameleon: Deaktiviert Betriebssystem: Windows 7 CPU: x64 Dateisystem: NTFS Benutzer: Marbach Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 216041 Verstrichene Zeit: 29 Min, 28 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 2 PUP.Optional.Softonic.A, C:\Users\Marbach\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf, In Quarantäne, [29c0ef3f38430e28695cd595c33f3ec2], PUP.Optional.Softonic.A, C:\Users\Marbach\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0, In Quarantäne, [29c0ef3f38430e28695cd595c33f3ec2], Dateien: 14 PUP.Optional.Softonic.A, C:\Users\Marbach\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\appCntrl.js, In Quarantäne, [29c0ef3f38430e28695cd595c33f3ec2], PUP.Optional.Softonic.A, C:\Users\Marbach\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\bg.html, In Quarantäne, [29c0ef3f38430e28695cd595c33f3ec2], PUP.Optional.Softonic.A, C:\Users\Marbach\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\bg.js, In Quarantäne, [29c0ef3f38430e28695cd595c33f3ec2], PUP.Optional.Softonic.A, C:\Users\Marbach\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\chMntz.dll, In Quarantäne, [29c0ef3f38430e28695cd595c33f3ec2], PUP.Optional.Softonic.A, C:\Users\Marbach\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\CrmAdpt.dll, In Quarantäne, [29c0ef3f38430e28695cd595c33f3ec2], PUP.Optional.Softonic.A, C:\Users\Marbach\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\ct.js, In Quarantäne, [29c0ef3f38430e28695cd595c33f3ec2], PUP.Optional.Softonic.A, C:\Users\Marbach\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\CTB.dll, In Quarantäne, [29c0ef3f38430e28695cd595c33f3ec2], PUP.Optional.Softonic.A, C:\Users\Marbach\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\dpk.js, In Quarantäne, [29c0ef3f38430e28695cd595c33f3ec2], PUP.Optional.Softonic.A, C:\Users\Marbach\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\hprtkMsg.htm, In Quarantäne, [29c0ef3f38430e28695cd595c33f3ec2], PUP.Optional.Softonic.A, C:\Users\Marbach\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\hprtkMsg.js, In Quarantäne, [29c0ef3f38430e28695cd595c33f3ec2], PUP.Optional.Softonic.A, C:\Users\Marbach\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\json2.min.js, In Quarantäne, [29c0ef3f38430e28695cd595c33f3ec2], PUP.Optional.Softonic.A, C:\Users\Marbach\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\logo.png, In Quarantäne, [29c0ef3f38430e28695cd595c33f3ec2], PUP.Optional.Softonic.A, C:\Users\Marbach\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\manifest.json, In Quarantäne, [29c0ef3f38430e28695cd595c33f3ec2], PUP.Optional.Softonic.A, C:\Users\Marbach\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\pref.json, In Quarantäne, [29c0ef3f38430e28695cd595c33f3ec2], Physische Sektoren: 0 (No malicious items detected) (end) AdwCleaner: Code:
ATTFilter # AdwCleaner v3.202 - Bericht erstellt am 26/04/2014 um 14:58:54
# Aktualisiert 23/04/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium (64 bits)
# Benutzername : Weise - WEISE-HP
# Gestartet von : C:\Users\Marbach\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Weise\AppData\Local\Temp\mt_ffx
Ordner Gelöscht : C:\Users\Weise\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Weise\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\Users\Weise\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Weise\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Marbach\AppData\LocalLow\Softonic
Datei Gelöscht : C:\Users\Weise\AppData\Roaming\Mozilla\Firefox\Profiles\fx4gye73.default\searchplugins\softonic.xml
Datei Gelöscht : C:\Users\Weise\AppData\Roaming\Mozilla\Firefox\Profiles\fx4gye73.default\user.js
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}]
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
***** [ Browser ] *****
-\\ Internet Explorer v8.0.7600.17267
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v28.0 (de)
[ Datei : C:\Users\Weise\AppData\Roaming\Mozilla\Firefox\Profiles\fx4gye73.default\prefs.js ]
Zeile gelöscht : user_pref("extensions.Softonic.admin", false);
Zeile gelöscht : user_pref("extensions.Softonic.aflt", "OC");
Zeile gelöscht : user_pref("extensions.Softonic.appId", "{7ABBFE1C-E485-44AA-8F36-353751B4124D}");
Zeile gelöscht : user_pref("extensions.Softonic.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.Softonic.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.Softonic.dfltSrch", true);
Zeile gelöscht : user_pref("extensions.Softonic.dnsErr", true);
Zeile gelöscht : user_pref("extensions.Softonic.excTlbr", false);
Zeile gelöscht : user_pref("extensions.Softonic.ffxUnstlRst", false);
Zeile gelöscht : user_pref("extensions.Softonic.hmpg", true);
Zeile gelöscht : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=13&cc=&mi=cc897d78000000000000c0cb38084143");
Zeile gelöscht : user_pref("extensions.Softonic.id", "cc897d78000000000000c0cb38084143");
Zeile gelöscht : user_pref("extensions.Softonic.instlDay", "16012");
Zeile gelöscht : user_pref("extensions.Softonic.instlRef", "MOY00621");
Zeile gelöscht : user_pref("extensions.Softonic.newTab", true);
Zeile gelöscht : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MOY00621/tb_v1/?SearchSource=15&cc=&mi=cc897d78000000000000c0cb38084143");
Zeile gelöscht : user_pref("extensions.Softonic.prdct", "Softonic");
Zeile gelöscht : user_pref("extensions.Softonic.prtnrId", "softonic");
Zeile gelöscht : user_pref("extensions.Softonic.rvrt", "false");
Zeile gelöscht : user_pref("extensions.Softonic.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
Zeile gelöscht : user_pref("extensions.Softonic.tlbrId", "opencandy2013");
Zeile gelöscht : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=1&cc=&mi=cc897d78000000000000c0cb38084143&q=");
Zeile gelöscht : user_pref("extensions.Softonic.vrsn", "1.8.21.14");
Zeile gelöscht : user_pref("extensions.Softonic.vrsnTs", "1.8.21.1414:30:20");
Zeile gelöscht : user_pref("extensions.Softonic.vrsni", "1.8.21.14");
Zeile gelöscht : user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23,{ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1,{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9,engine@conduit.com:3.3.3.2[...]
Zeile gelöscht : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #psa-teoma-result .ptbs .WRCN, #teoma-results .ptbs .WRCN {display:inline !important; background: url(\"IMAGE\") right no-[...]
Zeile gelöscht : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\\\:\\\\/\\\\/(.+\\\\.)?ask\\\\.com\\\\/.*");
[ Datei : C:\Users\Marbach\AppData\Roaming\Mozilla\Firefox\Profiles\ptl402ue.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [8262 octets] - [26/04/2014 14:53:25]
AdwCleaner[S0].txt - [7974 octets] - [26/04/2014 14:58:54]
########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [8034 octets] ##########
JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Weise on 26.04.2014 at 15:12:08,08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_chr_1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_chr_1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Softonic_chr_1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Softonic_chr_1_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1CDC032F-F3B4-4EE6-A05A-B072EBC6B23A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7A8F2B8E-4512-4071-9A77-41A8984D1BE7}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8C193ABD-D55E-4E71-9F0D-E6AEEFAC890B}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{7A8F2B8E-4512-4071-9A77-41A8984D1BE7}
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Weise\AppData\Roaming\mozilla\firefox\profiles\fx4gye73.default\minidumps [28 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.04.2014 at 15:34:25,54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
erneutes FRST: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-04-2014
Ran by Marbach (ATTENTION: The logged in user is not administrator) on WEISE-HP on 27-04-2014 12:13:07
Running from C:\Users\Marbach\Desktop
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6234144 2010-03-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-30] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-4064333300-1550520147-146747255-1003\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {01307296-9682-4A67-A542-5A505A61CE8B} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {7A8F2B8E-4512-4071-9A77-41A8984D1BE7} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {01307296-9682-4A67-A542-5A505A61CE8B} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {7A8F2B8E-4512-4071-9A77-41A8984D1BE7} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2010-07-17] (EasyBits Software Corp.)
FireFox:
========
FF ProfilePath: C:\Users\Marbach\AppData\Roaming\Mozilla\Firefox\Profiles\ptl402ue.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Marbach\AppData\Roaming\Mozilla\Firefox\Profiles\ptl402ue.default\searchplugins\startpage-ssl.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Garmin Communicator - C:\Users\Marbach\AppData\Roaming\Mozilla\Firefox\Profiles\ptl402ue.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-20]
FF Extension: WOT - C:\Users\Marbach\AppData\Roaming\Mozilla\Firefox\Profiles\ptl402ue.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-27]
FF Extension: Adblock Plus - C:\Users\Marbach\AppData\Roaming\Mozilla\Firefox\Profiles\ptl402ue.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-01]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-02-15]
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility for IJ) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Wallet) - C:\Users\Marbach\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-11]
==================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-03-13] (Adobe Systems)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-30] (AVAST Software)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-07-02] ()
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)
==================== Drivers (Whitelisted) ====================
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-11-30] (AVAST Software)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21136 2012-10-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-11-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-11-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-11-30] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2013-11-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-11-30] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-23] (Realtek Semiconductor Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-27 12:13 - 2014-04-27 12:13 - 00014046 _____ () C:\Users\Marbach\Desktop\FRST.txt
2014-04-27 12:11 - 2014-04-26 15:34 - 00001796 _____ () C:\Users\Marbach\Documents\JRT.txt
2014-04-26 15:12 - 2014-04-26 15:12 - 00000000 ____D () C:\Windows\ERUNT
2014-04-26 15:07 - 2014-04-26 14:59 - 00008136 _____ () C:\Users\Marbach\Desktop\AdwCleaner[S0].txt
2014-04-26 14:53 - 2014-04-26 14:59 - 00000000 ____D () C:\AdwCleaner
2014-04-26 14:51 - 2014-04-26 14:51 - 00004282 _____ () C:\Users\Marbach\Desktop\mbam.txt
2014-04-26 14:08 - 2014-04-26 15:39 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-26 14:08 - 2014-04-26 14:08 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-26 14:08 - 2014-04-26 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-04-26 14:08 - 2014-04-26 14:08 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-26 14:08 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-26 14:08 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-26 14:08 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-26 14:06 - 2014-04-26 14:06 - 01016261 _____ (Thisisu) C:\Users\Marbach\Desktop\JRT.exe
2014-04-26 14:05 - 2014-04-26 14:05 - 01365865 _____ () C:\Users\Marbach\Desktop\adwcleaner.exe
2014-04-26 14:04 - 2014-04-26 14:05 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Marbach\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-26 13:54 - 2014-04-26 13:55 - 00000000 ____D () C:\Users\Marbach\Desktop\Virusbekämpfung
2014-04-26 10:26 - 2014-04-26 10:26 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-26 10:25 - 2014-04-26 10:25 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Marbach\Desktop\revosetup95.exe
2014-04-24 00:46 - 2014-04-24 00:46 - 01110476 _____ () C:\Users\Marbach\Desktop\7z920.exe
2014-04-24 00:46 - 2014-04-24 00:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-04-24 00:46 - 2014-04-24 00:46 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-04-23 23:57 - 2014-04-27 12:13 - 00000000 ____D () C:\FRST
2014-04-23 23:57 - 2014-04-23 23:57 - 02061312 _____ (Farbar) C:\Users\Marbach\Desktop\FRST64.exe
2014-04-23 23:54 - 2014-04-23 23:54 - 00380416 _____ () C:\Users\Marbach\Desktop\Gmer-19357.exe
2014-04-23 23:53 - 2014-04-23 23:53 - 00050477 _____ () C:\Users\Marbach\Desktop\Defogger.exe
2014-04-20 13:16 - 2014-04-20 13:51 - 00000000 ____D () C:\Users\Marbach\Desktop\Alles 2
2014-04-20 13:07 - 2014-04-23 22:48 - 00000000 ____D () C:\Users\Marbach\Desktop\Vortrag - Fotografie
2014-04-12 11:11 - 2014-04-12 11:11 - 00016636 _____ () C:\Users\Marbach\AppData\Local\recently-used.xbel
2014-04-12 10:43 - 2014-04-12 10:45 - 00164557 _____ () C:\Users\Marbach\Documents\schlange-viper-33-cm-57-4902662 Kopie.xcf
==================== One Month Modified Files and Folders =======
2014-04-27 12:13 - 2014-04-27 12:13 - 00014046 _____ () C:\Users\Marbach\Desktop\FRST.txt
2014-04-27 12:13 - 2014-04-23 23:57 - 00000000 ____D () C:\FRST
2014-04-27 11:50 - 2010-09-19 09:37 - 02046364 _____ () C:\Windows\WindowsUpdate.log
2014-04-27 11:44 - 2009-07-14 06:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-27 11:44 - 2009-07-14 06:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-27 11:41 - 2012-09-23 11:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-27 11:41 - 2010-07-17 20:47 - 05447460 _____ () C:\Windows\system32\perfh007.dat
2014-04-27 11:41 - 2010-07-17 20:47 - 01664898 _____ () C:\Windows\system32\perfc007.dat
2014-04-27 11:41 - 2009-07-14 07:13 - 00005438 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-27 11:36 - 2012-02-15 17:03 - 00130191 _____ () C:\Windows\setupact.log
2014-04-27 11:36 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-26 15:39 - 2014-04-26 14:08 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-26 15:39 - 2014-02-06 19:46 - 00000435 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-04-26 15:34 - 2014-04-27 12:11 - 00001796 _____ () C:\Users\Marbach\Documents\JRT.txt
2014-04-26 15:12 - 2014-04-26 15:12 - 00000000 ____D () C:\Windows\ERUNT
2014-04-26 14:59 - 2014-04-26 15:07 - 00008136 _____ () C:\Users\Marbach\Desktop\AdwCleaner[S0].txt
2014-04-26 14:59 - 2014-04-26 14:53 - 00000000 ____D () C:\AdwCleaner
2014-04-26 14:51 - 2014-04-26 14:51 - 00004282 _____ () C:\Users\Marbach\Desktop\mbam.txt
2014-04-26 14:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-04-26 14:08 - 2014-04-26 14:08 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-26 14:08 - 2014-04-26 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-04-26 14:08 - 2014-04-26 14:08 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-26 14:08 - 2012-09-01 18:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-26 14:06 - 2014-04-26 14:06 - 01016261 _____ (Thisisu) C:\Users\Marbach\Desktop\JRT.exe
2014-04-26 14:05 - 2014-04-26 14:05 - 01365865 _____ () C:\Users\Marbach\Desktop\adwcleaner.exe
2014-04-26 14:05 - 2014-04-26 14:04 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Marbach\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-26 13:55 - 2014-04-26 13:54 - 00000000 ____D () C:\Users\Marbach\Desktop\Virusbekämpfung
2014-04-26 10:26 - 2014-04-26 10:26 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-26 10:25 - 2014-04-26 10:25 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Marbach\Desktop\revosetup95.exe
2014-04-24 01:10 - 2012-12-25 19:45 - 00000000 ____D () C:\Windows\Minidump
2014-04-24 01:09 - 2012-12-25 19:45 - 721486411 _____ () C:\Windows\MEMORY.DMP
2014-04-24 00:46 - 2014-04-24 00:46 - 01110476 _____ () C:\Users\Marbach\Desktop\7z920.exe
2014-04-24 00:46 - 2014-04-24 00:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-04-24 00:46 - 2014-04-24 00:46 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-04-23 23:57 - 2014-04-23 23:57 - 02061312 _____ (Farbar) C:\Users\Marbach\Desktop\FRST64.exe
2014-04-23 23:56 - 2011-01-22 15:31 - 00000000 ____D () C:\Users\Weise
2014-04-23 23:54 - 2014-04-23 23:54 - 00380416 _____ () C:\Users\Marbach\Desktop\Gmer-19357.exe
2014-04-23 23:53 - 2014-04-23 23:53 - 00050477 _____ () C:\Users\Marbach\Desktop\Defogger.exe
2014-04-23 23:50 - 2012-11-12 17:49 - 00000000 ____D () C:\Users\Marbach\AppData\Roaming\IrfanView
2014-04-23 23:34 - 2013-03-23 16:15 - 00000000 ____D () C:\Users\Marbach\Desktop\Virus bekämpfung
2014-04-23 22:48 - 2014-04-20 13:07 - 00000000 ____D () C:\Users\Marbach\Desktop\Vortrag - Fotografie
2014-04-23 20:33 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-20 13:51 - 2014-04-20 13:16 - 00000000 ____D () C:\Users\Marbach\Desktop\Alles 2
2014-04-20 13:15 - 2013-11-11 20:08 - 00000000 ____D () C:\Users\Marbach\Desktop\Alles
2014-04-12 12:06 - 2013-11-18 20:52 - 00000000 ____D () C:\Users\Marbach\.gimp-2.8
2014-04-12 11:11 - 2014-04-12 11:11 - 00016636 _____ () C:\Users\Marbach\AppData\Local\recently-used.xbel
2014-04-12 11:11 - 2013-11-24 21:33 - 00000000 ____D () C:\Users\Marbach\AppData\Local\gtk-2.0
2014-04-12 10:45 - 2014-04-12 10:43 - 00164557 _____ () C:\Users\Marbach\Documents\schlange-viper-33-cm-57-4902662 Kopie.xcf
2014-04-11 15:05 - 2011-01-23 15:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-10 11:42 - 2013-08-15 09:39 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 11:39 - 2011-08-21 15:04 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-03 09:51 - 2014-04-26 14:08 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-26 14:08 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-26 14:08 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 09:35 - 2011-01-29 15:02 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================
--- --- --- |
|
28.04.2014, 08:35
| #11 |
| /// the machine /// TB-Ausbilder | Windows 7 HP - Win32:Dropper-gen - Softronic uninstall.exe als Bedrohung gefundenESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
30.04.2014, 21:34
| #12 |
| | Windows 7 HP - Win32:Dropper-gen - Softronic uninstall.exe als Bedrohung gefunden Eset Online Scanner: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=de77025b2d0ac34fb7e50fb053d382ba
# engine=18090
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-30 05:57:48
# local_time=2014-04-30 07:57:48 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7600 NT
# compatibility_mode=774 16777213 85 83 13041312 175590540 0 0
# compatibility_mode=5893 16776573 100 94 12344 150510518 0 0
# scanned=406566
# found=1
# cleaned=0
# scan_time=11569
sh=5AF9F317CEFCC027127DA80A0312583CF90A1F1A ft=0 fh=0000000000000000 vn="Variante von Java/Exploit.CVE-2011-3544.CM Trojaner" ac=I fn="C:\Users\Weise\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\41bd8e00-348278b1"
SecurityCheck: Code:
ATTFilter Results of screen317's Security Check version 0.99.82
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Secunia PSI (3.0.0.6001)
TuneUp Utilities 2014
TuneUp Utilities 2014 (de-DE)
Java 7 Update 25
Java version out of Date!
Adobe Flash Player 13.0.0.206
Adobe Reader XI
Mozilla Firefox (28.0)
````````Process Check: objlist.exe by Laurent````````
system32 AvastSvc.exe -?-
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
erneutes FRST: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-04-2014 03
Ran by Marbach (ATTENTION: The logged in user is not administrator) on WEISE-HP on 30-04-2014 20:34:45
Running from C:\Users\Marbach\Desktop
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6234144 2010-03-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-30] (AVAST Software)
HKLM-x32\...\RunOnce: [20131224] - C:\Program Files\AVAST Software\Avast\setup\emupdate\31788629-2efe-44d5-9d43-f6a64b89e5a7.exe /check [181136 2014-04-30] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-4064333300-1550520147-146747255-1003\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {01307296-9682-4A67-A542-5A505A61CE8B} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {7A8F2B8E-4512-4071-9A77-41A8984D1BE7} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {01307296-9682-4A67-A542-5A505A61CE8B} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {7A8F2B8E-4512-4071-9A77-41A8984D1BE7} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2010-07-17] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Marbach\AppData\Roaming\Mozilla\Firefox\Profiles\ptl402ue.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Marbach\AppData\Roaming\Mozilla\Firefox\Profiles\ptl402ue.default\searchplugins\startpage-ssl.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Garmin Communicator - C:\Users\Marbach\AppData\Roaming\Mozilla\Firefox\Profiles\ptl402ue.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-20]
FF Extension: WOT - C:\Users\Marbach\AppData\Roaming\Mozilla\Firefox\Profiles\ptl402ue.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-27]
FF Extension: Adblock Plus - C:\Users\Marbach\AppData\Roaming\Mozilla\Firefox\Profiles\ptl402ue.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-01]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-02-15]
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility for IJ) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Wallet) - C:\Users\Marbach\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-11]
==================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-03-13] (Adobe Systems)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-30] (AVAST Software)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-07-02] ()
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)
==================== Drivers (Whitelisted) ====================
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-11-30] (AVAST Software)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21136 2012-10-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-11-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-11-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-11-30] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2013-11-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-11-30] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-23] (Realtek Semiconductor Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-30 20:34 - 2014-04-30 20:34 - 00014330 _____ () C:\Users\Marbach\Desktop\FRST.txt
2014-04-30 20:34 - 2014-04-30 20:34 - 00000000 ____D () C:\Users\Marbach\Desktop\FRST-OlderVersion
2014-04-30 20:29 - 2014-04-30 20:29 - 00855379 _____ () C:\Users\Marbach\Downloads\SecurityCheck.exe
2014-04-30 20:29 - 2014-04-30 20:29 - 00855379 _____ () C:\Users\Marbach\Desktop\SecurityCheck.exe
2014-04-30 16:36 - 2014-04-30 16:36 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-30 16:30 - 2014-04-30 16:29 - 02347384 _____ (ESET) C:\Users\Marbach\Desktop\esetsmartinstaller_deu.exe
2014-04-30 16:29 - 2014-04-30 16:29 - 02347384 _____ (ESET) C:\Users\Marbach\Downloads\esetsmartinstaller_deu.exe
2014-04-27 13:17 - 2014-04-26 15:34 - 00001796 _____ () C:\Users\Marbach\Desktop\JRT.txt
2014-04-27 12:11 - 2014-04-26 15:34 - 00001796 _____ () C:\Users\Marbach\Documents\JRT.txt
2014-04-26 15:12 - 2014-04-26 15:12 - 00000000 ____D () C:\Windows\ERUNT
2014-04-26 15:07 - 2014-04-26 14:59 - 00008136 _____ () C:\Users\Marbach\Desktop\AdwCleaner[S0].txt
2014-04-26 14:53 - 2014-04-26 14:59 - 00000000 ____D () C:\AdwCleaner
2014-04-26 14:51 - 2014-04-26 14:51 - 00004282 _____ () C:\Users\Marbach\Desktop\mbam.txt
2014-04-26 14:08 - 2014-04-26 15:39 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-26 14:08 - 2014-04-26 14:08 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-26 14:08 - 2014-04-26 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-04-26 14:08 - 2014-04-26 14:08 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-26 14:08 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-26 14:08 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-26 14:08 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-26 14:06 - 2014-04-26 14:06 - 01016261 _____ (Thisisu) C:\Users\Marbach\Desktop\JRT.exe
2014-04-26 14:05 - 2014-04-26 14:05 - 01365865 _____ () C:\Users\Marbach\Desktop\adwcleaner.exe
2014-04-26 14:04 - 2014-04-26 14:05 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Marbach\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-26 13:54 - 2014-04-30 20:34 - 00000000 ____D () C:\Users\Marbach\Desktop\Virusbekämpfung
2014-04-26 10:26 - 2014-04-26 10:26 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-26 10:25 - 2014-04-26 10:25 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Marbach\Desktop\revosetup95.exe
2014-04-24 00:46 - 2014-04-24 00:46 - 01110476 _____ () C:\Users\Marbach\Desktop\7z920.exe
2014-04-24 00:46 - 2014-04-24 00:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-04-24 00:46 - 2014-04-24 00:46 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-04-23 23:57 - 2014-04-30 20:34 - 02061824 _____ (Farbar) C:\Users\Marbach\Desktop\FRST64.exe
2014-04-23 23:57 - 2014-04-30 20:34 - 00000000 ____D () C:\FRST
2014-04-23 23:54 - 2014-04-23 23:54 - 00380416 _____ () C:\Users\Marbach\Desktop\Gmer-19357.exe
2014-04-23 23:53 - 2014-04-23 23:53 - 00050477 _____ () C:\Users\Marbach\Desktop\Defogger.exe
2014-04-20 13:16 - 2014-04-20 13:51 - 00000000 ____D () C:\Users\Marbach\Desktop\Alles 2
2014-04-20 13:07 - 2014-04-23 22:48 - 00000000 ____D () C:\Users\Marbach\Desktop\Vortrag - Fotografie
2014-04-12 11:11 - 2014-04-12 11:11 - 00016636 _____ () C:\Users\Marbach\AppData\Local\recently-used.xbel
2014-04-12 10:43 - 2014-04-12 10:45 - 00164557 _____ () C:\Users\Marbach\Documents\schlange-viper-33-cm-57-4902662 Kopie.xcf
==================== One Month Modified Files and Folders =======
2014-04-30 20:35 - 2014-04-30 20:34 - 00014330 _____ () C:\Users\Marbach\Desktop\FRST.txt
2014-04-30 20:34 - 2014-04-30 20:34 - 00000000 ____D () C:\Users\Marbach\Desktop\FRST-OlderVersion
2014-04-30 20:34 - 2014-04-26 13:54 - 00000000 ____D () C:\Users\Marbach\Desktop\Virusbekämpfung
2014-04-30 20:34 - 2014-04-23 23:57 - 02061824 _____ (Farbar) C:\Users\Marbach\Desktop\FRST64.exe
2014-04-30 20:34 - 2014-04-23 23:57 - 00000000 ____D () C:\FRST
2014-04-30 20:29 - 2014-04-30 20:29 - 00855379 _____ () C:\Users\Marbach\Downloads\SecurityCheck.exe
2014-04-30 20:29 - 2014-04-30 20:29 - 00855379 _____ () C:\Users\Marbach\Desktop\SecurityCheck.exe
2014-04-30 19:41 - 2012-09-23 11:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-30 18:18 - 2010-09-19 09:37 - 01068497 _____ () C:\Windows\WindowsUpdate.log
2014-04-30 16:36 - 2014-04-30 16:36 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-30 16:34 - 2010-07-17 20:47 - 05521420 _____ () C:\Windows\system32\perfh007.dat
2014-04-30 16:34 - 2010-07-17 20:47 - 01688578 _____ () C:\Windows\system32\perfc007.dat
2014-04-30 16:34 - 2009-07-14 07:13 - 00005438 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-30 16:34 - 2009-07-14 06:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-30 16:34 - 2009-07-14 06:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-30 16:29 - 2014-04-30 16:30 - 02347384 _____ (ESET) C:\Users\Marbach\Desktop\esetsmartinstaller_deu.exe
2014-04-30 16:29 - 2014-04-30 16:29 - 02347384 _____ (ESET) C:\Users\Marbach\Downloads\esetsmartinstaller_deu.exe
2014-04-30 16:23 - 2012-02-15 17:03 - 00130415 _____ () C:\Windows\setupact.log
2014-04-30 16:23 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-28 20:42 - 2012-09-23 11:53 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-28 20:42 - 2012-09-23 11:53 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-26 15:39 - 2014-04-26 14:08 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-26 15:39 - 2014-02-06 19:46 - 00000435 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-04-26 15:34 - 2014-04-27 13:17 - 00001796 _____ () C:\Users\Marbach\Desktop\JRT.txt
2014-04-26 15:34 - 2014-04-27 12:11 - 00001796 _____ () C:\Users\Marbach\Documents\JRT.txt
2014-04-26 15:12 - 2014-04-26 15:12 - 00000000 ____D () C:\Windows\ERUNT
2014-04-26 14:59 - 2014-04-26 15:07 - 00008136 _____ () C:\Users\Marbach\Desktop\AdwCleaner[S0].txt
2014-04-26 14:59 - 2014-04-26 14:53 - 00000000 ____D () C:\AdwCleaner
2014-04-26 14:51 - 2014-04-26 14:51 - 00004282 _____ () C:\Users\Marbach\Desktop\mbam.txt
2014-04-26 14:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-04-26 14:08 - 2014-04-26 14:08 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-26 14:08 - 2014-04-26 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-04-26 14:08 - 2014-04-26 14:08 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-26 14:08 - 2012-09-01 18:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-26 14:06 - 2014-04-26 14:06 - 01016261 _____ (Thisisu) C:\Users\Marbach\Desktop\JRT.exe
2014-04-26 14:05 - 2014-04-26 14:05 - 01365865 _____ () C:\Users\Marbach\Desktop\adwcleaner.exe
2014-04-26 14:05 - 2014-04-26 14:04 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Marbach\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-26 10:26 - 2014-04-26 10:26 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-26 10:25 - 2014-04-26 10:25 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Marbach\Desktop\revosetup95.exe
2014-04-24 01:10 - 2012-12-25 19:45 - 00000000 ____D () C:\Windows\Minidump
2014-04-24 01:09 - 2012-12-25 19:45 - 721486411 _____ () C:\Windows\MEMORY.DMP
2014-04-24 00:46 - 2014-04-24 00:46 - 01110476 _____ () C:\Users\Marbach\Desktop\7z920.exe
2014-04-24 00:46 - 2014-04-24 00:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-04-24 00:46 - 2014-04-24 00:46 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-04-23 23:56 - 2011-01-22 15:31 - 00000000 ____D () C:\Users\Weise
2014-04-23 23:54 - 2014-04-23 23:54 - 00380416 _____ () C:\Users\Marbach\Desktop\Gmer-19357.exe
2014-04-23 23:53 - 2014-04-23 23:53 - 00050477 _____ () C:\Users\Marbach\Desktop\Defogger.exe
2014-04-23 23:50 - 2012-11-12 17:49 - 00000000 ____D () C:\Users\Marbach\AppData\Roaming\IrfanView
2014-04-23 23:34 - 2013-03-23 16:15 - 00000000 ____D () C:\Users\Marbach\Desktop\Virus bekämpfung
2014-04-23 22:48 - 2014-04-20 13:07 - 00000000 ____D () C:\Users\Marbach\Desktop\Vortrag - Fotografie
2014-04-23 20:33 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-20 13:51 - 2014-04-20 13:16 - 00000000 ____D () C:\Users\Marbach\Desktop\Alles 2
2014-04-20 13:15 - 2013-11-11 20:08 - 00000000 ____D () C:\Users\Marbach\Desktop\Alles
2014-04-12 12:06 - 2013-11-18 20:52 - 00000000 ____D () C:\Users\Marbach\.gimp-2.8
2014-04-12 11:11 - 2014-04-12 11:11 - 00016636 _____ () C:\Users\Marbach\AppData\Local\recently-used.xbel
2014-04-12 11:11 - 2013-11-24 21:33 - 00000000 ____D () C:\Users\Marbach\AppData\Local\gtk-2.0
2014-04-12 10:45 - 2014-04-12 10:43 - 00164557 _____ () C:\Users\Marbach\Documents\schlange-viper-33-cm-57-4902662 Kopie.xcf
2014-04-11 15:05 - 2011-01-23 15:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-10 11:42 - 2013-08-15 09:39 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 11:39 - 2011-08-21 15:04 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-03 09:51 - 2014-04-26 14:08 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-26 14:08 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-26 14:08 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 09:35 - 2011-01-29 15:02 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================
--- --- --- Ansonsten gibt es eigentlich keine Probleme weiter. Vielen Dank für die Nachfrage und die bisherige Hilfe. |
|
01.05.2014, 16:44
| #13 |
| /// the machine /// TB-Ausbilder | Windows 7 HP - Win32:Dropper-gen - Softronic uninstall.exe als Bedrohung gefunden Java updaten. Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.05.2014, 15:39
| #14 |
| | Windows 7 HP - Win32:Dropper-gen - Softronic uninstall.exe als Bedrohung gefunden Hallo, ich danke nochmals für die schnelle Hilfe. Die restlichen Hinweise habe ich noch abgearbeitet und auch keine Fragen weiter. Also vielen, vielen Dank und freudliche Grüße. |
|
06.05.2014, 11:21
| #15 |
| /// the machine /// TB-Ausbilder | Windows 7 HP - Win32:Dropper-gen - Softronic uninstall.exe als Bedrohung gefunden Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 7 HP - Win32:Dropper-gen - Softronic uninstall.exe als Bedrohung gefunden |
| anhang, anleitung, autostart, bedrohung, bereits, code, gmer, heute, hoffe, home, install.exe, meldung, programme, rechner, scan, screenshot, system, systems, uninstall.exe, unsicher, vorgehen, win, win32, windows, windows 7, würde |
Linear-Darstellung
