| |
| |||||||
Log-Analyse und Auswertung: Malwarebytes findet Mobogenie. Noch mehr malware?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
26.11.2014, 18:33
| #1 |
| |  Malwarebytes findet Mobogenie. Noch mehr malware? Hallo liebes TB-Team. Malwarebytes fand heute einen schädling auf meinem Rechner. Ich lies diesen Entfernen (Log anbei) und folgte eurer anleitung. Meine Frage ist, ob sich eventuell noch mehr auf meinem Rechner befindet und ersuche daher eure Hilfe. Defogger nicht nötig, da keine virtuellen Laufwerke vorhanden. Hier die Logs : FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014
Ran by Jessica (administrator) on JESSICA-PC on 26-11-2014 18:13:32
Running from C:\Users\Jessica\Desktop
Loaded Profile: Jessica (Available profiles: Jessica)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar Core\DIPAwayMode\DipAwayMode.exe
() C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.03\AsusFanControlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ACD Systems) C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-12-19] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-12-19] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-26] (AVAST Software)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ACPW05DE] => C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe [822384 2011-11-17] (ACD Systems)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3833322267-538766727-1948873061-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-3833322267-538766727-1948873061-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x737E9E5CDFFCCE01
HKU\S-1-5-21-3833322267-538766727-1948873061-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.192.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-12-20]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-19]
Chrome:
=======
CHR Profile: C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-26]
CHR Extension: (Google Drive) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-26]
CHR Extension: (Google-Suche) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-26]
CHR Extension: (Avast SafePrice) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-08-21]
CHR Extension: (ZenMate) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-07-26]
CHR Extension: (AdBlock) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-26]
CHR Extension: (Avast Online Security) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-12-19]
CHR Extension: (Session Manager) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc [2014-07-26]
CHR Extension: (Google Wallet) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-19]
CHR Extension: (Google Mail) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-26]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-26]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-12-19] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2013-12-19] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2013-12-19] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.03\AsusFanControlService.exe [1690424 2013-12-19] (ASUSTeK Computer Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-26] (AVAST Software)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4797064 2013-11-05] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-03-28] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
S1 ASMTFilter; C:\Windows\System32\DRIVERS\asmtufdriver.sys [21400 2013-12-19] (hxxp://www.asmedia.com.tw) [File not signed]
S1 ASMTFilter; C:\Windows\SysWOW64\DRIVERS\asmtufdriver.sys [16640 2013-12-19] (hxxp://www.asmedia.com.tw) [File not signed]
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2013-12-19] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2013-12-19] (MCCI Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-26] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-26] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-26] ()
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-30] (Intel Corporation)
S3 ezplay; C:\Windows\System32\Drivers\ezplay.sys [118400 2014-01-24] (VSO Software) [File not signed]
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [4433696 2013-12-19] (Intel Corporation) [File not signed]
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [442368 2013-12-19] (Intel(R) Corporation) [File not signed]
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-26 18:13 - 2014-11-26 18:13 - 02118144 _____ (Farbar) C:\Users\Jessica\Desktop\FRST64.exe
2014-11-26 18:13 - 2014-11-26 18:13 - 00016062 _____ () C:\Users\Jessica\Desktop\FRST.txt
2014-11-26 18:13 - 2014-11-26 18:13 - 00000000 ____D () C:\FRST
2014-11-26 18:12 - 2014-11-26 18:13 - 02118144 _____ (Farbar) C:\Users\Jessica\Downloads\FRST64.exe
2014-11-26 18:07 - 2014-11-26 18:07 - 00001147 _____ () C:\Users\Jessica\Desktop\123.txt
2014-11-26 17:52 - 2014-11-26 17:52 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-26 17:52 - 2014-11-26 17:52 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-26 17:52 - 2014-11-26 17:52 - 00001924 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-11-26 17:35 - 2014-11-26 17:35 - 05198336 _____ (AVAST Software) C:\Users\Jessica\Downloads\aswmbr.exe
2014-11-18 20:49 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 20:49 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 20:49 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 20:49 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-14 15:53 - 2014-11-14 15:53 - 00000000 ____D () C:\Users\Jessica\Desktop\tattoos
2014-11-13 20:55 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-13 20:55 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-13 20:55 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-13 20:55 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 20:55 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-13 20:55 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-13 20:55 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-13 20:55 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-13 20:55 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-13 20:55 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 20:55 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 20:55 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-13 20:55 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-13 20:55 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-13 20:55 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-13 20:55 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-13 20:55 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-13 20:55 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 20:55 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-13 20:55 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 20:55 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-13 20:55 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-13 20:55 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-13 20:55 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-13 20:55 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-13 20:55 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 20:55 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-13 20:55 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-13 20:55 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-13 20:55 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-13 20:55 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-13 20:55 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 20:55 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-13 20:55 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-13 20:55 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 20:55 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-13 20:55 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-13 20:55 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 20:55 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-13 20:55 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-13 20:55 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 20:55 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-13 20:55 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-13 20:55 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-13 20:55 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 20:55 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-13 20:55 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-13 20:55 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-13 20:55 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-13 20:55 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 20:55 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 20:55 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-13 20:55 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-13 20:55 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-13 20:55 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-13 20:55 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-13 20:55 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-13 20:55 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-13 20:55 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-13 20:55 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-13 20:55 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-13 20:55 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 20:55 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 20:55 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 20:55 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-13 20:55 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-13 20:55 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-13 20:55 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-13 20:55 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 20:55 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-13 20:55 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-13 20:55 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-13 20:55 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-13 20:55 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-13 20:55 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-13 20:55 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 20:55 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-13 20:55 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-13 20:55 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-13 20:55 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-13 20:55 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-13 20:54 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 20:54 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-13 20:54 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 20:54 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-13 20:54 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-13 20:54 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-13 20:54 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-13 20:54 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 20:54 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 20:54 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 20:54 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-13 20:54 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 20:54 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-13 20:54 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-13 20:54 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-13 20:54 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-13 20:54 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-13 20:54 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-13 20:54 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-13 20:54 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-03 15:02 - 2014-11-03 15:02 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\pdfforge
2014-11-03 15:02 - 2014-11-03 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-11-03 15:02 - 2014-11-03 15:02 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-11-03 15:02 - 2014-04-25 17:44 - 01070152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2014-11-03 15:02 - 2014-04-25 17:44 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2014-11-03 15:02 - 2014-04-25 17:44 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2014-11-03 15:02 - 2014-04-25 17:44 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2014-11-03 15:02 - 2014-04-25 17:44 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2014-11-03 15:02 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL
2014-11-03 15:02 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL
2014-11-03 15:02 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL
2014-11-03 15:00 - 2014-11-03 15:01 - 27843432 _____ (pdfforge ) C:\Users\Jessica\Downloads\PDFCreator-1_7_3_setup.exe
2014-11-01 00:26 - 2014-11-01 00:26 - 00009946 _____ () C:\Users\Jessica\Documents\Unbenannt 1.odt
2014-10-29 23:20 - 2014-10-29 23:42 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\Bioshock2Steam
2014-10-29 23:20 - 2014-10-29 23:20 - 00000000 ____D () C:\Users\Jessica\Documents\Bioshock2
2014-10-29 18:56 - 2014-10-29 18:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-29 18:56 - 2014-10-29 18:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-29 18:56 - 2014-10-29 18:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-29 18:56 - 2014-10-29 18:56 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-29 18:56 - 2014-10-29 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-29 18:56 - 2014-10-29 18:56 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-29 18:33 - 2014-10-30 23:02 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\Bioshock
2014-10-29 18:33 - 2014-10-29 18:40 - 00000000 ____D () C:\Users\Jessica\Documents\Bioshock
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-26 18:12 - 2009-07-14 05:45 - 00027120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-26 18:12 - 2009-07-14 05:45 - 00027120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-26 18:08 - 2013-12-19 17:57 - 01940258 _____ () C:\Windows\WindowsUpdate.log
2014-11-26 18:06 - 2014-07-14 13:54 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-26 18:05 - 2009-07-14 05:51 - 00113411 _____ () C:\Windows\setupact.log
2014-11-26 18:04 - 2013-12-19 19:20 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-26 18:04 - 2010-11-21 04:47 - 00034110 _____ () C:\Windows\PFRO.log
2014-11-26 18:04 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-26 18:03 - 2013-12-20 17:17 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2014-11-26 17:52 - 2014-05-04 17:42 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-26 17:52 - 2013-12-19 19:25 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-26 17:52 - 2013-12-19 19:25 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-11-26 17:52 - 2013-12-19 19:25 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-26 17:52 - 2013-12-19 19:25 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-11-26 17:52 - 2013-12-19 19:25 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-26 17:52 - 2013-12-19 19:25 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-26 17:52 - 2013-12-19 19:25 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-26 17:52 - 2013-12-19 19:25 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-26 17:49 - 2014-07-14 13:54 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-26 17:49 - 2014-07-14 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-11-26 17:49 - 2014-07-14 13:54 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-11-24 21:17 - 2013-12-19 19:20 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-24 20:18 - 2013-12-19 19:21 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-23 00:53 - 2013-12-19 19:33 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-20 22:31 - 2013-12-20 16:50 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\vlc
2014-11-16 15:42 - 2013-12-20 17:16 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-11-16 13:53 - 2011-04-12 08:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-11-16 13:53 - 2011-04-12 08:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-11-16 13:53 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-15 11:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-14 16:12 - 2013-12-19 19:20 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 16:12 - 2013-12-19 19:20 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-14 15:51 - 2009-07-14 05:45 - 00295752 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-14 15:50 - 2014-05-06 19:36 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-13 22:09 - 2013-12-19 19:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 22:07 - 2013-12-19 19:46 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-09 15:59 - 2014-07-26 11:02 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\TeamViewer
2014-11-04 14:30 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-29 19:55 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-29 18:56 - 2013-12-20 17:17 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-29 18:33 - 2013-12-20 17:49 - 00440803 _____ () C:\Windows\DirectX.log
Some content of TEMP:
====================
C:\Users\Jessica\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Jessica\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Jessica\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Jessica\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Jessica\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Jessica\AppData\Local\Temp\sonarinst.exe
C:\Users\Jessica\AppData\Local\Temp\vlc-2.1.4-win64.exe
C:\Users\Jessica\AppData\Local\Temp\vlc-2.1.5-win64.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-15 11:46
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2014
Ran by Jessica at 2014-11-26 18:14:03
Running from C:\Users\Jessica\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ACDSee Pro 5 (HKLM-x32\...\{35E0BA9D-3AFE-402A-99CA-D94FE1E73D18}) (Version: 5.3.168 - ACD Systems International Inc.)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AI Suite 3 (HKLM-x32\...\{D46DA5F0-25AD-4B77-98DA-6DD6AF39FBD9}) (Version: 1.00.56 - ASUSTeK Computer Inc.)
Alice: Madness Returns (HKLM-x32\...\Steam App 19680) (Version: - Spicy Horse Games)
Ashampoo Burning Studio 2014 v.12.0.5 (HKLM-x32\...\{91B33C97-280F-B76D-E27B-E712D7041B76}_is1) (Version: 12.0.5 - Ashampoo GmbH & Co. KG)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
BioShock (HKLM-x32\...\Steam App 7670) (Version: - 2K Boston)
BioShock 2 (HKLM-x32\...\Steam App 8850) (Version: - 2K Marin)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version: - Irrational Games)
Burnout Paradise: The Ultimate Box (HKLM-x32\...\Steam App 24740) (Version: - Criterion Games)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
CPUID ASUS CPU-Z 1.66.1 (HKLM\...\CPUID ASUS CPU-Z_is1) (Version: 1.66.1 - CPUID, Inc.)
Crysis 2 Maximum Edition (HKLM-x32\...\Steam App 108800) (Version: - Crytek Studios)
Dead Space (HKLM-x32\...\Steam App 17470) (Version: - EA Redwood Shores)
Defiance (HKLM-x32\...\Steam App 224600) (Version: - Trion Worlds, Inc.)
Defy Gravity (HKLM-x32\...\Steam App 96100) (Version: - Fish Factory Games)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Dragon Nest Europe (HKLM-x32\...\Steam App 258700) (Version: - Eyedentity Games)
Eets Munchies (HKLM-x32\...\Steam App 214550) (Version: - Klei Entertainment)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Free YouTube to MP3 Converter version 3.12.43.806 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.43.806 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Mafia II (HKLM-x32\...\Steam App 50130) (Version: - 2K Czech)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mark of the Ninja (HKLM-x32\...\Steam App 214560) (Version: - Klei Entertainment)
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version: - 4A Games)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSI Afterburner 3.0.1 (HKLM-x32\...\Afterburner) (Version: 3.0.1 - MSI Co., LTD)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version: - OVERKILL Software)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
RaceRoom Racing Experience Launcher (HKLM-x32\...\{1FD9F07F-7BBF-4C91-B3F0-A23714A3A913}_is1) (Version: 1.0 - SimBin)
RaiderZ (HKLM-x32\...\Steam App 218470) (Version: - )
Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version: - Wild Shadow Studios)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Red Orchestra 2: Heroes of Stalingrad - Single Player (HKLM-x32\...\Steam App 236830) (Version: - )
Rising Storm/Red Orchestra 2 Multiplayer (HKLM-x32\...\Steam App 35450) (Version: - Tripwire Interactive)
RivaTuner Statistics Server 6.1.2 (HKLM-x32\...\RTSS) (Version: 6.1.2 - Unwinder)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version: - Rebellion)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
The Book of Unwritten Tales (HKLM-x32\...\Steam App 215160) (Version: - KING Art)
The Evil Within Demo (HKLM-x32\...\Steam App 329960) (Version: - Tango Gameworks)
The Guild II (HKLM-x32\...\Steam App 39650) (Version: - 4 Head Studios)
The Night of the Rabbit (HKLM-x32\...\Steam App 230820) (Version: - Daedalic Entertainment)
Trine 2 (HKLM-x32\...\Steam App 35720) (Version: - Frozenbyte)
Unigine Valley Benchmark version 1.0 (HKLM-x32\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
13-11-2014 19:50:46 Windows Update
13-11-2014 21:06:56 Windows Update
18-11-2014 19:49:33 Windows Update
18-11-2014 22:12:26 Windows Update
26-11-2014 16:36:57 Windows Update
26-11-2014 16:51:52 avast! antivirus system restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0BD209E8-D3E6-493F-B1C5-C12F10B168D3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-19] (Google Inc.)
Task: {1FF7C8C9-9E97-4481-B457-471CA6528802} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-19] (Google Inc.)
Task: {3CB13316-66D3-4841-A4CD-3451F8BC4C7C} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2013-08-07] (ASUSTeK Computer Inc.)
Task: {428AD03E-2C5F-4307-8F38-49956A739E93} - System32\Tasks\ASUS\ASUS Network iControl Help Execute => C:\Program Files (x86)\ASUS\AI Suite III\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe [2013-02-07] (ASUSTeK Computer Inc.)
Task: {7A4240FA-C304-454E-AF8E-B2362CE6C2E8} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar Core\DipAwayMode\DipAwayMode.exe [2013-09-18] ()
Task: {91559963-A65A-423F-A8AD-D0173BED7475} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr.exe [2013-07-24] (ASUSTeK Computer Inc.)
Task: {9813B0EC-6504-457C-8403-DA94F4A162B9} - System32\Tasks\ASUS\Ez Update => C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe [2013-07-24] ()
Task: {BF71063C-60D7-45DB-B2C7-CC0FCA4D0AFA} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-26] (AVAST Software)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-07-14 15:46 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-12-19 19:02 - 2013-12-19 18:59 - 00936728 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2013-12-20 19:37 - 2013-09-18 10:18 - 01225528 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar Core\DipAwayMode\DipAwayMode.exe
2013-12-20 19:34 - 2013-07-24 10:16 - 01425208 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
2013-12-21 21:34 - 2014-03-28 22:44 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-03-07 16:05 - 2014-07-25 14:51 - 00699680 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll
2014-03-07 16:05 - 2014-07-25 14:51 - 00855328 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll
2014-11-26 17:32 - 2014-11-26 17:32 - 02903552 _____ () C:\Program Files\AVAST Software\Avast\defs\14112600\algo.dll
2013-12-19 19:09 - 2014-11-26 18:04 - 00028672 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2013-12-19 19:02 - 2013-12-19 18:59 - 00104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2013-12-20 19:34 - 2013-08-07 19:11 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite III\AssistFunc.dll
2013-12-20 19:34 - 2013-08-29 15:59 - 01138176 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EasyUpdt.dll
2013-12-20 19:35 - 2013-06-24 15:59 - 01173504 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Network iControl\Network iControl.dll
2013-12-20 19:37 - 2013-09-18 10:27 - 02371584 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar Core\tufx.dll
2013-12-20 19:33 - 2013-12-19 18:59 - 00662016 _____ () C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMLib.dll
2013-12-20 19:34 - 2013-08-07 19:11 - 00053248 _____ () C:\Program Files (x86)\ASUS\AI Suite III\cpuutil.dll
2013-12-20 19:37 - 2013-09-18 10:18 - 00685056 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar Core\DipAwayMode\DIPDLL\DIP4DIGIPowerControlAction.dll
2013-12-20 19:37 - 2013-09-18 10:18 - 00825344 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar Core\DipAwayMode\DIPDLL\DIP4EpuAction.dll
2013-12-20 19:37 - 2013-09-18 10:18 - 00765952 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar Core\DipAwayMode\DIPDLL\DIP4FanAction.dll
2013-12-20 19:37 - 2013-09-18 10:18 - 00776704 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar Core\DipAwayMode\DIPDLL\DIP4TurboVEVOAction.dll
2013-12-20 19:37 - 2013-09-18 10:18 - 00904704 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar Core\DipAwayMode\DIPDLL\UsbPowerManager.dll
2013-12-20 19:34 - 2013-07-31 20:05 - 05773588 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzULIB.dll
2013-12-20 19:34 - 2010-06-21 15:21 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\ImageHelper.dll
2014-11-26 17:52 - 2014-11-26 17:52 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-12-19 18:53 - 2013-09-03 16:52 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-11-24 20:18 - 2014-11-14 22:15 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\libglesv2.dll
2014-11-24 20:18 - 2014-11-14 22:15 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\libegl.dll
2014-11-24 20:18 - 2014-11-14 22:15 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\pdf.dll
2014-11-24 20:18 - 2014-11-14 22:15 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-3833322267-538766727-1948873061-500 - Administrator - Disabled)
Gast (S-1-5-21-3833322267-538766727-1948873061-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3833322267-538766727-1948873061-1002 - Limited - Enabled)
Jessica (S-1-5-21-3833322267-538766727-1948873061-1000 - Administrator - Enabled) => C:\Users\Jessica
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/26/2014 06:05:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/26/2014 05:33:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/24/2014 07:48:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/22/2014 09:18:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/21/2014 07:38:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/20/2014 07:44:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2014 07:46:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/18/2014 08:44:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/17/2014 08:18:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/16/2014 03:52:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000018e5d
ID des fehlerhaften Prozesses: 0x1290
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3
System errors:
=============
Error: (11/26/2014 06:05:15 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (11/26/2014 06:05:06 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ASMTFilter
Error: (11/26/2014 05:33:48 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (11/26/2014 05:33:12 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (11/26/2014 05:33:09 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ASMTFilter
Error: (11/24/2014 07:48:07 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (11/24/2014 07:48:01 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ASMTFilter
Error: (11/22/2014 09:18:44 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (11/22/2014 09:18:38 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ASMTFilter
Error: (11/21/2014 07:39:14 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Microsoft Office Sessions:
=========================
Error: (11/26/2014 06:05:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/26/2014 05:33:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/24/2014 07:48:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/22/2014 09:18:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/21/2014 07:38:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/20/2014 07:44:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2014 07:46:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/18/2014 08:44:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/17/2014 08:18:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/16/2014 03:52:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.1.7601.18247521eaf24c00000050000000000018e5d129001d001ab8bce7676C:\Program Files\VideoLAN\VLC\vlc.exeC:\Windows\SYSTEM32\ntdll.dll39bb210b-6da0-11e4-89c5-ac220bc62755
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz
Percentage of memory in use: 27%
Total physical RAM: 8098.18 MB
Available physical RAM: 5902.12 MB
Total Pagefile: 16194.54 MB
Available Pagefile: 13729.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.41 GB) (Free:189.36 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 9B03A74A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
26.11.2014, 18:36
| #2 |
| | Malwarebytes findet Mobogenie. Noch mehr malware?Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-11-26 18:21:52
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EZEX-21M2NA0 rev.01.01A01 931,51GB
Running: w9pgdzdz.exe; Driver: C:\Users\Jessica\AppData\Local\Temp\pwlirfoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e21360 5 bytes JMP 000000014a1b0460
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e213b0 5 bytes JMP 000000014a1b0450
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e21510 5 bytes JMP 000000014a1b0370
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e21560 5 bytes JMP 000000014a1b0470
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e21570 5 bytes JMP 000000014a1b03e0
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e21620 5 bytes JMP 000000014a1b0320
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e21650 5 bytes JMP 000000014a1b03b0
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e21670 5 bytes JMP 000000014a1b0390
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e216b0 5 bytes JMP 000000014a1b02e0
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e21730 5 bytes JMP 000000014a1b02d0
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e21750 5 bytes JMP 000000014a1b0310
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e21790 5 bytes JMP 000000014a1b03c0
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e217e0 5 bytes JMP 000000014a1b03f0
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e21940 5 bytes JMP 000000014a1b0230
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e21b00 5 bytes JMP 000000014a1b0480
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e21b30 5 bytes JMP 000000014a1b03a0
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e21c10 5 bytes JMP 000000014a1b02f0
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e21c20 5 bytes JMP 000000014a1b0350
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e21c80 5 bytes JMP 000000014a1b0290
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e21d10 5 bytes JMP 000000014a1b02b0
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e21d30 5 bytes JMP 000000014a1b03d0
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e21d40 5 bytes JMP 000000014a1b0330
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e21db0 5 bytes JMP 000000014a1b0410
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e21de0 5 bytes JMP 000000014a1b0240
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e220a0 5 bytes JMP 000000014a1b01e0
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e22160 5 bytes JMP 000000014a1b0250
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e22190 5 bytes JMP 000000014a1b0490
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e221a0 5 bytes JMP 000000014a1b04a0
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e221d0 5 bytes JMP 000000014a1b0300
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e221e0 5 bytes JMP 000000014a1b0360
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e22240 5 bytes JMP 000000014a1b02a0
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e22290 5 bytes JMP 000000014a1b02c0
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e222c0 5 bytes JMP 000000014a1b0380
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e222d0 5 bytes JMP 000000014a1b0340
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e225c0 5 bytes JMP 000000014a1b0440
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e227c0 5 bytes JMP 000000014a1b0260
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e227d0 5 bytes JMP 000000014a1b0270
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e227e0 5 bytes JMP 000000014a1b0400
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e229a0 5 bytes JMP 000000014a1b01f0
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e229b0 5 bytes JMP 000000014a1b0210
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e22a20 5 bytes JMP 000000014a1b0200
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e22a80 5 bytes JMP 000000014a1b0420
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e22a90 5 bytes JMP 000000014a1b0430
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e22aa0 5 bytes JMP 000000014a1b0220
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e22b80 5 bytes JMP 000000014a1b0280
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e21360 5 bytes JMP 0000000076f80460
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e213b0 5 bytes JMP 0000000076f80450
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e21510 5 bytes JMP 0000000076f80370
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e21560 5 bytes JMP 0000000076f80470
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e21570 5 bytes JMP 0000000076f803e0
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e21620 5 bytes JMP 0000000076f80320
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e21650 5 bytes JMP 0000000076f803b0
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e21670 5 bytes JMP 0000000076f80390
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e216b0 5 bytes JMP 0000000076f802e0
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e21730 5 bytes JMP 0000000076f802d0
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e21750 5 bytes JMP 0000000076f80310
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e21790 5 bytes JMP 0000000076f803c0
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e217e0 5 bytes JMP 0000000076f803f0
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e21940 5 bytes JMP 0000000076f80230
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e21b00 5 bytes JMP 0000000076f80480
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e21b30 5 bytes JMP 0000000076f803a0
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e21c10 5 bytes JMP 0000000076f802f0
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e21c20 5 bytes JMP 0000000076f80350
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e21c80 5 bytes JMP 0000000076f80290
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e21d10 5 bytes JMP 0000000076f802b0
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e21d30 5 bytes JMP 0000000076f803d0
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e21d40 5 bytes JMP 0000000076f80330
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e21db0 5 bytes JMP 0000000076f80410
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e21de0 5 bytes JMP 0000000076f80240
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e220a0 5 bytes JMP 0000000076f801e0
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e22160 5 bytes JMP 0000000076f80250
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e22190 5 bytes JMP 0000000076f80490
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e221a0 5 bytes JMP 0000000076f804a0
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e221d0 5 bytes JMP 0000000076f80300
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e221e0 5 bytes JMP 0000000076f80360
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e22240 5 bytes JMP 0000000076f802a0
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e22290 5 bytes JMP 0000000076f802c0
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e222c0 5 bytes JMP 0000000076f80380
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e222d0 5 bytes JMP 0000000076f80340
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e225c0 5 bytes JMP 0000000076f80440
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e227c0 5 bytes JMP 0000000076f80260
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e227d0 5 bytes JMP 0000000076f80270
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e227e0 5 bytes JMP 0000000076f80400
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e229a0 5 bytes JMP 0000000076f801f0
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e229b0 5 bytes JMP 0000000076f80210
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e22a20 5 bytes JMP 0000000076f80200
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e22a80 5 bytes JMP 0000000076f80420
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e22a90 5 bytes JMP 0000000076f80430
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e22aa0 5 bytes JMP 0000000076f80220
.text C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e22b80 5 bytes JMP 0000000076f80280
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e21360 5 bytes JMP 000000014a1b0460
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e213b0 5 bytes JMP 000000014a1b0450
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e21510 5 bytes JMP 000000014a1b0370
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e21560 5 bytes JMP 000000014a1b0470
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e21570 5 bytes JMP 000000014a1b03e0
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e21620 5 bytes JMP 000000014a1b0320
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e21650 5 bytes JMP 000000014a1b03b0
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e21670 5 bytes JMP 000000014a1b0390
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e216b0 5 bytes JMP 000000014a1b02e0
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e21730 5 bytes JMP 000000014a1b02d0
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e21750 5 bytes JMP 000000014a1b0310
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e21790 5 bytes JMP 000000014a1b03c0
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e217e0 5 bytes JMP 000000014a1b03f0
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e21940 5 bytes JMP 000000014a1b0230
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e21b00 5 bytes JMP 000000014a1b0480
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e21b30 5 bytes JMP 000000014a1b03a0
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e21c10 5 bytes JMP 000000014a1b02f0
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e21c20 5 bytes JMP 000000014a1b0350
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e21c80 5 bytes JMP 000000014a1b0290
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e21d10 5 bytes JMP 000000014a1b02b0
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e21d30 5 bytes JMP 000000014a1b03d0
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e21d40 5 bytes JMP 000000014a1b0330
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e21db0 5 bytes JMP 000000014a1b0410
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e21de0 5 bytes JMP 000000014a1b0240
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e220a0 5 bytes JMP 000000014a1b01e0
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e22160 5 bytes JMP 000000014a1b0250
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e22190 5 bytes JMP 000000014a1b0490
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e221a0 5 bytes JMP 000000014a1b04a0
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e221d0 5 bytes JMP 000000014a1b0300
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e221e0 5 bytes JMP 000000014a1b0360
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e22240 5 bytes JMP 000000014a1b02a0
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e22290 5 bytes JMP 000000014a1b02c0
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e222c0 5 bytes JMP 000000014a1b0380
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e222d0 5 bytes JMP 000000014a1b0340
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e225c0 5 bytes JMP 000000014a1b0440
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e227c0 5 bytes JMP 000000014a1b0260
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e227d0 5 bytes JMP 000000014a1b0270
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e227e0 5 bytes JMP 000000014a1b0400
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e229a0 5 bytes JMP 000000014a1b01f0
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e229b0 5 bytes JMP 000000014a1b0210
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e22a20 5 bytes JMP 000000014a1b0200
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e22a80 5 bytes JMP 000000014a1b0420
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e22a90 5 bytes JMP 000000014a1b0430
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e22aa0 5 bytes JMP 000000014a1b0220
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e22b80 5 bytes JMP 000000014a1b0280
.text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e21360 5 bytes JMP 0000000076f80460
.text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e213b0 5 bytes JMP 0000000076f80450
.text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e21510 5 bytes JMP 0000000076f80370
.text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e21560 5 bytes JMP 0000000076f80470
.text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e21570 5 bytes JMP 0000000076f803e0
.text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e21620 5 bytes JMP 0000000076f80320
.text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e21650 5 bytes JMP 0000000076f803b0
.text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e21670 5 bytes JMP 0000000076f80390
.text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e216b0 5 bytes JMP 0000000076f802e0
.text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e21730 5 bytes JMP 0000000076f802d0
.text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e21750 5 bytes JMP 0000000076f80310
.text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e21790 5 bytes JMP 0000000076f803c0
.text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e217e0 5 bytes JMP 0000000076f803f0
.text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e21940 5 bytes JMP 0000000076f80230
.text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e21b00 5 bytes JMP 0000000076f80480
.text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e21b30 5 bytes JMP 0000000076f803a0
.text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e21c10 5 bytes JMP 0000000076f802f0
.text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e21c20 5 bytes JMP 0000000076f80350
.text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e21c80 5 bytes JMP 0000000076f80290
.text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e21d10 5 bytes JMP 0000000076f802b0
.text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e21d30 5 bytes JMP 0000000076f803d0
.text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e21d40 5 bytes JMP 0000000076f80330
.text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e21db0 5 bytes JMP 0000000076f80410
.text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e21de0 5 bytes JMP 0000000076f80240
.text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e220a0 5 bytes JMP 0000000076f801e0
.text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e22160 5 bytes JMP 0000000076f80250
.text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e22190 5 bytes JMP 0000000076f80490
.text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e221a0 5 bytes JMP 0000000076f804a0
.text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e221d0 5 bytes JMP 0000000076f80300
.text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e221e0 5 bytes JMP 0000000076f80360
.text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e22240 5 bytes JMP 0000000076f802a0
.text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e22290 5 bytes JMP 0000000076f802c0
.text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e222c0 5 bytes JMP 0000000076f80380
.text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e222d0 5 bytes JMP 0000000076f80340
.text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e225c0 5 bytes JMP 0000000076f80440
.text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e227c0 5 bytes JMP 0000000076f80260
.text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e227d0 5 bytes JMP 0000000076f80270
.text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e227e0 5 bytes JMP 0000000076f80400
.text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e229a0 5 bytes JMP 0000000076f801f0
.text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e229b0 5 bytes JMP 0000000076f80210
.text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e22a20 5 bytes JMP 0000000076f80200
.text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e22a80 5 bytes JMP 0000000076f80420
.text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e22a90 5 bytes JMP 0000000076f80430
.text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e22aa0 5 bytes JMP 0000000076f80220
.text C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e22b80 5 bytes JMP 0000000076f80280
.text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e21360 5 bytes JMP 0000000076f80460
.text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e213b0 5 bytes JMP 0000000076f80450
.text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e21510 5 bytes JMP 0000000076f80370
.text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e21560 5 bytes JMP 0000000076f80470
.text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e21570 5 bytes JMP 0000000076f803e0
.text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e21620 5 bytes JMP 0000000076f80320
.text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e21650 5 bytes JMP 0000000076f803b0
.text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e21670 5 bytes JMP 0000000076f80390
.text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e216b0 5 bytes JMP 0000000076f802e0
.text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e21730 5 bytes JMP 0000000076f802d0
.text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e21750 5 bytes JMP 0000000076f80310
.text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e21790 5 bytes JMP 0000000076f803c0
.text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e217e0 5 bytes JMP 0000000076f803f0
.text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e21940 5 bytes JMP 0000000076f80230
.text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e21b00 5 bytes JMP 0000000076f80480
.text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e21b30 5 bytes JMP 0000000076f803a0
.text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e21c10 5 bytes JMP 0000000076f802f0
.text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e21c20 5 bytes JMP 0000000076f80350
.text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e21c80 5 bytes JMP 0000000076f80290
.text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e21d10 5 bytes JMP 0000000076f802b0
.text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e21d30 5 bytes JMP 0000000076f803d0
.text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e21d40 5 bytes JMP 0000000076f80330
.text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e21db0 5 bytes JMP 0000000076f80410
.text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e21de0 5 bytes JMP 0000000076f80240
.text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e220a0 5 bytes JMP 0000000076f801e0
.text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e22160 5 bytes JMP 0000000076f80250
.text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e22190 5 bytes JMP 0000000076f80490
.text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e221a0 5 bytes JMP 0000000076f804a0
.text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e221d0 5 bytes JMP 0000000076f80300
.text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e221e0 5 bytes JMP 0000000076f80360
.text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e22240 5 bytes JMP 0000000076f802a0
.text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e22290 5 bytes JMP 0000000076f802c0
.text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e222c0 5 bytes JMP 0000000076f80380
.text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e222d0 5 bytes JMP 0000000076f80340
.text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e225c0 5 bytes JMP 0000000076f80440
.text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e227c0 5 bytes JMP 0000000076f80260
.text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e227d0 5 bytes JMP 0000000076f80270
.text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e227e0 5 bytes JMP 0000000076f80400
.text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e229a0 5 bytes JMP 0000000076f801f0
.text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e229b0 5 bytes JMP 0000000076f80210
.text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e22a20 5 bytes JMP 0000000076f80200
.text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e22a80 5 bytes JMP 0000000076f80420
.text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e22a90 5 bytes JMP 0000000076f80430
.text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e22aa0 5 bytes JMP 0000000076f80220
.text C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e22b80 5 bytes JMP 0000000076f80280
.text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e21360 5 bytes JMP 0000000076f80460
.text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e213b0 5 bytes JMP 0000000076f80450
.text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e21510 5 bytes JMP 0000000076f80370
.text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e21560 5 bytes JMP 0000000076f80470
.text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e21570 5 bytes JMP 0000000076f803e0
.text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e21620 5 bytes JMP 0000000076f80320
.text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e21650 5 bytes JMP 0000000076f803b0
.text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e21670 5 bytes JMP 0000000076f80390
.text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e216b0 5 bytes JMP 0000000076f802e0
.text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e21730 5 bytes JMP 0000000076f802d0
.text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e21750 5 bytes JMP 0000000076f80310
.text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e21790 5 bytes JMP 0000000076f803c0
.text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e217e0 5 bytes JMP 0000000076f803f0
.text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e21940 5 bytes JMP 0000000076f80230
.text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e21b00 5 bytes JMP 0000000076f80480
.text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e21b30 5 bytes JMP 0000000076f803a0
.text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e21c10 5 bytes JMP 0000000076f802f0
.text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e21c20 5 bytes JMP 0000000076f80350
.text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e21c80 5 bytes JMP 0000000076f80290
.text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e21d10 5 bytes JMP 0000000076f802b0
.text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e21d30 5 bytes JMP 0000000076f803d0
.text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e21d40 5 bytes JMP 0000000076f80330
.text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e21db0 5 bytes JMP 0000000076f80410
.text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e21de0 5 bytes JMP 0000000076f80240
.text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e220a0 5 bytes JMP 0000000076f801e0
.text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e22160 5 bytes JMP 0000000076f80250
.text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e22190 5 bytes JMP 0000000076f80490
.text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e221a0 5 bytes JMP 0000000076f804a0
.text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e221d0 5 bytes JMP 0000000076f80300
.text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e221e0 5 bytes JMP 0000000076f80360
.text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e22240 5 bytes JMP 0000000076f802a0
.text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e22290 5 bytes JMP 0000000076f802c0
.text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e222c0 5 bytes JMP 0000000076f80380
.text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e222d0 5 bytes JMP 0000000076f80340
.text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e225c0 5 bytes JMP 0000000076f80440
.text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e227c0 5 bytes JMP 0000000076f80260
.text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e227d0 5 bytes JMP 0000000076f80270
.text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e227e0 5 bytes JMP 0000000076f80400
.text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e229a0 5 bytes JMP 0000000076f801f0
.text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e229b0 5 bytes JMP 0000000076f80210
.text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e22a20 5 bytes JMP 0000000076f80200
.text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e22a80 5 bytes JMP 0000000076f80420
.text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e22a90 5 bytes JMP 0000000076f80430
.text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e22aa0 5 bytes JMP 0000000076f80220
.text C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e22b80 5 bytes JMP 0000000076f80280
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e21360 5 bytes JMP 0000000076f80460
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e213b0 5 bytes JMP 0000000076f80450
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e21510 5 bytes JMP 0000000076f80370
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e21560 5 bytes JMP 0000000076f80470
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e21570 5 bytes JMP 0000000076f803e0
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e21620 5 bytes JMP 0000000076f80320
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e21650 5 bytes JMP 0000000076f803b0
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e21670 5 bytes JMP 0000000076f80390
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e216b0 5 bytes JMP 0000000076f802e0
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e21730 5 bytes JMP 0000000076f802d0
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e21750 5 bytes JMP 0000000076f80310
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e21790 5 bytes JMP 0000000076f803c0
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e217e0 5 bytes JMP 0000000076f803f0
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e21940 5 bytes JMP 0000000076f80230
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e21b00 5 bytes JMP 0000000076f80480
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e21b30 5 bytes JMP 0000000076f803a0
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e21c10 5 bytes JMP 0000000076f802f0
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e21c20 5 bytes JMP 0000000076f80350
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e21c80 5 bytes JMP 0000000076f80290
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e21d10 5 bytes JMP 0000000076f802b0
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e21d30 5 bytes JMP 0000000076f803d0
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e21d40 5 bytes JMP 0000000076f80330
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e21db0 5 bytes JMP 0000000076f80410
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e21de0 5 bytes JMP 0000000076f80240
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e220a0 5 bytes JMP 0000000076f801e0
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e22160 5 bytes JMP 0000000076f80250
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e22190 5 bytes JMP 0000000076f80490
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e221a0 5 bytes JMP 0000000076f804a0
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e221d0 5 bytes JMP 0000000076f80300
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e221e0 5 bytes JMP 0000000076f80360
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e22240 5 bytes JMP 0000000076f802a0
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e22290 5 bytes JMP 0000000076f802c0
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e222c0 5 bytes JMP 0000000076f80380
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e222d0 5 bytes JMP 0000000076f80340
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e225c0 5 bytes JMP 0000000076f80440
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e227c0 5 bytes JMP 0000000076f80260
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e227d0 5 bytes JMP 0000000076f80270
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e227e0 5 bytes JMP 0000000076f80400
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e229a0 5 bytes JMP 0000000076f801f0
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e229b0 5 bytes JMP 0000000076f80210
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e22a20 5 bytes JMP 0000000076f80200
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e22a80 5 bytes JMP 0000000076f80420
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e22a90 5 bytes JMP 0000000076f80430
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e22aa0 5 bytes JMP 0000000076f80220
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e22b80 5 bytes JMP 0000000076f80280
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e21360 5 bytes JMP 0000000100070460
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e213b0 5 bytes JMP 0000000100070450
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e21510 5 bytes JMP 0000000100070370
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e21560 5 bytes JMP 0000000100070470
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e21570 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e21620 5 bytes JMP 0000000100070320
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e21650 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e21670 5 bytes JMP 0000000100070390
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e216b0 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e21730 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e21750 5 bytes JMP 0000000100070310
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e21790 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e217e0 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e21940 5 bytes JMP 0000000100070230
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e21b00 5 bytes JMP 0000000100070480
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e21b30 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e21c10 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e21c20 5 bytes JMP 0000000100070350
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e21c80 5 bytes JMP 0000000100070290
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e21d10 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e21d30 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e21d40 5 bytes JMP 0000000100070330
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e21db0 5 bytes JMP 0000000100070410
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e21de0 5 bytes JMP 0000000100070240
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e220a0 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e22160 5 bytes JMP 0000000100070250
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e22190 5 bytes JMP 0000000100070490
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e221a0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e221d0 5 bytes JMP 0000000100070300
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e221e0 5 bytes JMP 0000000100070360
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e22240 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e22290 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e222c0 5 bytes JMP 0000000100070380
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e222d0 5 bytes JMP 0000000100070340
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e225c0 5 bytes JMP 0000000100070440
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e227c0 5 bytes JMP 0000000100070260
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e227d0 5 bytes JMP 0000000100070270
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e227e0 5 bytes JMP 0000000100070400
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e229a0 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e229b0 5 bytes JMP 0000000100070210
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e22a20 5 bytes JMP 0000000100070200
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e22a80 5 bytes JMP 0000000100070420
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e22a90 5 bytes JMP 0000000100070430
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e22aa0 5 bytes JMP 0000000100070220
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e22b80 5 bytes JMP 0000000100070280
.text C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e21360 5 bytes JMP 0000000076f80460
.text C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e213b0 5 bytes JMP 0000000076f80450
.text C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e21510 5 bytes JMP 0000000076f80370
.text C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e21560 5 bytes JMP 0000000076f80470
.text C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e21570 5 bytes JMP 0000000076f803e0
.text C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e21620 5 bytes JMP 0000000076f80320
.text C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e21650 5 bytes JMP 0000000076f803b0
.text C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e21670 5 bytes JMP 0000000076f80390
.text C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e216b0 5 bytes JMP 0000000076f802e0
.text C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e21730 5 bytes JMP 0000000076f802d0
.text C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e21750 5 bytes JMP 0000000076f80310
.text C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e21790 5 bytes JMP 0000000076f803c0
.text C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e217e0 5 bytes JMP 0000000076f803f0
.text C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e21940 5 bytes JMP 0000000076f80230
.text C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e21b00 5 bytes JMP 0000000076f80480
.text C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e21b30 5 bytes JMP 0000000076f803a0
.text C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e21c10 5 bytes JMP 0000000076f802f0
.text C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e21c20 5 bytes JMP 0000000076f80350
.text C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e21c80 5 bytes JMP 0000000076f80290
.text C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e21d10 5 bytes JMP 0000000076f802b0
.text C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e21d30 5 bytes JMP 0000000076f803d0
.text C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e21d40 5 bytes JMP 0000000076f80330
.text C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e21db0 5 bytes JMP 0000000076f80410
.text C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e21de0 5 bytes JMP 0000000076f80240
.text C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e220a0 5 bytes JMP 0000000076f801e0
.text C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e22160 5 bytes JMP 0000000076f80250
.text C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e22190 5 bytes JMP 0000000076f80490
.text C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e221a0 5 bytes JMP 0000000076f804a0
.text C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e221d0 5 bytes JMP 0000000076f80300
.text C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e221e0 5 bytes JMP 0000000076f80360
.text C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e22240 5 bytes JMP 0000000076f802a0
.text C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e22290 5 bytes JMP 0000000076f802c0
.text C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e222c0 5 bytes JMP 0000000076f80380
.text C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e222d0 5 bytes JMP 0000000076f80340
.text C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e225c0 5 bytes JMP 0000000076f80440
.text C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e227c0 5 bytes JMP 0000000076f80260
.text C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e227d0 5 bytes JMP 0000000076f80270
.text C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e227e0 5 bytes JMP 0000000076f80400
.text C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e229a0 5 bytes JMP 0000000076f801f0
.text C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e229b0 5 bytes JMP 0000000076f80210
.text C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e22a20 5 bytes JMP 0000000076f80200
.text C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e22a80 5 bytes JMP 0000000076f80420
.text C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e22a90 5 bytes JMP 0000000076f80430
.text C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e22aa0 5 bytes JMP 0000000076f80220
.text C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e22b80 5 bytes JMP 0000000076f80280
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e21360 5 bytes JMP 0000000076f80460
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e213b0 5 bytes JMP 0000000076f80450
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e21510 5 bytes JMP 0000000076f80370
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e21560 5 bytes JMP 0000000076f80470
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e21570 5 bytes JMP 0000000076f803e0
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e21620 5 bytes JMP 0000000076f80320
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e21650 5 bytes JMP 0000000076f803b0
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e21670 5 bytes JMP 0000000076f80390
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e216b0 5 bytes JMP 0000000076f802e0
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e21730 5 bytes JMP 0000000076f802d0
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e21750 5 bytes JMP 0000000076f80310
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e21790 5 bytes JMP 0000000076f803c0
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e217e0 5 bytes JMP 0000000076f803f0
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e21940 5 bytes JMP 0000000076f80230
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e21b00 5 bytes JMP 0000000076f80480
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e21b30 5 bytes JMP 0000000076f803a0
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e21c10 5 bytes JMP 0000000076f802f0
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e21c20 5 bytes JMP 0000000076f80350
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e21c80 5 bytes JMP 0000000076f80290
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e21d10 5 bytes JMP 0000000076f802b0
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e21d30 5 bytes JMP 0000000076f803d0
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e21d40 5 bytes JMP 0000000076f80330
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e21db0 5 bytes JMP 0000000076f80410
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e21de0 5 bytes JMP 0000000076f80240
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e220a0 5 bytes JMP 0000000076f801e0
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e22160 5 bytes JMP 0000000076f80250
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e22190 5 bytes JMP 0000000076f80490
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e221a0 5 bytes JMP 0000000076f804a0
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e221d0 5 bytes JMP 0000000076f80300
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e221e0 5 bytes JMP 0000000076f80360
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e22240 5 bytes JMP 0000000076f802a0
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e22290 5 bytes JMP 0000000076f802c0
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e222c0 5 bytes JMP 0000000076f80380
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e222d0 5 bytes JMP 0000000076f80340
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e225c0 5 bytes JMP 0000000076f80440
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e227c0 5 bytes JMP 0000000076f80260
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e227d0 5 bytes JMP 0000000076f80270
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e227e0 5 bytes JMP 0000000076f80400
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e229a0 5 bytes JMP 0000000076f801f0
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e229b0 5 bytes JMP 0000000076f80210
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e22a20 5 bytes JMP 0000000076f80200
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e22a80 5 bytes JMP 0000000076f80420
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e22a90 5 bytes JMP 0000000076f80430
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e22aa0 5 bytes JMP 0000000076f80220
.text C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e22b80 5 bytes JMP 0000000076f80280
.text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e21360 5 bytes JMP 0000000076f80460
.text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e213b0 5 bytes JMP 0000000076f80450
.text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e21510 5 bytes JMP 0000000076f80370
.text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e21560 5 bytes JMP 0000000076f80470
.text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e21570 5 bytes JMP 0000000076f803e0
.text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e21620 5 bytes JMP 0000000076f80320
.text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e21650 5 bytes JMP 0000000076f803b0
.text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e21670 5 bytes JMP 0000000076f80390
.text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e216b0 5 bytes JMP 0000000076f802e0
.text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e21730 5 bytes JMP 0000000076f802d0
.text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e21750 5 bytes JMP 0000000076f80310
.text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e21790 5 bytes JMP 0000000076f803c0
.text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e217e0 5 bytes JMP 0000000076f803f0
.text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e21940 5 bytes JMP 0000000076f80230
.text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e21b00 5 bytes JMP 0000000076f80480
.text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e21b30 5 bytes JMP 0000000076f803a0
.text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e21c10 5 bytes JMP 0000000076f802f0
.text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e21c20 5 bytes JMP 0000000076f80350
.text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e21c80 5 bytes JMP 0000000076f80290
.text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e21d10 5 bytes JMP 0000000076f802b0
.text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e21d30 5 bytes JMP 0000000076f803d0
.text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e21d40 5 bytes JMP 0000000076f80330
.text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e21db0 5 bytes JMP 0000000076f80410
.text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e21de0 5 bytes JMP 0000000076f80240
.text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e220a0 5 bytes JMP 0000000076f801e0
.text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e22160 5 bytes JMP 0000000076f80250
.text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e22190 5 bytes JMP 0000000076f80490
.text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e221a0 5 bytes JMP 0000000076f804a0
.text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e221d0 5 bytes JMP 0000000076f80300
.text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e221e0 5 bytes JMP 0000000076f80360
.text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e22240 5 bytes JMP 0000000076f802a0
.text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e22290 5 bytes JMP 0000000076f802c0
.text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e222c0 5 bytes JMP 0000000076f80380
.text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e222d0 5 bytes JMP 0000000076f80340
.text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e225c0 5 bytes JMP 0000000076f80440
.text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e227c0 5 bytes JMP 0000000076f80260
.text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e227d0 5 bytes JMP 0000000076f80270
.text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e227e0 5 bytes JMP 0000000076f80400
.text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e229a0 5 bytes JMP 0000000076f801f0
.text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e229b0 5 bytes JMP 0000000076f80210
.text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e22a20 5 bytes JMP 0000000076f80200
.text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e22a80 5 bytes JMP 0000000076f80420
.text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e22a90 5 bytes JMP 0000000076f80430
.text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e22aa0 5 bytes JMP 0000000076f80220
.text C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e22b80 5 bytes JMP 0000000076f80280
.text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e21360 5 bytes JMP 0000000076f80460
.text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e213b0 5 bytes JMP 0000000076f80450
.text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e21510 5 bytes JMP 0000000076f80370
.text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e21560 5 bytes JMP 0000000076f80470
.text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e21570 5 bytes JMP 0000000076f803e0
.text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e21620 5 bytes JMP 0000000076f80320
.text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e21650 5 bytes JMP 0000000076f803b0
.text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e21670 5 bytes JMP 0000000076f80390
.text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e216b0 5 bytes JMP 0000000076f802e0
.text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e21730 5 bytes JMP 0000000076f802d0
.text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e21750 5 bytes JMP 0000000076f80310
.text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e21790 5 bytes JMP 0000000076f803c0
.text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e217e0 5 bytes JMP 0000000076f803f0
.text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e21940 5 bytes JMP 0000000076f80230
.text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e21b00 5 bytes JMP 0000000076f80480
.text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e21b30 5 bytes JMP 0000000076f803a0
.text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e21c10 5 bytes JMP 0000000076f802f0
.text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e21c20 5 bytes JMP 0000000076f80350
.text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e21c80 5 bytes JMP 0000000076f80290
.text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e21d10 5 bytes JMP 0000000076f802b0
.text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e21d30 5 bytes JMP 0000000076f803d0
.text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e21d40 5 bytes JMP 0000000076f80330
.text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e21db0 5 bytes JMP 0000000076f80410
.text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e21de0 5 bytes JMP 0000000076f80240
.text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e220a0 5 bytes JMP 0000000076f801e0
.text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e22160 5 bytes JMP 0000000076f80250
.text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e22190 5 bytes JMP 0000000076f80490
.text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e221a0 5 bytes JMP 0000000076f804a0
.text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e221d0 5 bytes JMP 0000000076f80300
.text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e221e0 5 bytes JMP 0000000076f80360
.text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e22240 5 bytes JMP 0000000076f802a0
.text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e22290 5 bytes JMP 0000000076f802c0
.text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e222c0 5 bytes JMP 0000000076f80380
.text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e222d0 5 bytes JMP 0000000076f80340
.text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e225c0 5 bytes JMP 0000000076f80440
.text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e227c0 5 bytes JMP 0000000076f80260
.text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e227d0 5 bytes JMP 0000000076f80270
.text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e227e0 5 bytes JMP 0000000076f80400
.text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e229a0 5 bytes JMP 0000000076f801f0
.text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e229b0 5 bytes JMP 0000000076f80210
.text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e22a20 5 bytes JMP 0000000076f80200
.text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e22a80 5 bytes JMP 0000000076f80420
.text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e22a90 5 bytes JMP 0000000076f80430
.text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e22aa0 5 bytes JMP 0000000076f80220
.text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e22b80 5 bytes JMP 0000000076f80280
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e21360 5 bytes JMP 0000000100070460
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e213b0 5 bytes JMP 0000000100070450
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e21510 5 bytes JMP 0000000100070370
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e21560 5 bytes JMP 0000000100070470
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e21570 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e21620 5 bytes JMP 0000000100070320
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e21650 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e21670 5 bytes JMP 0000000100070390
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e216b0 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e21730 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e21750 5 bytes JMP 0000000100070310
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e21790 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e217e0 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e21940 5 bytes JMP 0000000100070230
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e21b00 5 bytes JMP 0000000100070480
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e21b30 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e21c10 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e21c20 5 bytes JMP 0000000100070350
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e21c80 5 bytes JMP 0000000100070290
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e21d10 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e21d30 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e21d40 5 bytes JMP 0000000100070330
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e21db0 5 bytes JMP 0000000100070410
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e21de0 5 bytes JMP 0000000100070240
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e220a0 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e22160 5 bytes JMP 0000000100070250
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e22190 5 bytes JMP 0000000100070490
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e221a0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e221d0 5 bytes JMP 0000000100070300
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e221e0 5 bytes JMP 0000000100070360
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e22240 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e22290 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e222c0 5 bytes JMP 0000000100070380
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e222d0 5 bytes JMP 0000000100070340
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e225c0 5 bytes JMP 0000000100070440
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e227c0 5 bytes JMP 0000000100070260
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e227d0 5 bytes JMP 0000000100070270
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e227e0 5 bytes JMP 0000000100070400
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e229a0 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e229b0 5 bytes JMP 0000000100070210
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e22a20 5 bytes JMP 0000000100070200
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e22a80 5 bytes JMP 0000000100070420
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e22a90 5 bytes JMP 0000000100070430
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e22aa0 5 bytes JMP 0000000100070220
.text C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e22b80 5 bytes JMP 0000000100070280
|
|
26.11.2014, 18:39
| #3 |
| | Malwarebytes findet Mobogenie. Noch mehr malware?Code:
ATTFilter .text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e21360 5 bytes JMP 0000000100070460
.text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e213b0 5 bytes JMP 0000000100070450
.text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e21510 5 bytes JMP 0000000100070370
.text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e21560 5 bytes JMP 0000000100070470
.text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e21570 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e21620 5 bytes JMP 0000000100070320
.text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e21650 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e21670 5 bytes JMP 0000000100070390
.text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e216b0 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e21730 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e21750 5 bytes JMP 0000000100070310
.text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e21790 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e217e0 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e21940 5 bytes JMP 0000000100070230
.text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e21b00 5 bytes JMP 0000000100070480
.text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e21b30 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e21c10 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e21c20 5 bytes JMP 0000000100070350
.text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e21c80 5 bytes JMP 0000000100070290
.text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e21d10 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e21d30 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e21d40 5 bytes JMP 0000000100070330
.text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e21db0 5 bytes JMP 0000000100070410
.text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e21de0 5 bytes JMP 0000000100070240
.text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e220a0 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e22160 5 bytes JMP 0000000100070250
.text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e22190 5 bytes JMP 0000000100070490
.text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e221a0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e221d0 5 bytes JMP 0000000100070300
.text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e221e0 5 bytes JMP 0000000100070360
.text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e22240 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e22290 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e222c0 5 bytes JMP 0000000100070380
.text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e222d0 5 bytes JMP 0000000100070340
.text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e225c0 5 bytes JMP 0000000100070440
.text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e227c0 5 bytes JMP 0000000100070260
.text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e227d0 5 bytes JMP 0000000100070270
.text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e227e0 5 bytes JMP 0000000100070400
.text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e229a0 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e229b0 5 bytes JMP 0000000100070210
.text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e22a20 5 bytes JMP 0000000100070200
.text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e22a80 5 bytes JMP 0000000100070420
.text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e22a90 5 bytes JMP 0000000100070430
.text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e22aa0 5 bytes JMP 0000000100070220
.text C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e22b80 5 bytes JMP 0000000100070280
.text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e21360 5 bytes JMP 0000000076f80460
.text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e213b0 5 bytes JMP 0000000076f80450
.text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e21510 5 bytes JMP 0000000076f80370
.text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e21560 5 bytes JMP 0000000076f80470
.text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e21570 5 bytes JMP 0000000076f803e0
.text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e21620 5 bytes JMP 0000000076f80320
.text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e21650 5 bytes JMP 0000000076f803b0
.text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e21670 5 bytes JMP 0000000076f80390
.text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e216b0 5 bytes JMP 0000000076f802e0
.text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e21730 5 bytes JMP 0000000076f802d0
.text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e21750 5 bytes JMP 0000000076f80310
.text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e21790 5 bytes JMP 0000000076f803c0
.text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e217e0 5 bytes JMP 0000000076f803f0
.text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e21940 5 bytes JMP 0000000076f80230
.text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e21b00 5 bytes JMP 0000000076f80480
.text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e21b30 5 bytes JMP 0000000076f803a0
.text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e21c10 5 bytes JMP 0000000076f802f0
.text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e21c20 5 bytes JMP 0000000076f80350
.text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e21c80 5 bytes JMP 0000000076f80290
.text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e21d10 5 bytes JMP 0000000076f802b0
.text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e21d30 5 bytes JMP 0000000076f803d0
.text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e21d40 5 bytes JMP 0000000076f80330
.text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e21db0 5 bytes JMP 0000000076f80410
.text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e21de0 5 bytes JMP 0000000076f80240
.text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e220a0 5 bytes JMP 0000000076f801e0
.text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e22160 5 bytes JMP 0000000076f80250
.text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e22190 5 bytes JMP 0000000076f80490
.text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e221a0 5 bytes JMP 0000000076f804a0
.text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e221d0 5 bytes JMP 0000000076f80300
.text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e221e0 5 bytes JMP 0000000076f80360
.text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e22240 5 bytes JMP 0000000076f802a0
.text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e22290 5 bytes JMP 0000000076f802c0
.text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e222c0 5 bytes JMP 0000000076f80380
.text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e222d0 5 bytes JMP 0000000076f80340
.text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e225c0 5 bytes JMP 0000000076f80440
.text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e227c0 5 bytes JMP 0000000076f80260
.text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e227d0 5 bytes JMP 0000000076f80270
.text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e227e0 5 bytes JMP 0000000076f80400
.text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e229a0 5 bytes JMP 0000000076f801f0
.text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e229b0 5 bytes JMP 0000000076f80210
.text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e22a20 5 bytes JMP 0000000076f80200
.text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e22a80 5 bytes JMP 0000000076f80420
.text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e22a90 5 bytes JMP 0000000076f80430
.text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e22aa0 5 bytes JMP 0000000076f80220
.text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e22b80 5 bytes JMP 0000000076f80280
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e21360 5 bytes JMP 0000000076f80460
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e213b0 5 bytes JMP 0000000076f80450
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e21510 5 bytes JMP 0000000076f80370
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e21560 5 bytes JMP 0000000076f80470
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e21570 5 bytes JMP 0000000076f803e0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e21620 5 bytes JMP 0000000076f80320
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e21650 5 bytes JMP 0000000076f803b0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e21670 5 bytes JMP 0000000076f80390
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e216b0 5 bytes JMP 0000000076f802e0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e21730 5 bytes JMP 0000000076f802d0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e21750 5 bytes JMP 0000000076f80310
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e21790 5 bytes JMP 0000000076f803c0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e217e0 5 bytes JMP 0000000076f803f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e21940 5 bytes JMP 0000000076f80230
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e21b00 5 bytes JMP 0000000076f80480
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e21b30 5 bytes JMP 0000000076f803a0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e21c10 5 bytes JMP 0000000076f802f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e21c20 5 bytes JMP 0000000076f80350
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e21c80 5 bytes JMP 0000000076f80290
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e21d10 5 bytes JMP 0000000076f802b0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e21d30 5 bytes JMP 0000000076f803d0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e21d40 5 bytes JMP 0000000076f80330
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e21db0 5 bytes JMP 0000000076f80410
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e21de0 5 bytes JMP 0000000076f80240
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e220a0 5 bytes JMP 0000000076f801e0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e22160 5 bytes JMP 0000000076f80250
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e22190 5 bytes JMP 0000000076f80490
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e221a0 5 bytes JMP 0000000076f804a0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e221d0 5 bytes JMP 0000000076f80300
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e221e0 5 bytes JMP 0000000076f80360
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e22240 5 bytes JMP 0000000076f802a0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e22290 5 bytes JMP 0000000076f802c0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e222c0 5 bytes JMP 0000000076f80380
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e222d0 5 bytes JMP 0000000076f80340
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e225c0 5 bytes JMP 0000000076f80440
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e227c0 5 bytes JMP 0000000076f80260
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e227d0 5 bytes JMP 0000000076f80270
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e227e0 5 bytes JMP 0000000076f80400
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e229a0 5 bytes JMP 0000000076f801f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e229b0 5 bytes JMP 0000000076f80210
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e22a20 5 bytes JMP 0000000076f80200
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e22a80 5 bytes JMP 0000000076f80420
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e22a90 5 bytes JMP 0000000076f80430
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e22aa0 5 bytes JMP 0000000076f80220
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e22b80 5 bytes JMP 0000000076f80280
.text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e21360 5 bytes JMP 0000000076f80460
.text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e213b0 5 bytes JMP 0000000076f80450
.text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e21510 5 bytes JMP 0000000076f80370
.text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e21560 5 bytes JMP 0000000076f80470
.text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e21570 5 bytes JMP 0000000076f803e0
.text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e21620 5 bytes JMP 0000000076f80320
.text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e21650 5 bytes JMP 0000000076f803b0
.text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e21670 5 bytes JMP 0000000076f80390
.text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e216b0 5 bytes JMP 0000000076f802e0
.text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e21730 5 bytes JMP 0000000076f802d0
.text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e21750 5 bytes JMP 0000000076f80310
.text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e21790 5 bytes JMP 0000000076f803c0
.text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e217e0 5 bytes JMP 0000000076f803f0
.text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e21940 5 bytes JMP 0000000076f80230
.text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e21b00 5 bytes JMP 0000000076f80480
.text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e21b30 5 bytes JMP 0000000076f803a0
.text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e21c10 5 bytes JMP 0000000076f802f0
.text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e21c20 5 bytes JMP 0000000076f80350
.text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e21c80 5 bytes JMP 0000000076f80290
.text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e21d10 5 bytes JMP 0000000076f802b0
.text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e21d30 5 bytes JMP 0000000076f803d0
.text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e21d40 5 bytes JMP 0000000076f80330
.text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e21db0 5 bytes JMP 0000000076f80410
.text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e21de0 5 bytes JMP 0000000076f80240
.text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e220a0 5 bytes JMP 0000000076f801e0
.text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e22160 5 bytes JMP 0000000076f80250
.text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e22190 5 bytes JMP 0000000076f80490
.text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e221a0 5 bytes JMP 0000000076f804a0
.text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e221d0 5 bytes JMP 0000000076f80300
.text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e221e0 5 bytes JMP 0000000076f80360
.text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e22240 5 bytes JMP 0000000076f802a0
.text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e22290 5 bytes JMP 0000000076f802c0
.text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e222c0 5 bytes JMP 0000000076f80380
.text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e222d0 5 bytes JMP 0000000076f80340
.text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e225c0 5 bytes JMP 0000000076f80440
.text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e227c0 5 bytes JMP 0000000076f80260
.text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e227d0 5 bytes JMP 0000000076f80270
.text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e227e0 5 bytes JMP 0000000076f80400
.text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e229a0 5 bytes JMP 0000000076f801f0
.text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e229b0 5 bytes JMP 0000000076f80210
.text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e22a20 5 bytes JMP 0000000076f80200
.text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e22a80 5 bytes JMP 0000000076f80420
.text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e22a90 5 bytes JMP 0000000076f80430
.text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e22aa0 5 bytes JMP 0000000076f80220
.text C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e22b80 5 bytes JMP 0000000076f80280
.text C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e21360 5 bytes JMP 0000000076f80460
.text C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e213b0 5 bytes JMP 0000000076f80450
.text C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e21510 5 bytes JMP 0000000076f80370
.text C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e21560 5 bytes JMP 0000000076f80470
.text C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e21570 5 bytes JMP 0000000076f803e0
.text C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e21620 5 bytes JMP 0000000076f80320
.text C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e21650 5 bytes JMP 0000000076f803b0
.text C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e21670 5 bytes JMP 0000000076f80390
.text C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e216b0 5 bytes JMP 0000000076f802e0
.text C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e21730 5 bytes JMP 0000000076f802d0
.text C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e21750 5 bytes JMP 0000000076f80310
.text C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e21790 5 bytes JMP 0000000076f803c0
.text C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e217e0 5 bytes JMP 0000000076f803f0
.text C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e21940 5 bytes JMP 0000000076f80230
.text C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e21b00 5 bytes JMP 0000000076f80480
.text C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e21b30 5 bytes JMP 0000000076f803a0
.text C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e21c10 5 bytes JMP 0000000076f802f0
.text C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e21c20 5 bytes JMP 0000000076f80350
.text C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e21c80 5 bytes JMP 0000000076f80290
.text C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e21d10 5 bytes JMP 0000000076f802b0
.text C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e21d30 5 bytes JMP 0000000076f803d0
.text C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e21d40 5 bytes JMP 0000000076f80330
.text C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e21db0 5 bytes JMP 0000000076f80410
.text C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e21de0 5 bytes JMP 0000000076f80240
.text C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e220a0 5 bytes JMP 0000000076f801e0
.text C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e22160 5 bytes JMP 0000000076f80250
.text C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e22190 5 bytes JMP 0000000076f80490
.text C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e221a0 5 bytes JMP 0000000076f804a0
.text C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e221d0 5 bytes JMP 0000000076f80300
.text C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e221e0 5 bytes JMP 0000000076f80360
.text C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e22240 5 bytes JMP 0000000076f802a0
.text C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e22290 5 bytes JMP 0000000076f802c0
.text C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e222c0 5 bytes JMP 0000000076f80380
.text C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e222d0 5 bytes JMP 0000000076f80340
.text C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e225c0 5 bytes JMP 0000000076f80440
.text C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e227c0 5 bytes JMP 0000000076f80260
.text C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e227d0 5 bytes JMP 0000000076f80270
.text C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e227e0 5 bytes JMP 0000000076f80400
.text C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e229a0 5 bytes JMP 0000000076f801f0
.text C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e229b0 5 bytes JMP 0000000076f80210
.text C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e22a20 5 bytes JMP 0000000076f80200
.text C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e22a80 5 bytes JMP 0000000076f80420
.text C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e22a90 5 bytes JMP 0000000076f80430
.text C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e22aa0 5 bytes JMP 0000000076f80220
.text C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e22b80 5 bytes JMP 0000000076f80280
.text C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e21360 5 bytes JMP 0000000076f80460
.text C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e213b0 5 bytes JMP 0000000076f80450
.text C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e21510 5 bytes JMP 0000000076f80370
.text C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e21560 5 bytes JMP 0000000076f80470
.text C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e21570 5 bytes JMP 0000000076f803e0
.text C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e21620 5 bytes JMP 0000000076f80320
.text C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e21650 5 bytes JMP 0000000076f803b0
.text C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e21670 5 bytes JMP 0000000076f80390
.text C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e216b0 5 bytes JMP 0000000076f802e0
.text C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e21730 5 bytes JMP 0000000076f802d0
.text C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e21750 5 bytes JMP 0000000076f80310
.text C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e21790 5 bytes JMP 0000000076f803c0
.text C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e217e0 5 bytes JMP 0000000076f803f0
.text C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e21940 5 bytes JMP 0000000076f80230
.text C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e21b00 5 bytes JMP 0000000076f80480
.text C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e21b30 5 bytes JMP 0000000076f803a0
.text C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e21c10 5 bytes JMP 0000000076f802f0
.text C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e21c20 5 bytes JMP 0000000076f80350
.text C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e21c80 5 bytes JMP 0000000076f80290
.text C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e21d10 5 bytes JMP 0000000076f802b0
.text C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e21d30 5 bytes JMP 0000000076f803d0
.text C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e21d40 5 bytes JMP 0000000076f80330
.text C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e21db0 5 bytes JMP 0000000076f80410
.text C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e21de0 5 bytes JMP 0000000076f80240
.text C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e220a0 5 bytes JMP 0000000076f801e0
.text C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e22160 5 bytes JMP 0000000076f80250
.text C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e22190 5 bytes JMP 0000000076f80490
.text C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e221a0 5 bytes JMP 0000000076f804a0
.text C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e221d0 5 bytes JMP 0000000076f80300
.text C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e221e0 5 bytes JMP 0000000076f80360
.text C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e22240 5 bytes JMP 0000000076f802a0
.text C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e22290 5 bytes JMP 0000000076f802c0
.text C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e222c0 5 bytes JMP 0000000076f80380
.text C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e222d0 5 bytes JMP 0000000076f80340
.text C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e225c0 5 bytes JMP 0000000076f80440
.text C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e227c0 5 bytes JMP 0000000076f80260
.text C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e227d0 5 bytes JMP 0000000076f80270
.text C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e227e0 5 bytes JMP 0000000076f80400
.text C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e229a0 5 bytes JMP 0000000076f801f0
.text C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e229b0 5 bytes JMP 0000000076f80210
.text C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e22a20 5 bytes JMP 0000000076f80200
.text C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e22a80 5 bytes JMP 0000000076f80420
.text C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e22a90 5 bytes JMP 0000000076f80430
.text C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e22aa0 5 bytes JMP 0000000076f80220
.text C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e22b80 5 bytes JMP 0000000076f80280
.text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e21360 5 bytes JMP 0000000076f80460
.text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e213b0 5 bytes JMP 0000000076f80450
.text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e21510 5 bytes JMP 0000000076f80370
.text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e21560 5 bytes JMP 0000000076f80470
.text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e21570 5 bytes JMP 0000000076f803e0
.text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e21620 5 bytes JMP 0000000076f80320
.text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e21650 5 bytes JMP 0000000076f803b0
.text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e21670 5 bytes JMP 0000000076f80390
.text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e216b0 5 bytes JMP 0000000076f802e0
.text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e21730 5 bytes JMP 0000000076f802d0
.text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e21750 5 bytes JMP 0000000076f80310
.text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e21790 5 bytes JMP 0000000076f803c0
.text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e217e0 5 bytes JMP 0000000076f803f0
.text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e21940 5 bytes JMP 0000000076f80230
.text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e21b00 5 bytes JMP 0000000076f80480
.text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e21b30 5 bytes JMP 0000000076f803a0
.text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e21c10 5 bytes JMP 0000000076f802f0
.text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e21c20 5 bytes JMP 0000000076f80350
.text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e21c80 5 bytes JMP 0000000076f80290
.text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e21d10 5 bytes JMP 0000000076f802b0
.text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e21d30 5 bytes JMP 0000000076f803d0
.text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e21d40 5 bytes JMP 0000000076f80330
.text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e21db0 5 bytes JMP 0000000076f80410
.text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e21de0 5 bytes JMP 0000000076f80240
.text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e220a0 5 bytes JMP 0000000076f801e0
.text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e22160 5 bytes JMP 0000000076f80250
.text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e22190 5 bytes JMP 0000000076f80490
.text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e221a0 5 bytes JMP 0000000076f804a0
.text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e221d0 5 bytes JMP 0000000076f80300
.text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e221e0 5 bytes JMP 0000000076f80360
.text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e22240 5 bytes JMP 0000000076f802a0
.text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e22290 5 bytes JMP 0000000076f802c0
.text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e222c0 5 bytes JMP 0000000076f80380
.text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e222d0 5 bytes JMP 0000000076f80340
.text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e225c0 5 bytes JMP 0000000076f80440
.text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e227c0 5 bytes JMP 0000000076f80260
.text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e227d0 5 bytes JMP 0000000076f80270
.text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e227e0 5 bytes JMP 0000000076f80400
.text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e229a0 5 bytes JMP 0000000076f801f0
.text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e229b0 5 bytes JMP 0000000076f80210
.text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e22a20 5 bytes JMP 0000000076f80200
.text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e22a80 5 bytes JMP 0000000076f80420
.text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e22a90 5 bytes JMP 0000000076f80430
.text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e22aa0 5 bytes JMP 0000000076f80220
.text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e22b80 5 bytes JMP 0000000076f80280
.text C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e21360 5 bytes JMP 0000000076f80460
.text C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e213b0 5 bytes JMP 0000000076f80450
.text C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e21510 5 bytes JMP 0000000076f80370
.text C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e21560 5 bytes JMP 0000000076f80470
.text C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e21570 5 bytes JMP 0000000076f803e0
.text C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e21620 5 bytes JMP 0000000076f80320
.text C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e21650 5 bytes JMP 0000000076f803b0
.text C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e21670 5 bytes JMP 0000000076f80390
.text C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e216b0 5 bytes JMP 0000000076f802e0
.text C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e21730 5 bytes JMP 0000000076f802d0
.text C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e21750 5 bytes JMP 0000000076f80310
.text C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e21790 5 bytes JMP 0000000076f803c0
.text C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e217e0 5 bytes JMP 0000000076f803f0
.text C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e21940 5 bytes JMP 0000000076f80230
.text C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e21b00 5 bytes JMP 0000000076f80480
.text C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e21b30 5 bytes JMP 0000000076f803a0
.text C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e21c10 5 bytes JMP 0000000076f802f0
.text C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e21c20 5 bytes JMP 0000000076f80350
.text C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e21c80 5 bytes JMP 0000000076f80290
.text C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e21d10 5 bytes JMP 0000000076f802b0
.text C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e21d30 5 bytes JMP 0000000076f803d0
.text C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e21d40 5 bytes JMP 0000000076f80330
.text C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e21db0 5 bytes JMP 0000000076f80410
.text C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e21de0 5 bytes JMP 0000000076f80240
.text C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e220a0 5 bytes JMP 0000000076f801e0
.text C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e22160 5 bytes JMP 0000000076f80250
.text C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e22190 5 bytes JMP 0000000076f80490
.text C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e221a0 5 bytes JMP 0000000076f804a0
.text C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e221d0 5 bytes JMP 0000000076f80300
.text C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e221e0 5 bytes JMP 0000000076f80360
.text C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e22240 5 bytes JMP 0000000076f802a0
.text C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e22290 5 bytes JMP 0000000076f802c0
.text C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e222c0 5 bytes JMP 0000000076f80380
.text C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e222d0 5 bytes JMP 0000000076f80340
.text C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e225c0 5 bytes JMP 0000000076f80440
.text C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e227c0 5 bytes JMP 0000000076f80260
.text C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e227d0 5 bytes JMP 0000000076f80270
.text C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e227e0 5 bytes JMP 0000000076f80400
.text C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e229a0 5 bytes JMP 0000000076f801f0
.text C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e229b0 5 bytes JMP 0000000076f80210
.text C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e22a20 5 bytes JMP 0000000076f80200
.text C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e22a80 5 bytes JMP 0000000076f80420
.text C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e22a90 5 bytes JMP 0000000076f80430
.text C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e22aa0 5 bytes JMP 0000000076f80220
.text C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e22b80 5 bytes JMP 0000000076f80280
.text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e21360 5 bytes JMP 0000000076f80460
.text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e213b0 5 bytes JMP 0000000076f80450
.text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e21510 5 bytes JMP 0000000076f80370
.text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e21560 5 bytes JMP 0000000076f80470
.text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e21570 5 bytes JMP 0000000076f803e0
.text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e21620 5 bytes JMP 0000000076f80320
.text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e21650 5 bytes JMP 0000000076f803b0
.text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e21670 5 bytes JMP 0000000076f80390
.text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e216b0 5 bytes JMP 0000000076f802e0
.text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e21730 5 bytes JMP 0000000076f802d0
.text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e21750 5 bytes JMP 0000000076f80310
.text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e21790 5 bytes JMP 0000000076f803c0
.text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e217e0 5 bytes JMP 0000000076f803f0
.text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e21940 5 bytes JMP 0000000076f80230
.text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e21b00 5 bytes JMP 0000000076f80480
.text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e21b30 5 bytes JMP 0000000076f803a0
.text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e21c10 5 bytes JMP 0000000076f802f0
.text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e21c20 5 bytes JMP 0000000076f80350
.text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e21c80 5 bytes JMP 0000000076f80290
.text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e21d10 5 bytes JMP 0000000076f802b0
.text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e21d30 5 bytes JMP 0000000076f803d0
.text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e21d40 5 bytes JMP 0000000076f80330
.text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e21db0 5 bytes JMP 0000000076f80410
.text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e21de0 5 bytes JMP 0000000076f80240
.text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e220a0 5 bytes JMP 0000000076f801e0
.text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e22160 5 bytes JMP 0000000076f80250
.text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e22190 5 bytes JMP 0000000076f80490
.text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e221a0 5 bytes JMP 0000000076f804a0
.text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e221d0 5 bytes JMP 0000000076f80300
.text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e221e0 5 bytes JMP 0000000076f80360
.text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e22240 5 bytes JMP 0000000076f802a0
.text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e22290 5 bytes JMP 0000000076f802c0
.text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e222c0 5 bytes JMP 0000000076f80380
.text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e222d0 5 bytes JMP 0000000076f80340
.text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e225c0 5 bytes JMP 0000000076f80440
.text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e227c0 5 bytes JMP 0000000076f80260
.text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e227d0 5 bytes JMP 0000000076f80270
.text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e227e0 5 bytes JMP 0000000076f80400
.text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e229a0 5 bytes JMP 0000000076f801f0
.text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e229b0 5 bytes JMP 0000000076f80210
.text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e22a20 5 bytes JMP 0000000076f80200
.text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e22a80 5 bytes JMP 0000000076f80420
.text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e22a90 5 bytes JMP 0000000076f80430
.text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e22aa0 5 bytes JMP 0000000076f80220
.text C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e22b80 5 bytes JMP 0000000076f80280
.text C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e21360 5 bytes JMP 0000000076f80460
.text C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e213b0 5 bytes JMP 0000000076f80450
.text C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e21510 5 bytes JMP 0000000076f80370
.text C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e21560 5 bytes JMP 0000000076f80470
.text C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e21570 5 bytes JMP 0000000076f803e0
.text C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e21620 5 bytes JMP 0000000076f80320
.text C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e21650 5 bytes JMP 0000000076f803b0
.text C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e21670 5 bytes JMP 0000000076f80390
.text C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e216b0 5 bytes JMP 0000000076f802e0
.text C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e21730 5 bytes JMP 0000000076f802d0
.text C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e21750 5 bytes JMP 0000000076f80310
.text C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e21790 5 bytes JMP 0000000076f803c0
.text C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e217e0 5 bytes JMP 0000000076f803f0
.text C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e21940 5 bytes JMP 0000000076f80230
.text C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e21b00 5 bytes JMP 0000000076f80480
.text C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e21b30 5 bytes JMP 0000000076f803a0
.text C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e21c10 5 bytes JMP 0000000076f802f0
.text C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e21c20 5 bytes JMP 0000000076f80350
.text C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e21c80 5 bytes JMP 0000000076f80290
.text C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e21d10 5 bytes JMP 0000000076f802b0
.text C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e21d30 5 bytes JMP 0000000076f803d0
.text C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e21d40 5 bytes JMP 0000000076f80330
.text C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e21db0 5 bytes JMP 0000000076f80410
.text C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e21de0 5 bytes JMP 0000000076f80240
.text C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e220a0 5 bytes JMP 0000000076f801e0
.text C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e22160 5 bytes JMP 0000000076f80250
.text C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e22190 5 bytes JMP 0000000076f80490
.text C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e221a0 5 bytes JMP 0000000076f804a0
.text C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e221d0 5 bytes JMP 0000000076f80300
.text C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e221e0 5 bytes JMP 0000000076f80360
.text C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e22240 5 bytes JMP 0000000076f802a0
.text C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e22290 5 bytes JMP 0000000076f802c0
.text C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e222c0 5 bytes JMP 0000000076f80380
.text C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e222d0 5 bytes JMP 0000000076f80340
.text C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e225c0 5 bytes JMP 0000000076f80440
.text C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e227c0 5 bytes JMP 0000000076f80260
.text C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e227d0 5 bytes JMP 0000000076f80270
.text C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e227e0 5 bytes JMP 0000000076f80400
.text C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e229a0 5 bytes JMP 0000000076f801f0
.text C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e229b0 5 bytes JMP 0000000076f80210
.text C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e22a20 5 bytes JMP 0000000076f80200
.text C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e22a80 5 bytes JMP 0000000076f80420
.text C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e22a90 5 bytes JMP 0000000076f80430
.text C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e22aa0 5 bytes JMP 0000000076f80220
.text C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e22b80 5 bytes JMP 0000000076f80280
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e21360 5 bytes JMP 0000000100070460
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e213b0 5 bytes JMP 0000000100070450
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e21510 5 bytes JMP 0000000100070370
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e21560 5 bytes JMP 0000000100070470
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e21570 5 bytes JMP 00000001000703e0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e21620 5 bytes JMP 0000000100070320
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e21650 5 bytes JMP 00000001000703b0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e21670 5 bytes JMP 0000000100070390
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e216b0 5 bytes JMP 00000001000702e0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e21730 5 bytes JMP 00000001000702d0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e21750 5 bytes JMP 0000000100070310
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e21790 5 bytes JMP 00000001000703c0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e217e0 5 bytes JMP 00000001000703f0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e21940 5 bytes JMP 0000000100070230
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e21b00 5 bytes JMP 0000000100070480
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e21b30 5 bytes JMP 00000001000703a0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e21c10 5 bytes JMP 00000001000702f0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e21c20 5 bytes JMP 0000000100070350
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e21c80 5 bytes JMP 0000000100070290
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e21d10 5 bytes JMP 00000001000702b0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e21d30 5 bytes JMP 00000001000703d0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e21d40 5 bytes JMP 0000000100070330
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e21db0 5 bytes JMP 0000000100070410
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e21de0 5 bytes JMP 0000000100070240
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e220a0 5 bytes JMP 00000001000701e0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e22160 5 bytes JMP 0000000100070250
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e22190 5 bytes JMP 0000000100070490
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e221a0 5 bytes JMP 00000001000704a0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e221d0 5 bytes JMP 0000000100070300
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e221e0 5 bytes JMP 0000000100070360
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e22240 5 bytes JMP 00000001000702a0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e22290 5 bytes JMP 00000001000702c0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e222c0 5 bytes JMP 0000000100070380
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e222d0 5 bytes JMP 0000000100070340
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e225c0 5 bytes JMP 0000000100070440
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e227c0 5 bytes JMP 0000000100070260
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e227d0 5 bytes JMP 0000000100070270
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e227e0 5 bytes JMP 0000000100070400
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e229a0 5 bytes JMP 00000001000701f0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e229b0 5 bytes JMP 0000000100070210
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e22a20 5 bytes JMP 0000000100070200
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e22a80 5 bytes JMP 0000000100070420
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e22a90 5 bytes JMP 0000000100070430
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e22aa0 5 bytes JMP 0000000100070220
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e22b80 5 bytes JMP 0000000100070280
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e21360 5 bytes JMP 0000000076f80460
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e213b0 5 bytes JMP 0000000076f80450
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e21510 5 bytes JMP 0000000076f80370
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e21560 5 bytes JMP 0000000076f80470
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e21570 5 bytes JMP 0000000076f803e0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e21620 5 bytes JMP 0000000076f80320
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e21650 5 bytes JMP 0000000076f803b0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e21670 5 bytes JMP 0000000076f80390
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e216b0 5 bytes JMP 0000000076f802e0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e21730 5 bytes JMP 0000000076f802d0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e21750 5 bytes JMP 0000000076f80310
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e21790 5 bytes JMP 0000000076f803c0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e217e0 5 bytes JMP 0000000076f803f0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e21940 5 bytes JMP 0000000076f80230
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e21b00 5 bytes JMP 0000000076f80480
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e21b30 5 bytes JMP 0000000076f803a0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e21c10 5 bytes JMP 0000000076f802f0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e21c20 5 bytes JMP 0000000076f80350
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e21c80 5 bytes JMP 0000000076f80290
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e21d10 5 bytes JMP 0000000076f802b0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e21d30 5 bytes JMP 0000000076f803d0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e21d40 5 bytes JMP 0000000076f80330
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e21db0 5 bytes JMP 0000000076f80410
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e21de0 5 bytes JMP 0000000076f80240
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e220a0 5 bytes JMP 0000000076f801e0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e22160 5 bytes JMP 0000000076f80250
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e22190 5 bytes JMP 0000000076f80490
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e221a0 5 bytes JMP 0000000076f804a0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e221d0 5 bytes JMP 0000000076f80300
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e221e0 5 bytes JMP 0000000076f80360
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e22240 5 bytes JMP 0000000076f802a0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e22290 5 bytes JMP 0000000076f802c0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e222c0 5 bytes JMP 0000000076f80380
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e222d0 5 bytes JMP 0000000076f80340
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e225c0 5 bytes JMP 0000000076f80440
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e227c0 5 bytes JMP 0000000076f80260
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e227d0 5 bytes JMP 0000000076f80270
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e227e0 5 bytes JMP 0000000076f80400
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e229a0 5 bytes JMP 0000000076f801f0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e229b0 5 bytes JMP 0000000076f80210
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e22a20 5 bytes JMP 0000000076f80200
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e22a80 5 bytes JMP 0000000076f80420
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e22a90 5 bytes JMP 0000000076f80430
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e22aa0 5 bytes JMP 0000000076f80220
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e22b80 5 bytes JMP 0000000076f80280
.text C:\Windows\SysWOW64\PnkBstrA.exe[2968] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 00000000722c1a22 2 bytes [2C, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2968] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 00000000722c1ad0 2 bytes [2C, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2968] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 00000000722c1b08 2 bytes [2C, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2968] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 00000000722c1bba 2 bytes [2C, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2968] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 00000000722c1bda 2 bytes [2C, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000000021465 2 bytes [02, 00]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000000214bb 2 bytes [02, 00]
.text ... * 2
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e21360 5 bytes JMP 0000000076f80460
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e213b0 5 bytes JMP 0000000076f80450
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e21510 5 bytes JMP 0000000076f80370
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e21560 5 bytes JMP 0000000076f80470
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e21570 5 bytes JMP 0000000076f803e0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e21620 5 bytes JMP 0000000076f80320
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e21650 5 bytes JMP 0000000076f803b0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e21670 5 bytes JMP 0000000076f80390
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e216b0 5 bytes JMP 0000000076f802e0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e21730 5 bytes JMP 0000000076f802d0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e21750 5 bytes JMP 0000000076f80310
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e21790 5 bytes JMP 0000000076f803c0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e217e0 5 bytes JMP 0000000076f803f0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e21940 5 bytes JMP 0000000076f80230
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e21b00 5 bytes JMP 0000000076f80480
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e21b30 5 bytes JMP 0000000076f803a0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e21c10 5 bytes JMP 0000000076f802f0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e21c20 5 bytes JMP 0000000076f80350
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e21c80 5 bytes JMP 0000000076f80290
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e21d10 5 bytes JMP 0000000076f802b0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e21d30 5 bytes JMP 0000000076f803d0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e21d40 5 bytes JMP 0000000076f80330
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e21db0 5 bytes JMP 0000000076f80410
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e21de0 5 bytes JMP 0000000076f80240
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e220a0 5 bytes JMP 0000000076f801e0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e22160 5 bytes JMP 0000000076f80250
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e22190 5 bytes JMP 0000000076f80490
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e221a0 5 bytes JMP 0000000076f804a0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e221d0 5 bytes JMP 0000000076f80300
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e221e0 5 bytes JMP 0000000076f80360
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e22240 5 bytes JMP 0000000076f802a0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e22290 5 bytes JMP 0000000076f802c0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e222c0 5 bytes JMP 0000000076f80380
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e222d0 5 bytes JMP 0000000076f80340
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e225c0 5 bytes JMP 0000000076f80440
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e227c0 5 bytes JMP 0000000076f80260
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e227d0 5 bytes JMP 0000000076f80270
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e227e0 5 bytes JMP 0000000076f80400
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e229a0 5 bytes JMP 0000000076f801f0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e229b0 5 bytes JMP 0000000076f80210
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e22a20 5 bytes JMP 0000000076f80200
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e22a80 5 bytes JMP 0000000076f80420
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e22a90 5 bytes JMP 0000000076f80430
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e22aa0 5 bytes JMP 0000000076f80220
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e22b80 5 bytes JMP 0000000076f80280
.text C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e21360 5 bytes JMP 0000000076f80460
.text C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e213b0 5 bytes JMP 0000000076f80450
.text C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e21510 5 bytes JMP 0000000076f80370
.text C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e21560 5 bytes JMP 0000000076f80470
.text C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e21570 5 bytes JMP 0000000076f803e0
.text C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e21620 5 bytes JMP 0000000076f80320
.text C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e21650 5 bytes JMP 0000000076f803b0
.text C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e21670 5 bytes JMP 0000000076f80390
.text C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e216b0 5 bytes JMP 0000000076f802e0
.text C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e21730 5 bytes JMP 0000000076f802d0
.text C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e21750 5 bytes JMP 0000000076f80310
.text C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e21790 5 bytes JMP 0000000076f803c0
.text C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e217e0 5 bytes JMP 0000000076f803f0
.text C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e21940 5 bytes JMP 0000000076f80230
.text C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e21b00 5 bytes JMP 0000000076f80480
.text C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e21b30 5 bytes JMP 0000000076f803a0
.text C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e21c10 5 bytes JMP 0000000076f802f0
.text C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e21c20 5 bytes JMP 0000000076f80350
.text C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e21c80 5 bytes JMP 0000000076f80290
|
|
26.11.2014, 18:41
| #4 |
| | Malwarebytes findet Mobogenie. Noch mehr malware?Code:
ATTFilter .text C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e21d10 5 bytes JMP 0000000076f802b0
.text C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e21d30 5 bytes JMP 0000000076f803d0
.text C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e21d40 5 bytes JMP 0000000076f80330
.text C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e21db0 5 bytes JMP 0000000076f80410
.text C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e21de0 5 bytes JMP 0000000076f80240
.text C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e220a0 5 bytes JMP 0000000076f801e0
.text C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e22160 5 bytes JMP 0000000076f80250
.text C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e22190 5 bytes JMP 0000000076f80490
.text C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e221a0 5 bytes JMP 0000000076f804a0
.text C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e221d0 5 bytes JMP 0000000076f80300
.text C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e221e0 5 bytes JMP 0000000076f80360
.text C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e22240 5 bytes JMP 0000000076f802a0
.text C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e22290 5 bytes JMP 0000000076f802c0
.text C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e222c0 5 bytes JMP 0000000076f80380
.text C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e222d0 5 bytes JMP 0000000076f80340
.text C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e225c0 5 bytes JMP 0000000076f80440
.text C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e227c0 5 bytes JMP 0000000076f80260
.text C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e227d0 5 bytes JMP 0000000076f80270
.text C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e227e0 5 bytes JMP 0000000076f80400
.text C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e229a0 5 bytes JMP 0000000076f801f0
.text C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e229b0 5 bytes JMP 0000000076f80210
.text C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e22a20 5 bytes JMP 0000000076f80200
.text C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e22a80 5 bytes JMP 0000000076f80420
.text C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e22a90 5 bytes JMP 0000000076f80430
.text C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e22aa0 5 bytes JMP 0000000076f80220
.text C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e22b80 5 bytes JMP 0000000076f80280
.text C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e21360 5 bytes JMP 0000000076f80460
.text C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e213b0 5 bytes JMP 0000000076f80450
.text C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e21510 5 bytes JMP 0000000076f80370
.text C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e21560 5 bytes JMP 0000000076f80470
.text C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e21570 5 bytes JMP 0000000076f803e0
.text C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e21620 5 bytes JMP 0000000076f80320
.text C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e21650 5 bytes JMP 0000000076f803b0
.text C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e21670 5 bytes JMP 0000000076f80390
.text C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e216b0 5 bytes JMP 0000000076f802e0
.text C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e21730 5 bytes JMP 0000000076f802d0
.text C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e21750 5 bytes JMP 0000000076f80310
.text C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e21790 5 bytes JMP 0000000076f803c0
.text C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e217e0 5 bytes JMP 0000000076f803f0
.text C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e21940 5 bytes JMP 0000000076f80230
.text C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e21b00 5 bytes JMP 0000000076f80480
.text C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e21b30 5 bytes JMP 0000000076f803a0
.text C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e21c10 5 bytes JMP 0000000076f802f0
.text C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e21c20 5 bytes JMP 0000000076f80350
.text C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e21c80 5 bytes JMP 0000000076f80290
.text C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e21d10 5 bytes JMP 0000000076f802b0
.text C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e21d30 5 bytes JMP 0000000076f803d0
.text C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e21d40 5 bytes JMP 0000000076f80330
.text C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e21db0 5 bytes JMP 0000000076f80410
.text C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e21de0 5 bytes JMP 0000000076f80240
.text C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e220a0 5 bytes JMP 0000000076f801e0
.text C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e22160 5 bytes JMP 0000000076f80250
.text C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e22190 5 bytes JMP 0000000076f80490
.text C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e221a0 5 bytes JMP 0000000076f804a0
.text C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e221d0 5 bytes JMP 0000000076f80300
.text C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e221e0 5 bytes JMP 0000000076f80360
.text C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e22240 5 bytes JMP 0000000076f802a0
.text C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e22290 5 bytes JMP 0000000076f802c0
.text C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e222c0 5 bytes JMP 0000000076f80380
.text C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e222d0 5 bytes JMP 0000000076f80340
.text C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e225c0 5 bytes JMP 0000000076f80440
.text C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e227c0 5 bytes JMP 0000000076f80260
.text C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e227d0 5 bytes JMP 0000000076f80270
.text C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e227e0 5 bytes JMP 0000000076f80400
.text C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e229a0 5 bytes JMP 0000000076f801f0
.text C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e229b0 5 bytes JMP 0000000076f80210
.text C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e22a20 5 bytes JMP 0000000076f80200
.text C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e22a80 5 bytes JMP 0000000076f80420
.text C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e22a90 5 bytes JMP 0000000076f80430
.text C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e22aa0 5 bytes JMP 0000000076f80220
.text C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e22b80 5 bytes JMP 0000000076f80280
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e21360 5 bytes JMP 0000000076f80460
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e213b0 5 bytes JMP 0000000076f80450
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e21510 5 bytes JMP 0000000076f80370
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e21560 5 bytes JMP 0000000076f80470
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e21570 5 bytes JMP 0000000076f803e0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e21620 5 bytes JMP 0000000076f80320
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e21650 5 bytes JMP 0000000076f803b0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e21670 5 bytes JMP 0000000076f80390
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e216b0 5 bytes JMP 0000000076f802e0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e21730 5 bytes JMP 0000000076f802d0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e21750 5 bytes JMP 0000000076f80310
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e21790 5 bytes JMP 0000000076f803c0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e217e0 5 bytes JMP 0000000076f803f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e21940 5 bytes JMP 0000000076f80230
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e21b00 5 bytes JMP 0000000076f80480
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e21b30 5 bytes JMP 0000000076f803a0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e21c10 5 bytes JMP 0000000076f802f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e21c20 5 bytes JMP 0000000076f80350
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e21c80 5 bytes JMP 0000000076f80290
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e21d10 5 bytes JMP 0000000076f802b0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e21d30 5 bytes JMP 0000000076f803d0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e21d40 5 bytes JMP 0000000076f80330
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e21db0 5 bytes JMP 0000000076f80410
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e21de0 5 bytes JMP 0000000076f80240
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e220a0 5 bytes JMP 0000000076f801e0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e22160 5 bytes JMP 0000000076f80250
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e22190 5 bytes JMP 0000000076f80490
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e221a0 5 bytes JMP 0000000076f804a0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e221d0 5 bytes JMP 0000000076f80300
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e221e0 5 bytes JMP 0000000076f80360
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e22240 5 bytes JMP 0000000076f802a0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e22290 5 bytes JMP 0000000076f802c0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e222c0 5 bytes JMP 0000000076f80380
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e222d0 5 bytes JMP 0000000076f80340
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e225c0 5 bytes JMP 0000000076f80440
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e227c0 5 bytes JMP 0000000076f80260
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e227d0 5 bytes JMP 0000000076f80270
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e227e0 5 bytes JMP 0000000076f80400
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e229a0 5 bytes JMP 0000000076f801f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e229b0 5 bytes JMP 0000000076f80210
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e22a20 5 bytes JMP 0000000076f80200
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e22a80 5 bytes JMP 0000000076f80420
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e22a90 5 bytes JMP 0000000076f80430
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e22aa0 5 bytes JMP 0000000076f80220
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e22b80 5 bytes JMP 0000000076f80280
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e21360 5 bytes JMP 0000000076f80460
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e213b0 5 bytes JMP 0000000076f80450
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e21510 5 bytes JMP 0000000076f80370
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e21560 5 bytes JMP 0000000076f80470
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e21570 5 bytes JMP 0000000076f803e0
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e21620 5 bytes JMP 0000000076f80320
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e21650 5 bytes JMP 0000000076f803b0
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e21670 5 bytes JMP 0000000076f80390
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e216b0 5 bytes JMP 0000000076f802e0
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e21730 5 bytes JMP 0000000076f802d0
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e21750 5 bytes JMP 0000000076f80310
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e21790 5 bytes JMP 0000000076f803c0
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e217e0 5 bytes JMP 0000000076f803f0
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e21940 5 bytes JMP 0000000076f80230
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e21b00 5 bytes JMP 0000000076f80480
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e21b30 5 bytes JMP 0000000076f803a0
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e21c10 5 bytes JMP 0000000076f802f0
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e21c20 5 bytes JMP 0000000076f80350
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e21c80 5 bytes JMP 0000000076f80290
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e21d10 5 bytes JMP 0000000076f802b0
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e21d30 5 bytes JMP 0000000076f803d0
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e21d40 5 bytes JMP 0000000076f80330
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e21db0 5 bytes JMP 0000000076f80410
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e21de0 5 bytes JMP 0000000076f80240
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e220a0 5 bytes JMP 0000000076f801e0
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e22160 5 bytes JMP 0000000076f80250
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e22190 5 bytes JMP 0000000076f80490
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e221a0 5 bytes JMP 0000000076f804a0
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e221d0 5 bytes JMP 0000000076f80300
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e221e0 5 bytes JMP 0000000076f80360
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e22240 5 bytes JMP 0000000076f802a0
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e22290 5 bytes JMP 0000000076f802c0
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e222c0 5 bytes JMP 0000000076f80380
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e222d0 5 bytes JMP 0000000076f80340
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e225c0 5 bytes JMP 0000000076f80440
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e227c0 5 bytes JMP 0000000076f80260
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e227d0 5 bytes JMP 0000000076f80270
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e227e0 5 bytes JMP 0000000076f80400
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e229a0 5 bytes JMP 0000000076f801f0
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e229b0 5 bytes JMP 0000000076f80210
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e22a20 5 bytes JMP 0000000076f80200
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e22a80 5 bytes JMP 0000000076f80420
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e22a90 5 bytes JMP 0000000076f80430
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e22aa0 5 bytes JMP 0000000076f80220
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e22b80 5 bytes JMP 0000000076f80280
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e21360 5 bytes JMP 0000000076f80460
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e213b0 5 bytes JMP 0000000076f80450
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e21510 5 bytes JMP 0000000076f80370
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e21560 5 bytes JMP 0000000076f80470
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e21570 5 bytes JMP 0000000076f803e0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e21620 5 bytes JMP 0000000076f80320
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e21650 5 bytes JMP 0000000076f803b0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e21670 5 bytes JMP 0000000076f80390
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e216b0 5 bytes JMP 0000000076f802e0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e21730 5 bytes JMP 0000000076f802d0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e21750 5 bytes JMP 0000000076f80310
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e21790 5 bytes JMP 0000000076f803c0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e217e0 5 bytes JMP 0000000076f803f0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e21940 5 bytes JMP 0000000076f80230
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e21b00 5 bytes JMP 0000000076f80480
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e21b30 5 bytes JMP 0000000076f803a0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e21c10 5 bytes JMP 0000000076f802f0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e21c20 5 bytes JMP 0000000076f80350
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e21c80 5 bytes JMP 0000000076f80290
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e21d10 5 bytes JMP 0000000076f802b0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e21d30 5 bytes JMP 0000000076f803d0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e21d40 5 bytes JMP 0000000076f80330
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e21db0 5 bytes JMP 0000000076f80410
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e21de0 5 bytes JMP 0000000076f80240
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e220a0 5 bytes JMP 0000000076f801e0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e22160 5 bytes JMP 0000000076f80250
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e22190 5 bytes JMP 0000000076f80490
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e221a0 5 bytes JMP 0000000076f804a0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e221d0 5 bytes JMP 0000000076f80300
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e221e0 5 bytes JMP 0000000076f80360
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e22240 5 bytes JMP 0000000076f802a0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e22290 5 bytes JMP 0000000076f802c0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e222c0 5 bytes JMP 0000000076f80380
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e222d0 5 bytes JMP 0000000076f80340
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e225c0 5 bytes JMP 0000000076f80440
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e227c0 5 bytes JMP 0000000076f80260
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e227d0 5 bytes JMP 0000000076f80270
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e227e0 5 bytes JMP 0000000076f80400
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e229a0 5 bytes JMP 0000000076f801f0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e229b0 5 bytes JMP 0000000076f80210
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e22a20 5 bytes JMP 0000000076f80200
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e22a80 5 bytes JMP 0000000076f80420
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e22a90 5 bytes JMP 0000000076f80430
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e22aa0 5 bytes JMP 0000000076f80220
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e22b80 5 bytes JMP 0000000076f80280
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e21360 5 bytes JMP 0000000076f80460
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e213b0 5 bytes JMP 0000000076f80450
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e21510 5 bytes JMP 0000000076f80370
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e21560 5 bytes JMP 0000000076f80470
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e21570 5 bytes JMP 0000000076f803e0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e21620 5 bytes JMP 0000000076f80320
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e21650 5 bytes JMP 0000000076f803b0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e21670 5 bytes JMP 0000000076f80390
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e216b0 5 bytes JMP 0000000076f802e0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e21730 5 bytes JMP 0000000076f802d0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e21750 5 bytes JMP 0000000076f80310
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e21790 5 bytes JMP 0000000076f803c0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e217e0 5 bytes JMP 0000000076f803f0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e21940 5 bytes JMP 0000000076f80230
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e21b00 5 bytes JMP 0000000076f80480
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e21b30 5 bytes JMP 0000000076f803a0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e21c10 5 bytes JMP 0000000076f802f0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e21c20 5 bytes JMP 0000000076f80350
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e21c80 5 bytes JMP 0000000076f80290
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e21d10 5 bytes JMP 0000000076f802b0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e21d30 5 bytes JMP 0000000076f803d0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e21d40 5 bytes JMP 0000000076f80330
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e21db0 5 bytes JMP 0000000076f80410
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e21de0 5 bytes JMP 0000000076f80240
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e220a0 5 bytes JMP 0000000076f801e0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e22160 5 bytes JMP 0000000076f80250
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e22190 5 bytes JMP 0000000076f80490
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e221a0 5 bytes JMP 0000000076f804a0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e221d0 5 bytes JMP 0000000076f80300
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e221e0 5 bytes JMP 0000000076f80360
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e22240 5 bytes JMP 0000000076f802a0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e22290 5 bytes JMP 0000000076f802c0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e222c0 5 bytes JMP 0000000076f80380
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e222d0 5 bytes JMP 0000000076f80340
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e225c0 5 bytes JMP 0000000076f80440
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e227c0 5 bytes JMP 0000000076f80260
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e227d0 5 bytes JMP 0000000076f80270
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e227e0 5 bytes JMP 0000000076f80400
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e229a0 5 bytes JMP 0000000076f801f0
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e229b0 5 bytes JMP 0000000076f80210
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e22a20 5 bytes JMP 0000000076f80200
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e22a80 5 bytes JMP 0000000076f80420
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e22a90 5 bytes JMP 0000000076f80430
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e22aa0 5 bytes JMP 0000000076f80220
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e22b80 5 bytes JMP 0000000076f80280
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e21360 5 bytes JMP 0000000076f80460
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e213b0 5 bytes JMP 0000000076f80450
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e21510 5 bytes JMP 0000000076f80370
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e21560 5 bytes JMP 0000000076f80470
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e21570 5 bytes JMP 0000000076f803e0
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e21620 5 bytes JMP 0000000076f80320
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e21650 5 bytes JMP 0000000076f803b0
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e21670 5 bytes JMP 0000000076f80390
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e216b0 5 bytes JMP 0000000076f802e0
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e21730 5 bytes JMP 0000000076f802d0
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e21750 5 bytes JMP 0000000076f80310
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e21790 5 bytes JMP 0000000076f803c0
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e217e0 5 bytes JMP 0000000076f803f0
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e21940 5 bytes JMP 0000000076f80230
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e21b00 5 bytes JMP 0000000076f80480
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e21b30 5 bytes JMP 0000000076f803a0
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e21c10 5 bytes JMP 0000000076f802f0
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e21c20 5 bytes JMP 0000000076f80350
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e21c80 5 bytes JMP 0000000076f80290
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e21d10 5 bytes JMP 0000000076f802b0
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e21d30 5 bytes JMP 0000000076f803d0
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e21d40 5 bytes JMP 0000000076f80330
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e21db0 5 bytes JMP 0000000076f80410
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e21de0 5 bytes JMP 0000000076f80240
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e220a0 5 bytes JMP 0000000076f801e0
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e22160 5 bytes JMP 0000000076f80250
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e22190 5 bytes JMP 0000000076f80490
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e221a0 5 bytes JMP 0000000076f804a0
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e221d0 5 bytes JMP 0000000076f80300
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e221e0 5 bytes JMP 0000000076f80360
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e22240 5 bytes JMP 0000000076f802a0
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e22290 5 bytes JMP 0000000076f802c0
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e222c0 5 bytes JMP 0000000076f80380
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e222d0 5 bytes JMP 0000000076f80340
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e225c0 5 bytes JMP 0000000076f80440
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e227c0 5 bytes JMP 0000000076f80260
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e227d0 5 bytes JMP 0000000076f80270
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e227e0 5 bytes JMP 0000000076f80400
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e229a0 5 bytes JMP 0000000076f801f0
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e229b0 5 bytes JMP 0000000076f80210
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e22a20 5 bytes JMP 0000000076f80200
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e22a80 5 bytes JMP 0000000076f80420
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e22a90 5 bytes JMP 0000000076f80430
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e22aa0 5 bytes JMP 0000000076f80220
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e22b80 5 bytes JMP 0000000076f80280
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3608] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075f78791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e21360 5 bytes JMP 0000000076f80460
.text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e213b0 5 bytes JMP 0000000076f80450
.text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e21510 5 bytes JMP 0000000076f80370
.text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e21560 5 bytes JMP 0000000076f80470
.text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e21570 5 bytes JMP 0000000076f803e0
.text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e21620 5 bytes JMP 0000000076f80320
.text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e21650 5 bytes JMP 0000000076f803b0
.text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e21670 5 bytes JMP 0000000076f80390
.text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e216b0 5 bytes JMP 0000000076f802e0
.text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e21730 5 bytes JMP 0000000076f802d0
.text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e21750 5 bytes JMP 0000000076f80310
.text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e21790 5 bytes JMP 0000000076f803c0
.text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e217e0 5 bytes JMP 0000000076f803f0
.text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e21940 5 bytes JMP 0000000076f80230
.text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e21b00 5 bytes JMP 0000000076f80480
.text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e21b30 5 bytes JMP 0000000076f803a0
.text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e21c10 5 bytes JMP 0000000076f802f0
.text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e21c20 5 bytes JMP 0000000076f80350
.text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e21c80 5 bytes JMP 0000000076f80290
.text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e21d10 5 bytes JMP 0000000076f802b0
.text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e21d30 5 bytes JMP 0000000076f803d0
.text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e21d40 5 bytes JMP 0000000076f80330
.text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e21db0 5 bytes JMP 0000000076f80410
.text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e21de0 5 bytes JMP 0000000076f80240
.text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e220a0 5 bytes JMP 0000000076f801e0
.text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e22160 5 bytes JMP 0000000076f80250
.text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e22190 5 bytes JMP 0000000076f80490
.text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e221a0 5 bytes JMP 0000000076f804a0
.text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e221d0 5 bytes JMP 0000000076f80300
.text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e221e0 5 bytes JMP 0000000076f80360
.text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e22240 5 bytes JMP 0000000076f802a0
.text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e22290 5 bytes JMP 0000000076f802c0
.text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e222c0 5 bytes JMP 0000000076f80380
.text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e222d0 5 bytes JMP 0000000076f80340
.text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e225c0 5 bytes JMP 0000000076f80440
.text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e227c0 5 bytes JMP 0000000076f80260
.text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e227d0 5 bytes JMP 0000000076f80270
.text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e227e0 5 bytes JMP 0000000076f80400
.text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e229a0 5 bytes JMP 0000000076f801f0
.text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e229b0 5 bytes JMP 0000000076f80210
.text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e22a20 5 bytes JMP 0000000076f80200
.text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e22a80 5 bytes JMP 0000000076f80420
.text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e22a90 5 bytes JMP 0000000076f80430
.text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e22aa0 5 bytes JMP 0000000076f80220
.text C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e22b80 5 bytes JMP 0000000076f80280
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e21360 5 bytes JMP 0000000076f80460
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e213b0 5 bytes JMP 0000000076f80450
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e21510 5 bytes JMP 0000000076f80370
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e21560 5 bytes JMP 0000000076f80470
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e21570 5 bytes JMP 0000000076f803e0
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e21620 5 bytes JMP 0000000076f80320
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e21650 5 bytes JMP 0000000076f803b0
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e21670 5 bytes JMP 0000000076f80390
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e216b0 5 bytes JMP 0000000076f802e0
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e21730 5 bytes JMP 0000000076f802d0
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e21750 5 bytes JMP 0000000076f80310
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e21790 5 bytes JMP 0000000076f803c0
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e217e0 5 bytes JMP 0000000076f803f0
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e21940 5 bytes JMP 0000000076f80230
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e21b00 5 bytes JMP 0000000076f80480
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e21b30 5 bytes JMP 0000000076f803a0
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e21c10 5 bytes JMP 0000000076f802f0
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e21c20 5 bytes JMP 0000000076f80350
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e21c80 5 bytes JMP 0000000076f80290
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e21d10 5 bytes JMP 0000000076f802b0
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e21d30 5 bytes JMP 0000000076f803d0
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e21d40 5 bytes JMP 0000000076f80330
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e21db0 5 bytes JMP 0000000076f80410
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e21de0 5 bytes JMP 0000000076f80240
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e220a0 5 bytes JMP 0000000076f801e0
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e22160 5 bytes JMP 0000000076f80250
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e22190 5 bytes JMP 0000000076f80490
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e221a0 5 bytes JMP 0000000076f804a0
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e221d0 5 bytes JMP 0000000076f80300
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e221e0 5 bytes JMP 0000000076f80360
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e22240 5 bytes JMP 0000000076f802a0
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e22290 5 bytes JMP 0000000076f802c0
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e222c0 5 bytes JMP 0000000076f80380
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e222d0 5 bytes JMP 0000000076f80340
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e225c0 5 bytes JMP 0000000076f80440
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e227c0 5 bytes JMP 0000000076f80260
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e227d0 5 bytes JMP 0000000076f80270
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e227e0 5 bytes JMP 0000000076f80400
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e229a0 5 bytes JMP 0000000076f801f0
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e229b0 5 bytes JMP 0000000076f80210
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e22a20 5 bytes JMP 0000000076f80200
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e22a80 5 bytes JMP 0000000076f80420
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e22a90 5 bytes JMP 0000000076f80430
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e22aa0 5 bytes JMP 0000000076f80220
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e22b80 5 bytes JMP 0000000076f80280
.text C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e21360 5 bytes JMP 0000000076f80460
.text C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e213b0 5 bytes JMP 0000000076f80450
.text C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e21510 5 bytes JMP 0000000076f80370
.text C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e21560 5 bytes JMP 0000000076f80470
.text C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e21570 5 bytes JMP 0000000076f803e0
.text C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e21620 5 bytes JMP 0000000076f80320
.text C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e21650 5 bytes JMP 0000000076f803b0
.text C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e21670 5 bytes JMP 0000000076f80390
.text C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e216b0 5 bytes JMP 0000000076f802e0
.text C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e21730 5 bytes JMP 0000000076f802d0
.text C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e21750 5 bytes JMP 0000000076f80310
.text C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e21790 5 bytes JMP 0000000076f803c0
.text C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e217e0 5 bytes JMP 0000000076f803f0
.text C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e21940 5 bytes JMP 0000000076f80230
.text C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e21b00 5 bytes JMP 0000000076f80480
.text C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e21b30 5 bytes JMP 0000000076f803a0
.text C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e21c10 5 bytes JMP 0000000076f802f0
.text C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e21c20 5 bytes JMP 0000000076f80350
.text C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e21c80 5 bytes JMP 0000000076f80290
.text C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e21d10 5 bytes JMP 0000000076f802b0
.text C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e21d30 5 bytes JMP 0000000076f803d0
.text C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e21d40 5 bytes JMP 0000000076f80330
.text C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e21db0 5 bytes JMP 0000000076f80410
.text C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e21de0 5 bytes JMP 0000000076f80240
.text C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e220a0 5 bytes JMP 0000000076f801e0
.text C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e22160 5 bytes JMP 0000000076f80250
.text C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e22190 5 bytes JMP 0000000076f80490
.text C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e221a0 5 bytes JMP 0000000076f804a0
.text C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e221d0 5 bytes JMP 0000000076f80300
.text C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e221e0 5 bytes JMP 0000000076f80360
.text C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e22240 5 bytes JMP 0000000076f802a0
.text C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e22290 5 bytes JMP 0000000076f802c0
.text C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e222c0 5 bytes JMP 0000000076f80380
.text C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e222d0 5 bytes JMP 0000000076f80340
.text C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e225c0 5 bytes JMP 0000000076f80440
.text C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e227c0 5 bytes JMP 0000000076f80260
.text C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e227d0 5 bytes JMP 0000000076f80270
.text C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e227e0 5 bytes JMP 0000000076f80400
.text C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e229a0 5 bytes JMP 0000000076f801f0
.text C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e229b0 5 bytes JMP 0000000076f80210
.text C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e22a20 5 bytes JMP 0000000076f80200
.text C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e22a80 5 bytes JMP 0000000076f80420
.text C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e22a90 5 bytes JMP 0000000076f80430
.text C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e22aa0 5 bytes JMP 0000000076f80220
.text C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e22b80 5 bytes JMP 0000000076f80280
.text C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e21360 5 bytes JMP 0000000076f80460
.text C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e213b0 5 bytes JMP 0000000076f80450
.text C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e21510 5 bytes JMP 0000000076f80370
.text C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e21560 5 bytes JMP 0000000076f80470
.text C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e21570 5 bytes JMP 0000000076f803e0
.text C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e21620 5 bytes JMP 0000000076f80320
.text C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e21650 5 bytes JMP 0000000076f803b0
.text C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e21670 5 bytes JMP 0000000076f80390
.text C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e216b0 5 bytes JMP 0000000076f802e0
.text C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e21730 5 bytes JMP 0000000076f802d0
.text C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e21750 5 bytes JMP 0000000076f80310
.text C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e21790 5 bytes JMP 0000000076f803c0
.text C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e217e0 5 bytes JMP 0000000076f803f0
.text C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e21940 5 bytes JMP 0000000076f80230
.text C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e21b00 5 bytes JMP 0000000076f80480
.text C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e21b30 5 bytes JMP 0000000076f803a0
.text C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e21c10 5 bytes JMP 0000000076f802f0
.text C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e21c20 5 bytes JMP 0000000076f80350
.text C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e21c80 5 bytes JMP 0000000076f80290
.text C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e21d10 5 bytes JMP 0000000076f802b0
.text C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e21d30 5 bytes JMP 0000000076f803d0
.text C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e21d40 5 bytes JMP 0000000076f80330
.text C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e21db0 5 bytes JMP 0000000076f80410
.text C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e21de0 5 bytes JMP 0000000076f80240
.text C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e220a0 5 bytes JMP 0000000076f801e0
.text C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e22160 5 bytes JMP 0000000076f80250
.text C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e22190 5 bytes JMP 0000000076f80490
.text C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e221a0 5 bytes JMP 0000000076f804a0
.text C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e221d0 5 bytes JMP 0000000076f80300
.text C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e221e0 5 bytes JMP 0000000076f80360
.text C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e22240 5 bytes JMP 0000000076f802a0
.text C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e22290 5 bytes JMP 0000000076f802c0
.text C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e222c0 5 bytes JMP 0000000076f80380
.text C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e222d0 5 bytes JMP 0000000076f80340
.text C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e225c0 5 bytes JMP 0000000076f80440
.text C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e227c0 5 bytes JMP 0000000076f80260
.text C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e227d0 5 bytes JMP 0000000076f80270
.text C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e227e0 5 bytes JMP 0000000076f80400
.text C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e229a0 5 bytes JMP 0000000076f801f0
.text C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e229b0 5 bytes JMP 0000000076f80210
.text C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e22a20 5 bytes JMP 0000000076f80200
.text C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e22a80 5 bytes JMP 0000000076f80420
.text C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e22a90 5 bytes JMP 0000000076f80430
.text C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e22aa0 5 bytes JMP 0000000076f80220
.text C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e22b80 5 bytes JMP 0000000076f80280
.text C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076e21360 5 bytes JMP 0000000076f80460
.text C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076e213b0 5 bytes JMP 0000000076f80450
.text C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076e21510 5 bytes JMP 0000000076f80370
.text C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076e21560 5 bytes JMP 0000000076f80470
.text C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076e21570 5 bytes JMP 0000000076f803e0
.text C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076e21620 5 bytes JMP 0000000076f80320
.text C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076e21650 5 bytes JMP 0000000076f803b0
.text C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076e21670 5 bytes JMP 0000000076f80390
.text C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076e216b0 5 bytes JMP 0000000076f802e0
.text C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076e21730 5 bytes JMP 0000000076f802d0
.text C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076e21750 5 bytes JMP 0000000076f80310
.text C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076e21790 5 bytes JMP 0000000076f803c0
.text C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076e217e0 5 bytes JMP 0000000076f803f0
.text C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076e21940 5 bytes JMP 0000000076f80230
.text C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076e21b00 5 bytes JMP 0000000076f80480
.text C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076e21b30 5 bytes JMP 0000000076f803a0
.text C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076e21c10 5 bytes JMP 0000000076f802f0
.text C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076e21c20 5 bytes JMP 0000000076f80350
.text C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076e21c80 5 bytes JMP 0000000076f80290
.text C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076e21d10 5 bytes JMP 0000000076f802b0
.text C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076e21d30 5 bytes JMP 0000000076f803d0
.text C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076e21d40 5 bytes JMP 0000000076f80330
.text C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076e21db0 5 bytes JMP 0000000076f80410
.text C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076e21de0 5 bytes JMP 0000000076f80240
.text C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076e220a0 5 bytes JMP 0000000076f801e0
.text C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076e22160 5 bytes JMP 0000000076f80250
.text C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076e22190 5 bytes JMP 0000000076f80490
.text C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076e221a0 5 bytes JMP 0000000076f804a0
.text C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076e221d0 5 bytes JMP 0000000076f80300
.text C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076e221e0 5 bytes JMP 0000000076f80360
.text C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076e22240 5 bytes JMP 0000000076f802a0
.text C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076e22290 5 bytes JMP 0000000076f802c0
.text C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076e222c0 5 bytes JMP 0000000076f80380
.text C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076e222d0 5 bytes JMP 0000000076f80340
.text C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076e225c0 5 bytes JMP 0000000076f80440
.text C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076e227c0 5 bytes JMP 0000000076f80260
.text C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076e227d0 5 bytes JMP 0000000076f80270
.text C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076e227e0 5 bytes JMP 0000000076f80400
.text C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076e229a0 5 bytes JMP 0000000076f801f0
.text C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076e229b0 5 bytes JMP 0000000076f80210
.text C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076e22a20 5 bytes JMP 0000000076f80200
.text C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076e22a80 5 bytes JMP 0000000076f80420
.text C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076e22a90 5 bytes JMP 0000000076f80430
.text C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076e22aa0 5 bytes JMP 0000000076f80220
.text C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076e22b80 5 bytes JMP 0000000076f80280
---- EOF - GMER 2.1 ----
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 26.11.2014 Scan Time: 17:58:41 Logfile: 123.txt Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.11.26.05 Rootkit Database: v2014.11.22.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Jessica Scan Type: Threat Scan Result: Completed Objects Scanned: 314522 Time Elapsed: 4 min, 53 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 PUP.Optional.NextLive.A, C:\Program Files (x86)\Mobogenie\nengine.dll, Quarantined, [5409202091ebce68406af07fa35e6997], Physical Sectors: 0 (No malicious items detected) (end) |
|
27.11.2014, 14:14
| #5 |
| /// the machine /// TB-Ausbilder    | Malwarebytes findet Mobogenie. Noch mehr malware? hi, Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.11.2014, 18:38
| #6 |
| | Malwarebytes findet Mobogenie. Noch mehr malware? ADW cleaner Code:
ATTFilter # AdwCleaner v4.102 - Bericht erstellt am 27/11/2014 um 18:22:43
# Aktualisiert 23/11/2014 von Xplode
# Database : 2014-11-27.1 [Live]
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Jessica - JESSICA-PC
# Gestartet von : C:\Users\Jessica\Downloads\AdwCleaner_4.102.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files (x86)\Mobogenie
Ordner Gelöscht : C:\Users\Jessica\AppData\Local\genienext
Ordner Gelöscht : C:\Users\Jessica\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Jessica\AppData\Local\CrashRpt
Ordner Gelöscht : C:\Users\Jessica\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Jessica\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Jessica\Documents\Mobogenie
Ordner Gelöscht : C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Datei Gelöscht : C:\Users\Jessica\daemonprocess.txt
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Schlüssel Gelöscht : HKCU\Software\OCS
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17420
-\\ Google Chrome v39.0.2171.71
*************************
AdwCleaner[R0].txt - [1726 octets] - [27/11/2014 18:20:48]
AdwCleaner[S0].txt - [1601 octets] - [27/11/2014 18:22:43]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1661 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Ultimate x64
Ran by Jessica on 27.11.2014 at 18:25:55,12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.11.2014 at 18:28:06,12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by Jessica (administrator) on JESSICA-PC on 27-11-2014 18:30:50
Running from C:\Users\Jessica\Desktop
Loaded Profile: Jessica (Available profiles: Jessica)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ACD Systems) C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar Core\DIPAwayMode\DipAwayMode.exe
() C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.03\AsusFanControlService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-12-19] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-12-19] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-26] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3833322267-538766727-1948873061-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-3833322267-538766727-1948873061-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x737E9E5CDFFCCE01
HKU\S-1-5-21-3833322267-538766727-1948873061-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.192.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-12-20]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-19]
Chrome:
=======
CHR Profile: C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-26]
CHR Extension: (Google Drive) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-26]
CHR Extension: (Google-Suche) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-26]
CHR Extension: (ZenMate) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-07-26]
CHR Extension: (AdBlock) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-26]
CHR Extension: (Avast Online Security) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-12-19]
CHR Extension: (Session Manager) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc [2014-07-26]
CHR Extension: (Google Wallet) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-19]
CHR Extension: (Google Mail) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-26]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-26]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-12-19] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2013-12-19] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2013-12-19] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.03\AsusFanControlService.exe [1690424 2013-12-19] (ASUSTeK Computer Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-26] (AVAST Software)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4797064 2013-11-05] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-03-28] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
S1 ASMTFilter; C:\Windows\System32\DRIVERS\asmtufdriver.sys [21400 2013-12-19] (hxxp://www.asmedia.com.tw) [File not signed]
S1 ASMTFilter; C:\Windows\SysWOW64\DRIVERS\asmtufdriver.sys [16640 2013-12-19] (hxxp://www.asmedia.com.tw) [File not signed]
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2013-12-19] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2013-12-19] (MCCI Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-26] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-26] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-26] ()
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-30] (Intel Corporation)
S3 ezplay; C:\Windows\System32\Drivers\ezplay.sys [118400 2014-01-24] (VSO Software) [File not signed]
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [4433696 2013-12-19] (Intel Corporation) [File not signed]
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [442368 2013-12-19] (Intel(R) Corporation) [File not signed]
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-27 18:28 - 2014-11-27 18:28 - 00000623 _____ () C:\Users\Jessica\Desktop\JRT.txt
2014-11-27 18:28 - 2014-11-27 18:28 - 00000000 ____D () C:\Users\Jessica\Desktop\FRST-OlderVersion
2014-11-27 18:25 - 2014-11-27 18:25 - 01707532 _____ (Thisisu) C:\Users\Jessica\Desktop\JRT.exe
2014-11-27 18:25 - 2014-11-27 18:25 - 00000000 ____D () C:\Windows\ERUNT
2014-11-27 18:24 - 2014-11-27 18:24 - 00001741 _____ () C:\Users\Jessica\Desktop\AdwCleaner[S0].txt
2014-11-27 18:20 - 2014-11-27 18:22 - 00000000 ____D () C:\AdwCleaner
2014-11-27 18:20 - 2014-11-27 18:20 - 02148864 _____ () C:\Users\Jessica\Downloads\AdwCleaner_4.102.exe
2014-11-26 19:35 - 2014-11-26 19:38 - 00000362 _____ () C:\Users\Jessica\Desktop\prime.txt
2014-11-26 19:35 - 2014-11-26 19:36 - 00000168 _____ () C:\Users\Jessica\Desktop\local.txt
2014-11-26 19:35 - 2014-11-26 19:35 - 05378177 _____ () C:\Users\Jessica\Downloads\p95v285.win64.zip
2014-11-26 19:35 - 2014-05-30 03:33 - 36363264 _____ () C:\Users\Jessica\Desktop\prime95.exe
2014-11-26 18:52 - 2014-11-26 18:52 - 00121069 _____ () C:\Users\Jessica\Downloads\memtest86+-5.01.usb.installer.zip
2014-11-26 18:51 - 2014-11-26 18:51 - 00059435 _____ () C:\Users\Jessica\Downloads\memtest86+-5.01.iso.zip
2014-11-26 18:45 - 2014-11-26 18:45 - 00293384 _____ () C:\Windows\Minidump\112614-15381-01.dmp
2014-11-26 18:21 - 2014-11-26 18:21 - 00313108 _____ () C:\Users\Jessica\Desktop\gmer.log
2014-11-26 18:14 - 2014-11-26 18:14 - 00380416 _____ () C:\Users\Jessica\Downloads\w9pgdzdz.exe
2014-11-26 18:14 - 2014-11-26 18:14 - 00380416 _____ () C:\Users\Jessica\Desktop\w9pgdzdz.exe
2014-11-26 18:14 - 2014-11-26 18:14 - 00026147 _____ () C:\Users\Jessica\Desktop\Addition.txt
2014-11-26 18:13 - 2014-11-27 18:30 - 00015039 _____ () C:\Users\Jessica\Desktop\FRST.txt
2014-11-26 18:13 - 2014-11-27 18:30 - 00000000 ____D () C:\FRST
2014-11-26 18:13 - 2014-11-27 18:28 - 02117632 _____ (Farbar) C:\Users\Jessica\Desktop\FRST64.exe
2014-11-26 18:12 - 2014-11-26 18:13 - 02118144 _____ (Farbar) C:\Users\Jessica\Downloads\FRST64.exe
2014-11-26 18:07 - 2014-11-26 18:07 - 00001147 _____ () C:\Users\Jessica\Desktop\123.txt
2014-11-26 17:52 - 2014-11-26 17:52 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-26 17:52 - 2014-11-26 17:52 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-26 17:52 - 2014-11-26 17:52 - 00001924 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-11-26 17:35 - 2014-11-26 17:35 - 05198336 _____ (AVAST Software) C:\Users\Jessica\Downloads\aswmbr.exe
2014-11-18 20:49 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 20:49 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 20:49 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 20:49 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-14 15:53 - 2014-11-14 15:53 - 00000000 ____D () C:\Users\Jessica\Desktop\tattoos
2014-11-13 20:55 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-13 20:55 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-13 20:55 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-13 20:55 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 20:55 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-13 20:55 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-13 20:55 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-13 20:55 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-13 20:55 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-13 20:55 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 20:55 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 20:55 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-13 20:55 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-13 20:55 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-13 20:55 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-13 20:55 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-13 20:55 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-13 20:55 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 20:55 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-13 20:55 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 20:55 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-13 20:55 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-13 20:55 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-13 20:55 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-13 20:55 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-13 20:55 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 20:55 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-13 20:55 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-13 20:55 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-13 20:55 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-13 20:55 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-13 20:55 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 20:55 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-13 20:55 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-13 20:55 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 20:55 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-13 20:55 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-13 20:55 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 20:55 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-13 20:55 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-13 20:55 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 20:55 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-13 20:55 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-13 20:55 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-13 20:55 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 20:55 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-13 20:55 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-13 20:55 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-13 20:55 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-13 20:55 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 20:55 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 20:55 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-13 20:55 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-13 20:55 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-13 20:55 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-13 20:55 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-13 20:55 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-13 20:55 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-13 20:55 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-13 20:55 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-13 20:55 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-13 20:55 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 20:55 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 20:55 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 20:55 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-13 20:55 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-13 20:55 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-13 20:55 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-13 20:55 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 20:55 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-13 20:55 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-13 20:55 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-13 20:55 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-13 20:55 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-13 20:55 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-13 20:55 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 20:55 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-13 20:55 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-13 20:55 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-13 20:55 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-13 20:55 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-13 20:54 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 20:54 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-13 20:54 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 20:54 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-13 20:54 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-13 20:54 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-13 20:54 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-13 20:54 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 20:54 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 20:54 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 20:54 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-13 20:54 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 20:54 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-13 20:54 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-13 20:54 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-13 20:54 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-13 20:54 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-13 20:54 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-13 20:54 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-13 20:54 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-03 15:02 - 2014-11-03 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-11-03 15:02 - 2014-11-03 15:02 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-11-03 15:02 - 2014-04-25 17:44 - 01070152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2014-11-03 15:02 - 2014-04-25 17:44 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2014-11-03 15:02 - 2014-04-25 17:44 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2014-11-03 15:02 - 2014-04-25 17:44 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2014-11-03 15:02 - 2014-04-25 17:44 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2014-11-03 15:02 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL
2014-11-03 15:02 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL
2014-11-03 15:02 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL
2014-11-03 15:00 - 2014-11-03 15:01 - 27843432 _____ (pdfforge ) C:\Users\Jessica\Downloads\PDFCreator-1_7_3_setup.exe
2014-11-01 00:26 - 2014-11-01 00:26 - 00009946 _____ () C:\Users\Jessica\Documents\Unbenannt 1.odt
2014-10-29 23:20 - 2014-10-29 23:42 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\Bioshock2Steam
2014-10-29 23:20 - 2014-10-29 23:20 - 00000000 ____D () C:\Users\Jessica\Documents\Bioshock2
2014-10-29 18:56 - 2014-10-29 18:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-29 18:56 - 2014-10-29 18:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-29 18:56 - 2014-10-29 18:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-29 18:56 - 2014-10-29 18:56 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-29 18:56 - 2014-10-29 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-29 18:56 - 2014-10-29 18:56 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-29 18:33 - 2014-10-30 23:02 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\Bioshock
2014-10-29 18:33 - 2014-10-29 18:40 - 00000000 ____D () C:\Users\Jessica\Documents\Bioshock
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-27 18:31 - 2009-07-14 05:45 - 00027120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-27 18:31 - 2009-07-14 05:45 - 00027120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-27 18:23 - 2013-12-19 19:25 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-27 18:23 - 2013-12-19 19:20 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-27 18:23 - 2013-12-19 17:57 - 01984537 _____ () C:\Windows\WindowsUpdate.log
2014-11-27 18:23 - 2010-11-21 04:47 - 00034782 _____ () C:\Windows\PFRO.log
2014-11-27 18:23 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-27 18:23 - 2009-07-14 05:51 - 00115326 _____ () C:\Windows\setupact.log
2014-11-27 18:22 - 2013-12-19 17:58 - 00000000 ____D () C:\Users\Jessica
2014-11-27 18:17 - 2013-12-19 19:20 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-26 20:18 - 2013-12-19 19:21 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-26 19:40 - 2011-04-12 08:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-11-26 19:40 - 2011-04-12 08:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-11-26 19:40 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-26 19:39 - 2013-12-19 19:33 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-26 18:45 - 2014-02-05 22:28 - 742466218 _____ () C:\Windows\MEMORY.DMP
2014-11-26 18:45 - 2014-02-05 22:28 - 00000000 ____D () C:\Windows\Minidump
2014-11-26 18:06 - 2014-07-14 13:54 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-26 17:52 - 2014-05-04 17:42 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-26 17:52 - 2013-12-19 19:25 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-26 17:52 - 2013-12-19 19:25 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-11-26 17:52 - 2013-12-19 19:25 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-26 17:52 - 2013-12-19 19:25 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-11-26 17:52 - 2013-12-19 19:25 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-26 17:52 - 2013-12-19 19:25 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-26 17:52 - 2013-12-19 19:25 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-26 17:49 - 2014-07-14 13:54 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-26 17:49 - 2014-07-14 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-11-26 17:49 - 2014-07-14 13:54 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-11-20 22:31 - 2013-12-20 16:50 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\vlc
2014-11-16 15:42 - 2013-12-20 17:16 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-11-15 11:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-14 16:12 - 2013-12-19 19:20 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 16:12 - 2013-12-19 19:20 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-14 15:51 - 2009-07-14 05:45 - 00295752 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-14 15:50 - 2014-05-06 19:36 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-13 22:09 - 2013-12-19 19:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 22:07 - 2013-12-19 19:46 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-09 15:59 - 2014-07-26 11:02 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\TeamViewer
2014-11-04 14:30 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-29 19:55 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-29 18:56 - 2013-12-20 17:17 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-29 18:33 - 2013-12-20 17:49 - 00440803 _____ () C:\Windows\DirectX.log
Some content of TEMP:
====================
C:\Users\Jessica\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Jessica\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Jessica\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Jessica\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Jessica\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Jessica\AppData\Local\Temp\Quarantine.exe
C:\Users\Jessica\AppData\Local\Temp\sonarinst.exe
C:\Users\Jessica\AppData\Local\Temp\sqlite3.dll
C:\Users\Jessica\AppData\Local\Temp\vlc-2.1.4-win64.exe
C:\Users\Jessica\AppData\Local\Temp\vlc-2.1.5-win64.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-26 20:00
==================== End Of Log ============================
|
|
28.11.2014, 17:40
| #7 |
| /// the machine /// TB-Ausbilder | Malwarebytes findet Mobogenie. Noch mehr malware?ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.12.2014, 14:09
| #8 |
| | Malwarebytes findet Mobogenie. Noch mehr malware? Hallo, bin leider heute erst dazu gekommen Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8f6af701aa4fcd459070e9a40995b893
# engine=21401
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-04 07:40:22
# local_time=2014-12-04 08:40:22 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 92 704144 30248102 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 12735 169351872 0 0
# scanned=229545
# found=3
# cleaned=0
# scan_time=4202
sh=31CE21FE36C11E107A6E315EFE1875743809B4CC ft=1 fh=48abcfa6ce4a4014 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jessica\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=DF0FE97D4A08C5062A310BDDC24E23EE0725B1B6 ft=1 fh=4d0a96f270734e01 vn="Variante von Win32/InstallCore.BY evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\USBDI8UZ\JDownloaderSetup_CH1[1].exe"
sh=A836A8346F791EC8A83B51BC78E84B2F6659E6DA ft=1 fh=0a2e45c370149901 vn="Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jessica\AppData\Local\Temp\is1070216317\949764_stp\wajam_validate.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.91 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 2.0.3.1025 Java 7 Update 71 Adobe Flash Player 14.0.0.179 Flash Player out of Date! Adobe Reader XI Mozilla Thunderbird (24.6.0) Google Chrome (39.0.2171.65) Google Chrome (39.0.2171.71) ````````Process Check: objlist.exe by Laurent```````` ASUS AI Suite III Thermal Radar Core DipAwayMode\DipAwayMode.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
06.12.2014, 09:30
| #9 |
| /// the machine /// TB-Ausbilder | Malwarebytes findet Mobogenie. Noch mehr malware? und der Rest?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.12.2014, 14:40
| #10 |
| | Malwarebytes findet Mobogenie. Noch mehr malware? Ups, entschuldige. Das hab ich total überlesen. Probleme gibts keine. Was ist mit den Eset funden? Hier das FRST Log FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-12-2014
Ran by Jessica (administrator) on JESSICA-PC on 09-12-2014 14:28:28
Running from C:\Users\Jessica\Desktop
Loaded Profile: Jessica (Available profiles: Jessica)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.03\AsusFanControlService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar Core\DIPAwayMode\DipAwayMode.exe
() C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-12-19] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-12-19] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-26] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3833322267-538766727-1948873061-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.192.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-12-20]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-19]
Chrome:
=======
CHR Profile: C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-26]
CHR Extension: (Google Drive) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-26]
CHR Extension: (Google-Suche) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-26]
CHR Extension: (ZenMate) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-07-26]
CHR Extension: (AdBlock) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-26]
CHR Extension: (Avast Online Security) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-12-19]
CHR Extension: (Session Manager) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc [2014-07-26]
CHR Extension: (Google Wallet) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-19]
CHR Extension: (Google Mail) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-26]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-26]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-12-19] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2013-12-19] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2013-12-19] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.03\AsusFanControlService.exe [1690424 2013-12-19] (ASUSTeK Computer Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-26] (AVAST Software)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4797064 2013-11-05] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [33080 2014-12-01] (The OpenVPN Project)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-03-28] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
S1 ASMTFilter; C:\Windows\System32\DRIVERS\asmtufdriver.sys [21400 2013-12-19] (hxxp://www.asmedia.com.tw) [File not signed]
S1 ASMTFilter; C:\Windows\SysWOW64\DRIVERS\asmtufdriver.sys [16640 2013-12-19] (hxxp://www.asmedia.com.tw) [File not signed]
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2013-12-19] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2013-12-19] (MCCI Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-26] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-26] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-26] ()
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-30] (Intel Corporation)
S3 ezplay; C:\Windows\System32\Drivers\ezplay.sys [118400 2014-01-24] (VSO Software) [File not signed]
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [4433696 2013-12-19] (Intel Corporation) [File not signed]
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [442368 2013-12-19] (Intel(R) Corporation) [File not signed]
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-09 14:28 - 2014-12-09 14:29 - 00015403 _____ () C:\Users\Jessica\Desktop\FRST.txt
2014-12-09 14:28 - 2014-12-09 14:27 - 02119680 _____ (Farbar) C:\Users\Jessica\Desktop\FRST64.exe
2014-12-09 14:27 - 2014-12-09 14:27 - 02119680 _____ (Farbar) C:\Users\Jessica\Downloads\FRST64.exe
2014-12-08 21:23 - 2014-12-08 21:23 - 00000000 ____D () C:\Users\Jessica\AppData\Local\Adobe
2014-12-05 14:08 - 2014-12-05 14:08 - 00000983 _____ () C:\Users\Jessica\Desktop\checkup.txt
2014-12-04 21:02 - 2014-12-04 21:02 - 00000458 _____ () C:\Users\Jessica\Desktop\esetneu.txt
2014-12-04 18:12 - 2014-12-04 18:12 - 00000000 ____D () C:\Users\Jessica\AppData\Local\Mozilla
2014-12-04 17:45 - 2014-12-04 17:45 - 00001103 _____ () C:\Users\Public\Desktop\OpenVPN GUI.lnk
2014-12-04 17:44 - 2014-12-04 17:45 - 00000000 ____D () C:\Users\Jessica\Desktop\FirefoxPortable
2014-12-04 17:44 - 2014-12-04 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2014-12-04 17:44 - 2014-12-04 17:45 - 00000000 ____D () C:\Program Files\TAP-Windows
2014-12-04 17:44 - 2014-12-04 17:45 - 00000000 ____D () C:\Program Files (x86)\OpenVPN
2014-12-04 17:44 - 2014-12-04 17:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2014-12-03 20:23 - 2014-12-03 16:35 - 00018469 _____ () C:\Users\Jessica\Desktop\config.zip
2014-11-28 18:19 - 2014-11-28 18:19 - 00000148 _____ () C:\Users\Jessica\Desktop\j.txt
2014-11-28 17:55 - 2014-11-28 17:55 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-11-27 18:25 - 2014-11-27 18:25 - 00000000 ____D () C:\Windows\ERUNT
2014-11-27 18:20 - 2014-11-27 18:22 - 00000000 ____D () C:\AdwCleaner
2014-11-26 19:35 - 2014-05-30 03:33 - 36363264 _____ () C:\Users\Jessica\Desktop\prime95.exe
2014-11-26 18:45 - 2014-11-26 18:45 - 00293384 _____ () C:\Windows\Minidump\112614-15381-01.dmp
2014-11-26 18:13 - 2014-12-09 14:28 - 00000000 ____D () C:\FRST
2014-11-26 17:52 - 2014-11-26 17:52 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-26 17:52 - 2014-11-26 17:52 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-26 17:52 - 2014-11-26 17:52 - 00001924 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-11-18 20:49 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 20:49 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 20:49 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 20:49 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-14 15:53 - 2014-11-14 15:53 - 00000000 ____D () C:\Users\Jessica\Desktop\tattoos
2014-11-13 20:55 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-13 20:55 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-13 20:55 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-13 20:55 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 20:55 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-13 20:55 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-13 20:55 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-13 20:55 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-13 20:55 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-13 20:55 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 20:55 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 20:55 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-13 20:55 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-13 20:55 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-13 20:55 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-13 20:55 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-13 20:55 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-13 20:55 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 20:55 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-13 20:55 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 20:55 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-13 20:55 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-13 20:55 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-13 20:55 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-13 20:55 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-13 20:55 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 20:55 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-13 20:55 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-13 20:55 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-13 20:55 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-13 20:55 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-13 20:55 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 20:55 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-13 20:55 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-13 20:55 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 20:55 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-13 20:55 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-13 20:55 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 20:55 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-13 20:55 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-13 20:55 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 20:55 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-13 20:55 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-13 20:55 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-13 20:55 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 20:55 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-13 20:55 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-13 20:55 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-13 20:55 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-13 20:55 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 20:55 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 20:55 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-13 20:55 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-13 20:55 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-13 20:55 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-13 20:55 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-13 20:55 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-13 20:55 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-13 20:55 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-13 20:55 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-13 20:55 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-13 20:55 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 20:55 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 20:55 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 20:55 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-13 20:55 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-13 20:55 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-13 20:55 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-13 20:55 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 20:55 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-13 20:55 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-13 20:55 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-13 20:55 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-13 20:55 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-13 20:55 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-13 20:55 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 20:55 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-13 20:55 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-13 20:55 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-13 20:55 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-13 20:55 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-13 20:54 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 20:54 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-13 20:54 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 20:54 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-13 20:54 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-13 20:54 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-13 20:54 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-13 20:54 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 20:54 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 20:54 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 20:54 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-13 20:54 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 20:54 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-13 20:54 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-13 20:54 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-13 20:54 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-13 20:54 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-13 20:54 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-13 20:54 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-13 20:54 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-09 14:29 - 2013-12-19 17:57 - 01265277 _____ () C:\Windows\WindowsUpdate.log
2014-12-09 14:25 - 2013-12-19 19:33 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-09 14:24 - 2013-12-19 19:25 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-09 14:24 - 2013-12-19 19:20 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-09 14:24 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-09 14:24 - 2009-07-14 05:51 - 00119806 _____ () C:\Windows\setupact.log
2014-12-08 22:17 - 2013-12-19 19:20 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-08 21:34 - 2013-12-20 16:50 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\vlc
2014-12-08 11:21 - 2009-07-14 05:45 - 00027120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-08 11:21 - 2009-07-14 05:45 - 00027120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-06 19:47 - 2014-10-29 18:33 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\Bioshock
2014-12-04 19:33 - 2011-04-12 08:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-12-04 19:33 - 2011-04-12 08:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-12-04 19:33 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-04 18:24 - 2013-12-20 17:16 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-12-04 18:12 - 2014-05-19 20:58 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\Mozilla
2014-11-27 18:23 - 2010-11-21 04:47 - 00034782 _____ () C:\Windows\PFRO.log
2014-11-27 18:22 - 2013-12-19 17:58 - 00000000 ____D () C:\Users\Jessica
2014-11-26 20:18 - 2013-12-19 19:21 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-26 18:45 - 2014-02-05 22:28 - 742466218 _____ () C:\Windows\MEMORY.DMP
2014-11-26 18:45 - 2014-02-05 22:28 - 00000000 ____D () C:\Windows\Minidump
2014-11-26 18:06 - 2014-07-14 13:54 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-26 17:52 - 2014-05-04 17:42 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-26 17:52 - 2013-12-19 19:25 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-26 17:52 - 2013-12-19 19:25 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-11-26 17:52 - 2013-12-19 19:25 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-26 17:52 - 2013-12-19 19:25 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-11-26 17:52 - 2013-12-19 19:25 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-26 17:52 - 2013-12-19 19:25 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-26 17:52 - 2013-12-19 19:25 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-26 17:49 - 2014-07-14 13:54 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-26 17:49 - 2014-07-14 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-11-26 17:49 - 2014-07-14 13:54 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-11-15 11:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-14 16:12 - 2013-12-19 19:20 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 16:12 - 2013-12-19 19:20 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-14 15:51 - 2009-07-14 05:45 - 00295752 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-14 15:50 - 2014-05-06 19:36 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-13 22:09 - 2013-12-19 19:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 22:07 - 2013-12-19 19:46 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-09 15:59 - 2014-07-26 11:02 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\TeamViewer
Some content of TEMP:
====================
C:\Users\Jessica\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Jessica\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Jessica\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Jessica\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Jessica\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Jessica\AppData\Local\Temp\Quarantine.exe
C:\Users\Jessica\AppData\Local\Temp\sonarinst.exe
C:\Users\Jessica\AppData\Local\Temp\sqlite3.dll
C:\Users\Jessica\AppData\Local\Temp\vlc-2.1.4-win64.exe
C:\Users\Jessica\AppData\Local\Temp\vlc-2.1.5-win64.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-08 11:43
==================== End Of Log ============================
|
|
09.12.2014, 17:48
| #11 |
| /// the machine /// TB-Ausbilder | Malwarebytes findet Mobogenie. Noch mehr malware? Machen wir jetzt. Flash Player updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.12.2014, 14:18
| #12 |
| | Malwarebytes findet Mobogenie. Noch mehr malware?Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-12-2014
Ran by Jessica at 2014-12-10 14:09:23 Run:1
Running from C:\Users\Jessica\Desktop
Loaded Profile: Jessica (Available profiles: Jessica)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Emptytemp:
*****************
EmptyTemp: => Removed 2.6 GB temporary data.
The system needed a reboot.
==== End of Fixlog ====
Flash player hat gerade sein update erhalten. Ich danke dir vielmals für deine Hilfe =) |
|
11.12.2014, 09:25
| #13 |
| /// the machine /// TB-Ausbilder | Malwarebytes findet Mobogenie. Noch mehr malware? Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Malwarebytes findet Mobogenie. Noch mehr malware? |
| administrator, antivirus, computer, cpu-z, dvdvideosoft ltd., entfernen, explorer, fehlercode 0xc0000005, fehlercode windows, mobogenie, mobogenie entfernen, pup.optional.nextlive.a, registry, schädling, security, services.exe, software, svchost.exe, system, win32/downloadsponsor.a, win32/installcore.by, win32/wajam.f, windows, winlogon.exe |
Linear-Darstellung
