| |
| |||||||
Log-Analyse und Auswertung: "VBS:Malware-gen" auf USB Stick gefunden. Bitte um ÜberprüfungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
27.12.2014, 21:12
| #1 |
 |  "VBS:Malware-gen" auf USB Stick gefunden. Bitte um Überprüfung Hallo Community. Nachdem ich heute einen USB Stick meiner Nachbarin auf meinem PC anschloss meldete Avast VBS:Malware-gen in der Autorun.inf in sperrte diesen in Quarantäne. Nun würde ich gern den Rest meines Rechners überprüft haben um auszuschließen, dass ich mir nun auch etwas eingefangen habe. Defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:24 on 27/12/2014 (Swift)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-12-2014
Ran by Swift (administrator) on SWIFT-PC on 27-12-2014 19:28:49
Running from C:\Users\Swift\Desktop
Loaded Profile: Swift (Available profiles: Swift)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.03\AsusFanControlService.exe
(AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
() C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
(AVerMedia TECHNOLOGIES, Inc.) C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Program Files (x86)\HDD Health\HDDHealthService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(SplitCam Co.) C:\Program Files (x86)\SplitCam\SplitCamService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar Core\DIPAwayMode\DipAwayMode.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
(NVIDIA Corporation) C:\Users\Swift\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(PANTERASoft) C:\Program Files (x86)\HDD Health\hddhealth.exe
() C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(E.W.E.-Software) C:\Users\Swift\AppData\Roaming\TV Movie\TV Movie Clickfinder\tvtip.exe
(www.counter-strike.de - MUff[99]) C:\Users\Swift\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Gammacontrol.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-24] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-12] (AVAST Software)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3838800 2014-12-13] (LogMeIn Inc.)
HKU\S-1-5-21-1960244712-2969206649-92089019-1000\...\Run: [TVTip] => C:\Users\Swift\AppData\Roaming\TV Movie\TV Movie Clickfinder\tvstart.exe [102400 2012-01-24] (E.W.E.-Software)
HKU\S-1-5-21-1960244712-2969206649-92089019-1000\...\MountPoints2: {6f423242-a52c-11e3-bd4a-ac220bc62429} - H:\iStudio.exe
HKU\S-1-5-18\...\Run: [DevconDefaultDB] => C:\Windows\system32\READREG /SILENT /FAIL=1
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-12-31] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HDDHealth.lnk
ShortcutTarget: HDDHealth.lnk -> C:\Program Files (x86)\HDD Health\hddhealth.exe (PANTERASoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
Startup: C:\Users\Swift\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Gammacontrol.exe (www.counter-strike.de - MUff[99])
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=prc265
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1960244712-2969206649-92089019-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1960244712-2969206649-92089019-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=prc265
HKU\S-1-5-21-1960244712-2969206649-92089019-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=prc265
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1960244712-2969206649-92089019-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Swift\AppData\Roaming\Mozilla\Firefox\Profiles\vm647fxx.default
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: https://www.google.com/?trackid=sp-006
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Swift\AppData\Roaming\Mozilla\Firefox\Profiles\vm647fxx.default\searchplugins\google-avast.xml
FF SearchPlugin: C:\Users\Swift\AppData\Roaming\Mozilla\Firefox\Profiles\vm647fxx.default\searchplugins\yahoo-avast.xml
FF Extension: DownloadHelper - C:\Users\Swift\AppData\Roaming\Mozilla\Firefox\Profiles\vm647fxx.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-08]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-20]
FF HKU\S-1-5-21-1960244712-2969206649-92089019-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
Chrome:
=======
CHR HomePage: Default -> https://de.yahoo.com?fr=hp-avast&type=prc265
CHR StartupUrls: Default -> "https://de.yahoo.com?fr=hp-avast&type=prc265"
CHR Profile: C:\Users\Swift\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Swift\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-29]
CHR Extension: (Google Drive) - C:\Users\Swift\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Swift\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\Swift\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-29]
CHR Extension: (Chrome YouTube Downloader) - C:\Users\Swift\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdjiinahkdjdcdlgfimlcolkjpbooja [2014-12-09]
CHR Extension: (Google-Suche) - C:\Users\Swift\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-29]
CHR Extension: (ZenMate) - C:\Users\Swift\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-07-15]
CHR Extension: (AdBlock) - C:\Users\Swift\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-12-30]
CHR Extension: (Video Download Helper) - C:\Users\Swift\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldcccbolclahdbkahlppenfodnheapah [2014-12-09]
CHR Extension: (Session Manager) - C:\Users\Swift\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc [2013-12-30]
CHR Extension: (Google Wallet) - C:\Users\Swift\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-29]
CHR Extension: (Google Mail) - C:\Users\Swift\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-18]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-06-04] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2013-08-01] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2013-09-18] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.03\AsusFanControlService.exe [1690424 2013-09-18] (ASUSTeK Computer Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-18] (AVAST Software)
R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [360448 2011-08-19] (AVerMedia) [File not signed]
R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [403456 2011-04-01] () [File not signed]
R2 AVerUpdateServer; C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe [167936 2011-10-31] (AVerMedia TECHNOLOGIES, Inc.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)
R2 HDDHealth; C:\Program Files (x86)\HDD Health\HDDHealthService.exe [17760 2013-03-08] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-12-02] (LogMeIn, Inc.)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5131672 2013-12-01] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [1657128 2014-01-24] (O&O Software GmbH)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [33080 2014-12-01] (The OpenVPN Project)
S3 Origin Client Service; E:\Origin\OriginClientService.exe [1900400 2014-11-29] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-12-10] ()
R2 SpliCamService; C:\Program Files (x86)\SplitCam\SplitCamService.exe [311456 2013-11-21] (SplitCam Co.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-06-04] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-14] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-18] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-18] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-18] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-18] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-18] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-18] ()
S3 AVerAF35; C:\Windows\System32\Drivers\AVerAF35.sys [804736 2012-11-29] (AVerMedia TECHNOLOGIES, Inc.)
S3 CT20XUT.DLL; C:\Windows\System32\CT20XUT.DLL [252712 2007-04-10] (Creative Technology Ltd.)
S3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [219432 2007-04-10] (Creative Technology Ltd)
S3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [321832 2007-04-10] (Creative Technology Ltd)
S3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [190248 2007-04-10] (Creative Technology Ltd)
S3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [363304 2007-04-10] (Creative Technology Ltd)
S3 CTEXFIFX.DLL; C:\Windows\System32\CTEXFIFX.DLL [1571112 2007-04-10] (Creative Technology Ltd.)
S3 CTHWIUT.DLL; C:\Windows\System32\CTHWIUT.DLL [123688 2007-04-10] (Creative Technology Ltd.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-12-29] (Disc Soft Ltd)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-30] (Intel Corporation)
R1 Eve; C:\Windows\System32\DRIVERS\eve.sys [41304 2014-04-10] ()
S3 ezplay; C:\Windows\System32\Drivers\ezplay.sys [118400 2014-01-26] (VSO Software)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2010-07-16] (CACE Technologies, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2013-03-12] (Realtek Semiconductor Corporation )
R3 scvad_simple; C:\Windows\System32\drivers\SplitCamAudio.sys [23552 2013-04-24] (Windows (R) Win 7 DDK provider)
R3 splitcam_hd_driver; C:\Windows\System32\DRIVERS\splitcam_hd_driver.sys [37496 2013-07-12] (Windows (R) Win 7 DDK provider)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [33048 2006-11-30] (X10 Wireless Technology, Inc.)
S3 COMMONFX; system32\drivers\COMMONFX.SYS [X]
S3 COMMONFX.DLL; system32\COMMONFX.DLL [X]
S3 ctac32k; system32\drivers\ctac32k.sys [X]
S3 ctaud2k; system32\drivers\ctaud2k.sys [X]
S3 CTAUDFX; system32\drivers\CTAUDFX.SYS [X]
S3 CTAUDFX.DLL; system32\CTAUDFX.DLL [X]
S3 CTERFXFX; system32\drivers\CTERFXFX.SYS [X]
S3 CTERFXFX.DLL; system32\CTERFXFX.DLL [X]
S3 ctprxy2k; system32\drivers\ctprxy2k.sys [X]
S3 CTSBLFX; system32\drivers\CTSBLFX.SYS [X]
S3 CTSBLFX.DLL; system32\CTSBLFX.DLL [X]
S3 ctsfm2k; system32\drivers\ctsfm2k.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 emupia; system32\drivers\emupia2k.sys [X]
S3 ha10kx2k; system32\drivers\ha10kx2k.sys [X]
S3 hap16v2k; system32\drivers\hap16v2k.sys [X]
S3 hap17v2k; system32\drivers\hap17v2k.sys [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S3 ossrv; system32\drivers\ctoss2k.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-27 19:28 - 2014-12-27 19:29 - 00022072 _____ () C:\Users\Swift\Desktop\FRST.txt
2014-12-27 19:28 - 2014-12-27 19:28 - 00000000 ____D () C:\FRST
2014-12-27 19:24 - 2014-12-27 19:24 - 00000542 _____ () C:\Users\Swift\Desktop\defogger_disable.log
2014-12-27 19:24 - 2014-12-27 19:24 - 00000168 _____ () C:\Users\Swift\defogger_reenable
2014-12-27 19:23 - 2014-12-27 19:23 - 02122752 _____ (Farbar) C:\Users\Swift\Downloads\FRST64.exe
2014-12-27 19:23 - 2014-12-27 19:23 - 02122752 _____ (Farbar) C:\Users\Swift\Desktop\FRST64.exe
2014-12-27 19:23 - 2014-12-27 19:23 - 00380416 _____ () C:\Users\Swift\Downloads\Gmer-19357.exe
2014-12-27 19:23 - 2014-12-27 19:23 - 00380416 _____ () C:\Users\Swift\Desktop\Gmer-19357.exe
2014-12-27 19:23 - 2014-12-27 19:23 - 00050477 _____ () C:\Users\Swift\Downloads\Defogger.exe
2014-12-27 19:23 - 2014-12-27 19:23 - 00050477 _____ () C:\Users\Swift\Desktop\Defogger.exe
2014-12-27 19:21 - 2014-12-27 19:21 - 00003042 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
2014-12-27 19:21 - 2014-12-27 19:21 - 00000000 ____D () C:\ProgramData\Panda Security
2014-12-27 19:21 - 2014-12-27 19:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2014-12-27 19:21 - 2014-12-27 19:21 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2014-12-27 19:19 - 2014-12-27 19:19 - 00848856 _____ (Panda Security ) C:\Users\Swift\Downloads\USBVaccineSetup.exe
2014-12-27 19:15 - 2014-12-27 09:23 - 102691707 _____ () C:\Users\Swift\Desktop\Mein Film.wmv
2014-12-27 16:50 - 2014-12-27 16:50 - 00000000 ____D () C:\Users\Swift\AppData\Roaming\mkvtoolnix
2014-12-27 16:49 - 2014-12-27 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVToolNix
2014-12-27 16:49 - 2014-12-27 16:49 - 00000000 ____D () C:\Program Files\MKVToolNix
2014-12-27 16:44 - 2014-12-27 16:49 - 18704293 _____ (Moritz Bunkus) C:\Users\Swift\Downloads\mkvtoolnix-amd64-7.4.0-setup.exe
2014-12-27 16:37 - 2014-12-27 16:38 - 00008175 _____ () C:\Users\Swift\Desktop\1.srt
2014-12-27 16:36 - 2014-12-27 16:36 - 00719218 _____ () C:\Users\Swift\Downloads\MKVExtractGUI-2.2.2.9.zip
2014-12-26 16:59 - 2014-12-26 17:00 - 00000000 ____D () C:\Users\Swift\Desktop\1
2014-12-26 16:50 - 2014-12-26 16:50 - 00000000 ____D () C:\Users\Swift\AppData\RoamingDVDVideoSoft
2014-12-26 16:50 - 2014-12-26 16:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-12-26 16:48 - 2014-12-26 16:49 - 03521288 _____ (DVDVideoSoft Ltd. ) C:\Users\Swift\Downloads\FreeVideoEditor.exe
2014-12-26 16:39 - 2014-12-26 21:26 - 00000000 ____D () C:\Program Files (x86)\WinToolkit
2014-12-26 16:39 - 2014-12-26 16:39 - 00001031 _____ () C:\Users\Swift\Desktop\WinToolkit.lnk
2014-12-26 16:39 - 2014-12-26 16:39 - 00000000 ____D () C:\Users\Swift\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinToolkit
2014-12-26 16:38 - 2014-12-26 16:38 - 00002187 _____ () C:\Users\Swift\Desktop\RT 7 Lite (64-Bit).lnk
2014-12-26 16:38 - 2014-12-26 16:38 - 00000000 ____D () C:\Windows\system32\RT 7 Lite
2014-12-26 16:38 - 2014-12-26 16:38 - 00000000 ____D () C:\Users\Swift\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockers Team
2014-12-26 16:38 - 2014-12-26 16:38 - 00000000 ____D () C:\Program Files\Rockers Team
2014-12-26 16:37 - 2014-12-26 16:37 - 04095075 _____ () C:\Users\Swift\Downloads\WinToolkit_1.5.3.9_Installer.exe
2014-12-26 16:36 - 2014-12-26 16:37 - 28112123 _____ () C:\Users\Swift\Downloads\rtseven260.zip
2014-12-26 16:26 - 2014-12-26 16:40 - 1155317062 _____ () C:\Users\Swift\Desktop\1.exe
2014-12-26 16:04 - 2014-12-26 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow x64
2014-12-26 16:04 - 2014-12-26 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
2014-12-26 16:04 - 2014-12-26 16:04 - 00000000 ____D () C:\Program Files\ffdshow
2014-12-26 16:04 - 2014-12-26 16:04 - 00000000 ____D () C:\Program Files (x86)\ffdshow
2014-12-26 16:04 - 2013-01-06 22:24 - 00127488 _____ () C:\Windows\system32\ff_vfw.dll
2014-12-26 16:04 - 2013-01-06 22:22 - 00112640 _____ () C:\Windows\SysWOW64\ff_vfw.dll
2014-12-26 16:03 - 2014-12-26 16:03 - 09498233 _____ () C:\Users\Swift\Downloads\ffdshow13.zip
2014-12-26 15:55 - 2014-12-26 15:56 - 13618320 _____ (Accusoft ) C:\Users\Swift\Downloads\PICVIDEO.EXE
2014-12-26 15:46 - 2001-08-16 16:19 - 00061440 _____ () C:\Windows\SysWOW64\mjpcodec.dll
2014-12-26 15:46 - 2000-09-15 15:51 - 00372736 _____ (Intel Corporation) C:\Windows\SysWOW64\ijl15.dll
2014-12-26 00:54 - 2014-12-26 01:03 - 419776838 _____ () C:\Users\Swift\Downloads\14122406.zip
2014-12-25 19:51 - 2014-12-25 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\x264vfw
2014-12-25 19:51 - 2014-12-25 19:51 - 00000000 ____D () C:\Program Files (x86)\x264vfw
2014-12-25 18:30 - 2011-01-07 17:17 - 00036744 _____ () C:\Users\Swift\Desktop\Result3.txt
2014-12-25 15:32 - 2014-12-25 15:32 - 04767824 _____ (ffdshow ) C:\Users\Swift\Downloads\ffdshow_rev4531_20140628.exe
2014-12-25 14:12 - 2014-12-25 14:12 - 00000000 ____D () C:\Users\Swift\Desktop\Virtual Dub x64
2014-12-24 21:46 - 2003-08-23 15:26 - 790921196 _____ () C:\Users\Swift\Desktop\AVSEQ031.mpg
2014-12-24 19:08 - 2007-09-08 15:17 - 05691396 _____ () C:\Users\Swift\Desktop\Capture-014.mpg
2014-12-24 19:07 - 2004-05-12 03:28 - 182872748 _____ () C:\Users\Swift\Desktop\AVSEQ01.MPG
2014-12-24 19:01 - 2004-05-12 02:58 - 31363964 _____ () C:\Users\Swift\Desktop\AVSEQ02.MPG
2014-12-24 18:39 - 2014-12-24 19:10 - 3192264704 _____ () C:\Users\Swift\Downloads\X15-65741.iso
2014-12-24 17:15 - 2014-12-24 17:16 - 02249137 _____ () C:\Users\Swift\Downloads\x264vfw_full_41_2525bm_41092.exe
2014-12-24 17:00 - 2014-12-25 03:43 - 00010316 _____ () C:\Users\Swift\Downloads\old-film-correction-vhs.vcf
2014-12-24 16:01 - 2014-12-24 18:22 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-12-24 16:01 - 2014-12-24 16:01 - 00001126 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Videorekorder.lnk
2014-12-24 16:01 - 2014-12-24 16:01 - 00001114 _____ () C:\Users\Public\Desktop\Debut Videorekorder.lnk
2014-12-24 16:01 - 2014-12-24 16:01 - 00000000 ____D () C:\Users\Swift\AppData\Roaming\NCH Software
2014-12-24 16:01 - 2014-12-24 16:01 - 00000000 ____D () C:\ProgramData\NCH Software
2014-12-24 16:01 - 2014-12-24 16:01 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2014-12-24 15:47 - 2014-12-25 03:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accusoft
2014-12-24 15:47 - 2014-12-25 03:45 - 00000000 ____D () C:\Program Files (x86)\Pegasus Imaging
2014-12-24 15:32 - 2014-12-24 15:32 - 02350139 _____ () C:\Users\Swift\Downloads\WinAVI_Video_Capture.zip
2014-12-24 15:32 - 2014-12-24 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinAVI Video Capture
2014-12-24 15:32 - 2014-12-24 15:32 - 00000000 ____D () C:\Program Files (x86)\WinAVI Video Capture
2014-12-24 15:24 - 2014-12-24 15:24 - 00293440 _____ () C:\Windows\Minidump\122414-18954-01.dmp
2014-12-24 15:23 - 2014-12-24 15:23 - 870171618 _____ () C:\Windows\MEMORY.DMP
2014-12-23 18:34 - 2014-12-23 18:53 - 00000000 ____D () C:\Users\Swift\Desktop\Kleinaqnzeigen
2014-12-22 23:27 - 2014-12-22 23:27 - 07352491 _____ () C:\Users\Swift\Desktop\puke_flash.mp4
2014-12-22 18:37 - 2014-12-23 01:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-12-21 17:36 - 2014-12-21 17:37 - 87429120 _____ () C:\Users\Swift\Downloads\trueimage.iso
2014-12-21 14:58 - 2014-12-21 14:58 - 03570688 _____ (x264vfw project) C:\Windows\system32\x264vfw64.dll
2014-12-21 14:57 - 2014-12-21 14:57 - 03588608 _____ (x264vfw project) C:\Windows\SysWOW64\x264vfw.dll
2014-12-21 14:25 - 2014-12-21 14:44 - 00000000 ____D () C:\Users\Swift\AppData\Local\Adobe
2014-12-20 18:26 - 2014-12-20 18:26 - 00265280 _____ () C:\Users\Swift\Desktop\10704483_980532551973687_1344849132_n.mp4
2014-12-19 17:40 - 2014-12-19 17:41 - 02867656 _____ () C:\Users\Swift\Downloads\bitdefender_tsecurity.exe
2014-12-18 15:03 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 15:03 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-18 13:34 - 2014-12-27 14:59 - 00000932 _____ () C:\Windows\PFRO.log
2014-12-18 01:47 - 2014-12-21 04:02 - 00000000 ____D () C:\Users\Swift\Documents\VSO Downloader
2014-12-18 01:45 - 2014-12-18 01:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
2014-12-18 00:43 - 2014-12-18 00:50 - 00000000 ____D () C:\Windows\TRON 2.0 Killer App Mod
2014-12-18 00:42 - 2014-12-18 00:42 - 00286720 _____ (Indigo Rose Corporation) C:\Windows\iun507.exe
2014-12-18 00:42 - 2014-12-18 00:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Buena Vista Interactive
2014-12-15 20:49 - 2014-12-15 20:49 - 49615595 _____ () C:\Users\Swift\Downloads\O_O_Defrag17_Professional_Edition.zip
2014-12-15 13:07 - 2014-12-15 13:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-12-15 13:07 - 2014-12-15 13:07 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-12-14 03:18 - 2014-12-27 19:27 - 00000000 ____D () C:\Users\Swift\AppData\Local\LogMeIn Hamachi
2014-12-13 19:09 - 2014-12-13 19:09 - 00000000 ____D () C:\Users\Swift\AppData\Local\Zachtronics Industries
2014-12-13 19:08 - 2014-12-13 19:08 - 00000000 ____D () C:\Users\Swift\AppData\Roaming\3909
2014-12-13 15:13 - 2014-12-13 15:23 - 934251852 _____ () C:\Users\Swift\Downloads\pcwRescue4.zip
2014-12-12 18:14 - 2014-12-12 18:14 - 04330639 _____ () C:\Users\Swift\Downloads\p95v285.win32.zip
2014-12-12 17:02 - 2014-12-12 17:02 - 01577512 _____ ( ) C:\Users\Swift\Downloads\cpu-z_1.71-setup-en.exe
2014-12-11 20:58 - 2014-12-11 20:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-11 04:02 - 2014-12-11 04:02 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-11 03:19 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 03:19 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-11 03:19 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-11 03:19 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-11 03:19 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-11 03:19 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-11 03:19 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-11 03:19 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-11 03:19 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-11 03:19 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-11 02:40 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-11 02:40 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-11 02:40 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-11 02:40 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-11 02:40 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-11 02:40 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-11 02:40 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-11 02:40 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-11 02:39 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-11 02:39 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-11 02:39 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 02:39 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 02:39 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-11 02:39 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 02:39 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-11 02:39 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 02:39 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-11 02:39 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-11 02:39 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 02:39 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-11 02:39 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 02:39 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-11 02:39 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 02:39 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-11 02:39 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-11 02:39 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-11 02:39 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 02:39 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-11 02:39 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 02:39 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-11 02:39 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 02:39 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-11 02:39 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-11 02:39 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-11 02:39 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 02:39 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-11 02:39 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-11 02:39 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-11 02:39 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-11 02:39 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-11 02:39 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-11 02:39 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 02:39 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-11 02:39 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-11 02:39 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 02:39 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-11 02:39 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 02:39 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-11 02:39 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-11 02:39 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-11 02:39 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-11 02:39 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-11 02:39 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 02:39 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-11 02:39 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-11 02:39 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-11 02:39 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 02:39 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-11 02:39 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-11 02:39 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-11 02:39 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-11 02:39 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-11 02:39 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 02:39 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-11 02:39 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-11 02:39 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-11 02:39 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-11 02:39 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-11 02:39 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-11 02:39 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-11 02:39 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-11 02:39 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-11 02:39 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-11 02:39 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-11 02:39 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-11 02:39 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-11 02:39 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-11 02:39 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-11 02:39 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-11 02:17 - 2014-12-11 02:17 - 00000891 _____ () C:\Users\Swift\Desktop\Archlord2.lnk
2014-12-11 02:17 - 2014-12-11 02:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Archlord 2
2014-12-11 01:42 - 2014-12-11 01:42 - 00000000 ____D () C:\ProgramData\WEBZEN
2014-12-08 19:32 - 2014-12-27 19:26 - 00010808 _____ () C:\Windows\setupact.log
2014-12-08 19:32 - 2014-12-08 19:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-08 17:34 - 2014-12-23 16:30 - 00000000 ____D () C:\Users\Swift\Desktop\TreeSizeFree
2014-12-08 17:07 - 2014-12-26 16:01 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI
2014-12-04 22:47 - 2014-12-04 22:47 - 00039983 _____ () C:\Users\Swift\Downloads\sessions (1).txt
2014-12-04 15:17 - 2014-12-19 17:57 - 00000000 ____D () C:\Users\Swift\Desktop\m
2014-12-03 23:28 - 2014-12-03 23:28 - 18644247 _____ () C:\Users\Swift\Downloads\WhatsApp.apk
2014-12-03 17:58 - 2014-10-03 20:23 - 00038216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-12-03 17:58 - 2014-10-03 20:23 - 00032584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-12-03 16:36 - 2014-12-03 16:36 - 00001103 _____ () C:\Users\Public\Desktop\OpenVPN GUI.lnk
2014-12-03 16:36 - 2014-12-03 16:36 - 00000000 ____D () C:\Program Files\TAP-Windows
2014-12-03 16:36 - 2014-12-03 16:36 - 00000000 ____D () C:\Program Files (x86)\OpenVPN
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-27 19:26 - 2013-12-29 22:21 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-27 19:26 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-27 19:25 - 2013-12-29 20:31 - 01136147 _____ () C:\Windows\WindowsUpdate.log
2014-12-27 19:24 - 2013-12-29 20:31 - 00000000 ____D () C:\Users\Swift
2014-12-27 19:20 - 2014-10-19 00:13 - 00000645 _____ () C:\Users\Swift\Desktop\AVSEQ.txt
2014-12-27 19:17 - 2009-07-14 18:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-12-27 19:17 - 2009-07-14 18:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-12-27 19:17 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-27 18:40 - 2013-12-29 22:21 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-27 16:29 - 2014-11-18 19:55 - 00000000 ____D () C:\Users\Swift\AppData\Roaming\vlc
2014-12-27 15:06 - 2009-07-14 05:45 - 00023152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-27 15:06 - 2009-07-14 05:45 - 00023152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-27 03:40 - 2013-12-29 22:45 - 00000000 ____D () C:\Users\Swift\AppData\Roaming\TS3Client
2014-12-27 02:53 - 2013-12-29 23:03 - 00000000 ____D () C:\Users\Swift\AppData\Roaming\Skype
2014-12-27 02:17 - 2013-12-29 22:57 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-12-27 02:14 - 2013-12-29 23:48 - 00000000 ___RD () C:\Users\Swift\Desktop\Items
2014-12-27 00:15 - 2013-12-30 00:05 - 00000000 ____D () C:\Users\Swift\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-12-26 17:00 - 2014-01-04 02:47 - 00000000 ____D () C:\ProgramData\VSO
2014-12-26 16:50 - 2013-12-29 23:05 - 00000000 ____D () C:\Users\Swift\AppData\Roaming\DVDVideoSoft
2014-12-26 16:50 - 2013-12-29 23:05 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-12-25 16:14 - 2014-08-26 20:04 - 00004511 _____ () C:\Users\Swift\Desktop\Neues Textdokument.txt
2014-12-25 03:45 - 2013-12-29 20:45 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-25 03:45 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Help
2014-12-24 21:42 - 2013-12-29 22:43 - 00000000 ____D () C:\Users\Swift\AppData\Roaming\Mozilla
2014-12-24 17:36 - 2014-08-26 19:59 - 00149504 _____ () C:\Users\Swift\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-24 15:46 - 2013-12-29 23:00 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-12-24 15:24 - 2014-04-19 23:04 - 00000000 ____D () C:\Windows\Minidump
2014-12-23 21:49 - 2013-12-29 22:43 - 00000000 ____D () C:\Users\Swift\AppData\Local\Thunderbird
2014-12-23 18:51 - 2013-12-29 23:49 - 00000000 ____D () C:\Users\Swift\Documents\Eigene PSP-Dateien
2014-12-23 15:48 - 2013-12-29 22:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-23 04:22 - 2014-03-10 15:30 - 00000000 ____D () C:\Program Files\Recuva
2014-12-21 15:01 - 2013-12-29 22:22 - 00001135 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-21 15:01 - 2013-12-29 22:22 - 00001135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-21 14:26 - 2014-11-20 14:54 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-21 14:26 - 2014-11-20 14:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-20 22:02 - 2014-09-16 19:45 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-20 22:02 - 2013-12-29 23:03 - 00000000 ____D () C:\ProgramData\Skype
2014-12-19 00:52 - 2013-12-30 01:54 - 00000000 ____D () C:\Users\Swift\Documents\AVerTV
2014-12-18 13:35 - 2009-07-14 05:45 - 00315320 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-18 01:02 - 2013-12-29 22:20 - 00077768 _____ () C:\Users\Swift\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-17 19:32 - 2014-02-20 20:02 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-13 04:54 - 2014-07-16 15:02 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-13 04:29 - 2014-08-22 12:07 - 00135384 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-13 04:18 - 2014-07-16 15:01 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-12 16:33 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-12 01:34 - 2013-12-29 23:08 - 00000000 ____D () C:\Users\Swift\AppData\Roaming\DAEMON Tools Lite
2014-12-11 04:02 - 2014-05-06 12:19 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 04:02 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 04:02 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-11 03:24 - 2013-12-29 21:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 03:21 - 2013-12-29 21:24 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 20:41 - 2013-12-29 22:21 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-10 03:28 - 2013-12-31 15:24 - 00000000 ____D () C:\ProgramData\Origin
2014-12-10 02:29 - 2014-03-10 19:45 - 00000000 ____D () C:\Users\Swift\AppData\Roaming\dvdcss
2014-12-10 00:46 - 2013-12-31 20:55 - 00348928 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-12-10 00:46 - 2013-12-31 20:24 - 00348928 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-12-10 00:46 - 2013-12-31 20:24 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-12-10 00:42 - 2013-12-31 20:24 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-12-09 23:20 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-08 17:51 - 2014-01-22 04:57 - 00000000 ____D () C:\Users\Swift\AppData\Roaming\Vso
2014-12-08 17:50 - 2014-11-20 21:02 - 00000000 ____D () C:\Users\Swift\AppData\Local\CrashDumps
2014-12-08 17:45 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-08 17:28 - 2014-05-15 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System
2014-12-08 17:27 - 2014-02-26 14:57 - 00000000 ____D () C:\Users\Swift\Valley
2014-12-08 17:27 - 2014-01-06 14:20 - 00000000 ____D () C:\Users\Swift\Heaven
2014-12-08 17:24 - 2014-01-26 13:38 - 00118400 _____ (VSO Software) C:\Users\Swift\AppData\Roaming\ezplay.sys
2014-12-08 17:24 - 2014-01-26 13:38 - 00007833 _____ () C:\Users\Swift\AppData\Roaming\ezplay.cat
2014-12-08 17:24 - 2014-01-26 13:38 - 00000033 _____ () C:\Users\Swift\AppData\Roaming\ezplay.log
2014-12-08 17:24 - 2014-01-22 04:57 - 00099384 _____ () C:\Users\Swift\AppData\Roaming\inst.exe
2014-12-08 17:24 - 2014-01-22 04:57 - 00082816 _____ (VSO Software) C:\Users\Swift\AppData\Roaming\pcouffin.sys
2014-12-08 17:24 - 2014-01-22 04:57 - 00007859 _____ () C:\Users\Swift\AppData\Roaming\pcouffin.cat
2014-12-08 17:24 - 2014-01-22 04:57 - 00000055 _____ () C:\Users\Swift\AppData\Roaming\pcouffin.log
2014-12-08 17:24 - 2014-01-04 02:47 - 00000000 ____D () C:\Program Files (x86)\VSO
2014-12-08 17:18 - 2014-05-15 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online
2014-12-08 17:17 - 2014-05-15 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Video
2014-12-02 04:24 - 2013-12-29 23:48 - 00000000 ___RD () C:\Users\Swift\Desktop\Games
2014-11-27 16:57 - 2014-07-20 15:28 - 00000000 ____D () C:\Users\Swift\AppData\Roaming\Bioshock
Some content of TEMP:
====================
C:\Users\Swift\AppData\Local\Temp\80fcd808a48de0143e30b36664ef25ad.dll
C:\Users\Swift\AppData\Local\Temp\bitool.dll
C:\Users\Swift\AppData\Local\Temp\cres.dll
C:\Users\Swift\AppData\Local\Temp\cshell.dll
C:\Users\Swift\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Swift\AppData\Local\Temp\smt_mystartsearch.exe
C:\Users\Swift\AppData\Local\Temp\sres.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-25 14:30
==================== End Of Log ============================
Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-12-2014
Ran by Swift at 2014-12-27 19:29:24
Running from C:\Users\Swift\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ACDSee Pro 5 (HKLM-x32\...\{35E0BA9D-3AFE-402A-99CA-D94FE1E73D18}) (Version: 5.3.168 - ACD Systems International Inc.)
ACE COMBAT™ ASSAULT HORIZON Enhanced Edition (HKLM-x32\...\Steam App 228400) (Version: - Namco)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
AI Suite 3 (HKLM-x32\...\{D46DA5F0-25AD-4B77-98DA-6DD6AF39FBD9}) (Version: 1.00.56 - ASUSTeK Computer Inc.)
Alice: Madness Returns (HKLM-x32\...\Steam App 19680) (Version: - Spicy Horse Games)
Archlord2 (HKLM-x32\...\{4B23B4C1-769A-49A4-AA12-1FF72B548F5D}_is1) (Version: 1.0.0.1 - Webzen)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
AVerMedia A835 USB DVB-T 8.2.64.64 (HKLM-x32\...\AVerMedia A835 USB DVB-T) (Version: 8.2.64.64 - AVerMedia TECHNOLOGIES, Inc.)
AVerTV 3D (HKLM-x32\...\InstallShield_{5016185F-05AF-455F-AA70-6B6E5D6D4E70}) (Version: 6.5.2.14 - AVerMedia Technologies, Inc.)
AVerTV 3D (x32 Version: 6.5.2.14 - AVerMedia Technologies, Inc.) Hidden
Avidemux 2.6 - 64bits (HKLM-x32\...\Avidemux 2.6 - 64bits (64-bit)) (Version: 2.6.7.8981 - )
AVS Video Editor 6.5 (HKLM-x32\...\AVS Video Editor_is1) (Version: 6.5.1.246 - Online Media Technologies Ltd.)
AVS Video Recorder 2.6 (HKLM-x32\...\AVS Video Recorder_is1) (Version: 2.6.1.94 - Online Media Technologies Ltd.)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
BioShock (HKLM-x32\...\Steam App 7670) (Version: - 2K Boston)
BioShock 2 (HKLM-x32\...\Steam App 8850) (Version: - 2K Marin)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version: - Irrational Games)
BIT.TRIP RUNNER (HKLM-x32\...\Steam App 63710) (Version: - Gaijin Games)
Brother MFL-Pro Suite DCP-375CW (HKLM-x32\...\{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Bully: Scholarship Edition (HKLM-x32\...\Steam App 12200) (Version: - Rockstar New England)
Burnout Paradise: The Ultimate Box (HKLM-x32\...\Steam App 24740) (Version: - Criterion Games)
Carnage Racing (HKLM-x32\...\Steam App 228940) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
Company of Heroes (New Steam Version) (HKLM-x32\...\Steam App 228200) (Version: - Relic)
ConvertXtoVideo Ultimate 1 (HKLM-x32\...\{{ECDB800F-E1F0-48FE-B393-E12E40CD3A89}_is1) (Version: 1.5.0.14 - VSO Software)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
CPUID CPU-Z 1.70 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CrystalDiskInfo 6.1.8 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.1.8 - Crystal Dew World)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Debut Videorekorder (HKLM-x32\...\Debut) (Version: 1.95 - NCH Software)
DEFCON (HKLM-x32\...\Steam App 1520) (Version: - Introversion Software)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DiRT Showdown (HKLM-x32\...\Steam App 201700) (Version: - Codemasters Racing Studio)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
DVD Converter Ultimate 3 (HKLM-x32\...\{{FCB14923-F3B5-4A91-8A2B-1E877AFE5B93}_is1) (Version: 3.0.0.20 - VSO Software)
EVGA PrecisionX 15 (HKLM-x32\...\Steam App 268850) (Version: - EVGA)
ffdshow v1.3.4500 [2013-01-06] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4500.0 - )
ffdshow x64 v1.3.4500 [2013-01-06] (HKLM\...\ffdshow64_is1) (Version: 1.3.4500.0 - )
FlatOut 2 (HKLM-x32\...\Steam App 2990) (Version: - Bugbear Entertainment)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.2.2.802 - Foxit Corporation)
Free Video Dub version 2.0.21.822 (HKLM-x32\...\Free Video Dub_is1) (Version: 2.0.21.822 - DVDVideoSoft Ltd.)
Free Video Editor version 1.4.9.1215 (HKLM-x32\...\Free Video Editor_is1) (Version: 1.4.9.1215 - DVDVideoSoft Ltd.)
From Dust (HKLM-x32\...\Steam App 33460) (Version: - Ubisoft Montpellier)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Grand Theft Auto: Vice City (HKLM-x32\...\Steam App 12110) (Version: - Rockstar Games)
Hacker Evolution Duality (HKLM-x32\...\Steam App 70120) (Version: - exosyphen studios)
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
HDD Health v4.2 (HKLM-x32\...\HDD Health_is1) (Version: - )
Heroine's Quest: The Herald of Ragnarok (HKLM-x32\...\Steam App 283880) (Version: - Crystal Shard)
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version: - IO Interactive)
Insurgency (HKLM-x32\...\Steam App 222880) (Version: - New World Interactive)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Jamestown (HKLM-x32\...\Steam App 94200) (Version: - Final Form Games)
Jasc Paint Shop Pro 9 (HKLM-x32\...\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}) (Version: 9.00.0000 - Jasc Software Inc)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Karos (HKLM-x32\...\Steam App 337410) (Version: - Galaxy Gate)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.291 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.291 - LogMeIn, Inc.) Hidden
Mafia II (HKLM-x32\...\Steam App 50130) (Version: - 2K Czech)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MKVToolNix 7.4.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 7.4.0 - Moritz Bunkus)
Monkey Island 2: Special Edition (HKLM-x32\...\Steam App 32460) (Version: - LucasArts)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)
MSI Afterburner 3.0.1 (HKLM-x32\...\Afterburner) (Version: 3.0.1 - MSI Co., LTD)
MyFreeCodec (HKU\S-1-5-21-1960244712-2969206649-92089019-1000\...\MyFreeCodec) (Version: - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.51.0 - Black Tree Gaming)
NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation)
NVIDIA Grafiktreiber 344.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.48 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
O&O Defrag Professional (HKLM\...\{253C418F-F466-4303-86C5-68E656A65551}) (Version: 17.0.504 - O&O Software GmbH)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
OpenVPN 2.3.6-I001 (HKLM-x32\...\OpenVPN) (Version: 2.3.6-I001 - )
Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
Panda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version: - Panda Security)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version: - 3909)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version: - OVERKILL Software)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
Penguins Arena: Sedna's World (HKLM-x32\...\Steam App 11280) (Version: - Frogames)
Pinnacle Instant DVD Recorder (HKLM-x32\...\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}) (Version: 2.00.103 - Pinnacle Systems)
Pinnacle Video Treiber (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.029 - Pinnacle Systems)
Poker Night 2 (HKLM-x32\...\Steam App 234710) (Version: - Telltale Games)
Poker Night at the Inventory (HKLM-x32\...\Steam App 31280) (Version: - Telltale Games)
Portal (HKLM-x32\...\Steam App 400) (Version: - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
POSTAL 2 (HKLM-x32\...\Steam App 223470) (Version: - Running With Scissors)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
QPST 2.7 (HKLM-x32\...\{8035964D-75EB-4463-91DC-3F02EE9CF103}) (Version: 2.7.378 - Qualcomm)
RACE 07 (HKLM-x32\...\Steam App 8600) (Version: - SimBin)
RaiderZ (HKLM-x32\...\Steam App 218470) (Version: - )
Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version: - Wild Shadow Studios)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6954 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.50 - Piriform)
Red Orchestra 2: Heroes of Stalingrad - Single Player (HKLM-x32\...\Steam App 236830) (Version: - )
Resonance (HKLM-x32\...\Steam App 212050) (Version: - XII Games)
Rise of Nations: Extended Edition (HKLM-x32\...\Steam App 287450) (Version: - SkyBox Labs)
Rochard (HKLM-x32\...\Steam App 107800) (Version: - Recoil Games)
RT 7 Lite (64-Bit) (HKU\S-1-5-21-1960244712-2969206649-92089019-1000\...\RT 7 Lite x64) (Version: 2.6.0 - Rockers Team)
RT 7 Lite x64 (Version: 2.6.0 - Rockers Team) Hidden
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version: - Deep Silver Volition)
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version: - Volition)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14083.17 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14083.17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Shatter (HKLM-x32\...\Steam App 20820) (Version: - Sidhe)
SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden
Sid Meier's Pirates! (HKLM-x32\...\Steam App 3920) (Version: - Firaxis Games)
SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version: - Rebellion)
Space Pirates and Zombies (HKLM-x32\...\Steam App 107200) (Version: - MinMax Games Ltd.)
SpaceChem (HKLM-x32\...\Steam App 92800) (Version: - Zachtronics)
SplitCam (HKLM-x32\...\SplitCam) (Version: 5.15.4.1 - SplitCam Co)
Star Wars: Knights of the Old Republic (HKLM-x32\...\Steam App 32370) (Version: - BioWare)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Stellarium 0.12.4 (HKLM\...\Stellarium_is1) (Version: 0.12.4 - Stellarium team)
Superfrog HD (HKLM-x32\...\Steam App 234000) (Version: - Team17 Digital Ltd)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Tesla Effect (HKLM-x32\...\Steam App 261510) (Version: - Big Finish Games)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Ship (HKLM-x32\...\Steam App 2400) (Version: - Outerlight Ltd.)
Thunder Wolves (HKLM-x32\...\Steam App 232970) (Version: - Most Wanted Entertainment)
Torchlight (HKLM-x32\...\Steam App 41500) (Version: - Runic Games)
TP-LINK TL-WN821N(C)_TL-WN822N_TL-WN823N Driver (HKLM-x32\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
TreeSize Free V3.0.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.0.1 - JAM Software)
Tron 2.0 (HKLM-x32\...\Steam App 327740) (Version: - Monolith Productions, Inc.)
TRON 2.0 v1.042 Update (HKLM-x32\...\TRON 2.0 v1.042 Update) (Version: - )
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
TV Movie ClickFinder (HKLM-x32\...\{A1A2ACDC-0C22-4EB1-B958-1898A93DAF28}) (Version: 1.00.0000 - TV Movie)
Unreal Development Kit: 2012-07 (HKLM\...\UDK-9c98e891-c496-418c-9e1e-dc217eec636a) (Version: - Epic Games, Inc.)
Uplay (HKLM-x32\...\Uplay) (Version: 4.5 - Ubisoft)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
Vessel (HKLM-x32\...\Steam App 108500) (Version: - Strange Loop Games)
Viscera Cleanup Detail (HKLM-x32\...\Steam App 246900) (Version: - RuneStorm)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.2.0.16 - VSO Software)
VSO CopyTo 5 (HKLM-x32\...\{9B05F6FC-AE16-488C-A822-F641ADC61B6A}_is1) (Version: 5.1.1.3 - VSO Software)
VSO Downloader 4.2.5.1 (HKLM-x32\...\{A0D0BA9E-F1A6-44FF-AA14-03ED96B3D56D}_is1) (Version: 4.2.5.1 - VSO Software)
VSO EVE Network Driver version 1.0.0.27 (HKLM-x32\...\{AC0AFDC9-4FB1-44FE-B3E1-82300BF3D756}_is1) (Version: 1.0.0.27 - VSO Software)
VSO Video Converter 1 (HKLM-x32\...\{{5289246A-D537-4823-88C2-38C17840E45A}_is1) (Version: 1.5.0.10 - VSO Software)
Watch_Dogs (HKLM-x32\...\Steam App 243470) (Version: - Ubisoft)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
WinAVI Video Capture 2.0 (HKLM-x32\...\WinAVI Video Capture_is1) (Version: - ZJ Computing, Inc.)
Wing Commander III (HKLM-x32\...\{F96B9930-E22A-44D6-81B5-6C8E92C21B4B}) (Version: 2.0.0.2 - Electronic Arts)
Wings of Prey (HKLM-x32\...\Steam App 45300) (Version: - Gaijin Entertainment)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinToolkit (HKLM-x32\...\WinToolkit) (Version: 1.5.3.9 - Legolash2o)
Wizorb (HKLM-x32\...\Steam App 207420) (Version: - Tribute Games)
Wondershare Video Editor(Build 4.7.1) (HKLM-x32\...\Wondershare Video Editor_is1) (Version: - Wondershare Software)
Worms Crazy Golf (HKLM-x32\...\Steam App 70620) (Version: - Team17 Software Ltd.)
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version: - )
XMedia Recode Version 3.1.8.6 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.8.6 - XMedia Recode)
Your Doodles Are Bugged! (HKLM-x32\...\Steam App 95500) (Version: - Spyn Doctor Games)
yuPlay client 0.7.39 (HKLM-x32\...\yuPlay клиент_is1) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
27-12-2014 17:35:38 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1FDFB4D4-7583-4262-8E7D-313609243B46} - System32\Tasks\{20960C4F-0308-45B3-B9B1-B4F0AE561F9B} => pcalua.exe -a C:\Users\Swift\Downloads\PCLEUSB2x32.exe -d C:\Users\Swift\Downloads
Task: {230A4407-E94B-40A5-8ED6-6F807366DF1A} - System32\Tasks\{285669E4-D9AF-4F87-8F21-0535D8E106AD} => pcalua.exe -a C:\Users\Swift\Downloads\sonyericssonpcsuite2.10.46.exe -d C:\Users\Swift\Downloads
Task: {25F3A3EB-F9F6-4666-A312-9989B16A3899} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-29] (Google Inc.)
Task: {38C07B22-E167-4A40-80C6-C2A23388D831} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-29] (Google Inc.)
Task: {5070D3DD-7059-42E3-97C6-456E20ABCF52} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar Core\DipAwayMode\DipAwayMode.exe [2013-09-18] ()
Task: {7E986331-F387-4661-ABBD-74ABB5D01025} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr.exe [2013-07-24] (ASUSTeK Computer Inc.)
Task: {9EE60B82-C54D-43A3-AE22-2D45162CFBD1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {CD76B43D-45DE-44F9-A5FF-843EF1032CF5} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
Task: {D5D52844-EB57-4A70-B9E2-072335B74D11} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2013-08-07] (ASUSTeK Computer Inc.)
Task: {D89B4ED6-A5E3-4158-8938-409A69703697} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-18] (AVAST Software)
Task: {DDB174AA-D3AC-4CCF-949C-0FB72C65B2E5} - System32\Tasks\{EB2C736D-C4FE-41A8-AC8B-7164B84F749F} => pcalua.exe -a I:\setup.exe -d I:\
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-09-19 23:11 - 2014-10-16 15:11 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-12-29 20:59 - 2013-06-04 17:41 - 00936728 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2013-12-30 01:52 - 2011-04-01 22:52 - 00403456 _____ () C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
2014-08-07 02:01 - 2013-03-08 08:54 - 00017760 _____ () C:\Program Files (x86)\HDD Health\HDDHealthService.exe
2013-12-31 20:24 - 2014-12-10 00:46 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-10-06 02:29 - 2005-04-22 12:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2014-02-22 03:46 - 2013-09-18 10:18 - 01225528 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar Core\DipAwayMode\DipAwayMode.exe
2014-04-18 15:24 - 2014-11-06 18:08 - 00707400 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll
2014-04-18 15:24 - 2014-11-06 18:08 - 00854344 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll
2013-12-29 23:31 - 2013-04-08 15:29 - 00846848 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
2014-10-06 02:29 - 2012-09-25 10:26 - 01163264 ____N () C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
2014-12-27 14:59 - 2014-12-27 14:59 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14122700\algo.dll
2013-12-29 20:59 - 2014-12-27 19:26 - 00028672 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2013-12-29 20:59 - 2013-06-04 17:41 - 00104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2013-11-21 12:29 - 2013-11-21 12:29 - 00114336 _____ () C:\Program Files (x86)\SplitCam\splitcam_hd_driver_ProxyPlugin.ax
2014-02-22 03:46 - 2013-09-18 10:18 - 00685056 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar Core\DipAwayMode\DIPDLL\DIP4DIGIPowerControlAction.dll
2014-02-22 03:46 - 2013-09-18 10:18 - 00825344 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar Core\DipAwayMode\DIPDLL\DIP4EpuAction.dll
2014-02-22 03:46 - 2013-09-18 10:18 - 00765952 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar Core\DipAwayMode\DIPDLL\DIP4FanAction.dll
2014-02-22 03:46 - 2013-09-18 10:18 - 00776704 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar Core\DipAwayMode\DIPDLL\DIP4TurboVEVOAction.dll
2014-02-22 03:46 - 2013-09-18 10:18 - 00904704 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar Core\DipAwayMode\DIPDLL\UsbPowerManager.dll
2014-02-22 03:45 - 2013-08-07 19:11 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite III\AssistFunc.dll
2014-02-22 03:46 - 2013-09-18 10:27 - 02371584 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar Core\tufx.dll
2014-02-22 03:45 - 2013-08-07 19:11 - 00662016 _____ () C:\Program Files (x86)\ASUS\AI Suite III\aaHMLib.dll
2014-02-22 03:45 - 2013-08-07 19:11 - 00053248 _____ () C:\Program Files (x86)\ASUS\AI Suite III\cpuutil.dll
2013-12-29 23:31 - 2013-03-12 20:48 - 01411072 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
2013-12-29 23:31 - 2013-04-02 11:34 - 00193024 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
2013-12-29 23:31 - 2013-04-02 11:34 - 00297472 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJRtl.dll
2014-11-18 23:36 - 2014-11-18 23:36 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-06 02:29 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-12-29 20:45 - 2013-09-03 16:52 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVer HID Receiver.lnk => C:\Windows\pss\AVer HID Receiver.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVerQuick.lnk => C:\Windows\pss\AVerQuick.lnk.CommonStartup
MSCONFIG\startupreg: ACPW05DE => "C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" /pid ACPW05DE
MSCONFIG\startupreg: CTxfiHlp => CTXFIHLP.EXE
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: LifeCam => "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: lxbkbmgr.exe => "C:\Program Files (x86)\Lexmark X1100 Series\lxbkbmgr.exe"
MSCONFIG\startupreg: OODefragTray => C:\Program Files\OO Software\Defrag\oodtray.exe
MSCONFIG\startupreg: SplitCam => C:\Program Files (x86)\SplitCam\SplitCam.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: USBToolTip => "C:\Program Files (x86)\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
========================= Accounts: ==========================
Administrator (S-1-5-21-1960244712-2969206649-92089019-500 - Administrator - Disabled)
Gast (S-1-5-21-1960244712-2969206649-92089019-501 - Limited - Disabled)
Swift (S-1-5-21-1960244712-2969206649-92089019-1000 - Administrator - Enabled) => C:\Users\Swift
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/27/2014 04:29:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000018e5d
ID des fehlerhaften Prozesses: 0x1950
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3
Error: (12/27/2014 02:59:29 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
Error: (12/27/2014 02:59:29 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
Error: (12/27/2014 02:59:28 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]
Error: (12/27/2014 03:37:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000018e5d
ID des fehlerhaften Prozesses: 0x2e90
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3
Error: (12/26/2014 07:19:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000018e5d
ID des fehlerhaften Prozesses: 0x1dd8
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3
Error: (12/26/2014 06:27:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000018e5d
ID des fehlerhaften Prozesses: 0x1bec
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3
Error: (12/26/2014 04:17:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000018e5d
ID des fehlerhaften Prozesses: 0x1688
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3
Error: (12/26/2014 03:41:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WinCAP.exe, Version: 6.0.0.244, Zeitstempel: 0x41f0ba1e
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x1804
Startzeit der fehlerhaften Anwendung: 0xWinCAP.exe0
Pfad der fehlerhaften Anwendung: WinCAP.exe1
Pfad des fehlerhaften Moduls: WinCAP.exe2
Berichtskennung: WinCAP.exe3
Error: (12/26/2014 03:39:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WinCAP.exe, Version: 6.0.0.244, Zeitstempel: 0x41f0ba1e
Name des fehlerhaften Moduls: x264vfw.dll, Version: 41.2525.41092.0, Zeitstempel: 0x0323cea8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000c31a
ID des fehlerhaften Prozesses: 0x1868
Startzeit der fehlerhaften Anwendung: 0xWinCAP.exe0
Pfad der fehlerhaften Anwendung: WinCAP.exe1
Pfad des fehlerhaften Moduls: WinCAP.exe2
Berichtskennung: WinCAP.exe3
System errors:
=============
Error: (12/27/2014 07:26:45 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (12/27/2014 07:26:27 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126
Error: (12/27/2014 07:24:50 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort4 gefunden.
Error: (12/27/2014 07:24:45 PM) (Source: Disk) (EventID: 15) (User: )
Description: Das Gerät \Device\Harddisk1\DR1 ist für den Zugriff noch nicht bereit.
Error: (12/27/2014 07:24:45 PM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
Error: (12/27/2014 07:24:38 PM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
Error: (12/27/2014 07:24:31 PM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
Error: (12/27/2014 07:24:23 PM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
Error: (12/27/2014 07:24:17 PM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
Error: (12/27/2014 07:24:03 PM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
Microsoft Office Sessions:
=========================
Error: (12/27/2014 04:29:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.1.7601.18247521eaf24c00000050000000000018e5d195001d021e92812dcc0C:\Program Files\VideoLAN\VLC\vlc.exeC:\Windows\SYSTEM32\ntdll.dll2431cbc3-8ddd-11e4-92d6-ac220bc62429
Error: (12/27/2014 02:59:29 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
Error: (12/27/2014 02:59:29 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
Error: (12/27/2014 02:59:28 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]
Error: (12/27/2014 03:37:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.1.7601.18247521eaf24c00000050000000000018e5d2e9001d0217cd55087f5C:\Program Files\VideoLAN\VLC\vlc.exeC:\Windows\SYSTEM32\ntdll.dll468b7f1a-8d71-11e4-ad1c-ac220bc62429
Error: (12/26/2014 07:19:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.1.7601.18247521eaf24c00000050000000000018e5d1dd801d02132e43d1529C:\Program Files\VideoLAN\VLC\vlc.exeC:\Windows\SYSTEM32\ntdll.dllc8ef0a16-8d2b-11e4-ad1c-ac220bc62429
Error: (12/26/2014 06:27:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.1.7601.18247521eaf24c00000050000000000018e5d1bec01d0212eb13b784cC:\Program Files\VideoLAN\VLC\vlc.exeC:\Windows\SYSTEM32\ntdll.dll82dec6eb-8d24-11e4-ad1c-ac220bc62429
Error: (12/26/2014 04:17:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.1.7601.18247521eaf24c00000050000000000018e5d168801d0211f083c301aC:\Program Files\VideoLAN\VLC\vlc.exeC:\Windows\SYSTEM32\ntdll.dll5ddcf5eb-8d12-11e4-ad1c-ac220bc62429
Error: (12/26/2014 03:41:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WinCAP.exe6.0.0.24441f0ba1eunknown0.0.0.000000000c000000500000000180401d02119ce811e7dC:\Program Files (x86)\WinAVI Video Capture\WinCAP.exeunknown36f2805f-8d0d-11e4-ad1c-ac220bc62429
Error: (12/26/2014 03:39:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WinCAP.exe6.0.0.24441f0ba1ex264vfw.dll41.2525.41092.00323cea8c00000050000c31a186801d02119c6b50a8dC:\Program Files (x86)\WinAVI Video Capture\WinCAP.exeC:\Windows\system32\x264vfw.dll09703eaa-8d0d-11e4-ad1c-ac220bc62429
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz
Percentage of memory in use: 22%
Total physical RAM: 8098.19 MB
Available physical RAM: 6244.75 MB
Total Pagefile: 16194.56 MB
Available Pagefile: 14278.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:100 GB) (Free:45.2 GB) NTFS
Drive d: (Volume) (Fixed) (Total:400 GB) (Free:51.08 GB) NTFS
Drive e: (Volume) (Fixed) (Total:215.71 GB) (Free:119.87 GB) NTFS
Drive f: (Volume) (Fixed) (Total:215.71 GB) (Free:70.1 GB) NTFS
Drive g: (Volume) (Fixed) (Total:232.88 GB) (Free:57.13 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 698A5CBD)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0CF63428)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=400 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=431.4 GB) - (Type=OF Extended)
==================== End Of Log ============================
Geändert von TattooPanda (27.12.2014 um 21:21 Uhr) |
|
27.12.2014, 21:14
| #2 |
| | "VBS:Malware-gen" auf USB Stick gefunden. Bitte um ÜberprüfungCode:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-12-27 19:57:59
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EZEX-00ZF5A0 rev.80.00A80 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Swift\AppData\Local\Temp\fgloypob.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776d1360 5 bytes JMP 000000014a510460
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776d13b0 5 bytes JMP 000000014a510450
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1510 5 bytes JMP 000000014a510370
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776d1560 5 bytes JMP 000000014a510470
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776d1570 5 bytes JMP 000000014a5103e0
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776d1620 5 bytes JMP 000000014a510320
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776d1650 5 bytes JMP 000000014a5103b0
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776d1670 5 bytes JMP 000000014a510390
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776d16b0 5 bytes JMP 000000014a5102e0
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776d1730 5 bytes JMP 000000014a5102d0
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776d1750 5 bytes JMP 000000014a510310
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776d1790 5 bytes JMP 000000014a5103c0
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776d17e0 5 bytes JMP 000000014a5103f0
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776d1940 5 bytes JMP 000000014a510230
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776d1b00 5 bytes JMP 000000014a510480
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776d1b30 5 bytes JMP 000000014a5103a0
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776d1c10 5 bytes JMP 000000014a5102f0
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776d1c20 5 bytes JMP 000000014a510350
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776d1c80 5 bytes JMP 000000014a510290
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776d1d10 5 bytes JMP 000000014a5102b0
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776d1d30 5 bytes JMP 000000014a5103d0
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776d1d40 5 bytes JMP 000000014a510330
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776d1db0 5 bytes JMP 000000014a510410
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776d1de0 5 bytes JMP 000000014a510240
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776d20a0 5 bytes JMP 000000014a5101e0
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776d2160 5 bytes JMP 000000014a510250
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776d2190 5 bytes JMP 000000014a510490
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776d21a0 5 bytes JMP 000000014a5104a0
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776d21d0 5 bytes JMP 000000014a510300
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776d21e0 5 bytes JMP 000000014a510360
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776d2240 5 bytes JMP 000000014a5102a0
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776d2290 5 bytes JMP 000000014a5102c0
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d22c0 5 bytes JMP 000000014a510380
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776d22d0 5 bytes JMP 000000014a510340
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776d25c0 5 bytes JMP 000000014a510440
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776d27c0 5 bytes JMP 000000014a510260
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776d27d0 5 bytes JMP 000000014a510270
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776d27e0 5 bytes JMP 000000014a510400
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776d29a0 5 bytes JMP 000000014a5101f0
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776d29b0 5 bytes JMP 000000014a510210
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776d2a20 5 bytes JMP 000000014a510200
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776d2a80 5 bytes JMP 000000014a510420
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776d2a90 5 bytes JMP 000000014a510430
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776d2aa0 5 bytes JMP 000000014a510220
.text C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776d2b80 5 bytes JMP 000000014a510280
.text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776d1360 5 bytes JMP 0000000077830460
.text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776d13b0 5 bytes JMP 0000000077830450
.text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1510 5 bytes JMP 0000000077830370
.text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776d1560 5 bytes JMP 0000000077830470
.text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776d1570 5 bytes JMP 00000000778303e0
.text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776d1620 5 bytes JMP 0000000077830320
.text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776d1650 5 bytes JMP 00000000778303b0
.text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776d1670 5 bytes JMP 0000000077830390
.text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776d16b0 5 bytes JMP 00000000778302e0
.text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776d1730 5 bytes JMP 00000000778302d0
.text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776d1750 5 bytes JMP 0000000077830310
.text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776d1790 5 bytes JMP 00000000778303c0
.text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776d17e0 5 bytes JMP 00000000778303f0
.text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776d1940 5 bytes JMP 0000000077830230
.text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776d1b00 5 bytes JMP 0000000077830480
.text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776d1b30 5 bytes JMP 00000000778303a0
.text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776d1c10 5 bytes JMP 00000000778302f0
.text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776d1c20 5 bytes JMP 0000000077830350
.text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776d1c80 5 bytes JMP 0000000077830290
.text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776d1d10 5 bytes JMP 00000000778302b0
.text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776d1d30 5 bytes JMP 00000000778303d0
.text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776d1d40 5 bytes JMP 0000000077830330
.text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776d1db0 5 bytes JMP 0000000077830410
.text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776d1de0 5 bytes JMP 0000000077830240
.text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776d20a0 5 bytes JMP 00000000778301e0
.text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776d2160 5 bytes JMP 0000000077830250
.text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776d2190 5 bytes JMP 0000000077830490
.text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776d21a0 5 bytes JMP 00000000778304a0
.text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776d21d0 5 bytes JMP 0000000077830300
.text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776d21e0 5 bytes JMP 0000000077830360
.text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776d2240 5 bytes JMP 00000000778302a0
.text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776d2290 5 bytes JMP 00000000778302c0
.text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d22c0 5 bytes JMP 0000000077830380
.text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776d22d0 5 bytes JMP 0000000077830340
.text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776d25c0 5 bytes JMP 0000000077830440
.text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776d27c0 5 bytes JMP 0000000077830260
.text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776d27d0 5 bytes JMP 0000000077830270
.text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776d27e0 5 bytes JMP 0000000077830400
.text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776d29a0 5 bytes JMP 00000000778301f0
.text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776d29b0 5 bytes JMP 0000000077830210
.text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776d2a20 5 bytes JMP 0000000077830200
.text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776d2a80 5 bytes JMP 0000000077830420
.text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776d2a90 5 bytes JMP 0000000077830430
.text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776d2aa0 5 bytes JMP 0000000077830220
.text C:\Windows\system32\wininit.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776d2b80 5 bytes JMP 0000000077830280
.text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776d1360 5 bytes JMP 000000014a510460
.text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776d13b0 5 bytes JMP 000000014a510450
.text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1510 5 bytes JMP 000000014a510370
.text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776d1560 5 bytes JMP 000000014a510470
.text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776d1570 5 bytes JMP 000000014a5103e0
.text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776d1620 5 bytes JMP 000000014a510320
.text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776d1650 5 bytes JMP 000000014a5103b0
.text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776d1670 5 bytes JMP 000000014a510390
.text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776d16b0 5 bytes JMP 000000014a5102e0
.text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776d1730 5 bytes JMP 000000014a5102d0
.text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776d1750 5 bytes JMP 000000014a510310
.text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776d1790 5 bytes JMP 000000014a5103c0
.text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776d17e0 5 bytes JMP 000000014a5103f0
.text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776d1940 5 bytes JMP 000000014a510230
.text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776d1b00 5 bytes JMP 000000014a510480
.text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776d1b30 5 bytes JMP 000000014a5103a0
.text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776d1c10 5 bytes JMP 000000014a5102f0
.text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776d1c20 5 bytes JMP 000000014a510350
.text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776d1c80 5 bytes JMP 000000014a510290
.text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776d1d10 5 bytes JMP 000000014a5102b0
.text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776d1d30 5 bytes JMP 000000014a5103d0
.text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776d1d40 5 bytes JMP 000000014a510330
.text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776d1db0 5 bytes JMP 000000014a510410
.text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776d1de0 5 bytes JMP 000000014a510240
.text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776d20a0 5 bytes JMP 000000014a5101e0
.text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776d2160 5 bytes JMP 000000014a510250
.text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776d2190 5 bytes JMP 000000014a510490
.text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776d21a0 5 bytes JMP 000000014a5104a0
.text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776d21d0 5 bytes JMP 000000014a510300
.text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776d21e0 5 bytes JMP 000000014a510360
.text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776d2240 5 bytes JMP 000000014a5102a0
.text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776d2290 5 bytes JMP 000000014a5102c0
.text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d22c0 5 bytes JMP 000000014a510380
.text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776d22d0 5 bytes JMP 000000014a510340
.text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776d25c0 5 bytes JMP 000000014a510440
.text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776d27c0 5 bytes JMP 000000014a510260
.text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776d27d0 5 bytes JMP 000000014a510270
.text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776d27e0 5 bytes JMP 000000014a510400
.text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776d29a0 5 bytes JMP 000000014a5101f0
.text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776d29b0 5 bytes JMP 000000014a510210
.text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776d2a20 5 bytes JMP 000000014a510200
.text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776d2a80 5 bytes JMP 000000014a510420
.text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776d2a90 5 bytes JMP 000000014a510430
.text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776d2aa0 5 bytes JMP 000000014a510220
.text C:\Windows\system32\csrss.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776d2b80 5 bytes JMP 000000014a510280
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776d1360 5 bytes JMP 0000000077830460
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776d13b0 5 bytes JMP 0000000077830450
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1510 5 bytes JMP 0000000077830370
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776d1560 5 bytes JMP 0000000077830470
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776d1570 5 bytes JMP 00000000778303e0
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776d1620 5 bytes JMP 0000000077830320
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776d1650 5 bytes JMP 00000000778303b0
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776d1670 5 bytes JMP 0000000077830390
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776d16b0 5 bytes JMP 00000000778302e0
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776d1730 5 bytes JMP 00000000778302d0
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776d1750 5 bytes JMP 0000000077830310
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776d1790 5 bytes JMP 00000000778303c0
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776d17e0 5 bytes JMP 00000000778303f0
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776d1940 5 bytes JMP 0000000077830230
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776d1b00 5 bytes JMP 0000000077830480
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776d1b30 5 bytes JMP 00000000778303a0
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776d1c10 5 bytes JMP 00000000778302f0
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776d1c20 5 bytes JMP 0000000077830350
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776d1c80 5 bytes JMP 0000000077830290
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776d1d10 5 bytes JMP 00000000778302b0
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776d1d30 5 bytes JMP 00000000778303d0
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776d1d40 5 bytes JMP 0000000077830330
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776d1db0 5 bytes JMP 0000000077830410
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776d1de0 5 bytes JMP 0000000077830240
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776d20a0 5 bytes JMP 00000000778301e0
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776d2160 5 bytes JMP 0000000077830250
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776d2190 5 bytes JMP 0000000077830490
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776d21a0 5 bytes JMP 00000000778304a0
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776d21d0 5 bytes JMP 0000000077830300
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776d21e0 5 bytes JMP 0000000077830360
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776d2240 5 bytes JMP 00000000778302a0
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776d2290 5 bytes JMP 00000000778302c0
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d22c0 5 bytes JMP 0000000077830380
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776d22d0 5 bytes JMP 0000000077830340
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776d25c0 5 bytes JMP 0000000077830440
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776d27c0 5 bytes JMP 0000000077830260
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776d27d0 5 bytes JMP 0000000077830270
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776d27e0 5 bytes JMP 0000000077830400
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776d29a0 5 bytes JMP 00000000778301f0
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776d29b0 5 bytes JMP 0000000077830210
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776d2a20 5 bytes JMP 0000000077830200
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776d2a80 5 bytes JMP 0000000077830420
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776d2a90 5 bytes JMP 0000000077830430
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776d2aa0 5 bytes JMP 0000000077830220
.text C:\Windows\system32\services.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776d2b80 5 bytes JMP 0000000077830280
.text C:\Windows\system32\lsass.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776d1360 5 bytes JMP 0000000077830460
.text C:\Windows\system32\lsass.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776d13b0 5 bytes JMP 0000000077830450
.text C:\Windows\system32\lsass.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1510 5 bytes JMP 0000000077830370
.text C:\Windows\system32\lsass.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776d1560 5 bytes JMP 0000000077830470
.text C:\Windows\system32\lsass.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776d1570 5 bytes JMP 00000000778303e0
.text C:\Windows\system32\lsass.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776d1620 5 bytes JMP 0000000077830320
.text C:\Windows\system32\lsass.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776d1650 5 bytes JMP 00000000778303b0
.text C:\Windows\system32\lsass.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776d1670 5 bytes JMP 0000000077830390
.text C:\Windows\system32\lsass.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776d16b0 5 bytes JMP 00000000778302e0
.text C:\Windows\system32\lsass.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776d1730 5 bytes JMP 00000000778302d0
.text C:\Windows\system32\lsass.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776d1750 5 bytes JMP 0000000077830310
.text C:\Windows\system32\lsass.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776d1790 5 bytes JMP 00000000778303c0
.text C:\Windows\system32\lsass.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776d17e0 5 bytes JMP 00000000778303f0
.text C:\Windows\system32\lsass.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776d1940 5 bytes JMP 0000000077830230
.text C:\Windows\system32\lsass.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776d1b00 5 bytes JMP 0000000077830480
.text C:\Windows\system32\lsass.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776d1b30 5 bytes JMP 00000000778303a0
.text C:\Windows\system32\lsass.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776d1c10 5 bytes JMP 00000000778302f0
.text C:\Windows\system32\lsass.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776d1c20 5 bytes JMP 0000000077830350
.text C:\Windows\system32\lsass.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776d1c80 5 bytes JMP 0000000077830290
.text C:\Windows\system32\lsass.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776d1d10 5 bytes JMP 00000000778302b0
.text C:\Windows\system32\lsass.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776d1d30 5 bytes JMP 00000000778303d0
.text C:\Windows\system32\lsass.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776d1d40 5 bytes JMP 0000000077830330
.text C:\Windows\system32\lsass.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776d1db0 5 bytes JMP 0000000077830410
.text C:\Windows\system32\lsass.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776d1de0 5 bytes JMP 0000000077830240
.text C:\Windows\system32\lsass.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776d20a0 5 bytes JMP 00000000778301e0
.text C:\Windows\system32\lsass.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776d2160 5 bytes JMP 0000000077830250
.text C:\Windows\system32\lsass.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776d2190 5 bytes JMP 0000000077830490
.text C:\Windows\system32\lsass.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776d21a0 5 bytes JMP 00000000778304a0
.text C:\Windows\system32\lsass.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776d21d0 5 bytes JMP 0000000077830300
.text C:\Windows\system32\lsass.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776d21e0 5 bytes JMP 0000000077830360
.text C:\Windows\system32\lsass.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776d2240 5 bytes JMP 00000000778302a0
.text C:\Windows\system32\lsass.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776d2290 5 bytes JMP 00000000778302c0
.text C:\Windows\system32\lsass.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d22c0 5 bytes JMP 0000000077830380
.text C:\Windows\system32\lsass.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776d22d0 5 bytes JMP 0000000077830340
.text C:\Windows\system32\lsass.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776d25c0 5 bytes JMP 0000000077830440
.text C:\Windows\system32\lsass.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776d27c0 5 bytes JMP 0000000077830260
.text C:\Windows\system32\lsass.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776d27d0 5 bytes JMP 0000000077830270
.text C:\Windows\system32\lsass.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776d27e0 5 bytes JMP 0000000077830400
.text C:\Windows\system32\lsass.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776d29a0 5 bytes JMP 00000000778301f0
.text C:\Windows\system32\lsass.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776d29b0 5 bytes JMP 0000000077830210
.text C:\Windows\system32\lsass.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776d2a20 5 bytes JMP 0000000077830200
.text C:\Windows\system32\lsass.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776d2a80 5 bytes JMP 0000000077830420
.text C:\Windows\system32\lsass.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776d2a90 5 bytes JMP 0000000077830430
.text C:\Windows\system32\lsass.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776d2aa0 5 bytes JMP 0000000077830220
.text C:\Windows\system32\lsass.exe[748] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776d2b80 5 bytes JMP 0000000077830280
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776d1360 5 bytes JMP 0000000077830460
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776d13b0 5 bytes JMP 0000000077830450
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1510 5 bytes JMP 0000000077830370
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776d1560 5 bytes JMP 0000000077830470
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776d1570 5 bytes JMP 00000000778303e0
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776d1620 5 bytes JMP 0000000077830320
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776d1650 5 bytes JMP 00000000778303b0
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776d1670 5 bytes JMP 0000000077830390
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776d16b0 5 bytes JMP 00000000778302e0
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776d1730 5 bytes JMP 00000000778302d0
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776d1750 5 bytes JMP 0000000077830310
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776d1790 5 bytes JMP 00000000778303c0
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776d17e0 5 bytes JMP 00000000778303f0
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776d1940 5 bytes JMP 0000000077830230
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776d1b00 5 bytes JMP 0000000077830480
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776d1b30 5 bytes JMP 00000000778303a0
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776d1c10 5 bytes JMP 00000000778302f0
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776d1c20 5 bytes JMP 0000000077830350
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776d1c80 5 bytes JMP 0000000077830290
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776d1d10 5 bytes JMP 00000000778302b0
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776d1d30 5 bytes JMP 00000000778303d0
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776d1d40 5 bytes JMP 0000000077830330
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776d1db0 5 bytes JMP 0000000077830410
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776d1de0 5 bytes JMP 0000000077830240
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776d20a0 5 bytes JMP 00000000778301e0
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776d2160 5 bytes JMP 0000000077830250
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776d2190 5 bytes JMP 0000000077830490
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776d21a0 5 bytes JMP 00000000778304a0
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776d21d0 5 bytes JMP 0000000077830300
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776d21e0 5 bytes JMP 0000000077830360
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776d2240 5 bytes JMP 00000000778302a0
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776d2290 5 bytes JMP 00000000778302c0
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d22c0 5 bytes JMP 0000000077830380
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776d22d0 5 bytes JMP 0000000077830340
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776d25c0 5 bytes JMP 0000000077830440
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776d27c0 5 bytes JMP 0000000077830260
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776d27d0 5 bytes JMP 0000000077830270
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776d27e0 5 bytes JMP 0000000077830400
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776d29a0 5 bytes JMP 00000000778301f0
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776d29b0 5 bytes JMP 0000000077830210
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776d2a20 5 bytes JMP 0000000077830200
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776d2a80 5 bytes JMP 0000000077830420
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776d2a90 5 bytes JMP 0000000077830430
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776d2aa0 5 bytes JMP 0000000077830220
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776d2b80 5 bytes JMP 0000000077830280
.text C:\Windows\system32\winlogon.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776d1360 5 bytes JMP 0000000077830460
.text C:\Windows\system32\winlogon.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776d13b0 5 bytes JMP 0000000077830450
.text C:\Windows\system32\winlogon.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1510 5 bytes JMP 0000000077830370
.text C:\Windows\system32\winlogon.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776d1560 5 bytes JMP 0000000077830470
.text C:\Windows\system32\winlogon.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776d1570 5 bytes JMP 00000000778303e0
.text C:\Windows\system32\winlogon.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776d1620 5 bytes JMP 0000000077830320
.text C:\Windows\system32\winlogon.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776d1650 5 bytes JMP 00000000778303b0
.text C:\Windows\system32\winlogon.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776d1670 5 bytes JMP 0000000077830390
.text C:\Windows\system32\winlogon.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776d16b0 5 bytes JMP 00000000778302e0
.text C:\Windows\system32\winlogon.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776d1730 5 bytes JMP 00000000778302d0
.text C:\Windows\system32\winlogon.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776d1750 5 bytes JMP 0000000077830310
.text C:\Windows\system32\winlogon.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776d1790 5 bytes JMP 00000000778303c0
.text C:\Windows\system32\winlogon.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776d17e0 5 bytes JMP 00000000778303f0
.text C:\Windows\system32\winlogon.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776d1940 5 bytes JMP 0000000077830230
.text C:\Windows\system32\winlogon.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776d1b00 5 bytes JMP 0000000077830480
.text C:\Windows\system32\winlogon.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776d1b30 5 bytes JMP 00000000778303a0
.text C:\Windows\system32\winlogon.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776d1c10 5 bytes JMP 00000000778302f0
.text C:\Windows\system32\winlogon.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776d1c20 5 bytes JMP 0000000077830350
.text C:\Windows\system32\winlogon.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776d1c80 5 bytes JMP 0000000077830290
.text C:\Windows\system32\winlogon.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776d1d10 5 bytes JMP 00000000778302b0
.text C:\Windows\system32\winlogon.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776d1d30 5 bytes JMP 00000000778303d0
.text C:\Windows\system32\winlogon.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776d1d40 5 bytes JMP 0000000077830330
.text C:\Windows\system32\winlogon.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776d1db0 5 bytes JMP 0000000077830410
.text C:\Windows\system32\winlogon.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776d1de0 5 bytes JMP 0000000077830240
.text C:\Windows\system32\winlogon.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776d20a0 5 bytes JMP 00000000778301e0
.text C:\Windows\system32\winlogon.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776d2160 5 bytes JMP 0000000077830250
.text C:\Windows\system32\winlogon.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776d2190 5 bytes JMP 0000000077830490
.text C:\Windows\system32\winlogon.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776d21a0 5 bytes JMP 00000000778304a0
.text C:\Windows\system32\winlogon.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776d21d0 5 bytes JMP 0000000077830300
.text C:\Windows\system32\winlogon.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776d21e0 5 bytes JMP 0000000077830360
.text C:\Windows\system32\winlogon.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776d2240 5 bytes JMP 00000000778302a0
.text C:\Windows\system32\winlogon.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776d2290 5 bytes JMP 00000000778302c0
.text C:\Windows\system32\winlogon.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d22c0 5 bytes JMP 0000000077830380
.text C:\Windows\system32\winlogon.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776d22d0 5 bytes JMP 0000000077830340
.text C:\Windows\system32\winlogon.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776d25c0 5 bytes JMP 0000000077830440
.text C:\Windows\system32\winlogon.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776d27c0 5 bytes JMP 0000000077830260
.text C:\Windows\system32\winlogon.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776d27d0 5 bytes JMP 0000000077830270
.text C:\Windows\system32\winlogon.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776d27e0 5 bytes JMP 0000000077830400
.text C:\Windows\system32\winlogon.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776d29a0 5 bytes JMP 00000000778301f0
.text C:\Windows\system32\winlogon.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776d29b0 5 bytes JMP 0000000077830210
.text C:\Windows\system32\winlogon.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776d2a20 5 bytes JMP 0000000077830200
.text C:\Windows\system32\winlogon.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776d2a80 5 bytes JMP 0000000077830420
.text C:\Windows\system32\winlogon.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776d2a90 5 bytes JMP 0000000077830430
.text C:\Windows\system32\winlogon.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776d2aa0 5 bytes JMP 0000000077830220
.text C:\Windows\system32\winlogon.exe[832] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776d2b80 5 bytes JMP 0000000077830280
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776d1360 5 bytes JMP 0000000077830460
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776d13b0 5 bytes JMP 0000000077830450
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1510 5 bytes JMP 0000000077830370
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776d1560 5 bytes JMP 0000000077830470
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776d1570 5 bytes JMP 00000000778303e0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776d1620 5 bytes JMP 0000000077830320
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776d1650 5 bytes JMP 00000000778303b0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776d1670 5 bytes JMP 0000000077830390
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776d16b0 5 bytes JMP 00000000778302e0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776d1730 5 bytes JMP 00000000778302d0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776d1750 5 bytes JMP 0000000077830310
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776d1790 5 bytes JMP 00000000778303c0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776d17e0 5 bytes JMP 00000000778303f0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776d1940 5 bytes JMP 0000000077830230
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776d1b00 5 bytes JMP 0000000077830480
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776d1b30 5 bytes JMP 00000000778303a0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776d1c10 5 bytes JMP 00000000778302f0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776d1c20 5 bytes JMP 0000000077830350
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776d1c80 5 bytes JMP 0000000077830290
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776d1d10 5 bytes JMP 00000000778302b0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776d1d30 5 bytes JMP 00000000778303d0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776d1d40 5 bytes JMP 0000000077830330
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776d1db0 5 bytes JMP 0000000077830410
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776d1de0 5 bytes JMP 0000000077830240
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776d20a0 5 bytes JMP 00000000778301e0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776d2160 5 bytes JMP 0000000077830250
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776d2190 5 bytes JMP 0000000077830490
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776d21a0 5 bytes JMP 00000000778304a0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776d21d0 5 bytes JMP 0000000077830300
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776d21e0 5 bytes JMP 0000000077830360
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776d2240 5 bytes JMP 00000000778302a0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776d2290 5 bytes JMP 00000000778302c0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d22c0 5 bytes JMP 0000000077830380
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776d22d0 5 bytes JMP 0000000077830340
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776d25c0 5 bytes JMP 0000000077830440
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776d27c0 5 bytes JMP 0000000077830260
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776d27d0 5 bytes JMP 0000000077830270
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776d27e0 5 bytes JMP 0000000077830400
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776d29a0 5 bytes JMP 00000000778301f0
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776d29b0 5 bytes JMP 0000000077830210
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776d2a20 5 bytes JMP 0000000077830200
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776d2a80 5 bytes JMP 0000000077830420
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776d2a90 5 bytes JMP 0000000077830430
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776d2aa0 5 bytes JMP 0000000077830220
.text C:\Windows\system32\svchost.exe[900] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776d2b80 5 bytes JMP 0000000077830280
.text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776d1360 5 bytes JMP 0000000077830460
.text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776d13b0 5 bytes JMP 0000000077830450
.text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1510 5 bytes JMP 0000000077830370
.text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776d1560 5 bytes JMP 0000000077830470
.text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776d1570 5 bytes JMP 00000000778303e0
.text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776d1620 5 bytes JMP 0000000077830320
.text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776d1650 5 bytes JMP 00000000778303b0
.text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776d1670 5 bytes JMP 0000000077830390
.text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776d16b0 5 bytes JMP 00000000778302e0
.text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776d1730 5 bytes JMP 00000000778302d0
.text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776d1750 5 bytes JMP 0000000077830310
.text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776d1790 5 bytes JMP 00000000778303c0
.text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776d17e0 5 bytes JMP 00000000778303f0
.text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry
|
|
27.12.2014, 21:15
| #3 |
| | "VBS:Malware-gen" auf USB Stick gefunden. Bitte um ÜberprüfungCode:
ATTFilter .text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776d1b00 5 bytes JMP 0000000077830480
.text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776d1b30 5 bytes JMP 00000000778303a0
.text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776d1c10 5 bytes JMP 00000000778302f0
.text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776d1c20 5 bytes JMP 0000000077830350
.text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776d1c80 5 bytes JMP 0000000077830290
.text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776d1d10 5 bytes JMP 00000000778302b0
.text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776d1d30 5 bytes JMP 00000000778303d0
.text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776d1d40 5 bytes JMP 0000000077830330
.text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776d1db0 5 bytes JMP 0000000077830410
.text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776d1de0 5 bytes JMP 0000000077830240
.text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776d20a0 5 bytes JMP 00000000778301e0
.text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776d2160 5 bytes JMP 0000000077830250
.text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776d2190 5 bytes JMP 0000000077830490
.text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776d21a0 5 bytes JMP 00000000778304a0
.text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776d21d0 5 bytes JMP 0000000077830300
.text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776d21e0 5 bytes JMP 0000000077830360
.text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776d2240 5 bytes JMP 00000000778302a0
.text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776d2290 5 bytes JMP 00000000778302c0
.text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d22c0 5 bytes JMP 0000000077830380
.text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776d22d0 5 bytes JMP 0000000077830340
.text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776d25c0 5 bytes JMP 0000000077830440
.text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776d27c0 5 bytes JMP 0000000077830260
.text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776d27d0 5 bytes JMP 0000000077830270
.text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776d27e0 5 bytes JMP 0000000077830400
.text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776d29a0 5 bytes JMP 00000000778301f0
.text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776d29b0 5 bytes JMP 0000000077830210
.text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776d2a20 5 bytes JMP 0000000077830200
.text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776d2a80 5 bytes JMP 0000000077830420
.text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776d2a90 5 bytes JMP 0000000077830430
.text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776d2aa0 5 bytes JMP 0000000077830220
.text C:\Windows\system32\nvvsvc.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776d2b80 5 bytes JMP 0000000077830280
.text C:\Windows\system32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776d1360 5 bytes JMP 0000000100070460
.text C:\Windows\system32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776d13b0 5 bytes JMP 0000000100070450
.text C:\Windows\system32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1510 5 bytes JMP 0000000100070370
.text C:\Windows\system32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776d1560 5 bytes JMP 0000000100070470
.text C:\Windows\system32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776d1570 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776d1620 5 bytes JMP 0000000100070320
.text C:\Windows\system32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776d1650 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776d1670 5 bytes JMP 0000000100070390
.text C:\Windows\system32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776d16b0 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776d1730 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776d1750 5 bytes JMP 0000000100070310
.text C:\Windows\system32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776d1790 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776d17e0 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776d1940 5 bytes JMP 0000000100070230
.text C:\Windows\system32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776d1b00 5 bytes JMP 0000000100070480
.text C:\Windows\system32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776d1b30 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776d1c10 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776d1c20 5 bytes JMP 0000000100070350
.text C:\Windows\system32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776d1c80 5 bytes JMP 0000000100070290
.text C:\Windows\system32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776d1d10 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776d1d30 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776d1d40 5 bytes JMP 0000000100070330
.text C:\Windows\system32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776d1db0 5 bytes JMP 0000000100070410
.text C:\Windows\system32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776d1de0 5 bytes JMP 0000000100070240
.text C:\Windows\system32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776d20a0 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776d2160 5 bytes JMP 0000000100070250
.text C:\Windows\system32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776d2190 5 bytes JMP 0000000100070490
.text C:\Windows\system32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776d21a0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776d21d0 5 bytes JMP 0000000100070300
.text C:\Windows\system32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776d21e0 5 bytes JMP 0000000100070360
.text C:\Windows\system32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776d2240 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776d2290 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d22c0 5 bytes JMP 0000000100070380
.text C:\Windows\system32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776d22d0 5 bytes JMP 0000000100070340
.text C:\Windows\system32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776d25c0 5 bytes JMP 0000000100070440
.text C:\Windows\system32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776d27c0 5 bytes JMP 0000000100070260
.text C:\Windows\system32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776d27d0 5 bytes JMP 0000000100070270
.text C:\Windows\system32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776d27e0 5 bytes JMP 0000000100070400
.text C:\Windows\system32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776d29a0 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776d29b0 5 bytes JMP 0000000100070210
.text C:\Windows\system32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776d2a20 5 bytes JMP 0000000100070200
.text C:\Windows\system32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776d2a80 5 bytes JMP 0000000100070420
.text C:\Windows\system32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776d2a90 5 bytes JMP 0000000100070430
.text C:\Windows\system32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776d2aa0 5 bytes JMP 0000000100070220
.text C:\Windows\system32\svchost.exe[164] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776d2b80 5 bytes JMP 0000000100070280
.text C:\Windows\System32\svchost.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776d1360 5 bytes JMP 0000000077830460
.text C:\Windows\System32\svchost.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776d13b0 5 bytes JMP 0000000077830450
.text C:\Windows\System32\svchost.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1510 5 bytes JMP 0000000077830370
.text C:\Windows\System32\svchost.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776d1560 5 bytes JMP 0000000077830470
.text C:\Windows\System32\svchost.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776d1570 5 bytes JMP 00000000778303e0
.text C:\Windows\System32\svchost.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776d1620 5 bytes JMP 0000000077830320
.text C:\Windows\System32\svchost.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776d1650 5 bytes JMP 00000000778303b0
.text C:\Windows\System32\svchost.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776d1670 5 bytes JMP 0000000077830390
.text C:\Windows\System32\svchost.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776d16b0 5 bytes JMP 00000000778302e0
.text C:\Windows\System32\svchost.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776d1730 5 bytes JMP 00000000778302d0
.text C:\Windows\System32\svchost.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776d1750 5 bytes JMP 0000000077830310
.text C:\Windows\System32\svchost.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776d1790 5 bytes JMP 00000000778303c0
.text C:\Windows\System32\svchost.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776d17e0 5 bytes JMP 00000000778303f0
.text C:\Windows\System32\svchost.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776d1940 5 bytes JMP 0000000077830230
.text C:\Windows\System32\svchost.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776d1b00 5 bytes JMP 0000000077830480
.text C:\Windows\System32\svchost.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776d1b30 5 bytes JMP 00000000778303a0
.text C:\Windows\System32\svchost.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776d1c10 5 bytes JMP 00000000778302f0
.text C:\Windows\System32\svchost.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776d1c20 5 bytes JMP 0000000077830350
.text C:\Windows\System32\svchost.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776d1c80 5 bytes JMP 0000000077830290
.text C:\Windows\System32\svchost.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776d1d10 5 bytes JMP 00000000778302b0
.text C:\Windows\System32\svchost.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776d1d30 5 bytes JMP 00000000778303d0
.text C:\Windows\System32\svchost.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776d1d40 5 bytes JMP 0000000077830330
.text C:\Windows\System32\svchost.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776d1db0 5 bytes JMP 0000000077830410
.text C:\Windows\System32\svchost.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776d1de0 5 bytes JMP 0000000077830240
.text C:\Windows\System32\svchost.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776d20a0 5 bytes JMP 00000000778301e0
.text C:\Windows\System32\svchost.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776d2160 5 bytes JMP 0000000077830250
.text C:\Windows\System32\svchost.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776d2190 5 bytes JMP 0000000077830490
.text C:\Windows\System32\svchost.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776d21a0 5 bytes JMP 00000000778304a0
.text C:\Windows\System32\svchost.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776d21d0 5 bytes JMP 0000000077830300
.text C:\Windows\System32\svchost.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776d21e0 5 bytes JMP 0000000077830360
.text C:\Windows\System32\svchost.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776d2240 5 bytes JMP 00000000778302a0
.text C:\Windows\System32\svchost.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776d2290 5 bytes JMP 00000000778302c0
.text C:\Windows\System32\svchost.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d22c0 5 bytes JMP 0000000077830380
.text C:\Windows\System32\svchost.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776d22d0 5 bytes JMP 0000000077830340
.text C:\Windows\System32\svchost.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776d25c0 5 bytes JMP 0000000077830440
.text C:\Windows\System32\svchost.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776d27c0 5 bytes JMP 0000000077830260
.text C:\Windows\System32\svchost.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776d27d0 5 bytes JMP 0000000077830270
.text C:\Windows\System32\svchost.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776d27e0 5 bytes JMP 0000000077830400
.text C:\Windows\System32\svchost.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776d29a0 5 bytes JMP 00000000778301f0
.text C:\Windows\System32\svchost.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776d29b0 5 bytes JMP 0000000077830210
.text C:\Windows\System32\svchost.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776d2a20 5 bytes JMP 0000000077830200
.text C:\Windows\System32\svchost.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776d2a80 5 bytes JMP 0000000077830420
.text C:\Windows\System32\svchost.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776d2a90 5 bytes JMP 0000000077830430
.text C:\Windows\System32\svchost.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776d2aa0 5 bytes JMP 0000000077830220
.text C:\Windows\System32\svchost.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776d2b80 5 bytes JMP 0000000077830280
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776d1360 5 bytes JMP 0000000077830460
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776d13b0 5 bytes JMP 0000000077830450
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1510 5 bytes JMP 0000000077830370
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776d1560 5 bytes JMP 0000000077830470
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776d1570 5 bytes JMP 00000000778303e0
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776d1620 5 bytes JMP 0000000077830320
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776d1650 5 bytes JMP 00000000778303b0
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776d1670 5 bytes JMP 0000000077830390
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776d16b0 5 bytes JMP 00000000778302e0
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776d1730 5 bytes JMP 00000000778302d0
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776d1750 5 bytes JMP 0000000077830310
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776d1790 5 bytes JMP 00000000778303c0
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776d17e0 5 bytes JMP 00000000778303f0
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776d1940 5 bytes JMP 0000000077830230
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776d1b00 5 bytes JMP 0000000077830480
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776d1b30 5 bytes JMP 00000000778303a0
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776d1c10 5 bytes JMP 00000000778302f0
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776d1c20 5 bytes JMP 0000000077830350
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776d1c80 5 bytes JMP 0000000077830290
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776d1d10 5 bytes JMP 00000000778302b0
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776d1d30 5 bytes JMP 00000000778303d0
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776d1d40 5 bytes JMP 0000000077830330
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776d1db0 5 bytes JMP 0000000077830410
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776d1de0 5 bytes JMP 0000000077830240
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776d20a0 5 bytes JMP 00000000778301e0
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776d2160 5 bytes JMP 0000000077830250
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776d2190 5 bytes JMP 0000000077830490
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776d21a0 5 bytes JMP 00000000778304a0
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776d21d0 5 bytes JMP 0000000077830300
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776d21e0 5 bytes JMP 0000000077830360
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776d2240 5 bytes JMP 00000000778302a0
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776d2290 5 bytes JMP 00000000778302c0
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d22c0 5 bytes JMP 0000000077830380
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776d22d0 5 bytes JMP 0000000077830340
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776d25c0 5 bytes JMP 0000000077830440
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776d27c0 5 bytes JMP 0000000077830260
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776d27d0 5 bytes JMP 0000000077830270
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776d27e0 5 bytes JMP 0000000077830400
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776d29a0 5 bytes JMP 00000000778301f0
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776d29b0 5 bytes JMP 0000000077830210
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776d2a20 5 bytes JMP 0000000077830200
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776d2a80 5 bytes JMP 0000000077830420
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776d2a90 5 bytes JMP 0000000077830430
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776d2aa0 5 bytes JMP 0000000077830220
.text C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776d2b80 5 bytes JMP 0000000077830280
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776d1360 5 bytes JMP 0000000077830460
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776d13b0 5 bytes JMP 0000000077830450
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1510 5 bytes JMP 0000000077830370
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776d1560 5 bytes JMP 0000000077830470
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776d1570 5 bytes JMP 00000000778303e0
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776d1620 5 bytes JMP 0000000077830320
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776d1650 5 bytes JMP 00000000778303b0
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776d1670 5 bytes JMP 0000000077830390
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776d16b0 5 bytes JMP 00000000778302e0
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776d1730 5 bytes JMP 00000000778302d0
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776d1750 5 bytes JMP 0000000077830310
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776d1790 5 bytes JMP 00000000778303c0
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776d17e0 5 bytes JMP 00000000778303f0
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776d1940 5 bytes JMP 0000000077830230
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776d1b00 5 bytes JMP 0000000077830480
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776d1b30 5 bytes JMP 00000000778303a0
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776d1c10 5 bytes JMP 00000000778302f0
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776d1c20 5 bytes JMP 0000000077830350
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776d1c80 5 bytes JMP 0000000077830290
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776d1d10 5 bytes JMP 00000000778302b0
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776d1d30 5 bytes JMP 00000000778303d0
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776d1d40 5 bytes JMP 0000000077830330
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776d1db0 5 bytes JMP 0000000077830410
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776d1de0 5 bytes JMP 0000000077830240
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776d20a0 5 bytes JMP 00000000778301e0
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776d2160 5 bytes JMP 0000000077830250
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776d2190 5 bytes JMP 0000000077830490
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776d21a0 5 bytes JMP 00000000778304a0
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776d21d0 5 bytes JMP 0000000077830300
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776d21e0 5 bytes JMP 0000000077830360
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776d2240 5 bytes JMP 00000000778302a0
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776d2290 5 bytes JMP 00000000778302c0
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d22c0 5 bytes JMP 0000000077830380
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776d22d0 5 bytes JMP 0000000077830340
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776d25c0 5 bytes JMP 0000000077830440
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776d27c0 5 bytes JMP 0000000077830260
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776d27d0 5 bytes JMP 0000000077830270
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776d27e0 5 bytes JMP 0000000077830400
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776d29a0 5 bytes JMP 00000000778301f0
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776d29b0 5 bytes JMP 0000000077830210
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776d2a20 5 bytes JMP 0000000077830200
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776d2a80 5 bytes JMP 0000000077830420
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776d2a90 5 bytes JMP 0000000077830430
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776d2aa0 5 bytes JMP 0000000077830220
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776d2b80 5 bytes JMP 0000000077830280
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776d1360 5 bytes JMP 0000000077830460
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776d13b0 5 bytes JMP 0000000077830450
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1510 5 bytes JMP 0000000077830370
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776d1560 5 bytes JMP 0000000077830470
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776d1570 5 bytes JMP 00000000778303e0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776d1620 5 bytes JMP 0000000077830320
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776d1650 5 bytes JMP 00000000778303b0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776d1670 5 bytes JMP 0000000077830390
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776d16b0 5 bytes JMP 00000000778302e0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776d1730 5 bytes JMP 00000000778302d0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776d1750 5 bytes JMP 0000000077830310
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776d1790 5 bytes JMP 00000000778303c0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776d17e0 5 bytes JMP 00000000778303f0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry
|
|
27.12.2014, 21:16
| #4 |
| | "VBS:Malware-gen" auf USB Stick gefunden. Bitte um ÜberprüfungCode:
ATTFilter .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776d1b00 5 bytes JMP 0000000077830480
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776d1b30 5 bytes JMP 00000000778303a0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776d1c10 5 bytes JMP 00000000778302f0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776d1c20 5 bytes JMP 0000000077830350
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776d1c80 5 bytes JMP 0000000077830290
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776d1d10 5 bytes JMP 00000000778302b0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776d1d30 5 bytes JMP 00000000778303d0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776d1d40 5 bytes JMP 0000000077830330
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776d1db0 5 bytes JMP 0000000077830410
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776d1de0 5 bytes JMP 0000000077830240
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776d20a0 5 bytes JMP 00000000778301e0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776d2160 5 bytes JMP 0000000077830250
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776d2190 5 bytes JMP 0000000077830490
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776d21a0 5 bytes JMP 00000000778304a0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776d21d0 5 bytes JMP 0000000077830300
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776d21e0 5 bytes JMP 0000000077830360
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776d2240 5 bytes JMP 00000000778302a0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776d2290 5 bytes JMP 00000000778302c0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d22c0 5 bytes JMP 0000000077830380
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776d22d0 5 bytes JMP 0000000077830340
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776d25c0 5 bytes JMP 0000000077830440
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776d27c0 5 bytes JMP 0000000077830260
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776d27d0 5 bytes JMP 0000000077830270
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776d27e0 5 bytes JMP 0000000077830400
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776d29a0 5 bytes JMP 00000000778301f0
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776d29b0 5 bytes JMP 0000000077830210
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776d2a20 5 bytes JMP 0000000077830200
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776d2a80 5 bytes JMP 0000000077830420
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776d2a90 5 bytes JMP 0000000077830430
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776d2aa0 5 bytes JMP 0000000077830220
.text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776d2b80 5 bytes JMP 0000000077830280
.text C:\Windows\system32\AUDIODG.EXE[1176] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776d1360 5 bytes JMP 0000000077830460
.text C:\Windows\system32\AUDIODG.EXE[1176] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776d13b0 5 bytes JMP 0000000077830450
.text C:\Windows\system32\AUDIODG.EXE[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1510 5 bytes JMP 0000000077830370
.text C:\Windows\system32\AUDIODG.EXE[1176] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776d1560 5 bytes JMP 0000000077830470
.text C:\Windows\system32\AUDIODG.EXE[1176] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776d1570 5 bytes JMP 00000000778303e0
.text C:\Windows\system32\AUDIODG.EXE[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776d1620 5 bytes JMP 0000000077830320
.text C:\Windows\system32\AUDIODG.EXE[1176] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776d1650 5 bytes JMP 00000000778303b0
.text C:\Windows\system32\AUDIODG.EXE[1176] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776d1670 5 bytes JMP 0000000077830390
.text C:\Windows\system32\AUDIODG.EXE[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776d16b0 5 bytes JMP 00000000778302e0
.text C:\Windows\system32\AUDIODG.EXE[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776d1730 5 bytes JMP 00000000778302d0
.text C:\Windows\system32\AUDIODG.EXE[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776d1750 5 bytes JMP 0000000077830310
.text C:\Windows\system32\AUDIODG.EXE[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776d1790 5 bytes JMP 00000000778303c0
.text C:\Windows\system32\AUDIODG.EXE[1176] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776d17e0 5 bytes JMP 00000000778303f0
.text C:\Windows\system32\AUDIODG.EXE[1176] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776d1940 5 bytes JMP 0000000077830230
.text C:\Windows\system32\AUDIODG.EXE[1176] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776d1b00 5 bytes JMP 0000000077830480
.text C:\Windows\system32\AUDIODG.EXE[1176] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776d1b30 5 bytes JMP 00000000778303a0
.text C:\Windows\system32\AUDIODG.EXE[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776d1c10 5 bytes JMP 00000000778302f0
.text C:\Windows\system32\AUDIODG.EXE[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776d1c20 5 bytes JMP 0000000077830350
.text C:\Windows\system32\AUDIODG.EXE[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776d1c80 5 bytes JMP 0000000077830290
.text C:\Windows\system32\AUDIODG.EXE[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776d1d10 5 bytes JMP 00000000778302b0
.text C:\Windows\system32\AUDIODG.EXE[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776d1d30 5 bytes JMP 00000000778303d0
.text C:\Windows\system32\AUDIODG.EXE[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776d1d40 5 bytes JMP 0000000077830330
.text C:\Windows\system32\AUDIODG.EXE[1176] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776d1db0 5 bytes JMP 0000000077830410
.text C:\Windows\system32\AUDIODG.EXE[1176] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776d1de0 5 bytes JMP 0000000077830240
.text C:\Windows\system32\AUDIODG.EXE[1176] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776d20a0 5 bytes JMP 00000000778301e0
.text C:\Windows\system32\AUDIODG.EXE[1176] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776d2160 5 bytes JMP 0000000077830250
.text C:\Windows\system32\AUDIODG.EXE[1176] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776d2190 5 bytes JMP 0000000077830490
.text C:\Windows\system32\AUDIODG.EXE[1176] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776d21a0 5 bytes JMP 00000000778304a0
.text C:\Windows\system32\AUDIODG.EXE[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776d21d0 5 bytes JMP 0000000077830300
.text C:\Windows\system32\AUDIODG.EXE[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776d21e0 5 bytes JMP 0000000077830360
.text C:\Windows\system32\AUDIODG.EXE[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776d2240 5 bytes JMP 00000000778302a0
.text C:\Windows\system32\AUDIODG.EXE[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776d2290 5 bytes JMP 00000000778302c0
.text C:\Windows\system32\AUDIODG.EXE[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d22c0 5 bytes JMP 0000000077830380
.text C:\Windows\system32\AUDIODG.EXE[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776d22d0 5 bytes JMP 0000000077830340
.text C:\Windows\system32\AUDIODG.EXE[1176] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776d25c0 5 bytes JMP 0000000077830440
.text C:\Windows\system32\AUDIODG.EXE[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776d27c0 5 bytes JMP 0000000077830260
.text C:\Windows\system32\AUDIODG.EXE[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776d27d0 5 bytes JMP 0000000077830270
.text C:\Windows\system32\AUDIODG.EXE[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776d27e0 5 bytes JMP 0000000077830400
.text C:\Windows\system32\AUDIODG.EXE[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776d29a0 5 bytes JMP 00000000778301f0
.text C:\Windows\system32\AUDIODG.EXE[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776d29b0 5 bytes JMP 0000000077830210
.text C:\Windows\system32\AUDIODG.EXE[1176] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776d2a20 5 bytes JMP 0000000077830200
.text C:\Windows\system32\AUDIODG.EXE[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776d2a80 5 bytes JMP 0000000077830420
.text C:\Windows\system32\AUDIODG.EXE[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776d2a90 5 bytes JMP 0000000077830430
.text C:\Windows\system32\AUDIODG.EXE[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776d2aa0 5 bytes JMP 0000000077830220
.text C:\Windows\system32\AUDIODG.EXE[1176] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776d2b80 5 bytes JMP 0000000077830280
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776d1360 5 bytes JMP 0000000077830460
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776d13b0 5 bytes JMP 0000000077830450
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1510 5 bytes JMP 0000000077830370
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776d1560 5 bytes JMP 0000000077830470
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776d1570 5 bytes JMP 00000000778303e0
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776d1620 5 bytes JMP 0000000077830320
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776d1650 5 bytes JMP 00000000778303b0
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776d1670 5 bytes JMP 0000000077830390
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776d16b0 5 bytes JMP 00000000778302e0
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776d1730 5 bytes JMP 00000000778302d0
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776d1750 5 bytes JMP 0000000077830310
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776d1790 5 bytes JMP 00000000778303c0
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776d17e0 5 bytes JMP 00000000778303f0
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776d1940 5 bytes JMP 0000000077830230
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776d1b00 5 bytes JMP 0000000077830480
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776d1b30 5 bytes JMP 00000000778303a0
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776d1c10 5 bytes JMP 00000000778302f0
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776d1c20 5 bytes JMP 0000000077830350
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776d1c80 5 bytes JMP 0000000077830290
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776d1d10 5 bytes JMP 00000000778302b0
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776d1d30 5 bytes JMP 00000000778303d0
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776d1d40 5 bytes JMP 0000000077830330
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776d1db0 5 bytes JMP 0000000077830410
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776d1de0 5 bytes JMP 0000000077830240
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776d20a0 5 bytes JMP 00000000778301e0
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776d2160 5 bytes JMP 0000000077830250
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776d2190 5 bytes JMP 0000000077830490
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776d21a0 5 bytes JMP 00000000778304a0
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776d21d0 5 bytes JMP 0000000077830300
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776d21e0 5 bytes JMP 0000000077830360
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776d2240 5 bytes JMP 00000000778302a0
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776d2290 5 bytes JMP 00000000778302c0
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d22c0 5 bytes JMP 0000000077830380
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776d22d0 5 bytes JMP 0000000077830340
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776d25c0 5 bytes JMP 0000000077830440
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776d27c0 5 bytes JMP 0000000077830260
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776d27d0 5 bytes JMP 0000000077830270
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776d27e0 5 bytes JMP 0000000077830400
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776d29a0 5 bytes JMP 00000000778301f0
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776d29b0 5 bytes JMP 0000000077830210
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776d2a20 5 bytes JMP 0000000077830200
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776d2a80 5 bytes JMP 0000000077830420
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776d2a90 5 bytes JMP 0000000077830430
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776d2aa0 5 bytes JMP 0000000077830220
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776d2b80 5 bytes JMP 0000000077830280
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776d1360 5 bytes JMP 0000000100070460
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776d13b0 5 bytes JMP 0000000100070450
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1510 5 bytes JMP 0000000100070370
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776d1560 5 bytes JMP 0000000100070470
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776d1570 5 bytes JMP 00000001000703e0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776d1620 5 bytes JMP 0000000100070320
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776d1650 5 bytes JMP 00000001000703b0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776d1670 5 bytes JMP 0000000100070390
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776d16b0 5 bytes JMP 00000001000702e0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776d1730 5 bytes JMP 00000001000702d0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776d1750 5 bytes JMP 0000000100070310
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776d1790 5 bytes JMP 00000001000703c0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776d17e0 5 bytes JMP 00000001000703f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776d1940 5 bytes JMP 0000000100070230
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776d1b00 5 bytes JMP 0000000100070480
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776d1b30 5 bytes JMP 00000001000703a0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776d1c10 5 bytes JMP 00000001000702f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776d1c20 5 bytes JMP 0000000100070350
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776d1c80 5 bytes JMP 0000000100070290
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776d1d10 5 bytes JMP 00000001000702b0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776d1d30 5 bytes JMP 00000001000703d0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776d1d40 5 bytes JMP 0000000100070330
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776d1db0 5 bytes JMP 0000000100070410
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776d1de0 5 bytes JMP 0000000100070240
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776d20a0 5 bytes JMP 00000001000701e0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776d2160 5 bytes JMP 0000000100070250
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776d2190 5 bytes JMP 0000000100070490
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776d21a0 5 bytes JMP 00000001000704a0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776d21d0 5 bytes JMP 0000000100070300
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776d21e0 5 bytes JMP 0000000100070360
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776d2240 5 bytes JMP 00000001000702a0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776d2290 5 bytes JMP 00000001000702c0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d22c0 5 bytes JMP 0000000100070380
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776d22d0 5 bytes JMP 0000000100070340
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776d25c0 5 bytes JMP 0000000100070440
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776d27c0 5 bytes JMP 0000000100070260
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776d27d0 5 bytes JMP 0000000100070270
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776d27e0 5 bytes JMP 0000000100070400
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776d29a0 5 bytes JMP 00000001000701f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776d29b0 5 bytes JMP 0000000100070210
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776d2a20 5 bytes JMP 0000000100070200
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776d2a80 5 bytes JMP 0000000100070420
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776d2a90 5 bytes JMP 0000000100070430
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776d2aa0 5 bytes JMP 0000000100070220
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1564] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776d2b80 5 bytes JMP 0000000100070280
.text C:\Windows\system32\nvvsvc.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776d1360 5 bytes JMP 0000000077830460
.text C:\Windows\system32\nvvsvc.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776d13b0 5 bytes JMP 0000000077830450
.text C:\Windows\system32\nvvsvc.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1510 5 bytes JMP 0000000077830370
.text C:\Windows\system32\nvvsvc.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776d1560 5 bytes JMP 0000000077830470
.text C:\Windows\system32\nvvsvc.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776d1570 5 bytes JMP 00000000778303e0
.text C:\Windows\system32\nvvsvc.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776d1620 5 bytes JMP 0000000077830320
.text C:\Windows\system32\nvvsvc.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776d1650 5 bytes JMP 00000000778303b0
.text C:\Windows\system32\nvvsvc.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776d1670 5 bytes JMP 0000000077830390
.text C:\Windows\system32\nvvsvc.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776d16b0 5 bytes JMP 00000000778302e0
.text C:\Windows\system32\nvvsvc.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776d1730 5 bytes JMP 00000000778302d0
.text C:\Windows\system32\nvvsvc.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776d1750 5 bytes JMP 0000000077830310
.text C:\Windows\system32\nvvsvc.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776d1790 5 bytes JMP 00000000778303c0
.text C:\Windows\system32\nvvsvc.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776d17e0 5 bytes JMP 00000000778303f0
.text C:\Windows\system32\nvvsvc.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776d1940 5 bytes JMP 0000000077830230
.text C:\Windows\system32\nvvsvc.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776d1b00 5 bytes JMP 0000000077830480
.text C:\Windows\system32\nvvsvc.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776d1b30 5 bytes JMP 00000000778303a0
.text C:\Windows\system32\nvvsvc.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776d1c10 5 bytes JMP 00000000778302f0
.text C:\Windows\system32\nvvsvc.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776d1c20 5 bytes JMP 0000000077830350
.text C:\Windows\system32\nvvsvc.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776d1c80 5 bytes JMP 0000000077830290
.text C:\Windows\system32\nvvsvc.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776d1d10 5 bytes JMP 00000000778302b0
.text C:\Windows\system32\nvvsvc.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776d1d30 5 bytes JMP 00000000778303d0
.text C:\Windows\system32\nvvsvc.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776d1d40 5 bytes JMP 0000000077830330
.text C:\Windows\system32\nvvsvc.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776d1db0 5 bytes JMP 0000000077830410
.text C:\Windows\system32\nvvsvc.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776d1de0 5 bytes JMP 0000000077830240
.text C:\Windows\system32\nvvsvc.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776d20a0 5 bytes JMP 00000000778301e0
.text C:\Windows\system32\nvvsvc.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776d2160 5 bytes JMP 0000000077830250
.text C:\Windows\system32\nvvsvc.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776d2190 5 bytes JMP 0000000077830490
.text C:\Windows\system32\nvvsvc.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776d21a0 5 bytes JMP 00000000778304a0
.text C:\Windows\system32\nvvsvc.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776d21d0 5 bytes JMP 0000000077830300
.text C:\Windows\system32\nvvsvc.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776d21e0 5 bytes JMP 0000000077830360
.text C:\Windows\system32\nvvsvc.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776d2240 5 bytes JMP 00000000778302a0
.text C:\Windows\system32\nvvsvc.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776d2290 5 bytes JMP 00000000778302c0
.text C:\Windows\system32\nvvsvc.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d22c0 5 bytes JMP 0000000077830380
.text C:\Windows\system32\nvvsvc.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776d22d0 5 bytes JMP 0000000077830340
.text C:\Windows\system32\nvvsvc.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776d25c0 5 bytes JMP 0000000077830440
.text C:\Windows\system32\nvvsvc.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776d27c0 5 bytes JMP 0000000077830260
.text C:\Windows\system32\nvvsvc.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776d27d0 5 bytes JMP 0000000077830270
.text C:\Windows\system32\nvvsvc.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776d27e0 5 bytes JMP 0000000077830400
.text C:\Windows\system32\nvvsvc.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776d29a0 5 bytes JMP 00000000778301f0
.text C:\Windows\system32\nvvsvc.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776d29b0 5 bytes JMP 0000000077830210
.text C:\Windows\system32\nvvsvc.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776d2a20 5 bytes JMP 0000000077830200
.text C:\Windows\system32\nvvsvc.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776d2a80 5 bytes JMP 0000000077830420
.text C:\Windows\system32\nvvsvc.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776d2a90 5 bytes JMP 0000000077830430
.text C:\Windows\system32\nvvsvc.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776d2aa0 5 bytes JMP 0000000077830220
.text C:\Windows\system32\nvvsvc.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776d2b80 5 bytes JMP 0000000077830280
.text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776d1360 5 bytes JMP 0000000077830460
.text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776d13b0 5 bytes JMP 0000000077830450
.text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1510 5 bytes JMP 0000000077830370
.text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776d1560 5 bytes JMP 0000000077830470
.text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776d1570 5 bytes JMP 00000000778303e0
.text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776d1620 5 bytes JMP 0000000077830320
.text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776d1650 5 bytes JMP 00000000778303b0
.text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776d1670 5 bytes JMP 0000000077830390
.text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776d16b0 5 bytes JMP 00000000778302e0
.text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776d1730 5 bytes JMP 00000000778302d0
.text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776d1750 5 bytes JMP 0000000077830310
.text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776d1790 5 bytes JMP 00000000778303c0
.text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776d17e0 5 bytes JMP 00000000778303f0
.text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry
|
|
27.12.2014, 21:16
| #5 |
| | "VBS:Malware-gen" auf USB Stick gefunden. Bitte um ÜberprüfungCode:
ATTFilter .text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776d1b00 5 bytes JMP 0000000077830480
.text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776d1b30 5 bytes JMP 00000000778303a0
.text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776d1c10 5 bytes JMP 00000000778302f0
.text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776d1c20 5 bytes JMP 0000000077830350
.text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776d1c80 5 bytes JMP 0000000077830290
.text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776d1d10 5 bytes JMP 00000000778302b0
.text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776d1d30 5 bytes JMP 00000000778303d0
.text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776d1d40 5 bytes JMP 0000000077830330
.text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776d1db0 5 bytes JMP 0000000077830410
.text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776d1de0 5 bytes JMP 0000000077830240
.text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776d20a0 5 bytes JMP 00000000778301e0
.text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776d2160 5 bytes JMP 0000000077830250
.text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776d2190 5 bytes JMP 0000000077830490
.text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776d21a0 5 bytes JMP 00000000778304a0
.text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776d21d0 5 bytes JMP 0000000077830300
.text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776d21e0 5 bytes JMP 0000000077830360
.text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776d2240 5 bytes JMP 00000000778302a0
.text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776d2290 5 bytes JMP 00000000778302c0
.text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d22c0 5 bytes JMP 0000000077830380
.text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776d22d0 5 bytes JMP 0000000077830340
.text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776d25c0 5 bytes JMP 0000000077830440
.text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776d27c0 5 bytes JMP 0000000077830260
.text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776d27d0 5 bytes JMP 0000000077830270
.text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776d27e0 5 bytes JMP 0000000077830400
.text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776d29a0 5 bytes JMP 00000000778301f0
.text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776d29b0 5 bytes JMP 0000000077830210
.text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776d2a20 5 bytes JMP 0000000077830200
.text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776d2a80 5 bytes JMP 0000000077830420
.text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776d2a90 5 bytes JMP 0000000077830430
.text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776d2aa0 5 bytes JMP 0000000077830220
.text C:\Windows\System32\spoolsv.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776d2b80 5 bytes JMP 0000000077830280
.text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776d1360 5 bytes JMP 0000000077830460
.text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776d13b0 5 bytes JMP 0000000077830450
.text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1510 5 bytes JMP 0000000077830370
.text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776d1560 5 bytes JMP 0000000077830470
.text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776d1570 5 bytes JMP 00000000778303e0
.text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776d1620 5 bytes JMP 0000000077830320
.text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776d1650 5 bytes JMP 00000000778303b0
.text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776d1670 5 bytes JMP 0000000077830390
.text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776d16b0 5 bytes JMP 00000000778302e0
.text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776d1730 5 bytes JMP 00000000778302d0
.text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776d1750 5 bytes JMP 0000000077830310
.text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776d1790 5 bytes JMP 00000000778303c0
.text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776d17e0 5 bytes JMP 00000000778303f0
.text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776d1940 5 bytes JMP 0000000077830230
.text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776d1b00 5 bytes JMP 0000000077830480
.text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776d1b30 5 bytes JMP 00000000778303a0
.text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776d1c10 5 bytes JMP 00000000778302f0
.text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776d1c20 5 bytes JMP 0000000077830350
.text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776d1c80 5 bytes JMP 0000000077830290
.text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776d1d10 5 bytes JMP 00000000778302b0
.text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776d1d30 5 bytes JMP 00000000778303d0
.text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776d1d40 5 bytes JMP 0000000077830330
.text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776d1db0 5 bytes JMP 0000000077830410
.text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776d1de0 5 bytes JMP 0000000077830240
.text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776d20a0 5 bytes JMP 00000000778301e0
.text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776d2160 5 bytes JMP 0000000077830250
.text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776d2190 5 bytes JMP 0000000077830490
.text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776d21a0 5 bytes JMP 00000000778304a0
.text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776d21d0 5 bytes JMP 0000000077830300
.text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776d21e0 5 bytes JMP 0000000077830360
.text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776d2240 5 bytes JMP 00000000778302a0
.text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776d2290 5 bytes JMP 00000000778302c0
.text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d22c0 5 bytes JMP 0000000077830380
.text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776d22d0 5 bytes JMP 0000000077830340
.text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776d25c0 5 bytes JMP 0000000077830440
.text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776d27c0 5 bytes JMP 0000000077830260
.text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776d27d0 5 bytes JMP 0000000077830270
.text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776d27e0 5 bytes JMP 0000000077830400
.text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776d29a0 5 bytes JMP 00000000778301f0
.text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776d29b0 5 bytes JMP 0000000077830210
.text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776d2a20 5 bytes JMP 0000000077830200
.text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776d2a80 5 bytes JMP 0000000077830420
.text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776d2a90 5 bytes JMP 0000000077830430
.text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776d2aa0 5 bytes JMP 0000000077830220
.text C:\Windows\system32\svchost.exe[1788] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776d2b80 5 bytes JMP 0000000077830280
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776d1360 5 bytes JMP 0000000100070460
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776d13b0 5 bytes JMP 0000000100070450
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1510 5 bytes JMP 0000000100070370
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776d1560 5 bytes JMP 0000000100070470
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776d1570 5 bytes JMP 00000001000703e0
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776d1620 5 bytes JMP 0000000100070320
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776d1650 5 bytes JMP 00000001000703b0
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776d1670 5 bytes JMP 0000000100070390
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776d16b0 5 bytes JMP 00000001000702e0
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776d1730 5 bytes JMP 00000001000702d0
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776d1750 5 bytes JMP 0000000100070310
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776d1790 5 bytes JMP 00000001000703c0
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776d17e0 5 bytes JMP 00000001000703f0
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776d1940 5 bytes JMP 0000000100070230
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776d1b00 5 bytes JMP 0000000100070480
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776d1b30 5 bytes JMP 00000001000703a0
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776d1c10 5 bytes JMP 00000001000702f0
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776d1c20 5 bytes JMP 0000000100070350
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776d1c80 5 bytes JMP 0000000100070290
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776d1d10 5 bytes JMP 00000001000702b0
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776d1d30 5 bytes JMP 00000001000703d0
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776d1d40 5 bytes JMP 0000000100070330
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776d1db0 5 bytes JMP 0000000100070410
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776d1de0 5 bytes JMP 0000000100070240
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776d20a0 5 bytes JMP 00000001000701e0
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776d2160 5 bytes JMP 0000000100070250
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776d2190 5 bytes JMP 0000000100070490
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776d21a0 5 bytes JMP 00000001000704a0
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776d21d0 5 bytes JMP 0000000100070300
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776d21e0 5 bytes JMP 0000000100070360
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776d2240 5 bytes JMP 00000001000702a0
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776d2290 5 bytes JMP 00000001000702c0
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d22c0 5 bytes JMP 0000000100070380
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776d22d0 5 bytes JMP 0000000100070340
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776d25c0 5 bytes JMP 0000000100070440
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776d27c0 5 bytes JMP 0000000100070260
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776d27d0 5 bytes JMP 0000000100070270
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776d27e0 5 bytes JMP 0000000100070400
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776d29a0 5 bytes JMP 00000001000701f0
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776d29b0 5 bytes JMP 0000000100070210
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776d2a20 5 bytes JMP 0000000100070200
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776d2a80 5 bytes JMP 0000000100070420
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776d2a90 5 bytes JMP 0000000100070430
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776d2aa0 5 bytes JMP 0000000100070220
.text C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776d2b80 5 bytes JMP 0000000100070280
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776d1360 5 bytes JMP 0000000077830460
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776d13b0 5 bytes JMP 0000000077830450
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1510 5 bytes JMP 0000000077830370
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776d1560 5 bytes JMP 0000000077830470
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776d1570 5 bytes JMP 00000000778303e0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776d1620 5 bytes JMP 0000000077830320
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776d1650 5 bytes JMP 00000000778303b0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776d1670 5 bytes JMP 0000000077830390
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776d16b0 5 bytes JMP 00000000778302e0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776d1730 5 bytes JMP 00000000778302d0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776d1750 5 bytes JMP 0000000077830310
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776d1790 5 bytes JMP 00000000778303c0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776d17e0 5 bytes JMP 00000000778303f0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776d1940 5 bytes JMP 0000000077830230
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776d1b00 5 bytes JMP 0000000077830480
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776d1b30 5 bytes JMP 00000000778303a0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776d1c10 5 bytes JMP 00000000778302f0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776d1c20 5 bytes JMP 0000000077830350
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776d1c80 5 bytes JMP 0000000077830290
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776d1d10 5 bytes JMP 00000000778302b0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776d1d30 5 bytes JMP 00000000778303d0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776d1d40 5 bytes JMP 0000000077830330
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776d1db0 5 bytes JMP 0000000077830410
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776d1de0 5 bytes JMP 0000000077830240
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776d20a0 5 bytes JMP 00000000778301e0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776d2160 5 bytes JMP 0000000077830250
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776d2190 5 bytes JMP 0000000077830490
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776d21a0 5 bytes JMP 00000000778304a0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776d21d0 5 bytes JMP 0000000077830300
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776d21e0 5 bytes JMP 0000000077830360
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776d2240 5 bytes JMP 00000000778302a0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776d2290 5 bytes JMP 00000000778302c0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d22c0 5 bytes JMP 0000000077830380
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776d22d0 5 bytes JMP 0000000077830340
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776d25c0 5 bytes JMP 0000000077830440
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776d27c0 5 bytes JMP 0000000077830260
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776d27d0 5 bytes JMP 0000000077830270
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776d27e0 5 bytes JMP 0000000077830400
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776d29a0 5 bytes JMP 00000000778301f0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776d29b0 5 bytes JMP 0000000077830210
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776d2a20 5 bytes JMP 0000000077830200
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776d2a80 5 bytes JMP 0000000077830420
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776d2a90 5 bytes JMP 0000000077830430
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776d2aa0 5 bytes JMP 0000000077830220
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2064] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776d2b80 5 bytes JMP 0000000077830280
.text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776d1360 5 bytes JMP 0000000077830460
.text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776d13b0 5 bytes JMP 0000000077830450
.text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1510 5 bytes JMP 0000000077830370
.text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776d1560 5 bytes JMP 0000000077830470
.text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776d1570 5 bytes JMP 00000000778303e0
.text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776d1620 5 bytes JMP 0000000077830320
.text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776d1650 5 bytes JMP 00000000778303b0
.text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776d1670 5 bytes JMP 0000000077830390
.text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776d16b0 5 bytes JMP 00000000778302e0
.text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776d1730 5 bytes JMP 00000000778302d0
.text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776d1750 5 bytes JMP 0000000077830310
.text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776d1790 5 bytes JMP 00000000778303c0
.text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776d17e0 5 bytes JMP 00000000778303f0
.text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776d1940 5 bytes JMP 0000000077830230
.text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776d1b00 5 bytes JMP 0000000077830480
.text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776d1b30 5 bytes JMP 00000000778303a0
.text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776d1c10 5 bytes JMP 00000000778302f0
.text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776d1c20 5 bytes JMP 0000000077830350
.text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776d1c80 5 bytes JMP 0000000077830290
.text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776d1d10 5 bytes JMP 00000000778302b0
.text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776d1d30 5 bytes JMP 00000000778303d0
.text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776d1d40 5 bytes JMP 0000000077830330
.text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776d1db0 5 bytes JMP 0000000077830410
.text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776d1de0 5 bytes JMP 0000000077830240
.text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776d20a0 5 bytes JMP 00000000778301e0
.text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776d2160 5 bytes JMP 0000000077830250
.text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776d2190 5 bytes JMP 0000000077830490
.text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776d21a0 5 bytes JMP 00000000778304a0
.text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776d21d0 5 bytes JMP 0000000077830300
.text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776d21e0 5 bytes JMP 0000000077830360
.text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776d2240 5 bytes JMP 00000000778302a0
.text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776d2290 5 bytes JMP 00000000778302c0
.text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d22c0 5 bytes JMP 0000000077830380
.text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776d22d0 5 bytes JMP 0000000077830340
.text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776d25c0 5 bytes JMP 0000000077830440
.text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776d27c0 5 bytes JMP 0000000077830260
.text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776d27d0 5 bytes JMP 0000000077830270
.text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776d27e0 5 bytes JMP 0000000077830400
.text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776d29a0 5 bytes JMP 00000000778301f0
.text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776d29b0 5 bytes JMP 0000000077830210
.text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776d2a20 5 bytes JMP 0000000077830200
.text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776d2a80 5 bytes JMP 0000000077830420
.text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776d2a90 5 bytes JMP 0000000077830430
.text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776d2aa0 5 bytes JMP 0000000077830220
.text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776d2b80 5 bytes JMP 0000000077830280
.text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776d1360 5 bytes JMP 0000000100070460
.text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776d13b0 5 bytes JMP 0000000100070450
.text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1510 5 bytes JMP 0000000100070370
.text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776d1560 5 bytes JMP 0000000100070470
.text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776d1570 5 bytes JMP 00000001000703e0
.text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776d1620 5 bytes JMP 0000000100070320
.text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776d1650 5 bytes JMP 00000001000703b0
.text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776d1670 5 bytes JMP 0000000100070390
.text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776d16b0 5 bytes JMP 00000001000702e0
.text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776d1730 5 bytes JMP 00000001000702d0
.text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776d1750 5 bytes JMP 0000000100070310
.text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776d1790 5 bytes JMP 00000001000703c0
.text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776d17e0 5 bytes JMP 00000001000703f0
.text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776d1940 5 bytes JMP 0000000100070230
.text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776d1b00 5 bytes JMP 0000000100070480
.text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776d1b30 5 bytes JMP 00000001000703a0
.text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776d1c10 5 bytes JMP 00000001000702f0
.text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776d1c20 5 bytes JMP 0000000100070350
.text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776d1c80 5 bytes JMP 0000000100070290
.text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776d1d10 5 bytes JMP 00000001000702b0
.text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776d1d30 5 bytes JMP 00000001000703d0
.text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776d1d40 5 bytes JMP 0000000100070330
.text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776d1db0 5 bytes JMP 0000000100070410
.text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776d1de0 5 bytes JMP 0000000100070240
.text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776d20a0 5 bytes JMP 00000001000701e0
.text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776d2160 5 bytes JMP 0000000100070250
.text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776d2190 5 bytes JMP 0000000100070490
.text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776d21a0 5 bytes JMP 00000001000704a0
.text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776d21d0 5 bytes JMP 0000000100070300
.text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776d21e0 5 bytes JMP 0000000100070360
.text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776d2240 5 bytes JMP 00000001000702a0
.text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776d2290 5 bytes JMP 00000001000702c0
.text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d22c0 5 bytes JMP 0000000100070380
.text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776d22d0 5 bytes JMP 0000000100070340
.text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776d25c0 5 bytes JMP 0000000100070440
.text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776d27c0 5 bytes JMP 0000000100070260
.text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776d27d0 5 bytes JMP 0000000100070270
.text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776d27e0 5 bytes JMP 0000000100070400
.text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776d29a0 5 bytes JMP 00000001000701f0
.text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776d29b0 5 bytes JMP 0000000100070210
.text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776d2a20 5 bytes JMP 0000000100070200
.text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776d2a80 5 bytes JMP 0000000100070420
.text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776d2a90 5 bytes JMP 0000000100070430
.text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776d2aa0 5 bytes JMP 0000000100070220
.text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[2240] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776d2b80 5 bytes JMP 0000000100070280
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776d1360 5 bytes JMP 0000000077830460
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776d13b0 5 bytes JMP 0000000077830450
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1510 5 bytes JMP 0000000077830370
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776d1560 5 bytes JMP 0000000077830470
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776d1570 5 bytes JMP 00000000778303e0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776d1620 5 bytes JMP 0000000077830320
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776d1650 5 bytes JMP 00000000778303b0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776d1670 5 bytes JMP 0000000077830390
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776d16b0 5 bytes JMP 00000000778302e0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776d1730 5 bytes JMP 00000000778302d0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776d1750 5 bytes JMP 0000000077830310
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776d1790 5 bytes JMP 00000000778303c0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776d17e0 5 bytes JMP 00000000778303f0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776d1940 5 bytes JMP 0000000077830230
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776d1b00 5 bytes JMP 0000000077830480
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776d1b30 5 bytes JMP 00000000778303a0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776d1c10 5 bytes JMP 00000000778302f0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776d1c20 5 bytes JMP 0000000077830350
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776d1c80 5 bytes JMP 0000000077830290
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776d1d10 5 bytes JMP 00000000778302b0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776d1d30 5 bytes JMP 00000000778303d0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776d1d40 5 bytes JMP 0000000077830330
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776d1db0 5 bytes JMP 0000000077830410
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776d1de0 5 bytes JMP 0000000077830240
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776d20a0 5 bytes JMP 00000000778301e0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776d2160 5 bytes JMP 0000000077830250
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776d2190 5 bytes JMP 0000000077830490
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776d21a0 5 bytes JMP 00000000778304a0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776d21d0 5 bytes JMP 0000000077830300
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776d21e0 5 bytes JMP 0000000077830360
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776d2240 5 bytes JMP 00000000778302a0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776d2290 5 bytes JMP 00000000778302c0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d22c0 5 bytes JMP 0000000077830380
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776d22d0 5 bytes JMP 0000000077830340
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776d25c0 5 bytes JMP 0000000077830440
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776d27c0 5 bytes JMP 0000000077830260
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776d27d0 5 bytes JMP 0000000077830270
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776d27e0 5 bytes JMP 0000000077830400
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776d29a0 5 bytes JMP 00000000778301f0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776d29b0 5 bytes JMP 0000000077830210
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776d2a20 5 bytes JMP 0000000077830200
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776d2a80 5 bytes JMP 0000000077830420
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776d2a90 5 bytes JMP 0000000077830430
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776d2aa0 5 bytes JMP 0000000077830220
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2644] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776d2b80 5 bytes JMP 0000000077830280
.text C:\Program Files\OO Software\Defrag\oodag.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776d1360 5 bytes JMP 0000000077830460
.text C:\Program Files\OO Software\Defrag\oodag.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776d13b0 5 bytes JMP 0000000077830450
.text C:\Program Files\OO Software\Defrag\oodag.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1510 5 bytes JMP 0000000077830370
.text C:\Program Files\OO Software\Defrag\oodag.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776d1560 5 bytes JMP 0000000077830470
.text C:\Program Files\OO Software\Defrag\oodag.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776d1570 5 bytes JMP 00000000778303e0
.text C:\Program Files\OO Software\Defrag\oodag.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776d1620 5 bytes JMP 0000000077830320
.text C:\Program Files\OO Software\Defrag\oodag.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776d1650 5 bytes JMP 00000000778303b0
.text C:\Program Files\OO Software\Defrag\oodag.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776d1670 5 bytes JMP 0000000077830390
.text C:\Program Files\OO Software\Defrag\oodag.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776d16b0 5 bytes JMP 00000000778302e0
.text C:\Program Files\OO Software\Defrag\oodag.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776d1730 5 bytes JMP 00000000778302d0
.text C:\Program Files\OO Software\Defrag\oodag.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776d1750 5 bytes JMP 0000000077830310
.text C:\Program Files\OO Software\Defrag\oodag.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776d1790 5 bytes JMP 00000000778303c0
.text C:\Program Files\OO Software\Defrag\oodag.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776d17e0 5 bytes JMP 00000000778303f0
.text C:\Program Files\OO Software\Defrag\oodag.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776d1940 5 bytes JMP 0000000077830230
.text C:\Program Files\OO Software\Defrag\oodag.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776d1b00 5 bytes JMP 0000000077830480
.text C:\Program Files\OO Software\Defrag\oodag.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776d1b30 5 bytes JMP 00000000778303a0
.text C:\Program Files\OO Software\Defrag\oodag.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776d1c10 5 bytes JMP 00000000778302f0
.text C:\Program Files\OO Software\Defrag\oodag.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776d1c20 5 bytes JMP 0000000077830350
.text C:\Program Files\OO Software\Defrag\oodag.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776d1c80 5 bytes JMP 0000000077830290
.text C:\Program Files\OO Software\Defrag\oodag.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776d1d10 5 bytes JMP 00000000778302b0
.text C:\Program Files\OO Software\Defrag\oodag.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776d1d30 5 bytes JMP 00000000778303d0
.text C:\Program Files\OO Software\Defrag\oodag.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776d1d40 5 bytes JMP 0000000077830330
.text C:\Program Files\OO Software\Defrag\oodag.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776d1db0 5 bytes JMP 0000000077830410
.text C:\Program Files\OO Software\Defrag\oodag.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776d1de0 5 bytes JMP 0000000077830240
.text C:\Program Files\OO Software\Defrag\oodag.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776d20a0 5 bytes JMP 00000000778301e0
.text C:\Program Files\OO Software\Defrag\oodag.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776d2160 5 bytes JMP 0000000077830250
.text C:\Program Files\OO Software\Defrag\oodag.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776d2190 5 bytes JMP 0000000077830490
.text C:\Program Files\OO Software\Defrag\oodag.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776d21a0 5 bytes JMP 00000000778304a0
.text C:\Program Files\OO Software\Defrag\oodag.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776d21d0 5 bytes JMP 0000000077830300
.text C:\Program Files\OO Software\Defrag\oodag.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776d21e0 5 bytes JMP 0000000077830360
.text C:\Program Files\OO Software\Defrag\oodag.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776d2240 5 bytes JMP 00000000778302a0
.text C:\Program Files\OO Software\Defrag\oodag.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776d2290 5 bytes JMP 00000000778302c0
.text C:\Program Files\OO Software\Defrag\oodag.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d22c0 5 bytes JMP 0000000077830380
.text C:\Program Files\OO Software\Defrag\oodag.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776d22d0 5 bytes JMP 0000000077830340
.text C:\Program Files\OO Software\Defrag\oodag.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776d25c0 5 bytes JMP 0000000077830440
.text C:\Program Files\OO Software\Defrag\oodag.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776d27c0 5 bytes JMP 0000000077830260
.text C:\Program Files\OO Software\Defrag\oodag.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776d27d0 5 bytes JMP 0000000077830270
.text C:\Program Files\OO Software\Defrag\oodag.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776d27e0 5 bytes JMP 0000000077830400
.text C:\Program Files\OO Software\Defrag\oodag.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776d29a0 5 bytes JMP 00000000778301f0
.text C:\Program Files\OO Software\Defrag\oodag.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776d29b0 5 bytes JMP 0000000077830210
.text C:\Program Files\OO Software\Defrag\oodag.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776d2a20 5 bytes JMP 0000000077830200
.text C:\Program Files\OO Software\Defrag\oodag.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776d2a80 5 bytes JMP 0000000077830420
.text C:\Program Files\OO Software\Defrag\oodag.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776d2a90 5 bytes JMP 0000000077830430
.text C:\Program Files\OO Software\Defrag\oodag.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776d2aa0 5 bytes JMP 0000000077830220
.text C:\Program Files\OO Software\Defrag\oodag.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776d2b80 5 bytes JMP 0000000077830280
.text C:\Windows\SysWOW64\PnkBstrA.exe[2956] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 00000000749a1a22 2 bytes [9A, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2956] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 00000000749a1ad0 2 bytes [9A, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2956] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 00000000749a1b08 2 bytes [9A, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2956] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 00000000749a1bba 2 bytes [9A, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2956] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762
|
|
27.12.2014, 21:17
| #6 |
| | "VBS:Malware-gen" auf USB Stick gefunden. Bitte um ÜberprüfungCode:
ATTFilter .text C:\Windows\SysWOW64\PnkBstrA.exe[2956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000770c1465 2 bytes [0C, 77]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770c14bb 2 bytes [0C, 77]
.text ... * 2
.text C:\Program Files (x86)\SplitCam\SplitCamService.exe[2072] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 00000000705b11a8 2 bytes [5B, 70]
.text C:\Program Files (x86)\SplitCam\SplitCamService.exe[2072] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 00000000705b13a8 2 bytes [5B, 70]
.text C:\Program Files (x86)\SplitCam\SplitCamService.exe[2072] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 00000000705b1422 2 bytes [5B, 70]
.text C:\Program Files (x86)\SplitCam\SplitCamService.exe[2072] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 00000000705b1498 2 bytes [5B, 70]
.text C:\Program Files (x86)\SplitCam\SplitCamService.exe[2072] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195 00000000703d1b41 2 bytes [3D, 70]
.text C:\Program Files (x86)\SplitCam\SplitCamService.exe[2072] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362 00000000703d1be8 2 bytes [3D, 70]
.text C:\Program Files (x86)\SplitCam\SplitCamService.exe[2072] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418 00000000703d1c20 2 bytes [3D, 70]
.text C:\Program Files (x86)\SplitCam\SplitCamService.exe[2072] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596 00000000703d1cd2 2 bytes [3D, 70]
.text C:\Program Files (x86)\SplitCam\SplitCamService.exe[2072] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628 00000000703d1cf2 2 bytes [3D, 70]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776d1360 5 bytes JMP 0000000100070460
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776d13b0 5 bytes JMP 0000000100070450
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1510 5 bytes JMP 0000000100070370
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776d1560 5 bytes JMP 0000000100070470
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776d1570 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776d1620 5 bytes JMP 0000000100070320
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776d1650 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776d1670 5 bytes JMP 0000000100070390
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776d16b0 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776d1730 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776d1750 5 bytes JMP 0000000100070310
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776d1790 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776d17e0 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776d1940 5 bytes JMP 0000000100070230
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776d1b00 5 bytes JMP 0000000100070480
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776d1b30 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776d1c10 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776d1c20 5 bytes JMP 0000000100070350
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776d1c80 5 bytes JMP 0000000100070290
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776d1d10 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776d1d30 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776d1d40 5 bytes JMP 0000000100070330
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776d1db0 5 bytes JMP 0000000100070410
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776d1de0 5 bytes JMP 0000000100070240
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776d20a0 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776d2160 5 bytes JMP 0000000100070250
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776d2190 5 bytes JMP 0000000100070490
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776d21a0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776d21d0 5 bytes JMP 0000000100070300
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776d21e0 5 bytes JMP 0000000100070360
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776d2240 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776d2290 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d22c0 5 bytes JMP 0000000100070380
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776d22d0 5 bytes JMP 0000000100070340
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776d25c0 5 bytes JMP 0000000100070440
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776d27c0 5 bytes JMP 0000000100070260
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776d27d0 5 bytes JMP 0000000100070270
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776d27e0 5 bytes JMP 0000000100070400
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776d29a0 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776d29b0 5 bytes JMP 0000000100070210
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776d2a20 5 bytes JMP 0000000100070200
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776d2a80 5 bytes JMP 0000000100070420
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776d2a90 5 bytes JMP 0000000100070430
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776d2aa0 5 bytes JMP 0000000100070220
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776d2b80 5 bytes JMP 0000000100070280
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776d1360 5 bytes JMP 0000000077830460
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776d13b0 5 bytes JMP 0000000077830450
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1510 5 bytes JMP 0000000077830370
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776d1560 5 bytes JMP 0000000077830470
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776d1570 5 bytes JMP 00000000778303e0
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776d1620 5 bytes JMP 0000000077830320
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776d1650 5 bytes JMP 00000000778303b0
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776d1670 5 bytes JMP 0000000077830390
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776d16b0 5 bytes JMP 00000000778302e0
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776d1730 5 bytes JMP 00000000778302d0
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776d1750 5 bytes JMP 0000000077830310
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776d1790 5 bytes JMP 00000000778303c0
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776d17e0 5 bytes JMP 00000000778303f0
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776d1940 5 bytes JMP 0000000077830230
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776d1b00 5 bytes JMP 0000000077830480
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776d1b30 5 bytes JMP 00000000778303a0
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776d1c10 5 bytes JMP 00000000778302f0
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776d1c20 5 bytes JMP 0000000077830350
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776d1c80 5 bytes JMP 0000000077830290
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776d1d10 5 bytes JMP 00000000778302b0
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776d1d30 5 bytes JMP 00000000778303d0
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776d1d40 5 bytes JMP 0000000077830330
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776d1db0 5 bytes JMP 0000000077830410
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776d1de0 5 bytes JMP 0000000077830240
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776d20a0 5 bytes JMP 00000000778301e0
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776d2160 5 bytes JMP 0000000077830250
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776d2190 5 bytes JMP 0000000077830490
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776d21a0 5 bytes JMP 00000000778304a0
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776d21d0 5 bytes JMP 0000000077830300
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776d21e0 5 bytes JMP 0000000077830360
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776d2240 5 bytes JMP 00000000778302a0
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776d2290 5 bytes JMP 00000000778302c0
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d22c0 5 bytes JMP 0000000077830380
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776d22d0 5 bytes JMP 0000000077830340
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776d25c0 5 bytes JMP 0000000077830440
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776d27c0 5 bytes JMP 0000000077830260
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776d27d0 5 bytes JMP 0000000077830270
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776d27e0 5 bytes JMP 0000000077830400
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776d29a0 5 bytes JMP 00000000778301f0
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776d29b0 5 bytes JMP 0000000077830210
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776d2a20 5 bytes JMP 0000000077830200
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776d2a80 5 bytes JMP 0000000077830420
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776d2a90 5 bytes JMP 0000000077830430
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776d2aa0 5 bytes JMP 0000000077830220
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776d2b80 5 bytes JMP 0000000077830280
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776d1360 5 bytes JMP 0000000077830460
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776d13b0 5 bytes JMP 0000000077830450
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1510 5 bytes JMP 0000000077830370
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776d1560 5 bytes JMP 0000000077830470
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776d1570 5 bytes JMP 00000000778303e0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776d1620 5 bytes JMP 0000000077830320
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776d1650 5 bytes JMP 00000000778303b0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776d1670 5 bytes JMP 0000000077830390
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776d16b0 5 bytes JMP 00000000778302e0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776d1730 5 bytes JMP 00000000778302d0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776d1750 5 bytes JMP 0000000077830310
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776d1790 5 bytes JMP 00000000778303c0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776d17e0 5 bytes JMP 00000000778303f0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776d1940 5 bytes JMP 0000000077830230
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776d1b00 5 bytes JMP 0000000077830480
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776d1b30 5 bytes JMP 00000000778303a0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776d1c10 5 bytes JMP 00000000778302f0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776d1c20 5 bytes JMP 0000000077830350
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776d1c80 5 bytes JMP 0000000077830290
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776d1d10 5 bytes JMP 00000000778302b0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776d1d30 5 bytes JMP 00000000778303d0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776d1d40 5 bytes JMP 0000000077830330
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776d1db0 5 bytes JMP 0000000077830410
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776d1de0 5 bytes JMP 0000000077830240
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776d20a0 5 bytes JMP 00000000778301e0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776d2160 5 bytes JMP 0000000077830250
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776d2190 5 bytes JMP 0000000077830490
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776d21a0 5 bytes JMP 00000000778304a0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776d21d0 5 bytes JMP 0000000077830300
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776d21e0 5 bytes JMP 0000000077830360
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776d2240 5 bytes JMP 00000000778302a0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776d2290 5 bytes JMP 00000000778302c0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d22c0 5 bytes JMP 0000000077830380
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776d22d0 5 bytes JMP 0000000077830340
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776d25c0 5 bytes JMP 0000000077830440
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776d27c0 5 bytes JMP 0000000077830260
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776d27d0 5 bytes JMP 0000000077830270
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776d27e0 5 bytes JMP 0000000077830400
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776d29a0 5 bytes JMP 00000000778301f0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776d29b0 5 bytes JMP 0000000077830210
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776d2a20 5 bytes JMP 0000000077830200
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776d2a80 5 bytes JMP 0000000077830420
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776d2a90 5 bytes JMP 0000000077830430
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776d2aa0 5 bytes JMP 0000000077830220
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2112] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776d2b80 5 bytes JMP 0000000077830280
.text C:\Windows\system32\wbem\wmiprvse.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776d1360 5 bytes JMP 0000000077830460
.text C:\Windows\system32\wbem\wmiprvse.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776d13b0 5 bytes JMP 0000000077830450
.text C:\Windows\system32\wbem\wmiprvse.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1510 5 bytes JMP 0000000077830370
.text C:\Windows\system32\wbem\wmiprvse.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776d1560 5 bytes JMP 0000000077830470
.text C:\Windows\system32\wbem\wmiprvse.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776d1570 5 bytes JMP 00000000778303e0
.text C:\Windows\system32\wbem\wmiprvse.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776d1620 5 bytes JMP 0000000077830320
.text C:\Windows\system32\wbem\wmiprvse.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776d1650 5 bytes JMP 00000000778303b0
.text C:\Windows\system32\wbem\wmiprvse.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776d1670 5 bytes JMP 0000000077830390
.text C:\Windows\system32\wbem\wmiprvse.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776d16b0 5 bytes JMP 00000000778302e0
.text C:\Windows\system32\wbem\wmiprvse.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776d1730 5 bytes JMP 00000000778302d0
.text C:\Windows\system32\wbem\wmiprvse.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776d1750 5 bytes JMP 0000000077830310
.text C:\Windows\system32\wbem\wmiprvse.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776d1790 5 bytes JMP 00000000778303c0
.text C:\Windows\system32\wbem\wmiprvse.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776d17e0 5 bytes JMP 00000000778303f0
.text C:\Windows\system32\wbem\wmiprvse.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776d1940 5 bytes JMP 0000000077830230
.text C:\Windows\system32\wbem\wmiprvse.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776d1b00 5 bytes JMP 0000000077830480
.text C:\Windows\system32\wbem\wmiprvse.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776d1b30 5 bytes JMP 00000000778303a0
.text C:\Windows\system32\wbem\wmiprvse.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776d1c10 5 bytes JMP 00000000778302f0
.text C:\Windows\system32\wbem\wmiprvse.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776d1c20 5 bytes JMP 0000000077830350
.text C:\Windows\system32\wbem\wmiprvse.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776d1c80 5 bytes JMP 0000000077830290
.text C:\Windows\system32\wbem\wmiprvse.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776d1d10 5 bytes JMP 00000000778302b0
.text C:\Windows\system32\wbem\wmiprvse.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776d1d30 5 bytes JMP 00000000778303d0
.text C:\Windows\system32\wbem\wmiprvse.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776d1d40 5 bytes JMP 0000000077830330
.text C:\Windows\system32\wbem\wmiprvse.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776d1db0 5 bytes JMP 0000000077830410
.text C:\Windows\system32\wbem\wmiprvse.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776d1de0 5 bytes JMP 0000000077830240
.text C:\Windows\system32\wbem\wmiprvse.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776d20a0 5 bytes JMP 00000000778301e0
.text C:\Windows\system32\wbem\wmiprvse.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776d2160 5 bytes JMP 0000000077830250
.text C:\Windows\system32\wbem\wmiprvse.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776d2190 5 bytes JMP 0000000077830490
.text C:\Windows\system32\wbem\wmiprvse.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776d21a0 5 bytes JMP 00000000778304a0
.text C:\Windows\system32\wbem\wmiprvse.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776d21d0 5 bytes JMP 0000000077830300
.text C:\Windows\system32\wbem\wmiprvse.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776d21e0 5 bytes JMP 0000000077830360
.text C:\Windows\system32\wbem\wmiprvse.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776d2240 5 bytes JMP 00000000778302a0
.text C:\Windows\system32\wbem\wmiprvse.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776d2290 5 bytes JMP 00000000778302c0
.text C:\Windows\system32\wbem\wmiprvse.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d22c0 5 bytes JMP 0000000077830380
.text C:\Windows\system32\wbem\wmiprvse.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776d22d0 5 bytes JMP 0000000077830340
.text C:\Windows\system32\wbem\wmiprvse.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776d25c0 5 bytes JMP 0000000077830440
.text C:\Windows\system32\wbem\wmiprvse.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776d27c0 5 bytes JMP 0000000077830260
.text C:\Windows\system32\wbem\wmiprvse.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776d27d0 5 bytes JMP 0000000077830270
.text C:\Windows\system32\wbem\wmiprvse.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776d27e0 5 bytes JMP 0000000077830400
.text C:\Windows\system32\wbem\wmiprvse.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776d29a0 5 bytes JMP 00000000778301f0
.text C:\Windows\system32\wbem\wmiprvse.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776d29b0 5 bytes JMP 0000000077830210
.text C:\Windows\system32\wbem\wmiprvse.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776d2a20 5 bytes JMP 0000000077830200
.text C:\Windows\system32\wbem\wmiprvse.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776d2a80 5 bytes JMP 0000000077830420
.text C:\Windows\system32\wbem\wmiprvse.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776d2a90 5 bytes JMP 0000000077830430
.text C:\Windows\system32\wbem\wmiprvse.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776d2aa0 5 bytes JMP 0000000077830220
.text C:\Windows\system32\wbem\wmiprvse.exe[2512] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776d2b80 5 bytes JMP 0000000077830280
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776d1360 5 bytes JMP 0000000077830460
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776d13b0 5 bytes JMP 0000000077830450
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1510 5 bytes JMP 0000000077830370
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776d1560 5 bytes JMP 0000000077830470
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776d1570 5 bytes JMP 00000000778303e0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776d1620 5 bytes JMP 0000000077830320
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776d1650 5 bytes JMP 00000000778303b0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776d1670 5 bytes JMP 0000000077830390
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776d16b0 5 bytes JMP 00000000778302e0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776d1730 5 bytes JMP 00000000778302d0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776d1750 5 bytes JMP 0000000077830310
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776d1790 5 bytes JMP 00000000778303c0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776d17e0 5 bytes JMP 00000000778303f0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776d1940 5 bytes JMP 0000000077830230
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776d1b00 5 bytes JMP 0000000077830480
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776d1b30 5 bytes JMP 00000000778303a0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776d1c10 5 bytes JMP 00000000778302f0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776d1c20 5 bytes JMP 0000000077830350
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776d1c80 5 bytes JMP 0000000077830290
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776d1d10 5 bytes JMP 00000000778302b0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776d1d30 5 bytes JMP 00000000778303d0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776d1d40 5 bytes JMP 0000000077830330
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776d1db0 5 bytes JMP 0000000077830410
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776d1de0 5 bytes JMP 0000000077830240
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776d20a0 5 bytes JMP 00000000778301e0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776d2160 5 bytes JMP 0000000077830250
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776d2190 5 bytes JMP 0000000077830490
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776d21a0 5 bytes JMP 00000000778304a0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776d21d0 5 bytes JMP 0000000077830300
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776d21e0 5 bytes JMP 0000000077830360
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776d2240 5 bytes JMP 00000000778302a0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776d2290 5 bytes JMP 00000000778302c0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d22c0 5 bytes JMP 0000000077830380
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776d22d0 5 bytes JMP 0000000077830340
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776d25c0 5 bytes JMP 0000000077830440
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776d27c0 5 bytes JMP 0000000077830260
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776d27d0 5 bytes JMP 0000000077830270
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776d27e0 5 bytes JMP 0000000077830400
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776d29a0 5 bytes JMP 00000000778301f0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776d29b0 5 bytes JMP 0000000077830210
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776d2a20 5 bytes JMP 0000000077830200
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776d2a80 5 bytes JMP 0000000077830420
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776d2a90 5 bytes JMP 0000000077830430
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776d2aa0 5 bytes JMP 0000000077830220
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776d2b80 5 bytes JMP 0000000077830280
.text C:\Windows\system32\taskhost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776d1360 5 bytes JMP 0000000077830460
.text C:\Windows\system32\taskhost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776d13b0 5 bytes JMP 0000000077830450
.text C:\Windows\system32\taskhost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1510 5 bytes JMP 0000000077830370
.text C:\Windows\system32\taskhost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776d1560 5 bytes JMP 0000000077830470
.text C:\Windows\system32\taskhost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776d1570 5 bytes JMP 00000000778303e0
.text C:\Windows\system32\taskhost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776d1620 5 bytes JMP 0000000077830320
.text C:\Windows\system32\taskhost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776d1650 5 bytes JMP 00000000778303b0
.text C:\Windows\system32\taskhost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776d1670 5 bytes JMP 0000000077830390
.text C:\Windows\system32\taskhost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776d16b0 5 bytes JMP 00000000778302e0
.text C:\Windows\system32\taskhost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776d1730 5 bytes JMP 00000000778302d0
.text C:\Windows\system32\taskhost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776d1750 5 bytes JMP 0000000077830310
.text C:\Windows\system32\taskhost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776d1790 5 bytes JMP 00000000778303c0
.text C:\Windows\system32\taskhost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776d17e0 5 bytes JMP 00000000778303f0
.text C:\Windows\system32\taskhost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776d1940 5 bytes JMP 0000000077830230
.text C:\Windows\system32\taskhost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776d1b00 5 bytes JMP 0000000077830480
.text C:\Windows\system32\taskhost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776d1b30 5 bytes JMP 00000000778303a0
.text C:\Windows\system32\taskhost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776d1c10 5 bytes JMP 00000000778302f0
.text C:\Windows\system32\taskhost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776d1c20 5 bytes JMP 0000000077830350
.text C:\Windows\system32\taskhost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776d1c80 5 bytes JMP 0000000077830290
.text C:\Windows\system32\taskhost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776d1d10 5 bytes JMP 00000000778302b0
.text C:\Windows\system32\taskhost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776d1d30 5 bytes JMP 00000000778303d0
.text C:\Windows\system32\taskhost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776d1d40 5 bytes JMP 0000000077830330
.text C:\Windows\system32\taskhost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776d1db0 5 bytes JMP 0000000077830410
.text C:\Windows\system32\taskhost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776d1de0 5 bytes JMP 0000000077830240
.text C:\Windows\system32\taskhost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776d20a0 5 bytes JMP 00000000778301e0
.text C:\Windows\system32\taskhost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776d2160 5 bytes JMP 0000000077830250
.text C:\Windows\system32\taskhost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776d2190 5 bytes JMP 0000000077830490
.text C:\Windows\system32\taskhost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776d21a0 5 bytes JMP 00000000778304a0
.text C:\Windows\system32\taskhost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776d21d0 5 bytes JMP 0000000077830300
.text C:\Windows\system32\taskhost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776d21e0 5 bytes JMP 0000000077830360
.text C:\Windows\system32\taskhost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776d2240 5 bytes JMP 00000000778302a0
.text C:\Windows\system32\taskhost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776d2290 5 bytes JMP 00000000778302c0
.text C:\Windows\system32\taskhost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d22c0 5 bytes JMP 0000000077830380
.text C:\Windows\system32\taskhost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776d22d0 5 bytes JMP 0000000077830340
.text C:\Windows\system32\taskhost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776d25c0 5 bytes JMP 0000000077830440
.text C:\Windows\system32\taskhost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776d27c0 5 bytes JMP 0000000077830260
.text C:\Windows\system32\taskhost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776d27d0 5 bytes JMP 0000000077830270
.text C:\Windows\system32\taskhost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776d27e0 5 bytes JMP 0000000077830400
.text C:\Windows\system32\taskhost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776d29a0 5 bytes JMP 00000000778301f0
.text C:\Windows\system32\taskhost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776d29b0 5 bytes JMP 0000000077830210
.text C:\Windows\system32\taskhost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776d2a20 5 bytes JMP 0000000077830200
.text C:\Windows\system32\taskhost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776d2a80 5 bytes JMP 0000000077830420
.text C:\Windows\system32\taskhost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776d2a90 5 bytes JMP 0000000077830430
.text C:\Windows\system32\taskhost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776d2aa0 5 bytes JMP 0000000077830220
.text C:\Windows\system32\taskhost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776d2b80 5 bytes JMP 0000000077830280
.text C:\Windows\system32\conhost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776d1360 5 bytes JMP 0000000077830460
.text C:\Windows\system32\conhost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776d13b0 5 bytes JMP 0000000077830450
.text C:\Windows\system32\conhost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1510 5 bytes JMP 0000000077830370
.text C:\Windows\system32\conhost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776d1560 5 bytes JMP 0000000077830470
.text C:\Windows\system32\conhost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776d1570 5 bytes JMP 00000000778303e0
.text C:\Windows\system32\conhost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776d1620 5 bytes JMP 0000000077830320
.text C:\Windows\system32\conhost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776d1650 5 bytes JMP 00000000778303b0
.text C:\Windows\system32\conhost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776d1670 5 bytes JMP 0000000077830390
.text C:\Windows\system32\conhost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776d16b0 5 bytes JMP 00000000778302e0
.text C:\Windows\system32\conhost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776d1730 5 bytes JMP 00000000778302d0
.text C:\Windows\system32\conhost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776d1750 5 bytes JMP 0000000077830310
.text C:\Windows\system32\conhost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776d1790 5 bytes JMP 00000000778303c0
.text C:\Windows\system32\conhost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776d17e0 5 bytes JMP 00000000778303f0
.text C:\Windows\system32\conhost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry
|
|
27.12.2014, 21:18
| #7 |
| | "VBS:Malware-gen" auf USB Stick gefunden. Bitte um ÜberprüfungCode:
ATTFilter .text C:\Windows\system32\conhost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776d1b00 5 bytes JMP 0000000077830480
.text C:\Windows\system32\conhost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776d1b30 5 bytes JMP 00000000778303a0
.text C:\Windows\system32\conhost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776d1c10 5 bytes JMP 00000000778302f0
.text C:\Windows\system32\conhost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776d1c20 5 bytes JMP 0000000077830350
.text C:\Windows\system32\conhost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776d1c80 5 bytes JMP 0000000077830290
.text C:\Windows\system32\conhost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776d1d10 5 bytes JMP 00000000778302b0
.text C:\Windows\system32\conhost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776d1d30 5 bytes JMP 00000000778303d0
.text C:\Windows\system32\conhost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776d1d40 5 bytes JMP 0000000077830330
.text C:\Windows\system32\conhost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776d1db0 5 bytes JMP 0000000077830410
.text C:\Windows\system32\conhost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776d1de0 5 bytes JMP 0000000077830240
.text C:\Windows\system32\conhost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776d20a0 5 bytes JMP 00000000778301e0
.text C:\Windows\system32\conhost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776d2160 5 bytes JMP 0000000077830250
.text C:\Windows\system32\conhost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776d2190 5 bytes JMP 0000000077830490
.text C:\Windows\system32\conhost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776d21a0 5 bytes JMP 00000000778304a0
.text C:\Windows\system32\conhost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776d21d0 5 bytes JMP 0000000077830300
.text C:\Windows\system32\conhost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776d21e0 5 bytes JMP 0000000077830360
.text C:\Windows\system32\conhost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776d2240 5 bytes JMP 00000000778302a0
.text C:\Windows\system32\conhost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776d2290 5 bytes JMP 00000000778302c0
.text C:\Windows\system32\conhost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d22c0 5 bytes JMP 0000000077830380
.text C:\Windows\system32\conhost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776d22d0 5 bytes JMP 0000000077830340
.text C:\Windows\system32\conhost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776d25c0 5 bytes JMP 0000000077830440
.text C:\Windows\system32\conhost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776d27c0 5 bytes JMP 0000000077830260
.text C:\Windows\system32\conhost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776d27d0 5 bytes JMP 0000000077830270
.text C:\Windows\system32\conhost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776d27e0 5 bytes JMP 0000000077830400
.text C:\Windows\system32\conhost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776d29a0 5 bytes JMP 00000000778301f0
.text C:\Windows\system32\conhost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776d29b0 5 bytes JMP 0000000077830210
.text C:\Windows\system32\conhost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776d2a20 5 bytes JMP 0000000077830200
.text C:\Windows\system32\conhost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776d2a80 5 bytes JMP 0000000077830420
.text C:\Windows\system32\conhost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776d2a90 5 bytes JMP 0000000077830430
.text C:\Windows\system32\conhost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776d2aa0 5 bytes JMP 0000000077830220
.text C:\Windows\system32\conhost.exe[1456] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776d2b80 5 bytes JMP 0000000077830280
.text C:\Windows\system32\taskeng.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776d1360 5 bytes JMP 0000000077830460
.text C:\Windows\system32\taskeng.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776d13b0 5 bytes JMP 0000000077830450
.text C:\Windows\system32\taskeng.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1510 5 bytes JMP 0000000077830370
.text C:\Windows\system32\taskeng.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776d1560 5 bytes JMP 0000000077830470
.text C:\Windows\system32\taskeng.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776d1570 5 bytes JMP 00000000778303e0
.text C:\Windows\system32\taskeng.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776d1620 5 bytes JMP 0000000077830320
.text C:\Windows\system32\taskeng.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776d1650 5 bytes JMP 00000000778303b0
.text C:\Windows\system32\taskeng.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776d1670 5 bytes JMP 0000000077830390
.text C:\Windows\system32\taskeng.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776d16b0 5 bytes JMP 00000000778302e0
.text C:\Windows\system32\taskeng.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776d1730 5 bytes JMP 00000000778302d0
.text C:\Windows\system32\taskeng.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776d1750 5 bytes JMP 0000000077830310
.text C:\Windows\system32\taskeng.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776d1790 5 bytes JMP 00000000778303c0
.text C:\Windows\system32\taskeng.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776d17e0 5 bytes JMP 00000000778303f0
.text C:\Windows\system32\taskeng.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776d1940 5 bytes JMP 0000000077830230
.text C:\Windows\system32\taskeng.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776d1b00 5 bytes JMP 0000000077830480
.text C:\Windows\system32\taskeng.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776d1b30 5 bytes JMP 00000000778303a0
.text C:\Windows\system32\taskeng.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776d1c10 5 bytes JMP 00000000778302f0
.text C:\Windows\system32\taskeng.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776d1c20 5 bytes JMP 0000000077830350
.text C:\Windows\system32\taskeng.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776d1c80 5 bytes JMP 0000000077830290
.text C:\Windows\system32\taskeng.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776d1d10 5 bytes JMP 00000000778302b0
.text C:\Windows\system32\taskeng.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776d1d30 5 bytes JMP 00000000778303d0
.text C:\Windows\system32\taskeng.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776d1d40 5 bytes JMP 0000000077830330
.text C:\Windows\system32\taskeng.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776d1db0 5 bytes JMP 0000000077830410
.text C:\Windows\system32\taskeng.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776d1de0 5 bytes JMP 0000000077830240
.text C:\Windows\system32\taskeng.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776d20a0 5 bytes JMP 00000000778301e0
.text C:\Windows\system32\taskeng.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776d2160 5 bytes JMP 0000000077830250
.text C:\Windows\system32\taskeng.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776d2190 5 bytes JMP 0000000077830490
.text C:\Windows\system32\taskeng.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776d21a0 5 bytes JMP 00000000778304a0
.text C:\Windows\system32\taskeng.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776d21d0 5 bytes JMP 0000000077830300
.text C:\Windows\system32\taskeng.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776d21e0 5 bytes JMP 0000000077830360
.text C:\Windows\system32\taskeng.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776d2240 5 bytes JMP 00000000778302a0
.text C:\Windows\system32\taskeng.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776d2290 5 bytes JMP 00000000778302c0
.text C:\Windows\system32\taskeng.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d22c0 5 bytes JMP 0000000077830380
.text C:\Windows\system32\taskeng.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776d22d0 5 bytes JMP 0000000077830340
.text C:\Windows\system32\taskeng.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776d25c0 5 bytes JMP 0000000077830440
.text C:\Windows\system32\taskeng.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776d27c0 5 bytes JMP 0000000077830260
.text C:\Windows\system32\taskeng.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776d27d0 5 bytes JMP 0000000077830270
.text C:\Windows\system32\taskeng.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776d27e0 5 bytes JMP 0000000077830400
.text C:\Windows\system32\taskeng.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776d29a0 5 bytes JMP 00000000778301f0
.text C:\Windows\system32\taskeng.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776d29b0 5 bytes JMP 0000000077830210
.text C:\Windows\system32\taskeng.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776d2a20 5 bytes JMP 0000000077830200
.text C:\Windows\system32\taskeng.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776d2a80 5 bytes JMP 0000000077830420
.text C:\Windows\system32\taskeng.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776d2a90 5 bytes JMP 0000000077830430
.text C:\Windows\system32\taskeng.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776d2aa0 5 bytes JMP 0000000077830220
.text C:\Windows\system32\taskeng.exe[2664] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776d2b80 5 bytes JMP 0000000077830280
.text C:\Windows\system32\Dwm.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776d1360 5 bytes JMP 0000000077830460
.text C:\Windows\system32\Dwm.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776d13b0 5 bytes JMP 0000000077830450
.text C:\Windows\system32\Dwm.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1510 5 bytes JMP 0000000077830370
.text C:\Windows\system32\Dwm.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776d1560 5 bytes JMP 0000000077830470
.text C:\Windows\system32\Dwm.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776d1570 5 bytes JMP 00000000778303e0
.text C:\Windows\system32\Dwm.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776d1620 5 bytes JMP 0000000077830320
.text C:\Windows\system32\Dwm.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776d1650 5 bytes JMP 00000000778303b0
.text C:\Windows\system32\Dwm.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776d1670 5 bytes JMP 0000000077830390
.text C:\Windows\system32\Dwm.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776d16b0 5 bytes JMP 00000000778302e0
.text C:\Windows\system32\Dwm.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776d1730 5 bytes JMP 00000000778302d0
.text C:\Windows\system32\Dwm.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776d1750 5 bytes JMP 0000000077830310
.text C:\Windows\system32\Dwm.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776d1790 5 bytes JMP 00000000778303c0
.text C:\Windows\system32\Dwm.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776d17e0 5 bytes JMP 00000000778303f0
.text C:\Windows\system32\Dwm.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776d1940 5 bytes JMP 0000000077830230
.text C:\Windows\system32\Dwm.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776d1b00 5 bytes JMP 0000000077830480
.text C:\Windows\system32\Dwm.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776d1b30 5 bytes JMP 00000000778303a0
.text C:\Windows\system32\Dwm.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776d1c10 5 bytes JMP 00000000778302f0
.text C:\Windows\system32\Dwm.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776d1c20 5 bytes JMP 0000000077830350
.text C:\Windows\system32\Dwm.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776d1c80 5 bytes JMP 0000000077830290
.text C:\Windows\system32\Dwm.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776d1d10 5 bytes JMP 00000000778302b0
.text C:\Windows\system32\Dwm.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776d1d30 5 bytes JMP 00000000778303d0
.text C:\Windows\system32\Dwm.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776d1d40 5 bytes JMP 0000000077830330
.text C:\Windows\system32\Dwm.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776d1db0 5 bytes JMP 0000000077830410
.text C:\Windows\system32\Dwm.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776d1de0 5 bytes JMP 0000000077830240
.text C:\Windows\system32\Dwm.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776d20a0 5 bytes JMP 00000000778301e0
.text C:\Windows\system32\Dwm.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776d2160 5 bytes JMP 0000000077830250
.text C:\Windows\system32\Dwm.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776d2190 5 bytes JMP 0000000077830490
.text C:\Windows\system32\Dwm.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776d21a0 5 bytes JMP 00000000778304a0
.text C:\Windows\system32\Dwm.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776d21d0 5 bytes JMP 0000000077830300
.text C:\Windows\system32\Dwm.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776d21e0 5 bytes JMP 0000000077830360
.text C:\Windows\system32\Dwm.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776d2240 5 bytes JMP 00000000778302a0
.text C:\Windows\system32\Dwm.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776d2290 5 bytes JMP 00000000778302c0
.text C:\Windows\system32\Dwm.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d22c0 5 bytes JMP 0000000077830380
.text C:\Windows\system32\Dwm.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776d22d0 5 bytes JMP 0000000077830340
.text C:\Windows\system32\Dwm.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776d25c0 5 bytes JMP 0000000077830440
.text C:\Windows\system32\Dwm.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776d27c0 5 bytes JMP 0000000077830260
.text C:\Windows\system32\Dwm.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776d27d0 5 bytes JMP 0000000077830270
.text C:\Windows\system32\Dwm.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776d27e0 5 bytes JMP 0000000077830400
.text C:\Windows\system32\Dwm.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776d29a0 5 bytes JMP 00000000778301f0
.text C:\Windows\system32\Dwm.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776d29b0 5 bytes JMP 0000000077830210
.text C:\Windows\system32\Dwm.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776d2a20 5 bytes JMP 0000000077830200
.text C:\Windows\system32\Dwm.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776d2a80 5 bytes JMP 0000000077830420
.text C:\Windows\system32\Dwm.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776d2a90 5 bytes JMP 0000000077830430
.text C:\Windows\system32\Dwm.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776d2aa0 5 bytes JMP 0000000077830220
.text C:\Windows\system32\Dwm.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776d2b80 5 bytes JMP 0000000077830280
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776d1360 5 bytes JMP 0000000077830460
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776d13b0 5 bytes JMP 0000000077830450
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1510 5 bytes JMP 0000000077830370
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776d1560 5 bytes JMP 0000000077830470
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776d1570 5 bytes JMP 00000000778303e0
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776d1620 5 bytes JMP 0000000077830320
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776d1650 5 bytes JMP 00000000778303b0
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776d1670 5 bytes JMP 0000000077830390
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776d16b0 5 bytes JMP 00000000778302e0
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776d1730 5 bytes JMP 00000000778302d0
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776d1750 5 bytes JMP 0000000077830310
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776d1790 5 bytes JMP 00000000778303c0
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776d17e0 5 bytes JMP 00000000778303f0
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776d1940 5 bytes JMP 0000000077830230
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776d1b00 5 bytes JMP 0000000077830480
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776d1b30 5 bytes JMP 00000000778303a0
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776d1c10 5 bytes JMP 00000000778302f0
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776d1c20 5 bytes JMP 0000000077830350
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776d1c80 5 bytes JMP 0000000077830290
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776d1d10 5 bytes JMP 00000000778302b0
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776d1d30 5 bytes JMP 00000000778303d0
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776d1d40 5 bytes JMP 0000000077830330
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776d1db0 5 bytes JMP 0000000077830410
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776d1de0 5 bytes JMP 0000000077830240
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776d20a0 5 bytes JMP 00000000778301e0
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776d2160 5 bytes JMP 0000000077830250
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776d2190 5 bytes JMP 0000000077830490
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776d21a0 5 bytes JMP 00000000778304a0
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776d21d0 5 bytes JMP 0000000077830300
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776d21e0 5 bytes JMP 0000000077830360
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776d2240 5 bytes JMP 00000000778302a0
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776d2290 5 bytes JMP 00000000778302c0
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d22c0 5 bytes JMP 0000000077830380
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776d22d0 5 bytes JMP 0000000077830340
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776d25c0 5 bytes JMP 0000000077830440
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776d27c0 5 bytes JMP 0000000077830260
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776d27d0 5 bytes JMP 0000000077830270
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776d27e0 5 bytes JMP 0000000077830400
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776d29a0 5 bytes JMP 00000000778301f0
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776d29b0 5 bytes JMP 0000000077830210
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776d2a20 5 bytes JMP 0000000077830200
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776d2a80 5 bytes JMP 0000000077830420
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776d2a90 5 bytes JMP 0000000077830430
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776d2aa0 5 bytes JMP 0000000077830220
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776d2b80 5 bytes JMP 0000000077830280
.text C:\Windows\system32\taskeng.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776d1360 5 bytes JMP 0000000077830460
.text C:\Windows\system32\taskeng.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776d13b0 5 bytes JMP 0000000077830450
.text C:\Windows\system32\taskeng.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1510 5 bytes JMP 0000000077830370
.text C:\Windows\system32\taskeng.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776d1560 5 bytes JMP 0000000077830470
.text C:\Windows\system32\taskeng.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776d1570 5 bytes JMP 00000000778303e0
.text C:\Windows\system32\taskeng.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776d1620 5 bytes JMP 0000000077830320
.text C:\Windows\system32\taskeng.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776d1650 5 bytes JMP 00000000778303b0
.text C:\Windows\system32\taskeng.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776d1670 5 bytes JMP 0000000077830390
.text C:\Windows\system32\taskeng.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776d16b0 5 bytes JMP 00000000778302e0
.text C:\Windows\system32\taskeng.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776d1730 5 bytes JMP 00000000778302d0
.text C:\Windows\system32\taskeng.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776d1750 5 bytes JMP 0000000077830310
.text C:\Windows\system32\taskeng.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776d1790 5 bytes JMP 00000000778303c0
.text C:\Windows\system32\taskeng.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776d17e0 5 bytes JMP 00000000778303f0
.text C:\Windows\system32\taskeng.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776d1940 5 bytes JMP 0000000077830230
.text C:\Windows\system32\taskeng.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776d1b00 5 bytes JMP 0000000077830480
.text C:\Windows\system32\taskeng.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776d1b30 5 bytes JMP 00000000778303a0
.text C:\Windows\system32\taskeng.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776d1c10 5 bytes JMP 00000000778302f0
.text C:\Windows\system32\taskeng.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776d1c20 5 bytes JMP 0000000077830350
.text C:\Windows\system32\taskeng.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776d1c80 5 bytes JMP 0000000077830290
.text C:\Windows\system32\taskeng.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776d1d10 5 bytes JMP 00000000778302b0
.text C:\Windows\system32\taskeng.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776d1d30 5 bytes JMP 00000000778303d0
.text C:\Windows\system32\taskeng.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776d1d40 5 bytes JMP 0000000077830330
.text C:\Windows\system32\taskeng.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776d1db0 5 bytes JMP 0000000077830410
.text C:\Windows\system32\taskeng.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776d1de0 5 bytes JMP 0000000077830240
.text C:\Windows\system32\taskeng.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776d20a0 5 bytes JMP 00000000778301e0
.text C:\Windows\system32\taskeng.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776d2160 5 bytes JMP 0000000077830250
.text C:\Windows\system32\taskeng.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776d2190 5 bytes JMP 0000000077830490
.text C:\Windows\system32\taskeng.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776d21a0 5 bytes JMP 00000000778304a0
.text C:\Windows\system32\taskeng.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776d21d0 5 bytes JMP 0000000077830300
.text C:\Windows\system32\taskeng.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776d21e0 5 bytes JMP 0000000077830360
.text C:\Windows\system32\taskeng.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776d2240 5 bytes JMP 00000000778302a0
.text C:\Windows\system32\taskeng.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776d2290 5 bytes JMP 00000000778302c0
.text C:\Windows\system32\taskeng.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d22c0 5 bytes JMP 0000000077830380
.text C:\Windows\system32\taskeng.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776d22d0 5 bytes JMP 0000000077830340
.text C:\Windows\system32\taskeng.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776d25c0 5 bytes JMP 0000000077830440
.text C:\Windows\system32\taskeng.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776d27c0 5 bytes JMP 0000000077830260
.text C:\Windows\system32\taskeng.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776d27d0 5 bytes JMP 0000000077830270
.text C:\Windows\system32\taskeng.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776d27e0 5 bytes JMP 0000000077830400
.text C:\Windows\system32\taskeng.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776d29a0 5 bytes JMP 00000000778301f0
.text C:\Windows\system32\taskeng.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776d29b0 5 bytes JMP 0000000077830210
.text C:\Windows\system32\taskeng.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776d2a20 5 bytes JMP 0000000077830200
.text C:\Windows\system32\taskeng.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776d2a80 5 bytes JMP 0000000077830420
.text C:\Windows\system32\taskeng.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776d2a90 5 bytes JMP 0000000077830430
.text C:\Windows\system32\taskeng.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776d2aa0 5 bytes JMP 0000000077830220
.text C:\Windows\system32\taskeng.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776d2b80 5 bytes JMP 0000000077830280
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3920] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 69 00000000770c1465 2 bytes [0C, 77]
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3920] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 155 00000000770c14bb 2 bytes [0C, 77]
.text ... * 2
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776d1360 5 bytes JMP 0000000077830460
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776d13b0 5 bytes JMP 0000000077830450
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1510 5 bytes JMP 0000000077830370
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776d1560 5 bytes JMP 0000000077830470
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776d1570 5 bytes JMP 00000000778303e0
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776d1620 5 bytes JMP 0000000077830320
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776d1650 5 bytes JMP 00000000778303b0
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776d1670 5 bytes JMP 0000000077830390
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776d16b0 5 bytes JMP 00000000778302e0
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776d1730 5 bytes JMP 00000000778302d0
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776d1750 5 bytes JMP 0000000077830310
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776d1790 5 bytes JMP 00000000778303c0
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776d17e0 5 bytes JMP 00000000778303f0
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776d1940 5 bytes JMP 0000000077830230
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776d1b00 5 bytes JMP 0000000077830480
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776d1b30 5 bytes JMP 00000000778303a0
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776d1c10 5 bytes JMP 00000000778302f0
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776d1c20 5 bytes JMP 0000000077830350
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776d1c80 5 bytes JMP 0000000077830290
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776d1d10 5 bytes JMP 00000000778302b0
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776d1d30 5 bytes JMP 00000000778303d0
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776d1d40 5 bytes JMP 0000000077830330
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776d1db0 5 bytes JMP 0000000077830410
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776d1de0 5 bytes JMP 0000000077830240
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776d20a0 5 bytes JMP 00000000778301e0
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776d2160 5 bytes JMP 0000000077830250
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776d2190 5 bytes JMP 0000000077830490
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776d21a0 5 bytes JMP 00000000778304a0
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776d21d0 5 bytes JMP 0000000077830300
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776d21e0 5 bytes JMP 0000000077830360
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776d2240 5 bytes JMP 00000000778302a0
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776d2290 5 bytes JMP 00000000778302c0
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d22c0 5 bytes JMP 0000000077830380
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776d22d0 5 bytes JMP 0000000077830340
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776d25c0 5 bytes JMP 0000000077830440
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776d27c0 5 bytes JMP 0000000077830260
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776d27d0 5 bytes JMP 0000000077830270
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776d27e0 5 bytes JMP 0000000077830400
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776d29a0 5 bytes JMP 00000000778301f0
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776d29b0 5 bytes JMP 0000000077830210
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776d2a20 5 bytes JMP 0000000077830200
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776d2a80 5 bytes JMP 0000000077830420
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776d2a90 5 bytes JMP 0000000077830430
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776d2aa0 5 bytes JMP 0000000077830220
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776d2b80 5 bytes JMP 0000000077830280
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776d1360 5 bytes JMP 0000000100070460
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776d13b0 5 bytes JMP 0000000100070450
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1510 5 bytes JMP 0000000100070370
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776d1560 5 bytes JMP 0000000100070470
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776d1570 5 bytes JMP 00000001000703e0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776d1620 5 bytes JMP 0000000100070320
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776d1650 5 bytes JMP 00000001000703b0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776d1670 5 bytes JMP 0000000100070390
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776d16b0 5 bytes JMP 00000001000702e0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776d1730 5 bytes JMP 00000001000702d0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776d1750 5 bytes JMP 0000000100070310
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776d1790 5 bytes JMP 00000001000703c0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776d17e0 5 bytes JMP 00000001000703f0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776d1940 5 bytes JMP 0000000100070230
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776d1b00 5 bytes JMP 0000000100070480
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776d1b30 5 bytes JMP 00000001000703a0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776d1c10 5 bytes JMP 00000001000702f0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776d1c20 5 bytes JMP 0000000100070350
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776d1c80 5 bytes JMP 0000000100070290
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776d1d10 5 bytes JMP 00000001000702b0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776d1d30 5 bytes JMP 00000001000703d0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776d1d40 5 bytes JMP 0000000100070330
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776d1db0 5 bytes JMP 0000000100070410
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776d1de0 5 bytes JMP 0000000100070240
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776d20a0 5 bytes JMP 00000001000701e0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776d2160 5 bytes JMP 0000000100070250
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776d2190 5 bytes JMP 0000000100070490
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776d21a0 5 bytes JMP 00000001000704a0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776d21d0 5 bytes JMP 0000000100070300
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776d21e0 5 bytes JMP 0000000100070360
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776d2240 5 bytes JMP 00000001000702a0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776d2290 5 bytes JMP 00000001000702c0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d22c0 5 bytes JMP 0000000100070380
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776d22d0 5 bytes JMP 0000000100070340
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776d25c0 5 bytes JMP 0000000100070440
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776d27c0 5 bytes JMP 0000000100070260
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776d27d0 5 bytes JMP 0000000100070270
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776d27e0 5 bytes JMP 0000000100070400
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776d29a0 5 bytes JMP 00000001000701f0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776d29b0 5 bytes JMP 0000000100070210
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776d2a20 5 bytes JMP 0000000100070200
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776d2a80 5 bytes JMP 0000000100070420
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776d2a90 5 bytes JMP 0000000100070430
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776d2aa0 5 bytes JMP 0000000100070220
.text C:\Program Files\Logitech Gaming Software\LCore.exe[4736] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776d2b80 5 bytes JMP 0000000100070280
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776d1360 5 bytes JMP 0000000077830460
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776d13b0 5 bytes JMP 0000000077830450
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1510 5 bytes JMP 0000000077830370
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776d1560 5 bytes JMP 0000000077830470
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776d1570 5 bytes JMP 00000000778303e0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776d1620 5 bytes JMP 0000000077830320
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776d1650 5 bytes JMP 00000000778303b0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776d1670 5 bytes JMP 0000000077830390
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776d16b0 5 bytes JMP 00000000778302e0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776d1730 5 bytes JMP 00000000778302d0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776d1750 5 bytes JMP 0000000077830310
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776d1790 5 bytes JMP 00000000778303c0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776d17e0 5 bytes JMP 00000000778303f0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry
|
|
27.12.2014, 21:20
| #8 |
| | "VBS:Malware-gen" auf USB Stick gefunden. Bitte um ÜberprüfungCode:
ATTFilter .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776d1b00 5 bytes JMP 0000000077830480
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776d1b30 5 bytes JMP 00000000778303a0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776d1c10 5 bytes JMP 00000000778302f0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776d1c20 5 bytes JMP 0000000077830350
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776d1c80 5 bytes JMP 0000000077830290
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776d1d10 5 bytes JMP 00000000778302b0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776d1d30 5 bytes JMP 00000000778303d0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776d1d40 5 bytes JMP 0000000077830330
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776d1db0 5 bytes JMP 0000000077830410
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776d1de0 5 bytes JMP 0000000077830240
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776d20a0 5 bytes JMP 00000000778301e0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776d2160 5 bytes JMP 0000000077830250
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776d2190 5 bytes JMP 0000000077830490
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776d21a0 5 bytes JMP 00000000778304a0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776d21d0 5 bytes JMP 0000000077830300
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776d21e0 5 bytes JMP 0000000077830360
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776d2240 5 bytes JMP 00000000778302a0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776d2290 5 bytes JMP 00000000778302c0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d22c0 5 bytes JMP 0000000077830380
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776d22d0 5 bytes JMP 0000000077830340
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776d25c0 5 bytes JMP 0000000077830440
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776d27c0 5 bytes JMP 0000000077830260
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776d27d0 5 bytes JMP 0000000077830270
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776d27e0 5 bytes JMP 0000000077830400
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776d29a0 5 bytes JMP 00000000778301f0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776d29b0 5 bytes JMP 0000000077830210
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776d2a20 5 bytes JMP 0000000077830200
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776d2a80 5 bytes JMP 0000000077830420
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776d2a90 5 bytes JMP 0000000077830430
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776d2aa0 5 bytes JMP 0000000077830220
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4376] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776d2b80 5 bytes JMP 0000000077830280
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776d1360 5 bytes JMP 0000000100070460
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776d13b0 5 bytes JMP 0000000100070450
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1510 5 bytes JMP 0000000100070370
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776d1560 5 bytes JMP 0000000100070470
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776d1570 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776d1620 5 bytes JMP 0000000100070320
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776d1650 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776d1670 5 bytes JMP 0000000100070390
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776d16b0 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776d1730 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776d1750 5 bytes JMP 0000000100070310
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776d1790 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776d17e0 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776d1940 5 bytes JMP 0000000100070230
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776d1b00 5 bytes JMP 0000000100070480
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776d1b30 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776d1c10 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776d1c20 5 bytes JMP 0000000100070350
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776d1c80 5 bytes JMP 0000000100070290
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776d1d10 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776d1d30 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776d1d40 5 bytes JMP 0000000100070330
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776d1db0 5 bytes JMP 0000000100070410
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776d1de0 5 bytes JMP 0000000100070240
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776d20a0 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776d2160 5 bytes JMP 0000000100070250
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776d2190 5 bytes JMP 0000000100070490
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776d21a0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776d21d0 5 bytes JMP 0000000100070300
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776d21e0 5 bytes JMP 0000000100070360
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776d2240 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776d2290 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d22c0 5 bytes JMP 0000000100070380
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776d22d0 5 bytes JMP 0000000100070340
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776d25c0 5 bytes JMP 0000000100070440
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776d27c0 5 bytes JMP 0000000100070260
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776d27d0 5 bytes JMP 0000000100070270
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776d27e0 5 bytes JMP 0000000100070400
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776d29a0 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776d29b0 5 bytes JMP 0000000100070210
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776d2a20 5 bytes JMP 0000000100070200
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776d2a80 5 bytes JMP 0000000100070420
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776d2a90 5 bytes JMP 0000000100070430
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776d2aa0 5 bytes JMP 0000000100070220
.text C:\Windows\system32\SearchIndexer.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776d2b80 5 bytes JMP 0000000100070280
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776d1360 5 bytes JMP 0000000077830460
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776d13b0 5 bytes JMP 0000000077830450
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1510 5 bytes JMP 0000000077830370
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776d1560 5 bytes JMP 0000000077830470
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776d1570 5 bytes JMP 00000000778303e0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776d1620 5 bytes JMP 0000000077830320
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776d1650 5 bytes JMP 00000000778303b0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776d1670 5 bytes JMP 0000000077830390
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776d16b0 5 bytes JMP 00000000778302e0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776d1730 5 bytes JMP 00000000778302d0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776d1750 5 bytes JMP 0000000077830310
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776d1790 5 bytes JMP 00000000778303c0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776d17e0 5 bytes JMP 00000000778303f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776d1940 5 bytes JMP 0000000077830230
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776d1b00 5 bytes JMP 0000000077830480
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776d1b30 5 bytes JMP 00000000778303a0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776d1c10 5 bytes JMP 00000000778302f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776d1c20 5 bytes JMP 0000000077830350
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776d1c80 5 bytes JMP 0000000077830290
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776d1d10 5 bytes JMP 00000000778302b0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776d1d30 5 bytes JMP 00000000778303d0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776d1d40 5 bytes JMP 0000000077830330
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776d1db0 5 bytes JMP 0000000077830410
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776d1de0 5 bytes JMP 0000000077830240
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776d20a0 5 bytes JMP 00000000778301e0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776d2160 5 bytes JMP 0000000077830250
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776d2190 5 bytes JMP 0000000077830490
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776d21a0 5 bytes JMP 00000000778304a0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776d21d0 5 bytes JMP 0000000077830300
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776d21e0 5 bytes JMP 0000000077830360
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776d2240 5 bytes JMP 00000000778302a0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776d2290 5 bytes JMP 00000000778302c0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d22c0 5 bytes JMP 0000000077830380
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776d22d0 5 bytes JMP 0000000077830340
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776d25c0 5 bytes JMP 0000000077830440
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776d27c0 5 bytes JMP 0000000077830260
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776d27d0 5 bytes JMP 0000000077830270
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776d27e0 5 bytes JMP 0000000077830400
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776d29a0 5 bytes JMP 00000000778301f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776d29b0 5 bytes JMP 0000000077830210
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776d2a20 5 bytes JMP 0000000077830200
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776d2a80 5 bytes JMP 0000000077830420
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776d2a90 5 bytes JMP 0000000077830430
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776d2aa0 5 bytes JMP 0000000077830220
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4692] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776d2b80 5 bytes JMP 0000000077830280
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776d1360 5 bytes JMP 0000000077830460
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776d13b0 5 bytes JMP 0000000077830450
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1510 5 bytes JMP 0000000077830370
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776d1560 5 bytes JMP 0000000077830470
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776d1570 5 bytes JMP 00000000778303e0
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776d1620 5 bytes JMP 0000000077830320
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776d1650 5 bytes JMP 00000000778303b0
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776d1670 5 bytes JMP 0000000077830390
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776d16b0 5 bytes JMP 00000000778302e0
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776d1730 5 bytes JMP 00000000778302d0
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776d1750 5 bytes JMP 0000000077830310
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776d1790 5 bytes JMP 00000000778303c0
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776d17e0 5 bytes JMP 00000000778303f0
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776d1940 5 bytes JMP 0000000077830230
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776d1b00 5 bytes JMP 0000000077830480
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776d1b30 5 bytes JMP 00000000778303a0
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776d1c10 5 bytes JMP 00000000778302f0
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776d1c20 5 bytes JMP 0000000077830350
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776d1c80 5 bytes JMP 0000000077830290
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776d1d10 5 bytes JMP 00000000778302b0
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776d1d30 5 bytes JMP 00000000778303d0
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776d1d40 5 bytes JMP 0000000077830330
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776d1db0 5 bytes JMP 0000000077830410
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776d1de0 5 bytes JMP 0000000077830240
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776d20a0 5 bytes JMP 00000000778301e0
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776d2160 5 bytes JMP 0000000077830250
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776d2190 5 bytes JMP 0000000077830490
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776d21a0 5 bytes JMP 00000000778304a0
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776d21d0 5 bytes JMP 0000000077830300
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776d21e0 5 bytes JMP 0000000077830360
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776d2240 5 bytes JMP 00000000778302a0
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776d2290 5 bytes JMP 00000000778302c0
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d22c0 5 bytes JMP 0000000077830380
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776d22d0 5 bytes JMP 0000000077830340
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776d25c0 5 bytes JMP 0000000077830440
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776d27c0 5 bytes JMP 0000000077830260
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776d27d0 5 bytes JMP 0000000077830270
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776d27e0 5 bytes JMP 0000000077830400
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776d29a0 5 bytes JMP 00000000778301f0
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776d29b0 5 bytes JMP 0000000077830210
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776d2a20 5 bytes JMP 0000000077830200
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776d2a80 5 bytes JMP 0000000077830420
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776d2a90 5 bytes JMP 0000000077830430
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776d2aa0 5 bytes JMP 0000000077830220
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776d2b80 5 bytes JMP 0000000077830280
.text C:\Program Files (x86)\HDD Health\hddhealth.exe[1556] C:\Windows\SysWOW64\ntdll.dll!LdrAccessResource 00000000778a1fc0 5 bytes JMP 0000000100518940
.text C:\Program Files (x86)\HDD Health\hddhealth.exe[1556] C:\Windows\SysWOW64\ntdll.dll!LdrFindResource_U 00000000778a1fdd 5 bytes JMP 00000001005188b0
.text C:\Program Files (x86)\HDD Health\hddhealth.exe[1556] C:\Windows\syswow64\KERNELBASE.dll!LoadStringA 0000000076774b4e 5 bytes JMP 00000001005187c0
.text C:\Program Files (x86)\HDD Health\hddhealth.exe[1556] C:\Windows\syswow64\KERNELBASE.dll!LoadStringW 0000000076774bbb 5 bytes JMP 0000000100518850
.text C:\Users\Swift\AppData\Roaming\TV Movie\TV Movie Clickfinder\tvtip.exe[5112] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000770c1465 2 bytes [0C, 77]
.text C:\Users\Swift\AppData\Roaming\TV Movie\TV Movie Clickfinder\tvtip.exe[5112] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000770c14bb 2 bytes [0C, 77]
.text ... * 2
.text C:\Program Files\AVAST Software\Avast\avastui.exe[1632] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076ef8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text C:\Program Files\AVAST Software\Avast\avastui.exe[1632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000770c1465 2 bytes [0C, 77]
.text C:\Program Files\AVAST Software\Avast\avastui.exe[1632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770c14bb 2 bytes [0C, 77]
.text ... * 2
.text C:\Windows\System32\svchost.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000776d1360 5 bytes JMP 0000000100070460
.text C:\Windows\System32\svchost.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000776d13b0 5 bytes JMP 0000000100070450
.text C:\Windows\System32\svchost.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000776d1510 5 bytes JMP 0000000100070370
.text C:\Windows\System32\svchost.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000776d1560 5 bytes JMP 0000000100070470
.text C:\Windows\System32\svchost.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000776d1570 5 bytes JMP 00000001000703e0
.text C:\Windows\System32\svchost.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000776d1620 5 bytes JMP 0000000100070320
.text C:\Windows\System32\svchost.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776d1650 5 bytes JMP 00000001000703b0
.text C:\Windows\System32\svchost.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000776d1670 5 bytes JMP 0000000100070390
.text C:\Windows\System32\svchost.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000776d16b0 5 bytes JMP 00000001000702e0
.text C:\Windows\System32\svchost.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000776d1730 5 bytes JMP 00000001000702d0
.text C:\Windows\System32\svchost.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000776d1750 5 bytes JMP 0000000100070310
.text C:\Windows\System32\svchost.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000776d1790 5 bytes JMP 00000001000703c0
.text C:\Windows\System32\svchost.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000776d17e0 5 bytes JMP 00000001000703f0
.text C:\Windows\System32\svchost.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000776d1940 5 bytes JMP 0000000100070230
.text C:\Windows\System32\svchost.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000776d1b00 5 bytes JMP 0000000100070480
.text C:\Windows\System32\svchost.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000776d1b30 5 bytes JMP 00000001000703a0
.text C:\Windows\System32\svchost.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000776d1c10 5 bytes JMP 00000001000702f0
.text C:\Windows\System32\svchost.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000776d1c20 5 bytes JMP 0000000100070350
.text C:\Windows\System32\svchost.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000776d1c80 5 bytes JMP 0000000100070290
.text C:\Windows\System32\svchost.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000776d1d10 5 bytes JMP 00000001000702b0
.text C:\Windows\System32\svchost.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776d1d30 5 bytes JMP 00000001000703d0
.text C:\Windows\System32\svchost.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000776d1d40 5 bytes JMP 0000000100070330
.text C:\Windows\System32\svchost.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000776d1db0 5 bytes JMP 0000000100070410
.text C:\Windows\System32\svchost.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000776d1de0 5 bytes JMP 0000000100070240
.text C:\Windows\System32\svchost.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000776d20a0 5 bytes JMP 00000001000701e0
.text C:\Windows\System32\svchost.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000776d2160 5 bytes JMP 0000000100070250
.text C:\Windows\System32\svchost.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000776d2190 5 bytes JMP 0000000100070490
.text C:\Windows\System32\svchost.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000776d21a0 5 bytes JMP 00000001000704a0
.text C:\Windows\System32\svchost.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000776d21d0 5 bytes JMP 0000000100070300
.text C:\Windows\System32\svchost.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000776d21e0 5 bytes JMP 0000000100070360
.text C:\Windows\System32\svchost.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000776d2240 5 bytes JMP 00000001000702a0
.text C:\Windows\System32\svchost.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000776d2290 5 bytes JMP 00000001000702c0
.text C:\Windows\System32\svchost.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000776d22c0 5 bytes JMP 0000000100070380
.text C:\Windows\System32\svchost.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000776d22d0 5 bytes JMP 0000000100070340
.text C:\Windows\System32\svchost.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000776d25c0 5 bytes JMP 0000000100070440
.text C:\Windows\System32\svchost.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000776d27c0 5 bytes JMP 0000000100070260
.text C:\Windows\System32\svchost.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000776d27d0 5 bytes JMP 0000000100070270
.text C:\Windows\System32\svchost.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776d27e0 5 bytes JMP 0000000100070400
.text C:\Windows\System32\svchost.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000776d29a0 5 bytes JMP 00000001000701f0
.text C:\Windows\System32\svchost.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000776d29b0 5 bytes JMP 0000000100070210
.text C:\Windows\System32\svchost.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000776d2a20 5 bytes JMP 0000000100070200
.text C:\Windows\System32\svchost.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000776d2a80 5 bytes JMP 0000000100070420
.text C:\Windows\System32\svchost.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000776d2a90 5 bytes JMP 0000000100070430
.text C:\Windows\System32\svchost.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000776d2aa0 5 bytes JMP 0000000100070220
.text C:\Windows\System32\svchost.exe[5076] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000776d2b80 5 bytes JMP 0000000100070280
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3568:3836] 000007fefb872bf8
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3568:248] 000007fef86f5124
---- Processes - GMER 2.1 ----
Process C:\Users\Swift\AppData\Roaming\TV Movie\TV Movie Clickfinder\tvtip.exe (*** suspicious ***) @ C:\Users\Swift\AppData\Roaming\TV Movie\TV Movie Clickfinder\tvtip.exe [5112] (TV Movie ClickFinder TV-Timer/E.W.E.-Software)(2012-01-24 18:12:14) 0000000000400000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00158315a2a0
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00158315a2a0@0012ee9d3bc1 0xA1 0xCE 0xA0 0x06 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00158315a2a0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00158315a2a0@0012ee9d3bc1 0xA1 0xCE 0xA0 0x06 ...
---- EOF - GMER 2.1 ----
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 27.12.2014 Suchlauf-Zeit: 20:05:08 Logdatei: malwarebytes.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2014.12.27.06 Rootkit Datenbank: v2014.12.23.02 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Swift Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 334209 Verstrichene Zeit: 5 Min, 45 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 1 PUP.Optional.Somoto, C:\Users\Swift\AppData\Local\Temp\bitool.dll, , [16bcf7701b61a690609bba5ae81a9c64], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) |
|
28.12.2014, 02:08
| #9 |
| /// the machine /// TB-Ausbilder    | "VBS:Malware-gen" auf USB Stick gefunden. Bitte um Überprüfung hi, sieht gut aus 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.12.2014, 05:10
| #10 |
| | "VBS:Malware-gen" auf USB Stick gefunden. Bitte um Überprüfung Hi Schrauber, danke für deine Zeit. Ich lasse aktuell ESET laufen und habe dort einige Meldungen. Ich würde die gerne von dir abklären lassen, obwohl ich da schon einen Verdacht habe. Werde das Ergebnis später hier posten, wenn's ok ist. //edit Hier erstmal das Log: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=e2cdeffa0dddbe4f8513929dbbdf146c
# engine=21725
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-28 03:57:08
# local_time=2014-12-28 04:57:08 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 92 920152 26819701 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 37900 171368878 0 0
# scanned=578568
# found=6
# cleaned=0
# scan_time=10533
sh=5B53037754F8D38AD7D6654EF16EAF6E159299E4 ft=1 fh=d5d9dfec235f2de5 vn="Variante von Win32/Adware.MultiPlug.DW Anwendung" ac=I fn="C:\Users\Swift\AppData\Local\Google\Chrome\User Data\Default\File System\004\t\00\00000000"
sh=7E31B18767BD00E85631B87880001F6459D9AB2F ft=1 fh=4f92ce7b3306ec54 vn="Variante von Win32/Somoto.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Swift\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUWD2ZHQ\BiTool[1].dll"
sh=B65279BC147B1063C0F3EF631C275FF72228AE2E ft=1 fh=09d850b5a7480ff4 vn="Win32/Somoto.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Swift\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUWD2ZHQ\setup[1].exe"
sh=7E31B18767BD00E85631B87880001F6459D9AB2F ft=1 fh=4f92ce7b3306ec54 vn="Variante von Win32/Somoto.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Swift\AppData\Local\Temp\bitool.dll"
sh=B65279BC147B1063C0F3EF631C275FF72228AE2E ft=1 fh=09d850b5a7480ff4 vn="Win32/Somoto.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Swift\AppData\Local\Temp\nsb3C0D.tmp"
sh=AE4169B1E4D17D15DC1A2D790E7E72C2E4B3230F ft=1 fh=caf4858df3226d02 vn="Win32/Somoto.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Swift\Downloads\WinToolkit_1.5.3.9_Installer.exe"
Ich hab mal geschaut. Die anderen Dateien wurden zur selben Zeit, bzw ne Minute später erstellt wie der Wintoolkit-Installer , welchen ich direkt nach dem Download startete. Ich habe eine benutzerdefinierte Installation vorgenommen und die "vorgeschlagene" zusätzliche Software abgewählt. Verstehe ich das richtig, dass der Installer die Dateien zwar entpackt hat (daher in temp vorhanden), ich diese aber nicht installiert habe? Geändert von TattooPanda (28.12.2014 um 04:25 Uhr) |
|
28.12.2014, 19:21
| #11 |
| /// the machine /// TB-Ausbilder | "VBS:Malware-gen" auf USB Stick gefunden. Bitte um Überprüfung genau, bis auf den Fund in Chrome, den würde ich raus werfen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.02.2015, 03:45
| #12 |
| | "VBS:Malware-gen" auf USB Stick gefunden. Bitte um Überprüfung Hallo Schrauber. Ich hoffe es ist ok, dass ich diesen Thread nochmal nutze statt einen neuen zu eröffnen. Ich habe mein System vor kurzem neu aufgesetzt. Nun wanderte heute und gestern mein Mauszeiger von alleine von links nach rechts. Oo Bin mir nicht sicher, ob vorm Sensor nur Fusseln waren oder ich was laufen habe. Ich fänds toll, wenn du mal n Blick drauf werfen könntest. GMER ist übrigens immer abgestürzt. Ich nutze Win 7 x64 Home. Nur im abgesicherten Modus ging es und lieferte lediglich die Meldung, dass das System nicht modifiziert worden sei. Hier die Logs : Defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:29 on 12/02/2015 (Ash)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-02-2015
Ran by Ash (administrator) on ASH-PC on 12-02-2015 23:29:42
Running from C:\Users\Ash\Desktop
Loaded Profiles: Ash (Available profiles: Ash)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
() C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(www.counter-strike.de - MUff[99]) C:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Gammacontrol.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar Core\DIPAwayMode\DipAwayMode.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(E.W.E.-Software) C:\Users\Ash\AppData\Roaming\TV Movie\TV Movie Clickfinder\tvtip.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(ACD Systems) C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.03\AsusFanControlService.exe
(AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
() C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(SplitCam Co.) C:\Program Files (x86)\SplitCam\SplitCamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
(NVIDIA Corporation) C:\Users\Ash\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-02] (AVAST Software)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ACPW05DE] => C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe [822384 2011-11-17] (ACD Systems)
HKU\S-1-5-21-3066379646-2778961134-1701944576-1000\...\Run: [TVTip] => C:\Users\Ash\AppData\Roaming\TV Movie\TV Movie Clickfinder\tvstart.exe [102400 2012-01-24] (E.W.E.-Software)
HKU\S-1-5-21-3066379646-2778961134-1701944576-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784904 2014-10-14] (Sandboxie Holdings, LLC)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-01-06] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
Startup: C:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Gammacontrol.exe (www.counter-strike.de - MUff[99])
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3066379646-2778961134-1701944576-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Ash\AppData\Roaming\Mozilla\Firefox\Profiles\fuf6qhfb.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Extension: DownloadHelper - C:\Users\Ash\AppData\Roaming\Mozilla\Firefox\Profiles\fuf6qhfb.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-01-11]
FF Extension: Session Manager - C:\Users\Ash\AppData\Roaming\Mozilla\Firefox\Profiles\fuf6qhfb.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2015-01-11]
FF Extension: Adblock Plus - C:\Users\Ash\AppData\Roaming\Mozilla\Firefox\Profiles\fuf6qhfb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-06]
Chrome:
=======
CHR Profile: C:\Users\Ash\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ash\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-06]
CHR Extension: (ZenMate Security & Privacy VPN) - C:\Users\Ash\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2015-02-02]
CHR Extension: (AdBlock) - C:\Users\Ash\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-02-02]
CHR Extension: (Avast Online Security) - C:\Users\Ash\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-06]
CHR Extension: (FVD Downloader) - C:\Users\Ash\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2015-02-07]
CHR Extension: (Session Manager) - C:\Users\Ash\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc [2015-02-02]
CHR Extension: (Google Wallet) - C:\Users\Ash\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-06]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-01-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-06]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-05-07] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2013-08-01] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2013-09-18] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.03\AsusFanControlService.exe [1690424 2013-09-18] (ASUSTeK Computer Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-06] (AVAST Software)
R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [368640 2013-06-26] (AVerMedia) [File not signed]
R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [403456 2011-04-01] () [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-01-16] (NVIDIA Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-01-16] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [33080 2014-12-01] (The OpenVPN Project)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174600 2014-10-14] (Sandboxie Holdings, LLC)
R2 SpliCamService; C:\Program Files (x86)\SplitCam\SplitCamService.exe [311424 2014-09-15] (SplitCam Co.)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5429520 2015-01-30] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-01-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-06] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-01-11] (Disc Soft Ltd)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-30] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-01] (Intel Corporation)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2014-04-08] (Realtek Semiconductor Corporation )
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-10-14] (Sandboxie Holdings, LLC)
R3 scvad_simple; C:\Windows\System32\drivers\SplitCamAudio.sys [23552 2014-06-30] (Windows (R) Win 7 DDK provider)
R3 splitcam_hd_driver; C:\Windows\System32\DRIVERS\splitcam_hd_driver.sys [37496 2014-06-30] (Windows (R) Win 7 DDK provider)
U3 uwldrpow; \??\C:\Users\Ash\AppData\Local\Temp\uwldrpow.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-12 23:29 - 2015-02-12 23:29 - 00018365 _____ () C:\Users\Ash\Desktop\FRST.txt
2015-02-12 23:29 - 2015-02-12 23:29 - 00000538 _____ () C:\Users\Ash\Desktop\defogger_disable.log
2015-02-12 23:29 - 2015-02-12 23:29 - 00000168 _____ () C:\Users\Ash\defogger_reenable
2015-02-12 23:29 - 2015-02-12 23:29 - 00000000 ____D () C:\FRST
2015-02-12 23:29 - 2015-02-12 23:28 - 02134016 _____ (Farbar) C:\Users\Ash\Desktop\FRST64.exe
2015-02-12 23:25 - 2015-02-12 23:25 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-12 13:05 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 13:05 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 13:05 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 13:05 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 23:49 - 2015-02-11 23:49 - 00000000 ____D () C:\Users\Ash\AppData\Local\CrashRpt
2015-02-11 18:15 - 2015-02-11 18:15 - 00326175 _____ () C:\Users\Ash\Documents\1.jd2backup
2015-02-11 15:43 - 2015-02-11 15:43 - 00000000 ____D () C:\Users\Ash\AppData\Local\NVIDIA
2015-02-11 15:43 - 2015-02-11 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-02-11 15:43 - 2015-01-16 07:40 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-02-11 15:43 - 2015-01-16 07:40 - 01278920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-02-11 15:43 - 2015-01-16 07:39 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-02-11 15:43 - 2015-01-16 07:39 - 01514528 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-02-11 15:43 - 2014-11-22 11:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-02-11 15:43 - 2014-11-22 11:46 - 00035472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-02-11 15:43 - 2014-11-22 11:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-02-11 13:12 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 13:12 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 13:12 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 13:12 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 13:12 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 13:12 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 13:12 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 13:12 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 13:12 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 13:12 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 13:12 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 13:12 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 13:12 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 13:12 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 13:12 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 13:12 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 13:12 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 13:12 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 13:12 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 13:12 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 13:12 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 13:12 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 13:12 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 13:12 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 13:12 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 13:12 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 13:12 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 13:12 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 13:12 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 13:12 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 13:12 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 13:12 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 13:12 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 13:12 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 13:12 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 13:12 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 13:12 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 13:12 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 13:12 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 13:12 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 13:12 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 13:12 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 13:12 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 13:12 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 13:12 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 13:12 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 13:12 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 13:12 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 13:12 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 13:12 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 13:12 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 13:12 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 13:12 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 13:12 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 13:12 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 13:12 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 13:12 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 13:12 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 13:12 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 13:12 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 13:12 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 13:12 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 13:12 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 13:12 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 13:12 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 13:12 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 13:12 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 13:12 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 13:12 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 13:12 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 13:12 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 13:12 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 13:12 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 13:12 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 13:12 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 13:12 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 13:12 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 13:12 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 13:12 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 13:12 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 13:12 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 13:12 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 13:12 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 13:12 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 13:12 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 13:12 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 13:12 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 13:12 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 13:12 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 13:12 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 13:12 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 13:12 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 13:12 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 13:12 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 13:12 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 13:12 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 13:12 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 13:12 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 13:12 - 2014-10-04 03:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-11 13:12 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-11 13:12 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-11 13:12 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 13:12 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 13:12 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 13:12 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 13:11 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 13:11 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 13:11 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 13:11 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 13:11 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 13:11 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 13:11 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 13:11 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 13:11 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 13:11 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 03:20 - 2015-02-11 03:20 - 00000000 ____D () C:\ProgramData\TEMP
2015-02-11 03:20 - 2015-02-11 03:20 - 00000000 ____D () C:\ProgramData\Licenses
2015-02-11 02:08 - 2015-02-11 23:49 - 00000000 ____D () C:\Users\Ash\AppData\Roaming\NVIDIA
2015-02-10 18:47 - 2015-02-10 18:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune
2015-02-10 18:47 - 2015-02-10 18:47 - 00000000 ____D () C:\Program Files (x86)\HD Tune
2015-02-10 18:46 - 2015-02-10 18:46 - 00000000 ____D () C:\Users\Ash\AppData\Roaming\HDDHealth
2015-02-10 00:59 - 2015-02-10 00:59 - 00001071 _____ () C:\Users\Public\Desktop\XMedia Recode.lnk
2015-02-10 00:59 - 2015-02-10 00:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode
2015-02-09 23:15 - 2015-02-10 00:47 - 00000000 ____D () C:\Users\Ash\Desktop\manager2
2015-02-09 03:08 - 2015-02-09 03:08 - 00000000 ____D () C:\Users\Ash\AppData\Local\Steam
2015-02-08 17:22 - 2015-02-08 17:22 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-08 17:22 - 2015-01-10 09:07 - 00073872 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-02-08 17:22 - 2015-01-10 09:07 - 00060744 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-02-08 17:22 - 2015-01-10 00:30 - 06860432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-02-08 17:22 - 2015-01-10 00:30 - 03517256 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-02-08 17:22 - 2015-01-10 00:29 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-02-08 17:22 - 2015-01-10 00:29 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-02-08 17:22 - 2015-01-10 00:29 - 00385352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-02-08 17:22 - 2015-01-10 00:29 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-02-08 17:22 - 2015-01-09 20:47 - 04173527 _____ () C:\Windows\system32\nvcoproc.bin
2015-02-08 17:21 - 2015-01-13 05:15 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-02-08 17:21 - 2015-01-13 05:15 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-02-08 17:21 - 2015-01-13 05:15 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-02-08 17:21 - 2015-01-10 09:07 - 32102544 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-02-08 17:21 - 2015-01-10 09:07 - 25459856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-02-08 17:21 - 2015-01-10 09:07 - 24765584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-02-08 17:21 - 2015-01-10 09:07 - 20465296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-02-08 17:21 - 2015-01-10 09:07 - 18566296 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-02-08 17:21 - 2015-01-10 09:07 - 17250776 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-02-08 17:21 - 2015-01-10 09:07 - 16009120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-02-08 17:21 - 2015-01-10 09:07 - 14115944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-02-08 17:21 - 2015-01-10 09:07 - 13295552 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-02-08 17:21 - 2015-01-10 09:07 - 13210248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-02-08 17:21 - 2015-01-10 09:07 - 10774544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-02-08 17:21 - 2015-01-10 09:07 - 10714488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-02-08 17:21 - 2015-01-10 09:07 - 10274448 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-02-08 17:21 - 2015-01-10 09:07 - 03607184 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-02-08 17:21 - 2015-01-10 09:07 - 03298816 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-02-08 17:21 - 2015-01-10 09:07 - 03245712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-02-08 17:21 - 2015-01-10 09:07 - 02902456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-02-08 17:21 - 2015-01-10 09:07 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434725.dll
2015-02-08 17:21 - 2015-01-10 09:07 - 01556808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434725.dll
2015-02-08 17:21 - 2015-01-10 09:07 - 00994712 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-02-08 17:21 - 2015-01-10 09:07 - 00969360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-02-08 17:21 - 2015-01-10 09:07 - 00942736 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-02-08 17:21 - 2015-01-10 09:07 - 00929424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-02-08 17:21 - 2015-01-10 09:07 - 00906384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-02-08 17:21 - 2015-01-10 09:07 - 00877488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-02-08 17:21 - 2015-01-10 09:07 - 00496456 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-02-08 17:21 - 2015-01-10 09:07 - 00399688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-02-08 17:21 - 2015-01-10 09:07 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-02-08 17:21 - 2015-01-10 09:07 - 00353040 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-02-08 17:21 - 2015-01-10 09:07 - 00345744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-02-08 17:21 - 2015-01-10 09:07 - 00305320 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-02-08 17:21 - 2015-01-10 09:07 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-02-08 17:21 - 2015-01-10 09:07 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-02-08 17:21 - 2015-01-10 09:07 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-02-08 17:06 - 2015-02-08 17:06 - 00000000 ____D () C:\Users\Ash\AppData\Roaming\dvdcss
2015-02-08 03:55 - 2015-02-08 03:55 - 00001047 _____ () C:\Users\Ash\Desktop\TeamViewer 10.lnk
2015-02-08 03:49 - 2015-02-08 03:49 - 07822744 _____ (TeamViewer GmbH) C:\Users\Ash\Downloads\TeamViewer_Setup_de.exe
2015-02-07 18:30 - 2015-02-07 18:30 - 00000000 ___RD () C:\Users\Ash\AppData\Roaming\Brother
2015-02-07 18:23 - 2015-02-07 18:23 - 00000000 _____ () C:\Users\Ash\Sti_Trace.log
2015-02-07 01:55 - 2015-02-07 01:55 - 00000000 ___RD () C:\Sandbox
2015-02-07 01:52 - 2015-02-08 17:31 - 00001594 _____ () C:\Windows\Sandboxie.ini
2015-02-07 01:52 - 2015-02-07 01:51 - 00000914 _____ () C:\Users\Ash\Desktop\Sandboxed Web Browser.lnk
2015-02-07 01:51 - 2015-02-07 01:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2015-02-07 01:51 - 2015-02-07 01:51 - 00000000 ____D () C:\Program Files\Sandboxie
2015-02-07 00:19 - 2015-02-07 00:19 - 00002078 _____ () C:\Users\Public\Desktop\SSDlife Free.lnk
2015-02-07 00:19 - 2015-02-07 00:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SSDlife
2015-02-07 00:19 - 2015-02-07 00:19 - 00000000 ____D () C:\ProgramData\Binarysense
2015-02-07 00:19 - 2015-02-07 00:19 - 00000000 ____D () C:\Program Files (x86)\BinarySense
2015-02-05 14:31 - 2015-02-05 14:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-05 02:05 - 2015-02-05 02:05 - 00004096 _____ () C:\Windows\d3dx.dat
2015-02-04 19:05 - 2015-02-04 22:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-02-04 02:42 - 2015-02-04 02:43 - 110587080 _____ (Oracle Corporation) C:\Users\Ash\Downloads\VirtualBox-4.3.20-96997-Win.exe
2015-02-03 21:54 - 2015-02-03 21:54 - 00000000 ____D () C:\Users\Ash\AppData\Roaming\XMedia Recode
2015-02-03 21:05 - 2015-02-03 21:05 - 00000000 ____D () C:\Users\Ash\dwhelper
2015-02-03 20:59 - 2015-02-12 23:27 - 00000000 ____D () C:\Users\Ash\AppData\Local\CrashDumps
2015-02-03 20:49 - 2015-02-10 00:59 - 00000000 ____D () C:\Program Files (x86)\XMedia Recode
2015-02-03 12:46 - 2015-02-03 12:46 - 00000000 ____D () C:\Users\Ash\AppData\Local\Macromedia
2015-02-03 03:40 - 2015-02-03 03:40 - 00000000 ____D () C:\Program Files\SAMSUNG
2015-02-03 03:40 - 2014-10-13 06:57 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2015-02-03 03:40 - 2014-10-13 06:57 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2015-02-03 03:39 - 2015-02-03 03:39 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-02-03 03:14 - 2015-02-03 03:14 - 00024022 _____ () C:\Users\Ash\Downloads\sessions.txt
2015-02-03 02:53 - 2015-02-03 02:53 - 00001107 _____ () C:\Users\Public\Desktop\OpenVPN GUI.lnk
2015-02-03 02:53 - 2015-02-03 02:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2015-02-03 02:53 - 2015-02-03 02:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2015-02-03 02:53 - 2015-02-03 02:53 - 00000000 ____D () C:\Program Files\TAP-Windows
2015-02-03 02:53 - 2015-02-03 02:53 - 00000000 ____D () C:\Program Files (x86)\OpenVPN
2015-02-03 02:10 - 2015-02-12 19:08 - 00000000 ____D () C:\Program Files (x86)\Jdownloader
2015-02-03 02:10 - 2015-02-03 02:10 - 00001486 _____ () C:\Users\Ash\Desktop\JDownloader.exe - Verknüpfung.lnk
2015-02-03 00:58 - 2015-02-03 00:58 - 00000000 ____D () C:\Users\Ash\AppData\Roaming\microsoft games
2015-02-03 00:34 - 2015-02-03 00:34 - 00000000 ____D () C:\Users\Ash\AppData\Roaming\3909
2015-02-02 23:56 - 2015-02-02 23:56 - 00000000 ____D () C:\Users\Ash\AppData\Roaming\Macromedia
2015-02-02 18:58 - 2015-02-02 18:58 - 00000000 ____D () C:\Users\Ash\AppData\Roaming\to the moon - freebird games
2015-02-02 18:58 - 2015-02-02 18:58 - 00000000 ____D () C:\Users\Ash\AppData\Roaming\Thunder Wolves
2015-02-02 18:58 - 2015-02-02 18:58 - 00000000 ____D () C:\Users\Ash\AppData\Roaming\runic games
2015-02-02 18:58 - 2015-02-02 18:58 - 00000000 ____D () C:\Users\Ash\AppData\Roaming\minmaxgames
2015-02-02 18:58 - 2015-02-02 18:58 - 00000000 ____D () C:\Users\Ash\AppData\Roaming\LucasArts
2015-02-02 18:58 - 2015-02-02 18:58 - 00000000 ____D () C:\Users\Ash\AppData\Roaming\Galaxy on Fire 2 Full HD
2015-02-02 18:58 - 2015-02-02 18:58 - 00000000 ____D () C:\Users\Ash\AppData\Local\SniperV2
2015-02-02 18:58 - 2015-02-02 18:58 - 00000000 ____D () C:\Users\Ash\AppData\Local\Skyrim
2015-02-02 18:58 - 2015-02-02 18:58 - 00000000 ____D () C:\Users\Ash\AppData\Local\PAYDAY 2
2015-02-02 18:58 - 2015-02-02 18:58 - 00000000 ____D () C:\Users\Ash\AppData\Local\PAYDAY
2015-02-02 18:58 - 2015-02-02 18:58 - 00000000 ____D () C:\Users\Ash\AppData\Local\Criterion Games
2015-02-02 18:58 - 2015-02-02 18:58 - 00000000 ____D () C:\Users\Ash\AppData\Local\BIT.TRIP RUNNER
2015-02-02 18:58 - 2015-02-02 18:58 - 00000000 ____D () C:\Users\Ash\AppData\Local\BigFinishGames
2015-02-02 18:58 - 2015-02-02 18:58 - 00000000 ____D () C:\Users\Ash\AppData\Local\2K Games
2015-02-02 18:57 - 2015-02-02 18:57 - 00000000 ____D () C:\Users\Ash\Documents\Zombie Shooter 2 Saves
2015-02-02 18:57 - 2015-02-02 18:57 - 00000000 ____D () C:\Users\Ash\Documents\Bioshock2
2015-02-02 18:57 - 2015-02-02 18:57 - 00000000 ____D () C:\Users\Ash\Documents\Bioshock
2015-02-02 18:57 - 2015-02-02 18:57 - 00000000 ____D () C:\Users\Ash\Documents\Battlefield 3
2015-02-02 18:57 - 2004-03-30 17:24 - 00337981 _____ () C:\Users\Ash\Documents\CoN_flashintro.swf
2015-02-02 18:57 - 2002-08-31 14:30 - 00009869 _____ () C:\Users\Ash\Documents\eier.htm
2015-02-02 18:57 - 2002-02-05 02:12 - 00236576 _____ () C:\Users\Ash\Documents\Hör mal wer da hämmert (Home Improvement).htm
2015-02-02 18:56 - 2015-02-02 18:57 - 00000000 ____D () C:\Users\Ash\Documents\yourp
2015-02-02 18:56 - 2015-02-02 18:56 - 00000000 ____D () C:\Users\Ash\Documents\Turbo Lister Backup
2015-02-02 18:56 - 2015-02-02 18:56 - 00000000 ____D () C:\Users\Ash\Documents\Turbo Lister
2015-02-02 18:56 - 2015-02-02 18:56 - 00000000 ____D () C:\Users\Ash\Documents\Telltale Games
2015-02-02 18:56 - 2015-02-02 18:56 - 00000000 ____D () C:\Users\Ash\Documents\SimBin
2015-02-02 18:56 - 2015-02-02 18:56 - 00000000 ____D () C:\Users\Ash\Documents\Raiderz
2015-02-02 18:56 - 2015-02-02 18:56 - 00000000 ____D () C:\Users\Ash\Documents\Nexus Mod Manager
2015-02-02 18:55 - 2015-02-02 18:56 - 00000000 ____D () C:\Users\Ash\Documents\My Games
2015-02-02 18:55 - 2015-02-02 18:55 - 00000000 ____D () C:\Users\Ash\Documents\KARTEN
2015-02-02 18:55 - 2015-02-02 18:55 - 00000000 ____D () C:\Users\Ash\Documents\Dust
2015-02-02 18:55 - 2015-02-02 18:55 - 00000000 ____D () C:\Users\Ash\Documents\DOTC
2015-02-02 18:55 - 2015-02-02 18:55 - 00000000 ____D () C:\Users\Ash\Documents\Carax 95
2015-02-02 18:55 - 2015-02-02 18:55 - 00000000 ____D () C:\Users\Ash\Documents\Bully Scholarship Edition
2015-02-02 18:55 - 2015-02-02 18:55 - 00000000 ____D () C:\Users\Ash\Documents\Buch
2015-02-02 18:54 - 2015-02-02 18:54 - 00000000 ____D () C:\Users\Public\Documents\GTA Vice City User Files
2015-02-02 18:53 - 2015-02-06 02:03 - 00004231 _____ () C:\Users\Ash\Desktop\Neues Textdokument.txt
2015-02-02 18:53 - 2015-02-02 18:53 - 00000000 ___RD () C:\Users\Ash\Desktop\Games
2015-02-02 18:53 - 2015-02-02 18:53 - 00000000 ____D () C:\Users\Ash\Desktop\k
2015-02-02 18:53 - 2014-11-09 23:48 - 00000602 _____ () C:\Users\Ash\Desktop\srcds.exe - Verknüpfung.lnk
2015-02-02 18:52 - 2015-02-02 18:52 - 00000000 ____D () C:\Users\Ash\Desktop\Super Mario Icons
2015-02-02 18:52 - 2015-02-02 18:52 - 00000000 ____D () C:\Users\Ash\Desktop\san
2015-02-02 18:52 - 2015-01-31 03:02 - 00000329 _____ () C:\Users\Ash\Desktop\chromelinks.txt
2015-02-02 18:52 - 2014-09-11 14:21 - 208202765 _____ () C:\Users\Ash\Desktop\Mein Video.mp4
2015-02-02 18:42 - 2015-02-02 18:42 - 00000632 _____ () C:\Users\Ash\Desktop\Items.lnk
2015-02-02 18:37 - 2015-02-02 18:38 - 00000000 ____D () C:\Users\Ash\AppData\Local\ACD Systems
2015-02-02 18:37 - 2015-02-02 18:37 - 00000000 ____D () C:\Users\Ash\AppData\Roaming\ACD Systems
2015-02-02 18:37 - 2015-02-02 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACD Systems
2015-02-02 18:37 - 2015-02-02 18:37 - 00000000 ____D () C:\ProgramData\ACD Systems
2015-02-02 18:37 - 2015-02-02 18:37 - 00000000 ____D () C:\Program Files (x86)\ACD Systems
2015-02-02 18:35 - 2015-02-10 03:21 - 00000000 ____D () C:\Users\Ash\Documents\Eigene PSP-Dateien
2015-02-02 18:35 - 2015-02-02 18:35 - 00000000 ____D () C:\Users\Ash\AppData\Roaming\Jasc Software Inc
2015-02-02 18:35 - 2015-02-02 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jasc Software
2015-02-02 18:35 - 2015-02-02 18:35 - 00000000 ____D () C:\ProgramData\InstallShield
2015-02-02 18:35 - 2015-02-02 18:35 - 00000000 ____D () C:\Program Files (x86)\Jasc Software Inc
2015-02-02 18:33 - 2015-02-02 18:33 - 00000000 ____D () C:\Users\Ash\AppData\Local\Downloaded Installations
2015-02-02 17:04 - 2015-02-02 17:04 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-02-02 16:55 - 2015-02-02 16:55 - 00000000 ____D () C:\Program Files (x86)\SteamLibrary
2015-02-02 16:50 - 2015-02-02 16:50 - 00000518 _____ () C:\Users\Public\Desktop\Steam.lnk
2015-02-02 16:50 - 2015-02-02 16:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-01-16 17:34 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-16 17:07 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-16 17:06 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-16 17:02 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-16 17:02 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-16 17:02 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-12 23:29 - 2015-01-06 17:09 - 00000000 ____D () C:\Users\Ash
2015-02-12 23:27 - 2015-01-11 16:12 - 00000000 ____D () C:\Users\Ash\AppData\Roaming\vlc
2015-02-12 23:25 - 2015-01-11 16:28 - 00000000 ____D () C:\Users\Ash\AppData\Roaming\Skype
2015-02-12 23:06 - 2015-01-06 17:56 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-12 22:54 - 2015-01-11 16:38 - 00000000 ____D () C:\Users\Ash\AppData\Roaming\TS3Client
2015-02-12 22:29 - 2015-01-06 17:09 - 02062466 _____ () C:\Windows\WindowsUpdate.log
2015-02-12 21:12 - 2015-01-11 17:34 - 00008416 _____ () C:\Windows\setupact.log
2015-02-12 16:45 - 2009-07-14 18:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2015-02-12 16:45 - 2009-07-14 18:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2015-02-12 16:45 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-12 15:47 - 2015-01-11 17:33 - 00000000 ____D () C:\Users\Ash\Documents\samsung
2015-02-12 15:06 - 2015-01-06 17:56 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-12 14:10 - 2009-07-14 05:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-12 14:10 - 2009-07-14 05:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-12 14:02 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-12 03:00 - 2015-01-11 15:13 - 00000000 ____D () C:\Users\Ash\AppData\Roaming\Mozilla
2015-02-11 18:38 - 2015-01-06 19:53 - 00000000 ____D () C:\Users\Ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-11 18:38 - 2015-01-06 19:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-11 15:43 - 2015-01-06 17:35 - 00000000 ____D () C:\Users\Ash\AppData\Local\NVIDIA Corporation
2015-02-11 15:43 - 2015-01-06 17:34 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-02-11 15:43 - 2015-01-06 17:34 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-02-11 15:43 - 2015-01-06 17:33 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-02-11 13:20 - 2015-01-06 18:07 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 13:20 - 2015-01-06 18:07 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 13:20 - 2009-07-14 05:45 - 00299528 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 13:17 - 2015-01-06 18:04 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 13:15 - 2015-01-06 18:04 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-08 17:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Help
2015-02-08 12:30 - 2015-01-06 17:52 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-08 03:50 - 2015-01-11 16:34 - 00001047 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-02-08 03:50 - 2015-01-11 16:34 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-02-08 03:36 - 2015-01-11 15:36 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-08 03:36 - 2015-01-11 15:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-08 03:36 - 2015-01-11 15:35 - 00000000 ____D () C:\Users\Ash\AppData\Local\Adobe
2015-02-07 20:20 - 2015-01-11 18:59 - 00089305 _____ () C:\Windows\DirectX.log
2015-02-07 13:32 - 2015-01-11 15:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-06 15:06 - 2015-01-06 17:57 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-06 15:01 - 2015-01-06 17:56 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 15:01 - 2015-01-06 17:56 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-04 19:47 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-04 15:16 - 2015-01-11 16:31 - 00000000 ____D () C:\Users\Ash\AppData\Roaming\Foxit Software
2015-02-03 03:39 - 2015-01-06 19:53 - 00000000 ____D () C:\ProgramData\Samsung
2015-02-03 03:20 - 2015-01-11 15:37 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-02-03 03:20 - 2015-01-11 15:37 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-03 00:25 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-02 18:37 - 2009-07-14 03:34 - 00000252 _____ () C:\Windows\system.ini
2015-02-02 18:36 - 2015-01-06 17:09 - 00000000 ____D () C:\Users\Ash\AppData\Local\VirtualStore
2015-02-02 18:35 - 2015-01-06 17:51 - 00066000 _____ () C:\Users\Ash\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-02 18:34 - 2015-01-11 16:20 - 00000000 ____D () C:\Users\Ash\AppData\Roaming\DAEMON Tools Lite
2015-02-02 18:34 - 2015-01-11 16:19 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-02-02 18:32 - 2015-01-11 17:34 - 00004000 _____ () C:\Windows\PFRO.log
2015-02-02 16:47 - 2015-01-11 18:24 - 00000000 ____D () C:\ProgramData\Origin
2015-02-02 16:47 - 2015-01-11 18:24 - 00000000 ____D () C:\Program Files (x86)\Origin
==================== Files in the root of some directories =======
2015-01-06 17:20 - 2015-01-06 17:20 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some content of TEMP:
====================
C:\Users\Ash\AppData\Local\Temp\130654644221987278.exe
C:\Users\Ash\AppData\Local\Temp\13065464422978729160.exe
C:\Users\Ash\AppData\Local\Temp\130654644584405024.exe
C:\Users\Ash\AppData\Local\Temp\13065464459158103640.exe
C:\Users\Ash\AppData\Local\Temp\130654644836753474.exe
C:\Users\Ash\AppData\Local\Temp\13065464484392948666.exe
C:\Users\Ash\AppData\Local\Temp\130673996296282491.exe
C:\Users\Ash\AppData\Local\Temp\13067399630347290300.exe
C:\Users\Ash\AppData\Local\Temp\Execute2App.exe
C:\Users\Ash\AppData\Local\Temp\ICReinstall_13065464422978729160.exe
C:\Users\Ash\AppData\Local\Temp\ICReinstall_13065464459158103640.exe
C:\Users\Ash\AppData\Local\Temp\ICReinstall_13067399630347290300.exe
C:\Users\Ash\AppData\Local\Temp\msvcp90.dll
C:\Users\Ash\AppData\Local\Temp\msvcr90.dll
C:\Users\Ash\AppData\Local\Temp\proxy_vole419627026241642792.dll
C:\Users\Ash\AppData\Local\Temp\_is6345.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-04 15:58
==================== End Of Log ============================
--- --- --- Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-02-2015
Ran by Ash at 2015-02-12 23:29:59
Running from C:\Users\Ash\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ACDSee Pro 5 (HKLM-x32\...\{35E0BA9D-3AFE-402A-99CA-D94FE1E73D18}) (Version: 5.3.168 - ACD Systems International Inc.)
ACE COMBAT™ ASSAULT HORIZON Enhanced Edition (HKLM-x32\...\Steam App 228400) (Version: - Namco)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
AI Suite 3 (HKLM-x32\...\{D46DA5F0-25AD-4B77-98DA-6DD6AF39FBD9}) (Version: 1.00.56 - ASUSTeK Computer Inc.)
Alice: Madness Returns (HKLM-x32\...\Steam App 19680) (Version: - Spicy Horse Games)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
AVerMedia A835 USB DVB-T 2.3.64.28 (HKLM-x32\...\AVerMedia A835 USB DVB-T) (Version: 2.3.64.28 - AVerMedia TECHNOLOGIES, Inc.)
AVerTV 3D (HKLM-x32\...\InstallShield_{5016185F-05AF-455F-AA70-6B6E5D6D4E70}) (Version: 6.5.2.26 - AVerMedia Technologies, Inc.)
AVerTV 3D (x32 Version: 6.5.2.26 - AVerMedia Technologies, Inc.) Hidden
BioShock (HKLM-x32\...\Steam App 7670) (Version: - 2K Boston)
BioShock 2 (HKLM-x32\...\Steam App 8850) (Version: - 2K Marin)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version: - Irrational Games)
BIT.TRIP RUNNER (HKLM-x32\...\Steam App 63710) (Version: - Gaijin Games)
Brother MFL-Pro Suite DCP-375CW (HKLM-x32\...\{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Bully: Scholarship Edition (HKLM-x32\...\Steam App 12200) (Version: - Rockstar New England)
Burnout Paradise: The Ultimate Box (HKLM-x32\...\Steam App 24740) (Version: - Criterion Games)
Carnage Racing (HKLM-x32\...\Steam App 228940) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
Company of Heroes (New Steam Version) (HKLM-x32\...\Steam App 228200) (Version: - Relic)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
CrystalDiskInfo 6.3.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.3.0 - Crystal Dew World)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DEFCON (HKLM-x32\...\Steam App 1520) (Version: - Introversion Software)
DiRT Showdown (HKLM-x32\...\Steam App 201700) (Version: - Codemasters Racing Studio)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
EVGA PrecisionX 16 (HKLM-x32\...\Steam App 268850) (Version: - EVGA)
Fistful of Frags (HKLM-x32\...\Steam App 265630) (Version: - Fistful of Frags Team)
FlatOut 2 (HKLM-x32\...\Steam App 2990) (Version: - Bugbear Entertainment)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.8.1216 - Foxit Software Inc.)
From Dust (HKLM-x32\...\Steam App 33460) (Version: - Ubisoft Montpellier)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Grand Theft Auto: Vice City (HKLM-x32\...\Steam App 12110) (Version: - Rockstar Games)
Hacker Evolution Duality (HKLM-x32\...\Steam App 70120) (Version: - exosyphen studios)
Half-Life (HKLM-x32\...\Steam App 70) (Version: - Valve)
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
Heroine's Quest: The Herald of Ragnarok (HKLM-x32\...\Steam App 283880) (Version: - Crystal Shard)
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version: - IO Interactive)
Insurgency (HKLM-x32\...\Steam App 222880) (Version: - New World Interactive)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Jamestown (HKLM-x32\...\Steam App 94200) (Version: - Final Form Games)
Jasc Paint Shop Pro 9 (HKLM-x32\...\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}) (Version: 9.00.0000 - Jasc Software Inc)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Mafia II (HKLM-x32\...\Steam App 50130) (Version: - 2K Czech)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Monkey Island 2: Special Edition (HKLM-x32\...\Steam App 32460) (Version: - LucasArts)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.3.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.25 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
OpenVPN 2.3.6-I001 (HKLM-x32\...\OpenVPN) (Version: 2.3.6-I001 - )
Panda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version: - Panda Security)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version: - 3909)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version: - OVERKILL Software)
Poker Night 2 (HKLM-x32\...\Steam App 234710) (Version: - Telltale Games)
Poker Night at the Inventory (HKLM-x32\...\Steam App 31280) (Version: - Telltale Games)
Portal (HKLM-x32\...\Steam App 400) (Version: - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
POSTAL 2 (HKLM-x32\...\Steam App 223470) (Version: - Running With Scissors)
RACE 07 (HKLM-x32\...\Steam App 8600) (Version: - SimBin)
Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version: - Wild Shadow Studios)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Red Orchestra 2: Heroes of Stalingrad - Single Player (HKLM-x32\...\Steam App 236830) (Version: - )
Rise of Nations: Extended Edition (HKLM-x32\...\Steam App 287450) (Version: - SkyBox Labs)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version: - Deep Silver Volition)
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version: - Volition)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15013.17 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15013.17 - Samsung Electronics Co., Ltd.) Hidden
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Sandboxie 4.14 (64-bit) (HKLM\...\Sandboxie) (Version: 4.14 - Sandboxie Holdings, LLC)
Shatter (HKLM-x32\...\Steam App 20820) (Version: - Sidhe)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Sid Meier's Pirates! (HKLM-x32\...\Steam App 3920) (Version: - Firaxis Games)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version: - Rebellion)
Space Pirates and Zombies (HKLM-x32\...\Steam App 107200) (Version: - MinMax Games Ltd.)
SplitCam (HKLM-x32\...\SplitCam) (Version: 6.9.4.1 - SplitCam Co)
SSDlife Free (HKLM-x32\...\{18302BF2-AA3C-46E3-B039-996FD0DB5639}) (Version: 2.5.82 - BinarySense Inc.)
Star Wars: Knights of the Old Republic (HKLM-x32\...\Steam App 32370) (Version: - BioWare)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Superfrog HD (HKLM-x32\...\Steam App 234000) (Version: - Team17 Digital Ltd)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.38475 - TeamViewer)
Tesla Effect (HKLM-x32\...\Steam App 261510) (Version: - Big Finish Games)
Thunder Wolves (HKLM-x32\...\Steam App 232970) (Version: - Most Wanted Entertainment)
TP-LINK TL-WN821N(C)_TL-WN822N_TL-WN823N Driver (HKLM-x32\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
Tron 2.0 (HKLM-x32\...\Steam App 327740) (Version: - Monolith Productions, Inc.)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
TV Movie ClickFinder (HKLM-x32\...\{A1A2ACDC-0C22-4EB1-B958-1898A93DAF28}) (Version: 1.00.0000 - TV Movie)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
Vessel (HKLM-x32\...\Steam App 108500) (Version: - Strange Loop Games)
Viscera Cleanup Detail (HKLM-x32\...\Steam App 246900) (Version: - RuneStorm)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Watch_Dogs (HKLM-x32\...\Steam App 243470) (Version: - Ubisoft)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Wings of Prey (HKLM-x32\...\Steam App 45300) (Version: - Gaijin Entertainment)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Worms Crazy Golf (HKLM-x32\...\Steam App 70620) (Version: - Team17 Software Ltd.)
XMedia Recode Version 3.2.1.6 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.2.1.6 - XMedia Recode)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
09-02-2015 15:43:55 Windows Update
11-02-2015 13:15:24 Windows Update
12-02-2015 13:10:15 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {490AEBC7-0393-4EF3-A238-A46B3071DDBD} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar Core\DipAwayMode\DipAwayMode.exe [2013-09-18] ()
Task: {4B87D5B4-7443-46D8-9871-3917C52E33A1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-06] (Google Inc.)
Task: {54F7257B-879B-4A5A-B6D7-8920F736D1A3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-06] (Google Inc.)
Task: {6596BD2A-F3C7-49F5-A8DD-09238F492D1E} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {67B55842-72A9-47A4-BF83-196B8B433666} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2013-08-07] (ASUSTeK Computer Inc.)
Task: {771C634C-317C-456E-80CB-4F56F0A36B6D} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
Task: {E36EBD01-3135-47E3-A8A2-BBCB18B2B8B2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-06] (AVAST Software)
Task: {F1F1533A-C471-4BEC-B072-472D70C2E644} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2015-02-08 17:22 - 2015-01-10 00:29 - 00117392 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-06 17:21 - 2013-05-07 15:45 - 00936728 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2014-09-18 08:23 - 2014-09-18 08:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-10-14 19:51 - 2014-10-14 19:51 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 08:23 - 2014-09-18 08:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-10-14 19:51 - 2014-10-14 19:51 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2015-01-06 17:45 - 2014-04-08 09:43 - 00847360 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
2015-01-06 19:48 - 2013-09-18 10:18 - 01225528 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar Core\DipAwayMode\DipAwayMode.exe
2015-01-11 14:56 - 2012-09-25 11:26 - 01163264 ____N () C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
2015-01-11 14:50 - 2011-04-01 14:52 - 00403456 _____ () C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
2015-01-11 14:50 - 2013-01-09 16:05 - 00163840 _____ () C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
2015-01-11 14:56 - 2005-04-22 13:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2014-02-28 10:14 - 2014-02-28 10:14 - 00173568 _____ () C:\Program Files\TeamSpeak 3 Client\quazip.dll
2014-02-27 15:51 - 2014-02-27 15:51 - 01080832 _____ () C:\Program Files\TeamSpeak 3 Client\platforms\qwindows.dll
2014-02-27 15:51 - 2014-02-27 15:51 - 00833024 _____ () C:\Program Files\TeamSpeak 3 Client\sqldrivers\qsqlite.dll
2014-08-04 14:43 - 2014-08-04 14:43 - 00102344 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2014-08-04 14:43 - 2014-08-04 14:43 - 00108488 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2014-02-27 15:51 - 2014-02-27 15:51 - 00030208 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\qgif.dll
2014-02-27 15:51 - 2014-02-27 15:51 - 00233984 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\qjpeg.dll
2014-08-04 14:46 - 2014-08-04 14:46 - 00563656 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2014-08-04 14:46 - 2014-08-04 14:46 - 00579016 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2014-02-27 15:51 - 2014-02-27 15:51 - 00159232 _____ () C:\Program Files\TeamSpeak 3 Client\accessible\qtaccessiblewidgets.dll
2015-02-12 22:03 - 2015-02-12 22:03 - 02912256 _____ () C:\Program Files\AVAST Software\Avast\defs\15021201\algo.dll
2015-01-06 17:21 - 2015-02-12 14:02 - 00028672 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2015-01-06 17:21 - 2013-05-07 15:45 - 00104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2015-01-06 17:45 - 2014-04-08 09:42 - 01411072 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
2015-01-06 17:45 - 2014-04-08 09:42 - 00193024 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
2015-01-06 17:45 - 2014-04-08 09:42 - 00298496 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJRtl.dll
2015-01-06 19:48 - 2013-09-18 10:18 - 00685056 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar Core\DipAwayMode\DIPDLL\DIP4DIGIPowerControlAction.dll
2015-01-06 19:48 - 2013-09-18 10:18 - 00825344 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar Core\DipAwayMode\DIPDLL\DIP4EpuAction.dll
2015-01-06 19:48 - 2013-09-18 10:18 - 00765952 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar Core\DipAwayMode\DIPDLL\DIP4FanAction.dll
2015-01-06 19:48 - 2013-09-18 10:18 - 00776704 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar Core\DipAwayMode\DIPDLL\DIP4TurboVEVOAction.dll
2015-01-06 19:48 - 2013-09-18 10:18 - 00904704 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar Core\DipAwayMode\DIPDLL\UsbPowerManager.dll
2015-01-06 19:47 - 2013-08-07 19:11 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite III\AssistFunc.dll
2015-01-06 19:48 - 2013-09-18 10:27 - 02371584 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar Core\tufx.dll
2015-01-06 19:47 - 2013-06-04 17:41 - 00662016 _____ () C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMLib.dll
2015-01-06 19:47 - 2013-08-07 19:11 - 00053248 _____ () C:\Program Files (x86)\ASUS\AI Suite III\cpuutil.dll
2015-01-06 17:52 - 2015-01-06 17:52 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-11 14:56 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-09-15 06:17 - 2014-09-15 06:17 - 00114304 _____ () C:\Program Files (x86)\SplitCam\splitcam_hd_driver_ProxyPlugin.ax
2015-01-06 19:53 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll
2015-01-06 17:25 - 2013-09-03 16:52 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-06-30 06:23 - 2014-06-30 06:23 - 02088960 _____ () C:\Program Files (x86)\SplitCam\opencv_core246.dll
2014-06-30 06:23 - 2014-06-30 06:23 - 01905664 _____ () C:\Program Files (x86)\SplitCam\opencv_imgproc246.dll
2014-06-30 06:23 - 2014-06-30 06:23 - 02092544 _____ () C:\Program Files (x86)\SplitCam\opencv_highgui246.dll
2015-02-06 15:06 - 2015-02-04 10:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-06 15:06 - 2015-02-04 10:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-06 15:06 - 2015-02-04 10:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll
2015-02-06 15:06 - 2015-02-04 10:02 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3066379646-2778961134-1701944576-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ash\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVer HID Receiver.lnk => C:\Windows\pss\AVer HID Receiver.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVerQuick.lnk => C:\Windows\pss\AVerQuick.lnk.CommonStartup
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: GoogleChromeAutoLaunch_8252431206705CA8C92C144971B8E8EF => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
==================== Accounts: =============================
Administrator (S-1-5-21-3066379646-2778961134-1701944576-500 - Administrator - Disabled)
Ash (S-1-5-21-3066379646-2778961134-1701944576-1000 - Administrator - Enabled) => C:\Users\Ash
Gast (S-1-5-21-3066379646-2778961134-1701944576-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/12/2015 11:27:58 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (02/12/2015 11:27:56 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (02/12/2015 11:27:56 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (02/12/2015 11:27:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ptys1o4l.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: ptys1o4l.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000011aa
ID des fehlerhaften Prozesses: 0xad4
Startzeit der fehlerhaften Anwendung: 0xptys1o4l.exe0
Pfad der fehlerhaften Anwendung: ptys1o4l.exe1
Pfad des fehlerhaften Moduls: ptys1o4l.exe2
Berichtskennung: ptys1o4l.exe3
Error: (02/12/2015 11:27:06 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (02/12/2015 11:25:39 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (02/12/2015 11:25:37 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (02/12/2015 11:23:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000011aa
ID des fehlerhaften Prozesses: 0x25a0
Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0
Pfad der fehlerhaften Anwendung: Gmer-19357.exe1
Pfad des fehlerhaften Moduls: Gmer-19357.exe2
Berichtskennung: Gmer-19357.exe3
Error: (02/12/2015 11:23:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: q8c42tm6.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: q8c42tm6.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000011aa
ID des fehlerhaften Prozesses: 0x246c
Startzeit der fehlerhaften Anwendung: 0xq8c42tm6.exe0
Pfad der fehlerhaften Anwendung: q8c42tm6.exe1
Pfad des fehlerhaften Moduls: q8c42tm6.exe2
Berichtskennung: q8c42tm6.exe3
Error: (02/12/2015 11:23:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: q8c42tm6.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: q8c42tm6.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000011aa
ID des fehlerhaften Prozesses: 0x2a7c
Startzeit der fehlerhaften Anwendung: 0xq8c42tm6.exe0
Pfad der fehlerhaften Anwendung: q8c42tm6.exe1
Pfad des fehlerhaften Moduls: q8c42tm6.exe2
Berichtskennung: q8c42tm6.exe3
System errors:
=============
Error: (02/12/2015 02:03:04 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126
Error: (02/12/2015 02:03:04 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (02/12/2015 01:00:33 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126
Error: (02/12/2015 01:00:33 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (02/11/2015 02:06:01 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (02/11/2015 02:05:57 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126
Error: (02/11/2015 01:20:55 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (02/11/2015 01:20:52 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126
Error: (02/11/2015 01:06:35 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126
Error: (02/11/2015 01:06:36 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Microsoft Office Sessions:
=========================
Error: (02/12/2015 11:27:58 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestF:\Downloads\esetsmartinstaller_deu.exe
Error: (02/12/2015 11:27:56 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestF:\Downloads\esetsmartinstaller_deu.exe
Error: (02/12/2015 11:27:56 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestF:\Downloads\esetsmartinstaller_deu.exe
Error: (02/12/2015 11:27:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ptys1o4l.exe2.1.19357.052e7ea83ptys1o4l.exe2.1.19357.052e7ea83c0000005000011aaad401d047131c4f7a79F:\Downloads\ptys1o4l.exeF:\Downloads\ptys1o4l.exe5bfe0708-b306-11e4-aa6d-ac220bc62429
Error: (02/12/2015 11:27:06 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestF:\Downloads\esetsmartinstaller_deu.exe
Error: (02/12/2015 11:25:39 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestF:\Downloads\esetsmartinstaller_deu.exe
Error: (02/12/2015 11:25:37 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestF:\Downloads\esetsmartinstaller_deu.exe
Error: (02/12/2015 11:23:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c0000005000011aa25a001d0471293aad706F:\Downloads\Gmer-19357.exeF:\Downloads\Gmer-19357.exed2c75aa2-b305-11e4-aa6d-ac220bc62429
Error: (02/12/2015 11:23:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: q8c42tm6.exe2.1.19357.052e7ea83q8c42tm6.exe2.1.19357.052e7ea83c0000005000011aa246c01d04712884cd28aF:\Downloads\q8c42tm6.exeF:\Downloads\q8c42tm6.exec73acb68-b305-11e4-aa6d-ac220bc62429
Error: (02/12/2015 11:23:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: q8c42tm6.exe2.1.19357.052e7ea83q8c42tm6.exe2.1.19357.052e7ea83c0000005000011aa2a7c01d047127a858d34F:\Downloads\q8c42tm6.exeF:\Downloads\q8c42tm6.exebc3f0c9c-b305-11e4-aa6d-ac220bc62429
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz
Percentage of memory in use: 35%
Total physical RAM: 8098.19 MB
Available physical RAM: 5262.61 MB
Total Pagefile: 16194.57 MB
Available Pagefile: 12417.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.69 GB) (Free:46.24 GB) NTFS
Drive d: (Volume) (Fixed) (Total:500 GB) (Free:154.07 GB) NTFS
Drive e: (Volume) (Fixed) (Total:215.75 GB) (Free:131.97 GB) NTFS
Drive f: (Volume) (Fixed) (Total:215.75 GB) (Free:53.05 GB) NTFS
Drive g: (Volume) (Fixed) (Total:232.88 GB) (Free:46.87 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: CD339713)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0CF63428)
Partition 1: (Not Active) - (Size=500 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=215.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=215.8 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 232.9 GB) (Disk ID: 698A5CBD)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Malwarebytes und ESET Online hat nichts gefunden. Vielen Dank schonmal |
|
13.02.2015, 17:21
| #13 |
| /// the machine /// TB-Ausbilder | "VBS:Malware-gen" auf USB Stick gefunden. Bitte um Überprüfung hi, Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.02.2015, 19:19
| #14 |
| | "VBS:Malware-gen" auf USB Stick gefunden. Bitte um Überprüfung Hallo Schrauber. Es gab einen Fund aber das ist wohl von meinem DVBT Stick. Hatte die Treiber direkt vom Hersteller gezogen. Code:
ATTFilter 19:16:47.0839 0x0440 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
19:17:23.0352 0x0440 ============================================================
19:17:23.0352 0x0440 Current date / time: 2015/02/13 19:17:23.0352
19:17:23.0352 0x0440 SystemInfo:
19:17:23.0352 0x0440
19:17:23.0352 0x0440 OS Version: 6.1.7601 ServicePack: 1.0
19:17:23.0352 0x0440 Product type: Workstation
19:17:23.0352 0x0440 ComputerName: ASH-PC
19:17:23.0352 0x0440 UserName: Ash
19:17:23.0352 0x0440 Windows directory: C:\Windows
19:17:23.0352 0x0440 System windows directory: C:\Windows
19:17:23.0352 0x0440 Running under WOW64
19:17:23.0352 0x0440 Processor architecture: Intel x64
19:17:23.0352 0x0440 Number of processors: 4
19:17:23.0352 0x0440 Page size: 0x1000
19:17:23.0352 0x0440 Boot type: Normal boot
19:17:23.0352 0x0440 ============================================================
19:17:23.0542 0x0440 KLMD registered as C:\Windows\system32\drivers\83248540.sys
19:17:23.0622 0x0440 System UUID: {DEEEEE00-86C4-78B0-F587-4E451E967D92}
19:17:23.0872 0x0440 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 ( 111.79 Gb ), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:17:23.0882 0x0440 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:17:23.0912 0x0440 Drive \Device\Harddisk2\DR2 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:17:23.0912 0x0440 ============================================================
19:17:23.0912 0x0440 \Device\Harddisk0\DR0:
19:17:23.0912 0x0440 MBR partitions:
19:17:23.0912 0x0440 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:17:23.0912 0x0440 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF62000
19:17:23.0912 0x0440 \Device\Harddisk1\DR1:
19:17:23.0912 0x0440 MBR partitions:
19:17:23.0912 0x0440 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3E800000
19:17:23.0912 0x0440 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x3E800800, BlocksNum 0x1AF82800
19:17:23.0912 0x0440 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x59783000, BlocksNum 0x1AF82800
19:17:23.0912 0x0440 \Device\Harddisk2\DR2:
19:17:23.0912 0x0440 MBR partitions:
19:17:23.0912 0x0440 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800
19:17:23.0912 0x0440 ============================================================
19:17:23.0912 0x0440 C: <-> \Device\Harddisk0\DR0\Partition2
19:17:23.0922 0x0440 D: <-> \Device\Harddisk1\DR1\Partition1
19:17:23.0932 0x0440 E: <-> \Device\Harddisk1\DR1\Partition2
19:17:23.0952 0x0440 F: <-> \Device\Harddisk1\DR1\Partition3
19:17:23.0972 0x0440 G: <-> \Device\Harddisk2\DR2\Partition1
19:17:23.0972 0x0440 ============================================================
19:17:23.0972 0x0440 Initialize success
19:17:23.0972 0x0440 ============================================================
19:17:43.0818 0x0970 ============================================================
19:17:43.0818 0x0970 Scan started
19:17:43.0818 0x0970 Mode: Manual; SigCheck; TDLFS;
19:17:43.0818 0x0970 ============================================================
19:17:43.0818 0x0970 KSN ping started
19:18:09.0736 0x0970 KSN ping finished: true
19:18:10.0056 0x0970 ================ Scan system memory ========================
19:18:10.0056 0x0970 System memory - ok
19:18:10.0056 0x0970 ================ Scan services =============================
19:18:10.0076 0x0970 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:18:10.0116 0x0970 1394ohci - ok
19:18:10.0126 0x0970 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:18:10.0136 0x0970 ACPI - ok
19:18:10.0136 0x0970 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:18:10.0146 0x0970 AcpiPmi - ok
19:18:10.0156 0x0970 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:18:10.0166 0x0970 adp94xx - ok
19:18:10.0176 0x0970 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:18:10.0186 0x0970 adpahci - ok
19:18:10.0186 0x0970 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:18:10.0196 0x0970 adpu320 - ok
19:18:10.0206 0x0970 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:18:10.0226 0x0970 AeLookupSvc - ok
19:18:10.0226 0x0970 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
19:18:10.0246 0x0970 AFD - ok
19:18:10.0246 0x0970 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
19:18:10.0256 0x0970 agp440 - ok
19:18:10.0256 0x0970 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
19:18:10.0266 0x0970 ALG - ok
19:18:10.0266 0x0970 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
19:18:10.0276 0x0970 aliide - ok
19:18:10.0276 0x0970 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
19:18:10.0286 0x0970 amdide - ok
19:18:10.0286 0x0970 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:18:10.0296 0x0970 AmdK8 - ok
19:18:10.0296 0x0970 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:18:10.0306 0x0970 AmdPPM - ok
19:18:10.0306 0x0970 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:18:10.0316 0x0970 amdsata - ok
19:18:10.0326 0x0970 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:18:10.0326 0x0970 amdsbs - ok
19:18:10.0336 0x0970 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:18:10.0336 0x0970 amdxata - ok
19:18:10.0336 0x0970 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
19:18:10.0356 0x0970 AppID - ok
19:18:10.0366 0x0970 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:18:10.0386 0x0970 AppIDSvc - ok
19:18:10.0386 0x0970 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
19:18:10.0396 0x0970 Appinfo - ok
19:18:10.0396 0x0970 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
19:18:10.0406 0x0970 arc - ok
19:18:10.0406 0x0970 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:18:10.0416 0x0970 arcsas - ok
19:18:10.0426 0x0970 [ BBF8F831C7720DD5135D8C4C8325187A, 2630C68200D7BD49A5772830D6B369C0EC337C2558A9562DD564DF042249ECC0 ] asComSvc C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
19:18:10.0456 0x0970 asComSvc - ok
19:18:10.0466 0x0970 [ 5F1091FA113607C9C9B2ECF4FBC76F37, F4406635C555A942242F40CACEC7EFD2FED47103C191CB3C2EDF21EE78C8122E ] asHmComSvc C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
19:18:10.0486 0x0970 asHmComSvc - ok
19:18:10.0496 0x0970 [ 798DE15F187C1F013095BBBEB6FB6197, 436CCAB6F62FA2D29827916E054ADE7ACAE485B3DE1D3E5C6C62D3DEBF1480E7 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
19:18:10.0506 0x0970 AsIO - ok
19:18:10.0506 0x0970 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:18:10.0516 0x0970 aspnet_state - ok
19:18:10.0526 0x0970 [ AD8947D621FDCA48F1F39F4624B60AA1, D685CD1A378FA411EA11C18615A1EC5D66CEC2F990DB0D4181EE3140B9DF3E8B ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
19:18:10.0526 0x0970 AsSysCtrlService - ok
19:18:10.0556 0x0970 [ F0AE6B03CF6F46D57993EFFB209DD758, E311E380B0A618DE7F1D0D0C184C5C8BCC9B92A235E0C5CCC4BE532E34B1027D ] AsusFanControlService C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.03\AsusFanControlService.exe
19:18:10.0586 0x0970 AsusFanControlService - ok
19:18:10.0586 0x0970 [ 9BE9F2B83DE80E2752B1405CC427E2EC, 6015CA66553B3B882083B33F24FB338249A110D9769831C3D3D3C681AAFA9411 ] aswHwid C:\Windows\system32\drivers\aswHwid.sys
19:18:10.0596 0x0970 aswHwid - ok
19:18:10.0596 0x0970 [ DE13ACC4B3EA66B4FBED7CF322807C90, E62AC03B66E69C43BBF275C10A79D88A6CCD782A8257114335464400E57A5639 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
19:18:10.0606 0x0970 aswMonFlt - ok
19:18:10.0606 0x0970 [ 4750016EF9CC1DEC6DA3FE5AF9A7F095, C4CF46246D8A3FF9BD8D2FE899685654ADD45EB9B032F33804D0B8131882BC74 ] aswRdr C:\Windows\system32\drivers\aswRdr2.sys
19:18:10.0616 0x0970 aswRdr - ok
19:18:10.0616 0x0970 [ 1323269A92645705DEFA053F3596829D, 83EC58E0577A1E45D1FCBC0C0AF182099FB70B9005B9F8161166EBB4E9F58F35 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
19:18:10.0626 0x0970 aswRvrt - ok
19:18:10.0636 0x0970 [ E74FD717476B30E23F45354B8F3ACB30, 951D1655E1FA4CF0ACB29F2EEDDB3B42522D392F46DD826C63DCA8941E17ABA8 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
19:18:10.0656 0x0970 aswSnx - ok
19:18:10.0666 0x0970 [ B1881A01E301990B671694CA1623F1B6, 5299C713EA7CF96F0550943DB37E963CDA09258F65C471CCEEAB44C4736B7A08 ] aswSP C:\Windows\system32\drivers\aswSP.sys
19:18:10.0676 0x0970 aswSP - ok
19:18:10.0686 0x0970 [ 7509F07BA6F84C1E3B2C0D78A1F6F782, A90A36E8E23F58E430DE98B3623688DC09D34B62906EF7796DFC90F581FC385F ] aswStm C:\Windows\system32\drivers\aswStm.sys
19:18:10.0686 0x0970 aswStm - ok
19:18:10.0696 0x0970 [ 1A5BDDE65B648DC3AD48B6ECAA3AE9C8, 858F674C3B775F9C8C782B7AFAC0B02AE9410C9F3B7F5B3AE1C4AD3BF6448C14 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
19:18:10.0706 0x0970 aswVmm - ok
19:18:10.0706 0x0970 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:18:10.0726 0x0970 AsyncMac - ok
19:18:10.0726 0x0970 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
19:18:10.0736 0x0970 atapi - ok
19:18:10.0746 0x0970 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:18:10.0766 0x0970 AudioEndpointBuilder - ok
19:18:10.0776 0x0970 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:18:10.0786 0x0970 AudioSrv - ok
19:18:10.0796 0x0970 [ E3F7EC811923F3F1A77B185F22638E5E, 324041256314C1471B5F123FA8DECC8F374A6B497A6419D4CAF61E68E1733265 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:18:10.0806 0x0970 avast! Antivirus - ok
19:18:10.0806 0x0970 [ 0BA47B92AAC60C9B527AFB7EB6BA9975, A82F1E41469D5171891629CB5BD0DAD403CC90BDAF564359B013F374E44ABD6C ] AVerRemote C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
19:18:10.0816 0x0970 AVerRemote - detected UnsignedFile.Multi.Generic ( 1 )
19:18:13.0634 0x0970 AVerRemote ( UnsignedFile.Multi.Generic ) - warning
19:18:13.0634 0x0970 Force sending object to P2P due to detect: AVerRemote
19:18:16.0437 0x0970 Object send P2P result: true
19:18:19.0347 0x0970 [ 3094F37D17C9F91632689FFE9381FC4B, F60905DEA3168D88CA55F39ABAB46D0EA54CAD924784CB1029AE1BAD0656EAA8 ] AVerScheduleService C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
19:18:19.0367 0x0970 AVerScheduleService - detected UnsignedFile.Multi.Generic ( 1 )
19:18:22.0198 0x0970 Detect skipped due to KSN trusted
19:18:22.0198 0x0970 AVerScheduleService - ok
19:18:22.0198 0x0970 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:18:22.0208 0x0970 AxInstSV - ok
19:18:22.0218 0x0970 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:18:22.0236 0x0970 b06bdrv - ok
19:18:22.0246 0x0970 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:18:22.0256 0x0970 b57nd60a - ok
19:18:22.0256 0x0970 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
19:18:22.0266 0x0970 BDESVC - ok
19:18:22.0266 0x0970 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
19:18:22.0286 0x0970 Beep - ok
19:18:22.0307 0x0970 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
19:18:22.0328 0x0970 BFE - ok
19:18:22.0343 0x0970 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
19:18:22.0368 0x0970 BITS - ok
19:18:22.0378 0x0970 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:18:22.0378 0x0970 blbdrive - ok
19:18:22.0388 0x0970 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:18:22.0398 0x0970 bowser - ok
19:18:22.0398 0x0970 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:18:22.0408 0x0970 BrFiltLo - ok
19:18:22.0408 0x0970 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:18:22.0418 0x0970 BrFiltUp - ok
19:18:22.0418 0x0970 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
19:18:22.0428 0x0970 Browser - ok
19:18:22.0438 0x0970 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:18:22.0448 0x0970 Brserid - ok
19:18:22.0448 0x0970 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:18:22.0458 0x0970 BrSerWdm - ok
19:18:22.0458 0x0970 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:18:22.0468 0x0970 BrUsbMdm - ok
19:18:22.0468 0x0970 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:18:22.0478 0x0970 BrUsbSer - ok
19:18:22.0488 0x0970 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:18:22.0498 0x0970 BTHMODEM - ok
19:18:22.0498 0x0970 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
19:18:22.0518 0x0970 bthserv - ok
19:18:22.0518 0x0970 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:18:22.0538 0x0970 cdfs - ok
19:18:22.0548 0x0970 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:18:22.0558 0x0970 cdrom - ok
19:18:22.0558 0x0970 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
19:18:22.0578 0x0970 CertPropSvc - ok
19:18:22.0578 0x0970 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:18:22.0588 0x0970 circlass - ok
19:18:22.0598 0x0970 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
19:18:22.0608 0x0970 CLFS - ok
19:18:22.0618 0x0970 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:18:22.0618 0x0970 clr_optimization_v2.0.50727_32 - ok
19:18:22.0631 0x0970 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:18:22.0632 0x0970 clr_optimization_v2.0.50727_64 - ok
19:18:22.0652 0x0970 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:18:22.0662 0x0970 clr_optimization_v4.0.30319_32 - ok
19:18:22.0662 0x0970 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:18:22.0672 0x0970 clr_optimization_v4.0.30319_64 - ok
19:18:22.0672 0x0970 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:18:22.0682 0x0970 CmBatt - ok
19:18:22.0682 0x0970 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:18:22.0692 0x0970 cmdide - ok
19:18:22.0702 0x0970 [ E45CDE1C8340DFEDF1D6724263F39E5B, 8B8091D0A8FF08170F34DA01A4201DAE7C3D026226BC77B5C2EC67657C670168 ] CNG C:\Windows\system32\Drivers\cng.sys
19:18:22.0722 0x0970 CNG - ok
19:18:22.0722 0x0970 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:18:22.0732 0x0970 Compbatt - ok
19:18:22.0732 0x0970 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:18:22.0742 0x0970 CompositeBus - ok
19:18:22.0742 0x0970 COMSysApp - ok
19:18:22.0742 0x0970 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:18:22.0752 0x0970 crcdisk - ok
19:18:22.0752 0x0970 [ 19D511CC455C19DE1ADF60E6C39C85B6, 2A05DD5EF3D0BEC2C9F4EA186E0E2D0F7BE0BF6A473D51194B09D33773AC7FAA ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:18:22.0762 0x0970 CryptSvc - ok
19:18:22.0772 0x0970 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:18:22.0802 0x0970 DcomLaunch - ok
19:18:22.0819 0x0970 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
19:18:22.0846 0x0970 defragsvc - ok
19:18:22.0849 0x0970 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:18:22.0871 0x0970 DfsC - ok
19:18:22.0881 0x0970 [ 30710AEFCE721CEEE0F35EB6A01C263C, FB062EC86474D38BBC38E11E2618A9505001C287430B495C482977BBE58017C8 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
19:18:22.0889 0x0970 dg_ssudbus - ok
19:18:22.0901 0x0970 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
19:18:22.0915 0x0970 Dhcp - ok
19:18:22.0917 0x0970 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
19:18:22.0937 0x0970 discache - ok
19:18:22.0947 0x0970 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:18:22.0947 0x0970 Disk - ok
19:18:22.0957 0x0970 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:18:22.0967 0x0970 Dnscache - ok
19:18:22.0967 0x0970 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
19:18:22.0997 0x0970 dot3svc - ok
19:18:22.0997 0x0970 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
19:18:23.0017 0x0970 DPS - ok
19:18:23.0027 0x0970 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:18:23.0027 0x0970 drmkaud - ok
19:18:23.0037 0x0970 [ 33F90B202E9DD9B7D489EB59310FDC34, 6ECF6669433E090E9CF6B1875AF18D2C06F8CDB3901D58BF89C3E2202574ABBD ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
19:18:23.0047 0x0970 dtsoftbus01 - ok
19:18:23.0057 0x0970 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:18:23.0077 0x0970 DXGKrnl - ok
19:18:23.0087 0x0970 [ 73F8DE25B04A66CE3BE5D09A10DE56E6, ABA5AA50D936897CC71D710BBCF9A1B1CCCAC290FCD10A710E4471C1CDDE1093 ] e1dexpress C:\Windows\system32\DRIVERS\e1d62x64.sys
19:18:23.0097 0x0970 e1dexpress - ok
19:18:23.0107 0x0970 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
19:18:23.0127 0x0970 EapHost - ok
19:18:23.0177 0x0970 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:18:23.0237 0x0970 ebdrv - ok
19:18:23.0237 0x0970 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] EFS C:\Windows\System32\lsass.exe
19:18:23.0247 0x0970 EFS - ok
19:18:23.0257 0x0970 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:18:23.0277 0x0970 ehRecvr - ok
19:18:23.0287 0x0970 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
19:18:23.0297 0x0970 ehSched - ok
19:18:23.0307 0x0970 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:18:23.0317 0x0970 elxstor - ok
19:18:23.0317 0x0970 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:18:23.0327 0x0970 ErrDev - ok
19:18:23.0337 0x0970 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
19:18:23.0357 0x0970 EventSystem - ok
19:18:23.0367 0x0970 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
19:18:23.0387 0x0970 exfat - ok
19:18:23.0397 0x0970 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:18:23.0417 0x0970 fastfat - ok
19:18:23.0427 0x0970 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
19:18:23.0447 0x0970 Fax - ok
19:18:23.0447 0x0970 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:18:23.0457 0x0970 fdc - ok
19:18:23.0457 0x0970 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
19:18:23.0477 0x0970 fdPHost - ok
19:18:23.0477 0x0970 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
19:18:23.0497 0x0970 FDResPub - ok
19:18:23.0507 0x0970 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:18:23.0507 0x0970 FileInfo - ok
19:18:23.0517 0x0970 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:18:23.0537 0x0970 Filetrace - ok
19:18:23.0537 0x0970 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:18:23.0547 0x0970 flpydisk - ok
19:18:23.0547 0x0970 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:18:23.0557 0x0970 FltMgr - ok
19:18:23.0577 0x0970 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
19:18:23.0607 0x0970 FontCache - ok
19:18:23.0607 0x0970 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:18:23.0617 0x0970 FontCache3.0.0.0 - ok
19:18:23.0617 0x0970 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:18:23.0627 0x0970 FsDepends - ok
19:18:23.0627 0x0970 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:18:23.0637 0x0970 Fs_Rec - ok
19:18:23.0637 0x0970 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:18:23.0647 0x0970 fvevol - ok
19:18:23.0647 0x0970 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:18:23.0657 0x0970 gagp30kx - ok
19:18:23.0677 0x0970 [ 28D0B60C58D1F734449E735E2C4FCE94, 8DF2706EB0F6383BA44961440FDAA93B3756E48994FBF4AB2B13CDA66A6F3C3F ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
19:18:23.0698 0x0970 GfExperienceService - ok
19:18:23.0708 0x0970 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
19:18:23.0738 0x0970 gpsvc - ok
19:18:23.0748 0x0970 [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:18:23.0748 0x0970 gupdate - ok
19:18:23.0758 0x0970 [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:18:23.0758 0x0970 gupdatem - ok
19:18:23.0768 0x0970 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:18:23.0768 0x0970 hcw85cir - ok
19:18:23.0778 0x0970 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:18:23.0798 0x0970 HdAudAddService - ok
19:18:23.0798 0x0970 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:18:23.0808 0x0970 HDAudBus - ok
19:18:23.0808 0x0970 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:18:23.0818 0x0970 HidBatt - ok
19:18:23.0818 0x0970 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:18:23.0838 0x0970 HidBth - ok
19:18:23.0838 0x0970 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:18:23.0848 0x0970 HidIr - ok
19:18:23.0848 0x0970 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
19:18:23.0868 0x0970 hidserv - ok
19:18:23.0868 0x0970 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:18:23.0878 0x0970 HidUsb - ok
19:18:23.0878 0x0970 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:18:23.0900 0x0970 hkmsvc - ok
19:18:23.0910 0x0970 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:18:23.0920 0x0970 HomeGroupListener - ok
19:18:23.0930 0x0970 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:18:23.0940 0x0970 HomeGroupProvider - ok
19:18:23.0950 0x0970 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:18:23.0950 0x0970 HpSAMD - ok
19:18:23.0960 0x0970 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:18:24.0001 0x0970 HTTP - ok
19:18:24.0001 0x0970 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:18:24.0001 0x0970 hwpolicy - ok
19:18:24.0013 0x0970 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:18:24.0013 0x0970 i8042prt - ok
19:18:24.0033 0x0970 [ 57CD95DEB3529181BCC931DD2DFB2341, 03ACF906E4C3CF954F503900F42C7A60FCD5624772B90A956F032484146E42B7 ] iaStorA C:\Windows\system32\DRIVERS\iaStorA.sys
19:18:24.0043 0x0970 iaStorA - ok
19:18:24.0043 0x0970 [ CE5CD8CBE940965867D507AB8EA2795A, 1CC2C23A1436E4C911DD3B942D8F6DABB7249AB04426F9AB6B6045034226DD25 ] iaStorF C:\Windows\system32\DRIVERS\iaStorF.sys
19:18:24.0054 0x0970 iaStorF - ok
19:18:24.0064 0x0970 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:18:24.0074 0x0970 iaStorV - ok
19:18:24.0074 0x0970 [ D9A9FFC89F61CAD4AD9EF31FBB17E634, F81184889B30DA8947F22A9C9ED5C542295ED70F0A1C27D1C91BAC21F4BCD987 ] ICCS C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
19:18:24.0084 0x0970 ICCS - ok
19:18:24.0094 0x0970 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:18:24.0114 0x0970 idsvc - ok
19:18:24.0124 0x0970 IEEtwCollectorService - ok
19:18:24.0124 0x0970 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:18:24.0134 0x0970 iirsp - ok
19:18:24.0144 0x0970 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
19:18:24.0164 0x0970 IKEEXT - ok
19:18:24.0224 0x0970 [ 2BEE14AC102CF1259AC99ABF53291A8B, 45FAF81302E7A575D378A67F4EF75C89FDDE3B16AC3155BB2803A54D3A7B0DD3 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:18:24.0274 0x0970 IntcAzAudAddService - ok
19:18:24.0284 0x0970 [ 0DB1E3F6189C628675F855C0EB510419, 989F539E82105019D2D81255369B96DC65826CD2A421DA09809155B26F69C555 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
19:18:24.0304 0x0970 Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 )
19:18:27.0120 0x0970 Detect skipped due to KSN trusted
19:18:27.0120 0x0970 Intel(R) Capability Licensing Service Interface - ok
19:18:27.0150 0x0970 [ 492AAF2FF66F437F0E796574B116EFC3, 6BF21C61ED05705DD58203952A750D1AB4D4B62F3A2B640BBBD9B85D1ECC3E5C ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
19:18:27.0170 0x0970 Intel(R) Capability Licensing Service TCP IP Interface - ok
19:18:27.0180 0x0970 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
19:18:27.0180 0x0970 intelide - ok
19:18:27.0190 0x0970 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:18:27.0190 0x0970 intelppm - ok
19:18:27.0200 0x0970 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:18:27.0220 0x0970 IPBusEnum - ok
19:18:27.0220 0x0970 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:18:27.0240 0x0970 IpFilterDriver - ok
19:18:27.0250 0x0970 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:18:27.0270 0x0970 iphlpsvc - ok
19:18:27.0270 0x0970 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:18:27.0280 0x0970 IPMIDRV - ok
19:18:27.0290 0x0970 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:18:27.0310 0x0970 IPNAT - ok
19:18:27.0310 0x0970 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:18:27.0320 0x0970 IRENUM - ok
19:18:27.0320 0x0970 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:18:27.0330 0x0970 isapnp - ok
19:18:27.0330 0x0970 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:18:27.0340 0x0970 iScsiPrt - ok
19:18:27.0350 0x0970 [ 78D369F8A81A341109FBA1DB64B4C512, E584F693255CCBF7006E7D35984149CF599BB0849A8F02EFDD6223DF0D606049 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
19:18:27.0350 0x0970 iusb3hcs - ok
19:18:27.0360 0x0970 [ 5B632ABA038CE2E2D5D2D1115C6B26D1, 605A8FFA704E4369CF9D17DF8630DC9E196B8920D47F1CC5151759E60B234C1F ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
19:18:27.0370 0x0970 iusb3hub - ok
19:18:27.0380 0x0970 [ EA841584EF59528D11F20355770E427E, 515737761BB2A0A233F4AD141E28D93E3B9789320A15B7D5FB3DB5AC3CD8E249 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
19:18:27.0400 0x0970 iusb3xhc - ok
19:18:27.0400 0x0970 [ 52069AEB42D3D0F97CBCA1085EBF55E6, ADB2EFFF563B3FE113FCD156FD1E469BC24FC1D68AFEDCA21306F76592C9FF88 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
19:18:27.0410 0x0970 jhi_service - ok
19:18:27.0410 0x0970 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:18:27.0420 0x0970 kbdclass - ok
19:18:27.0420 0x0970 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:18:27.0430 0x0970 kbdhid - ok
19:18:27.0430 0x0970 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] KeyIso C:\Windows\system32\lsass.exe
19:18:27.0440 0x0970 KeyIso - ok
19:18:27.0440 0x0970 [ C60C6B9A2E50B0404F6789C62B428C03, 0DFFAACBA038FB3D994049E7BBC8E0C63CB8B4A68C4AB770AD995B66B017C25B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:18:27.0450 0x0970 KSecDD - ok
19:18:27.0450 0x0970 [ 78D152A9FD5747FF6AA89C79F0346F62, 69138077E84E5324751E3C8B80D05BE58EDF03CEC84F69B734537F10F6998F3B ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:18:27.0460 0x0970 KSecPkg - ok
19:18:27.0460 0x0970 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:18:27.0480 0x0970 ksthunk - ok
19:18:27.0490 0x0970 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
19:18:27.0520 0x0970 KtmRm - ok
19:18:27.0520 0x0970 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:18:27.0540 0x0970 LanmanServer - ok
19:18:27.0550 0x0970 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:18:27.0570 0x0970 LanmanWorkstation - ok
19:18:27.0570 0x0970 [ FA529FB35694C24BF98A9EF67C1CD9D0, 7B3C587C38CF13D514140F0A55E58997D6071D1DEFD97E274E3F490660AC6075 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
19:18:27.0580 0x0970 LGBusEnum - ok
19:18:27.0580 0x0970 [ 94AF1384A67B9FCF5651E70BC9D4C526, 9C025F7BBB5BBE9DAF3DEF2F6385CE77C8F413912C4D16930814F6D19B62B367 ] LGSHidFilt C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
19:18:27.0590 0x0970 LGSHidFilt - ok
19:18:27.0590 0x0970 [ 8F4DA100274CF85D94FBA8CA76125255, 1ADA7C36C915CB9BD41CF291F8E6990746A83F4D2ABCC5CAF765A3CE388BE5E5 ] LGSUsbFilt C:\Windows\system32\DRIVERS\LGSUsbFilt.Sys
19:18:27.0590 0x0970 LGSUsbFilt - ok
19:18:27.0600 0x0970 [ 94B29CE153765E768F004FB3440BE2B0, E74C01CEBDA589CDDE35CBCBAA18700E3742DD3B48A90DB3630992467FFC5024 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
19:18:27.0600 0x0970 LGVirHid - ok
19:18:27.0600 0x0970 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:18:27.0620 0x0970 lltdio - ok
19:18:27.0630 0x0970 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:18:27.0650 0x0970 lltdsvc - ok
19:18:27.0660 0x0970 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:18:27.0670 0x0970 lmhosts - ok
19:18:27.0680 0x0970 [ 6A35B295812CE7064CFBCD9F254169CF, 561DD131FED6F90686D8C031B45B87B6D065C7E0C8804AEFCDE239725AAEE43E ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:18:27.0690 0x0970 LMS - ok
19:18:27.0700 0x0970 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:18:27.0700 0x0970 LSI_FC - ok
19:18:27.0710 0x0970 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:18:27.0720 0x0970 LSI_SAS - ok
19:18:27.0720 0x0970 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:18:27.0720 0x0970 LSI_SAS2 - ok
19:18:27.0730 0x0970 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:18:27.0740 0x0970 LSI_SCSI - ok
19:18:27.0740 0x0970 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
19:18:27.0760 0x0970 luafv - ok
19:18:27.0760 0x0970 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:18:27.0770 0x0970 Mcx2Svc - ok
19:18:27.0780 0x0970 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:18:27.0780 0x0970 megasas - ok
19:18:27.0790 0x0970 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:18:27.0800 0x0970 MegaSR - ok
19:18:27.0800 0x0970 [ 926C135CFB0C75B32FB714B5C0C58FAA, AF627CD125794B69D450D298D5608D357F2C91FB89EBFAA0DA2A0F07C6A304A8 ] MEIx64 C:\Windows\system32\DRIVERS\TeeDriverx64.sys
19:18:27.0810 0x0970 MEIx64 - ok
19:18:27.0810 0x0970 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
19:18:27.0830 0x0970 MMCSS - ok
19:18:27.0830 0x0970 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
19:18:27.0850 0x0970 Modem - ok
19:18:27.0860 0x0970 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:18:27.0860 0x0970 monitor - ok
19:18:27.0870 0x0970 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:18:27.0870 0x0970 mouclass - ok
19:18:27.0870 0x0970 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:18:27.0880 0x0970 mouhid - ok
19:18:27.0890 0x0970 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:18:27.0890 0x0970 mountmgr - ok
19:18:27.0900 0x0970 [ 345477F02C308B7480702767218C86A2, 98AFB5CF35BD82BA44B8F52CBC5FA3760506ADD7892C2AA1A77E8DF71FC8523F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:18:27.0910 0x0970 MozillaMaintenance - ok
19:18:27.0910 0x0970 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
19:18:27.0920 0x0970 mpio - ok
19:18:27.0920 0x0970 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:18:27.0940 0x0970 mpsdrv - ok
19:18:27.0960 0x0970 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:18:27.0990 0x0970 MpsSvc - ok
19:18:27.0990 0x0970 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:18:28.0000 0x0970 MRxDAV - ok
19:18:28.0010 0x0970 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:18:28.0020 0x0970 mrxsmb - ok
19:18:28.0020 0x0970 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:18:28.0030 0x0970 mrxsmb10 - ok
19:18:28.0040 0x0970 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:18:28.0050 0x0970 mrxsmb20 - ok
19:18:28.0050 0x0970 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
19:18:28.0050 0x0970 msahci - ok
19:18:28.0060 0x0970 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:18:28.0070 0x0970 msdsm - ok
19:18:28.0070 0x0970 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
19:18:28.0080 0x0970 MSDTC - ok
19:18:28.0080 0x0970 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:18:28.0100 0x0970 Msfs - ok
19:18:28.0110 0x0970 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:18:28.0120 0x0970 mshidkmdf - ok
19:18:28.0130 0x0970 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:18:28.0130 0x0970 msisadrv - ok
19:18:28.0140 0x0970 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:18:28.0160 0x0970 MSiSCSI - ok
19:18:28.0160 0x0970 msiserver - ok
19:18:28.0160 0x0970 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:18:28.0180 0x0970 MSKSSRV - ok
19:18:28.0180 0x0970 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:18:28.0200 0x0970 MSPCLOCK - ok
19:18:28.0200 0x0970 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:18:28.0220 0x0970 MSPQM - ok
19:18:28.0230 0x0970 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:18:28.0240 0x0970 MsRPC - ok
19:18:28.0250 0x0970 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:18:28.0250 0x0970 mssmbios - ok
19:18:28.0250 0x0970 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:18:28.0270 0x0970 MSTEE - ok
19:18:28.0280 0x0970 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:18:28.0280 0x0970 MTConfig - ok
19:18:28.0290 0x0970 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
19:18:28.0290 0x0970 Mup - ok
19:18:28.0300 0x0970 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
19:18:28.0330 0x0970 napagent - ok
19:18:28.0330 0x0970 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:18:28.0350 0x0970 NativeWifiP - ok
19:18:28.0360 0x0970 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
19:18:28.0380 0x0970 NDIS - ok
19:18:28.0390 0x0970 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:18:28.0410 0x0970 NdisCap - ok
19:18:28.0410 0x0970 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:18:28.0430 0x0970 NdisTapi - ok
19:18:28.0430 0x0970 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:18:28.0450 0x0970 Ndisuio - ok
19:18:28.0460 0x0970 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:18:28.0480 0x0970 NdisWan - ok
19:18:28.0480 0x0970 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:18:28.0500 0x0970 NDProxy - ok
19:18:28.0500 0x0970 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:18:28.0520 0x0970 NetBIOS - ok
19:18:28.0530 0x0970 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:18:28.0550 0x0970 NetBT - ok
19:18:28.0550 0x0970 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] Netlogon C:\Windows\system32\lsass.exe
19:18:28.0560 0x0970 Netlogon - ok
19:18:28.0570 0x0970 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
19:18:28.0590 0x0970 Netman - ok
19:18:28.0590 0x0970 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:18:28.0600 0x0970 NetMsmqActivator - ok
19:18:28.0610 0x0970 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:18:28.0620 0x0970 NetPipeActivator - ok
19:18:28.0620 0x0970 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
19:18:28.0650 0x0970 netprofm - ok
19:18:28.0650 0x0970 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:18:28.0660 0x0970 NetTcpActivator - ok
19:18:28.0670 0x0970 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:18:28.0670 0x0970 NetTcpPortSharing - ok
19:18:28.0680 0x0970 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:18:28.0680 0x0970 nfrd960 - ok
19:18:28.0690 0x0970 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
19:18:28.0700 0x0970 NlaSvc - ok
19:18:28.0700 0x0970 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:18:28.0720 0x0970 Npfs - ok
19:18:28.0730 0x0970 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
19:18:28.0750 0x0970 nsi - ok
19:18:28.0750 0x0970 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:18:28.0770 0x0970 nsiproxy - ok
19:18:28.0790 0x0970 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:18:28.0830 0x0970 Ntfs - ok
19:18:28.0830 0x0970 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
19:18:28.0850 0x0970 Null - ok
19:18:28.0860 0x0970 [ 7E4355930B28C2798D9F09AB9F81151F, 941C730F3B75BDF99639E76350031EDD15F18D8D860F3B1282C28B62096E7717 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
19:18:28.0860 0x0970 NVHDA - ok
19:18:29.0000 0x0970 [ 7F58A8A5F208557F1FF8D7F45D5811DB, D9999DAD9BBBC907C8633AD08D90E40D861E9941A74CCF3C6183C9E220FEA0E9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:18:29.0140 0x0970 nvlddmkm - ok
19:18:29.0180 0x0970 [ 93C82F365F9C0A2058A211E305A5CCFA, 1B3FA9122377CF8C982EEE8719E2E295E3D118AC15646ACAB3A5BF78E1EE7E70 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
19:18:29.0210 0x0970 NvNetworkService - ok
19:18:29.0210 0x0970 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:18:29.0220 0x0970 nvraid - ok
19:18:29.0220 0x0970 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:18:29.0230 0x0970 nvstor - ok
19:18:29.0230 0x0970 [ 977C9F7656D07D36887814A7D570FE1A, 843032A0EB1A4B81E506F80C59E613F700A353DE2C3514566092E336FE608DAB ] NvStreamKms C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
19:18:29.0240 0x0970 NvStreamKms - ok
19:18:29.0240 0x0970 NvStreamSvc - ok
19:18:29.0260 0x0970 [ 806069C408AE736E2182D2FF6C2FA8EE, 9C2D2309C4F4135772C53C10C7442BCA362657B062177B20C2F00DC2137E8362 ] nvsvc C:\Windows\system32\nvvsvc.exe
19:18:29.0280 0x0970 nvsvc - ok
19:18:29.0280 0x0970 [ DBFE7B2DF103F74AE51840B3C5F25FE9, 436CAA417FD24BA870F117FA4BABA2AB694825795508BCFCC8C927CC2D5BBC5E ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
19:18:29.0290 0x0970 nvvad_WaveExtensible - ok
19:18:29.0290 0x0970 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:18:29.0300 0x0970 nv_agp - ok
19:18:29.0300 0x0970 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:18:29.0310 0x0970 ohci1394 - ok
19:18:29.0310 0x0970 [ 2184024728C007F57C22A5CFB967F75F, 2AF3596C61C16283520A3B964F242E7515C5D334F4B6405A1875DCE6AAB6671C ] OpenVPNService C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
19:18:29.0320 0x0970 OpenVPNService - ok
19:18:29.0330 0x0970 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:18:29.0340 0x0970 p2pimsvc - ok
19:18:29.0350 0x0970 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
19:18:29.0360 0x0970 p2psvc - ok
19:18:29.0370 0x0970 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:18:29.0370 0x0970 Parport - ok
19:18:29.0380 0x0970 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:18:29.0380 0x0970 partmgr - ok
19:18:29.0390 0x0970 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
19:18:29.0400 0x0970 PcaSvc - ok
19:18:29.0410 0x0970 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
19:18:29.0420 0x0970 pci - ok
19:18:29.0420 0x0970 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
19:18:29.0420 0x0970 pciide - ok
19:18:29.0430 0x0970 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:18:29.0440 0x0970 pcmcia - ok
19:18:29.0440 0x0970 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
19:18:29.0450 0x0970 pcw - ok
19:18:29.0460 0x0970 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:18:29.0490 0x0970 PEAUTH - ok
19:18:29.0500 0x0970 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:18:29.0510 0x0970 PerfHost - ok
19:18:29.0530 0x0970 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
19:18:29.0570 0x0970 pla - ok
19:18:29.0580 0x0970 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:18:29.0600 0x0970 PlugPlay - ok
19:18:29.0600 0x0970 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:18:29.0610 0x0970 PNRPAutoReg - ok
19:18:29.0610 0x0970 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:18:29.0630 0x0970 PNRPsvc - ok
19:18:29.0650 0x0970 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:18:29.0670 0x0970 PolicyAgent - ok
19:18:29.0680 0x0970 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
19:18:29.0700 0x0970 Power - ok
19:18:29.0700 0x0970 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:18:29.0720 0x0970 PptpMiniport - ok
19:18:29.0730 0x0970 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:18:29.0730 0x0970 Processor - ok
19:18:29.0740 0x0970 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
19:18:29.0750 0x0970 ProfSvc - ok
19:18:29.0750 0x0970 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:18:29.0760 0x0970 ProtectedStorage - ok
19:18:29.0760 0x0970 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:18:29.0790 0x0970 Psched - ok
19:18:29.0810 0x0970 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:18:29.0840 0x0970 ql2300 - ok
19:18:29.0850 0x0970 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:18:29.0850 0x0970 ql40xx - ok
19:18:29.0860 0x0970 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
19:18:29.0870 0x0970 QWAVE - ok
19:18:29.0880 0x0970 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:18:29.0890 0x0970 QWAVEdrv - ok
19:18:29.0890 0x0970 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:18:29.0910 0x0970 RasAcd - ok
19:18:29.0910 0x0970 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:18:29.0930 0x0970 RasAgileVpn - ok
19:18:29.0940 0x0970 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
19:18:29.0960 0x0970 RasAuto - ok
19:18:29.0960 0x0970 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:18:29.0980 0x0970 Rasl2tp - ok
19:18:29.0990 0x0970 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
19:18:30.0010 0x0970 RasMan - ok
19:18:30.0020 0x0970 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:18:30.0040 0x0970 RasPppoe - ok
19:18:30.0040 0x0970 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:18:30.0060 0x0970 RasSstp - ok
19:18:30.0070 0x0970 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:18:30.0090 0x0970 rdbss - ok
19:18:30.0100 0x0970 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:18:30.0110 0x0970 rdpbus - ok
19:18:30.0110 0x0970 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:18:30.0130 0x0970 RDPCDD - ok
19:18:30.0130 0x0970 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:18:30.0150 0x0970 RDPENCDD - ok
19:18:30.0150 0x0970 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:18:30.0170 0x0970 RDPREFMP - ok
19:18:30.0180 0x0970 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:18:30.0190 0x0970 RDPWD - ok
19:18:30.0190 0x0970 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:18:30.0200 0x0970 rdyboost - ok
19:18:30.0200 0x0970 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:18:30.0230 0x0970 RemoteAccess - ok
19:18:30.0230 0x0970 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:18:30.0250 0x0970 RemoteRegistry - ok
19:18:30.0260 0x0970 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:18:30.0280 0x0970 RpcEptMapper - ok
19:18:30.0280 0x0970 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
19:18:30.0290 0x0970 RpcLocator - ok
19:18:30.0300 0x0970 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
19:18:30.0330 0x0970 RpcSs - ok
19:18:30.0330 0x0970 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:18:30.0350 0x0970 rspndr - ok
19:18:30.0370 0x0970 [ 7461D3DA1AABB5F703504E958455A900, B77D36E095A476A8191C1771539F20529F82CACF3C945BF55D64C39EEF09D0EA ] RTL8192cu C:\Windows\system32\DRIVERS\RTL8192cu.sys
19:18:30.0380 0x0970 RTL8192cu - ok
19:18:30.0390 0x0970 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] SamSs C:\Windows\system32\lsass.exe
19:18:30.0390 0x0970 SamSs - ok
19:18:30.0400 0x0970 [ B38103F1B78072D53EC23AC8287A72C2, B502C6AD64DC3D1185086623D32C275CEAF1F50BE22011B2B7F55B7FC0135857 ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
19:18:30.0410 0x0970 SbieDrv - ok
19:18:30.0410 0x0970 [ 542B3B5219AA6CE3E55B7C70021C0C35, B47E23E647AAD7C88DE7116F11973D3E6B7423A13B4F0709F2A11CC405423E10 ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
19:18:30.0420 0x0970 SbieSvc - ok
19:18:30.0420 0x0970 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:18:30.0430 0x0970 sbp2port - ok
19:18:30.0430 0x0970 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:18:30.0460 0x0970 SCardSvr - ok
19:18:30.0460 0x0970 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:18:30.0480 0x0970 scfilter - ok
19:18:30.0500 0x0970 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
19:18:30.0540 0x0970 Schedule - ok
19:18:30.0540 0x0970 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
19:18:30.0560 0x0970 SCPolicySvc - ok
19:18:30.0560 0x0970 [ 1CA5A783B10EC897FCE91CF220D6C517, DCBCD9E90C73F883B9A55D972CF99F25373049B7684E6738E1E213A20369A5E6 ] scvad_simple C:\Windows\system32\drivers\SplitCamAudio.sys
19:18:30.0570 0x0970 scvad_simple - ok
19:18:30.0570 0x0970 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:18:30.0580 0x0970 SDRSVC - ok
19:18:30.0590 0x0970 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:18:30.0610 0x0970 secdrv - ok
19:18:30.0610 0x0970 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
19:18:30.0630 0x0970 seclogon - ok
19:18:30.0630 0x0970 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
19:18:30.0650 0x0970 SENS - ok
19:18:30.0650 0x0970 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:18:30.0660 0x0970 SensrSvc - ok
19:18:30.0670 0x0970 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:18:30.0670 0x0970 Serenum - ok
19:18:30.0680 0x0970 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:18:30.0690 0x0970 Serial - ok
19:18:30.0690 0x0970 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:18:30.0700 0x0970 sermouse - ok
19:18:30.0700 0x0970 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
19:18:30.0720 0x0970 SessionEnv - ok
19:18:30.0730 0x0970 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:18:30.0740 0x0970 sffdisk - ok
19:18:30.0740 0x0970 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:18:30.0750 0x0970 sffp_mmc - ok
19:18:30.0750 0x0970 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:18:30.0760 0x0970 sffp_sd - ok
19:18:30.0760 0x0970 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:18:30.0770 0x0970 sfloppy - ok
19:18:30.0780 0x0970 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:18:30.0800 0x0970 SharedAccess - ok
19:18:30.0810 0x0970 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:18:30.0830 0x0970 ShellHWDetection - ok
19:18:30.0840 0x0970 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:18:30.0840 0x0970 SiSRaid2 - ok
19:18:30.0850 0x0970 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:18:30.0850 0x0970 SiSRaid4 - ok
19:18:30.0860 0x0970 [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:18:30.0870 0x0970 SkypeUpdate - ok
19:18:30.0880 0x0970 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:18:30.0900 0x0970 Smb - ok
19:18:30.0900 0x0970 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:18:30.0910 0x0970 SNMPTRAP - ok
19:18:30.0910 0x0970 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
19:18:30.0920 0x0970 spldr - ok
19:18:30.0920 0x0970 [ 8FD02AA2AB0A0EB8960E54833C779AC7, D5B63AE609D615E1E8CCCDDB6706CFC5A81190E1C16F521BD044760A3EF889F3 ] SpliCamService C:\Program Files (x86)\SplitCam\SplitCamService.exe
19:18:30.0930 0x0970 SpliCamService - ok
19:18:30.0940 0x0970 [ 64065FFE37680ACACE4D2C8F3CF20541, F6D2883509C6B49180385AE850A6A50052C6450B7CC3DAFDEF551895EE37D444 ] splitcam_hd_driver C:\Windows\system32\DRIVERS\splitcam_hd_driver.sys
19:18:30.0940 0x0970 splitcam_hd_driver - ok
19:18:30.0950 0x0970 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
19:18:30.0970 0x0970 Spooler - ok
19:18:31.0020 0x0970 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
19:18:31.0100 0x0970 sppsvc - ok
19:18:31.0100 0x0970 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:18:31.0120 0x0970 sppuinotify - ok
19:18:31.0130 0x0970 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:18:31.0150 0x0970 srv - ok
19:18:31.0160 0x0970 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:18:31.0170 0x0970 srv2 - ok
19:18:31.0170 0x0970 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:18:31.0180 0x0970 srvnet - ok
19:18:31.0190 0x0970 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:18:31.0210 0x0970 SSDPSRV - ok
19:18:31.0210 0x0970 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:18:31.0240 0x0970 SstpSvc - ok
19:18:31.0240 0x0970 [ 91310683D7B6B292B746D60734B59322, 2C56C3E4AA7356FB544B52F80ABDA39A80473390CB2059C69BDCCAD40FE56325 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
19:18:31.0250 0x0970 ssudmdm - ok
19:18:31.0260 0x0970 [ 9DA3B55B17B54789AFB8C657D4ACE4D7, 5E4599E682327E3B8097A88A69ED73F96254A29054744D5DFB782054863F131E ] ss_conn_service C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
19:18:31.0280 0x0970 ss_conn_service - ok
19:18:31.0290 0x0970 [ AC8B882D658AF3070167F59AE92E5CA3, 7781475B6A49DCE239FEE2B32767A7E58188EF04BC4BB29E04B40DAFD8214E85 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
19:18:31.0310 0x0970 Steam Client Service - ok
19:18:31.0310 0x0970 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:18:31.0320 0x0970 stexstor - ok
19:18:31.0320 0x0970 [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
19:18:31.0330 0x0970 StillCam - ok
19:18:31.0340 0x0970 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
19:18:31.0360 0x0970 stisvc - ok
19:18:31.0360 0x0970 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
19:18:31.0370 0x0970 swenum - ok
19:18:31.0380 0x0970 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
19:18:31.0410 0x0970 swprv - ok
19:18:31.0430 0x0970 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
19:18:31.0470 0x0970 SysMain - ok
19:18:31.0480 0x0970 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:18:31.0490 0x0970 TabletInputService - ok
19:18:31.0490 0x0970 [ 3C32FF010F869BC184DF71290477384E, 55CFCEC7F026C6E2E96A2FBE846AB513BB12BB0348735274FE1B71AF019C837B ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
19:18:31.0500 0x0970 tap0901 - ok
19:18:31.0510 0x0970 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
19:18:31.0530 0x0970 TapiSrv - ok
19:18:31.0530 0x0970 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
19:18:31.0550 0x0970 TBS - ok
19:18:31.0580 0x0970 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:18:31.0620 0x0970 Tcpip - ok
19:18:31.0650 0x0970 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:18:31.0680 0x0970 TCPIP6 - ok
19:18:31.0690 0x0970 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:18:31.0690 0x0970 tcpipreg - ok
19:18:31.0700 0x0970 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:18:31.0700 0x0970 TDPIPE - ok
19:18:31.0710 0x0970 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:18:31.0710 0x0970 TDTCP - ok
19:18:31.0720 0x0970 [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:18:31.0730 0x0970 tdx - ok
19:18:31.0810 0x0970 [ 1C90314A7085467E3DD31EED3A365423, BB1B363C7B1D9088DB6BC70AA4902FD6DD6B92B16B3D31D51F38E68710730AE9 ] TeamViewer C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
19:18:31.0890 0x0970 TeamViewer - ok
19:18:31.0890 0x0970 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
19:18:31.0900 0x0970 TermDD - ok
19:18:31.0910 0x0970 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
19:18:31.0930 0x0970 TermService - ok
19:18:31.0930 0x0970 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
19:18:31.0950 0x0970 Themes - ok
19:18:31.0950 0x0970 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
19:18:31.0970 0x0970 THREADORDER - ok
19:18:31.0970 0x0970 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
19:18:31.0990 0x0970 TrkWks - ok
19:18:32.0000 0x0970 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:18:32.0020 0x0970 TrustedInstaller - ok
19:18:32.0030 0x0970 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:18:32.0030 0x0970 tssecsrv - ok
19:18:32.0040 0x0970 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:18:32.0050 0x0970 TsUsbFlt - ok
19:18:32.0060 0x0970 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:18:32.0080 0x0970 tunnel - ok
19:18:32.0080 0x0970 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:18:32.0090 0x0970 uagp35 - ok
19:18:32.0090 0x0970 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:18:32.0120 0x0970 udfs - ok
19:18:32.0120 0x0970 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:18:32.0130 0x0970 UI0Detect - ok
19:18:32.0130 0x0970 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:18:32.0140 0x0970 uliagpkx - ok
19:18:32.0140 0x0970 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:18:32.0150 0x0970 umbus - ok
19:18:32.0150 0x0970 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:18:32.0160 0x0970 UmPass - ok
19:18:32.0170 0x0970 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
19:18:32.0200 0x0970 upnphost - ok
19:18:32.0200 0x0970 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:18:32.0210 0x0970 usbccgp - ok
19:18:32.0210 0x0970 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:18:32.0220 0x0970 usbcir - ok
19:18:32.0220 0x0970 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
19:18:32.0230 0x0970 usbehci - ok
19:18:32.0240 0x0970 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:18:32.0250 0x0970 usbhub - ok
19:18:32.0250 0x0970 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:18:32.0260 0x0970 usbohci - ok
19:18:32.0260 0x0970 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:18:32.0270 0x0970 usbprint - ok
19:18:32.0280 0x0970 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:18:32.0280 0x0970 USBSTOR - ok
19:18:32.0290 0x0970 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:18:32.0300 0x0970 usbuhci - ok
19:18:32.0300 0x0970 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
19:18:32.0320 0x0970 UxSms - ok
19:18:32.0320 0x0970 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] VaultSvc C:\Windows\system32\lsass.exe
19:18:32.0330 0x0970 VaultSvc - ok
19:18:32.0330 0x0970 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:18:32.0340 0x0970 vdrvroot - ok
19:18:32.0350 0x0970 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
19:18:32.0380 0x0970 vds - ok
19:18:32.0380 0x0970 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:18:32.0390 0x0970 vga - ok
19:18:32.0390 0x0970 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:18:32.0410 0x0970 VgaSave - ok
19:18:32.0420 0x0970 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:18:32.0470 0x0970 vhdmp - ok
19:18:32.0480 0x0970 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
19:18:32.0490 0x0970 viaide - ok
19:18:32.0500 0x0970 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:18:32.0510 0x0970 volmgr - ok
19:18:32.0520 0x0970 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:18:32.0540 0x0970 volmgrx - ok
19:18:32.0540 0x0970 [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:18:32.0560 0x0970 volsnap - ok
19:18:32.0560 0x0970 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:18:32.0570 0x0970 vsmraid - ok
19:18:32.0590 0x0970 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
19:18:32.0640 0x0970 VSS - ok
19:18:32.0640 0x0970 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:18:32.0650 0x0970 vwifibus - ok
19:18:32.0650 0x0970 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:18:32.0670 0x0970 vwififlt - ok
19:18:32.0670 0x0970 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
19:18:32.0700 0x0970 W32Time - ok
19:18:32.0700 0x0970 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:18:32.0710 0x0970 WacomPen - ok
19:18:32.0710 0x0970 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:18:32.0730 0x0970 WANARP - ok
19:18:32.0740 0x0970 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:18:32.0760 0x0970 Wanarpv6 - ok
19:18:32.0780 0x0970 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
19:18:32.0810 0x0970 wbengine - ok
19:18:32.0820 0x0970 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:18:32.0850 0x0970 WbioSrvc - ok
19:18:32.0850 0x0970 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:18:32.0870 0x0970 wcncsvc - ok
19:18:32.0870 0x0970 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:18:32.0880 0x0970 WcsPlugInService - ok
19:18:32.0880 0x0970 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:18:32.0890 0x0970 Wd - ok
19:18:32.0900 0x0970 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:18:32.0920 0x0970 Wdf01000 - ok
19:18:32.0930 0x0970 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:18:32.0940 0x0970 WdiServiceHost - ok
19:18:32.0940 0x0970 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:18:32.0950 0x0970 WdiSystemHost - ok
19:18:32.0960 0x0970 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
19:18:32.0970 0x0970 WebClient - ok
19:18:32.0980 0x0970 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:18:33.0000 0x0970 Wecsvc - ok
19:18:33.0000 0x0970 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:18:33.0020 0x0970 wercplsupport - ok
19:18:33.0030 0x0970 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
19:18:33.0060 0x0970 WerSvc - ok
19:18:33.0060 0x0970 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:18:33.0080 0x0970 WfpLwf - ok
19:18:33.0080 0x0970 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:18:33.0090 0x0970 WIMMount - ok
19:18:33.0090 0x0970 WinDefend - ok
19:18:33.0090 0x0970 WinHttpAutoProxySvc - ok
19:18:33.0100 0x0970 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:18:33.0120 0x0970 Winmgmt - ok
19:18:33.0150 0x0970 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
19:18:33.0190 0x0970 WinRM - ok
19:18:33.0200 0x0970 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:18:33.0210 0x0970 WinUsb - ok
19:18:33.0220 0x0970 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:18:33.0250 0x0970 Wlansvc - ok
19:18:33.0250 0x0970 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:18:33.0260 0x0970 WmiAcpi - ok
19:18:33.0260 0x0970 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:18:33.0270 0x0970 wmiApSrv - ok
19:18:33.0280 0x0970 WMPNetworkSvc - ok
19:18:33.0280 0x0970 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:18:33.0290 0x0970 WPCSvc - ok
19:18:33.0290 0x0970 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:18:33.0300 0x0970 WPDBusEnum - ok
19:18:33.0300 0x0970 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:18:33.0330 0x0970 ws2ifsl - ok
19:18:33.0330 0x0970 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
19:18:33.0340 0x0970 wscsvc - ok
19:18:33.0340 0x0970 WSearch - ok
19:18:33.0379 0x0970 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
19:18:33.0429 0x0970 wuauserv - ok
19:18:33.0429 0x0970 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:18:33.0439 0x0970 WudfPf - ok
19:18:33.0449 0x0970 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:18:33.0459 0x0970 WUDFRd - ok
19:18:33.0459 0x0970 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:18:33.0469 0x0970 wudfsvc - ok
19:18:33.0479 0x0970 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
19:18:33.0489 0x0970 WwanSvc - ok
19:18:33.0499 0x0970 ================ Scan global ===============================
19:18:33.0499 0x0970 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
19:18:33.0499 0x0970 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
19:18:33.0509 0x0970 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
19:18:33.0519 0x0970 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
19:18:33.0529 0x0970 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
19:18:33.0529 0x0970 [ Global ] - ok
19:18:33.0529 0x0970 ================ Scan MBR ==================================
19:18:33.0529 0x0970 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:18:33.0559 0x0970 \Device\Harddisk0\DR0 - ok
19:18:33.0589 0x0970 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
19:18:33.0659 0x0970 \Device\Harddisk1\DR1 - ok
19:18:33.0679 0x0970 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk2\DR2
19:18:33.0749 0x0970 \Device\Harddisk2\DR2 - ok
19:18:33.0749 0x0970 ================ Scan VBR ==================================
19:18:33.0749 0x0970 [ 7BBDBEF73560D87FEA5C39E397AFDC46 ] \Device\Harddisk0\DR0\Partition1
19:18:33.0749 0x0970 \Device\Harddisk0\DR0\Partition1 - ok
19:18:33.0759 0x0970 [ 3432EDE2A7B8F3E73D7330E167C9CB32 ] \Device\Harddisk0\DR0\Partition2
19:18:33.0759 0x0970 \Device\Harddisk0\DR0\Partition2 - ok
19:18:33.0769 0x0970 [ 9BEC19E5519D94FE3CDDEA7486B2A91E ] \Device\Harddisk1\DR1\Partition1
19:18:33.0819 0x0970 \Device\Harddisk1\DR1\Partition1 - ok
19:18:33.0819 0x0970 [ 34C06E91BB64442142CA77B7D693AD42 ] \Device\Harddisk1\DR1\Partition2
19:18:33.0819 0x0970 \Device\Harddisk1\DR1\Partition2 - ok
19:18:33.0829 0x0970 [ A97C4610012178888FD8CC4BDE4DAC0E ] \Device\Harddisk1\DR1\Partition3
19:18:33.0829 0x0970 \Device\Harddisk1\DR1\Partition3 - ok
19:18:33.0829 0x0970 [ 8178AD706B39B8E88D7E152D2BA17ECE ] \Device\Harddisk2\DR2\Partition1
19:18:33.0839 0x0970 \Device\Harddisk2\DR2\Partition1 - ok
19:18:33.0839 0x0970 ================ Scan generic autorun ======================
19:18:33.0969 0x0970 [ 5BAD798CBAB39F3A56A9CD495320F67E, 668FB3F30DD99CBF9EBDDF4C079636DFD2C7693B3506AC8A6DD1B3CA4B5BAF11 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
19:18:34.0079 0x0970 RTHDVCPL - ok
19:18:34.0299 0x0970 [ 19ECAAEA3CC248489FE987C10B688C0D, 967CB23A8176B3181EE2A55DFBB04A69988AB22105D4C450C5B5E729B91FAD5A ] C:\Program Files\Logitech Gaming Software\LCore.exe
19:18:34.0499 0x0970 Launch LCore - ok
19:18:34.0539 0x0970 [ 059E588FDF6B7E83227D45D026D21874, 211B5E85D84562E11F3A676686E7C716BB59912F7764A49D9164277EB3991AC3 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
19:18:34.0579 0x0970 NvBackend - ok
19:18:34.0589 0x0970 [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
19:18:34.0599 0x0970 ShadowPlay - ok
19:18:34.0599 0x0970 [ 094E4E76FB9AB960A73F841BC6733F42, 01C1BFF17BEC6588E192EC4D7ACB74FC9B95ECA7CB8BB9585B04FC8EA73C3B43 ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
19:18:34.0609 0x0970 USB3MON - ok
19:18:34.0679 0x0970 [ 44ADDA5FB88EE14F57A246285775AC2F, 2776225BA9F22C553453541DA0285E093B4F2019DB6FE640D033BA45045299C8 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
19:18:34.0769 0x0970 AvastUI.exe - ok
19:18:34.0789 0x0970 [ 57C635C41750117D206C90DA9C599777, D5291ED79FC08217758FB526FC8CCC9D374B65B49446104D271C36B0C1298446 ] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
19:18:34.0809 0x0970 BrMfcWnd - detected UnsignedFile.Multi.Generic ( 1 )
19:18:37.0591 0x0970 Detect skipped due to KSN trusted
19:18:37.0591 0x0970 BrMfcWnd - ok
19:18:37.0641 0x0970 [ B717D07DC70B11D1FCB2B6B5E081EBA5, 5BF1C6CEBE962BE8461627BC6E2B8FF2719F37A2741648C4308F17F376A5BE88 ] C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe
19:18:37.0661 0x0970 ACPW05DE - ok
19:18:37.0681 0x0970 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
19:18:37.0711 0x0970 Sidebar - ok
19:18:37.0711 0x0970 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
19:18:37.0721 0x0970 mctadmin - ok
19:18:37.0741 0x0970 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
19:18:37.0761 0x0970 Sidebar - ok
19:18:37.0771 0x0970 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
19:18:37.0781 0x0970 mctadmin - ok
19:18:37.0781 0x0970 [ 3CA879373F4F5A7BC57E5DD0CA4CC282, 6AA3521AC3B4402330AAE5595967C7E9C6A028FB52747ADD5FDC76AF39504FA5 ] C:\Users\Ash\AppData\Roaming\TV Movie\TV Movie Clickfinder\tvstart.exe
19:18:37.0791 0x0970 TVTip - detected UnsignedFile.Multi.Generic ( 1 )
19:18:40.0521 0x0970 Detect skipped due to KSN trusted
19:18:40.0521 0x0970 TVTip - ok
19:18:40.0561 0x0970 [ BA7D51208ED1A5F2DAB4894C9717CBBD, 0341CC07EEEDB598F0EC68E1FE250F3FD73C099198B364E5877D5535D25BE26B ] C:\Program Files\Sandboxie\SbieCtrl.exe
19:18:40.0591 0x0970 SandboxieControl - ok
19:18:40.0591 0x0970 Waiting for KSN requests completion. In queue: 6
19:18:41.0591 0x0970 Waiting for KSN requests completion. In queue: 6
19:18:42.0591 0x0970 Waiting for KSN requests completion. In queue: 6
19:18:43.0621 0x0970 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.0.2208.712 ), 0x41000 ( enabled : updated )
19:18:43.0631 0x0970 Win FW state via NFP2: enabled
19:18:46.0386 0x0970 ============================================================
19:18:46.0386 0x0970 Scan finished
19:18:46.0386 0x0970 ============================================================
19:18:46.0396 0x0de0 Detected object count: 1
19:18:46.0396 0x0de0 Actual detected object count: 1
19:19:16.0916 0x0de0 AVerRemote ( UnsignedFile.Multi.Generic ) - skipped by user
19:19:16.0916 0x0de0 AVerRemote ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
14.02.2015, 11:59
| #15 |
| /// the machine /// TB-Ausbilder | "VBS:Malware-gen" auf USB Stick gefunden. Bitte um Überprüfung Maus schon mal ne adnere getestet?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu "VBS:Malware-gen" auf USB Stick gefunden. Bitte um Überprüfung |
| adware, antivirus, computer, converter, cpu-z, downloader, dvdvideosoft ltd., ebay, failed, flash player, google, home, homepage, installation, launch, mozilla, panda usb vaccine, pirates, realtek, refresh, registry, rundll, scan, security, software, stick, svchost.exe, system, trackid, usb, vice city, vista, windows |
Linear-Darstellung
