| |
| |||||||
Log-Analyse und Auswertung: Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.07.2015, 21:30
| #1 |
 |  Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal" Hallo, seit etwa einer Woche meldet mein AVAST Virenscanner immer beim Start von Firefox, dass Infektionen blockiert wurden. Dies sind die Informationen, die AVAST preisgibt: URL: "hxxp://alwaysisobar.com/4242/SoftwareForce_142669433517349.dll" bzw. URL: "hxxp://simplesitescan.net/4242/StepOne_142667180564410.dll" Infektion: "URL:Mal" Prozess: "C:\Windows\System32\svchost.exe" Ist mein Rechner jetzt infiziert und wie bekomme ich diese Meldung wieder weg bzw. meinen Rechner sauber? Danke vorab für die Hilfe, viele Grüße Ingo |
|
02.07.2015, 21:47
| #2 |
| /// the machine /// TB-Ausbilder    | Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal" Hi,
__________________Logs bitte immer in codetags in den Thread posten 
__________________ |
|
02.07.2015, 23:33
| #3 |
| | Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal" Hi,
__________________upps, sorry!  Das mit den Code-Tags habe ich wohl überlesen. Ausserdem fällt mir bei der Gelegenheit auch auf, dass ich die GMER.log auch nicht angehängt habe. Daher jetzt noch mal richtig...defogger_disable.log Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:36 on 02/07/2015 (Ingo)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
[CODE] Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by Ingo at 2015-07-02 21:40:28
Running from D:\Users\Ingo\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2484450973-2070416738-4278609927-500 - Administrator - Disabled)
Gast (S-1-5-21-2484450973-2070416738-4278609927-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2484450973-2070416738-4278609927-1002 - Limited - Enabled)
Ingo (S-1-5-21-2484450973-2070416738-4278609927-1005 - Administrator - Enabled) => D:\Users\Ingo
Julia (S-1-5-21-2484450973-2070416738-4278609927-1006 - Administrator - Enabled) => D:\Users\Julia
Klara (S-1-5-21-2484450973-2070416738-4278609927-1007 - Limited - Enabled) => D:\Users\Klara
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2001616158.48.56.37883114 - Audible, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version: - AVM Berlin)
calibre 64bit (HKLM\...\{2E2F6591-1465-4C64-8F50-E75F4AAB0ED8}) (Version: 2.27.0 - Kovid Goyal)
Dell SonicWALL NetExtender (HKLM-x32\...\Dell SonicWALL NetExtender) (Version: 7.5.223 - Dell)
Exact Audio Copy 1.0beta6 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta6 - Andre Wiethoff)
Exif-Viewer 2.51 (HKLM-x32\...\Exif-Viewer) (Version: 2.51 - Ralf Bibinger)
FileZilla Client 3.11.0 (HKLM-x32\...\FileZilla Client) (Version: 3.11.0 - Tim Kosse)
Greenshot 1.2.6.7 (HKLM\...\Greenshot_is1) (Version: 1.2.6.7 - Greenshot)
Image Resizer for Windows (64 bit) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
Iperius Backup Version 4.2.4.0 (HKLM-x32\...\Iperius Backup_is1) (Version: 4.2.4.0 - Enter Srl)
ISO Workshop 5.9 (HKLM-x32\...\ISO Workshop_is1) (Version: - Glorylogic)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.14 - Oracle Corporation)
Java SE Development Kit 8 Update 45 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.14 - Oracle Corporation)
KeePass Password Safe 2.29 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.29 - Dominik Reichl)
K-Lite Codec Pack 11.1.6 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.1.6 - )
Lupas Rename 2000 v5.0 Release (HKLM-x32\...\Lupas Rename 2000_is1) (Version: - Ivan Anton Albarracin)
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.3 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 5.3.7299 - Paramount Software (UK) Ltd.) Hidden
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.8.1 - Notepad++ Team)
NVIDIA 3D Vision Treiber 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
NVIDIA Grafiktreiber 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Oracle VM VirtualBox 4.3.28 (HKLM\...\{E8BB81BC-E67C-4750-84EE-128DA5A7ADA5}) (Version: 4.3.28 - Oracle Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.11 - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7512 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
ScanWizard 5 (HKLM-x32\...\{B08D262E-D902-11D5-9C28-0080C85A0C2D}) (Version: - )
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
Spamihilator 1.6.0 (64-Bit) (HKLM\...\{A7AE76C5-098C-4F88-8557-F59060F77808}) (Version: 1.6.0 - Michel Krämer)
SportTracks 2.1 (HKLM-x32\...\{E6FA148F-1E7D-4A42-A9A2-7DFABC2C6A2B}) (Version: 2.1.3478 - Zone Five Software)
StarBurn Version 15.2 (Build 0x20131129) (HKLM-x32\...\StarBurn_is1) (Version: 15.2 - StarBurn Software)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.41459 - TeamViewer)
TuneUp Utilities 2011 (HKLM-x32\...\TuneUp Utilities 2011) (Version: 10.0.4600.4 - TuneUp Software)
TuneUp Utilities 2011 (x32 Version: 10.0.4600.4 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 10.0.4600.4 - TuneUp Software) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Z-Cron (HKLM-x32\...\{FD57FF4D-7225-4DAC-B15D-9BAE3E8A0E2B}) (Version: 4.9.0.68 - IMU Andreas Baumann)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2015-05-14 20:34 - 00000860 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 platform.aimersoft.com
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {124659B8-674F-4AC1-ABFD-6433FB018945} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2011 => C:\Program Files (x86)\TuneUp Utilities 2011\OneClick.exe [2011-12-13] (TuneUp Software)
Task: {5A9F4191-36EA-48AD-9551-814549047321} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-04-15] ()
Task: {A9528110-AA8F-49B9-BB39-509D7DAEB5AE} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-18] (Avast Software s.r.o.)
==================== Loaded Modules (Whitelisted) ==============
2015-05-14 20:03 - 2006-02-23 12:35 - 00020480 _____ () C:\Windows\System32\FritzColorPort64.dll
2015-05-14 20:03 - 2006-02-22 11:39 - 00020480 _____ () C:\Windows\System32\FritzPort64.dll
2015-05-19 16:56 - 2015-05-19 16:56 - 00043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2015-05-21 00:03 - 2015-05-21 00:03 - 00073728 _____ () C:\Program Files\Spamihilator\zlib1.dll
2015-05-21 00:03 - 2015-05-21 00:03 - 00380928 _____ () C:\Program Files\Spamihilator\sqlite3.dll
2015-05-13 21:39 - 2015-05-13 21:39 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-13 21:39 - 2015-05-13 21:39 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-02 18:07 - 2015-07-02 18:07 - 02955264 _____ () C:\Program Files\AVAST Software\Avast\defs\15070202\algo.dll
2015-05-13 21:39 - 2015-05-13 21:39 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-05-29 00:24 - 2015-05-29 00:24 - 00008704 _____ () D:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n89clb7s.default\extensions\mintrayr@tn123.ath.cx\lib\tray_x86-msvc.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2484450973-2070416738-4278609927-1005\Control Panel\Desktop\\Wallpaper -> D:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.177.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microtek Scanner Finder.lnk => C:\Windows\pss\Microtek Scanner Finder.lnk.CommonStartup
MSCONFIG\startupfolder: D:^Users^Ingo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Spamihilator.lnk => C:\Windows\pss\Spamihilator.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: DellNetExtender => C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe -hideGUI -clearReboot
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SonicWALLNetExtender => C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe -hideGUI -clearReboot
MSCONFIG\startupreg: StereoLinksInstall => "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe" /install1
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{1D70A97A-F028-448B-92B3-BFE0DC289320}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5EE8E22E-7C31-4A5F-8799-73A2B27D916A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1B417A7F-A2AA-4690-B9BD-3A5554D59FDA}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4AEEB65B-D743-4726-B029-E03841B2D903}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{2F3CBB2D-2FA8-4163-9675-BFDD3C0A31D6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{90A1F245-8A21-424C-834D-E990B1675CA1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8082AAD3-13FC-4085-B9F1-AF30EF95E482}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{EDAA8A87-C05B-49AA-855F-0B80666742DD}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{710863A7-B70E-46F2-AF06-2786EE61C14C}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{C4F0ABF4-2B8D-44A5-B789-015C9CCB499C}C:\program files\java\jdk1.8.0_45\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.8.0_45\bin\jmc.exe
FirewallRules: [UDP Query User{24CD8196-2198-431A-AEB1-C4E4E5EA441B}C:\program files\java\jdk1.8.0_45\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.8.0_45\bin\jmc.exe
FirewallRules: [{973A3C3F-4ED6-468D-A57D-39CCC6967CEA}] => (Allow) C:\Program Files (x86)\FRITZ!\igd_finder.exe
FirewallRules: [{5FBA8B54-2B5D-43C6-9D50-A7BB8DA1E6F1}] => (Allow) C:\Program Files (x86)\FRITZ!\igd_finder.exe
FirewallRules: [{C5C2FADB-28C0-4834-88EE-5DF521B1FFDF}] => (Block) %ProgramFiles% (x86)\Aimersoft\DRM Media Converter\DRMMediaConverter.exe
FirewallRules: [{A6046791-4438-4F69-A023-0AB25EF0E7AB}] => (Allow) C:\Program Files\Spamihilator\spamihilator.exe
FirewallRules: [{32C0CF0C-36AA-45F7-9645-9DEE35CFDC50}] => (Allow) C:\Program Files\Spamihilator\cdcc.exe
FirewallRules: [{528C10CC-C4D1-4FB7-8A23-26B56461C29B}] => (Allow) C:\Program Files\Spamihilator\dccproc.exe
FirewallRules: [TCP Query User{3DAE4350-1647-4C75-BFF0-BD3AC0D966A3}C:\program files (x86)\fritz!\frifax32.exe] => (Allow) C:\program files (x86)\fritz!\frifax32.exe
FirewallRules: [UDP Query User{4C2D01AD-D4F1-4DA4-B347-E4869BB5819E}C:\program files (x86)\fritz!\frifax32.exe] => (Allow) C:\program files (x86)\fritz!\frifax32.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/02/2015 09:37:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/02/2015 09:32:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/02/2015 09:02:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (07/02/2015 08:21:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/02/2015 06:07:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/02/2015 08:23:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/02/2015 02:58:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/01/2015 11:15:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/01/2015 08:29:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/01/2015 07:40:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (07/02/2015 09:37:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ASPI32" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (07/02/2015 09:37:20 PM) (Source: volmgr) (EventID: 45) (User: )
Description: Das System konnte den Treiber für das Speicherabbild nicht laden.
Error: (07/02/2015 09:37:16 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error: (07/02/2015 09:32:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ASPI32" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (07/02/2015 09:32:26 PM) (Source: volmgr) (EventID: 45) (User: )
Description: Das System konnte den Treiber für das Speicherabbild nicht laden.
Error: (07/02/2015 09:32:21 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error: (07/02/2015 08:21:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ASPI32" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (07/02/2015 08:21:24 PM) (Source: volmgr) (EventID: 45) (User: )
Description: Das System konnte den Treiber für das Speicherabbild nicht laden.
Error: (07/02/2015 08:21:21 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error: (07/02/2015 06:07:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ASPI32" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office:
=========================
CodeIntegrity Errors:
===================================
Date: 2015-05-25 20:57:35.937
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\drivers\grmnusb.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-05-25 20:57:35.897
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\drivers\grmnusb.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-05-25 20:56:30.234
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\drivers\grmnusb.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-05-25 20:56:30.194
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\drivers\grmnusb.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 27%
Total physical RAM: 6142.55 MB
Available physical RAM: 4471.49 MB
Total Pagefile: 12283.32 MB
Available Pagefile: 10460.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive b: (Backup) (Fixed) (Total:931.51 GB) (Free:417.93 GB) NTFS
Drive c: () (Fixed) (Total:117.38 GB) (Free:92.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: () (Fixed) (Total:831.51 GB) (Free:612.95 GB) NTFS
Drive k: () (Removable) (Total:29.05 GB) (Free:20.88 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 117.4 GB) (Disk ID: F010BBB4)
Partition 1: (Active) - (Size=117.4 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0004B04B)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=42)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B501B48E)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 29.1 GB) (Disk ID: 0009A95F)
Partition 1: (Active) - (Size=29.1 GB) - (Type=0C)
==================== End of log ============================
FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by Ingo (administrator) on HOME-PC on 02-07-2015 21:39:55
Running from D:\Users\Ingo\Downloads
Loaded Profiles: Ingo (Available Profiles: Ingo & Julia & Klara)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Enter Srl) C:\Program Files (x86)\Iperius Backup\IperiusService.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Dell Inc.) C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
(Enter Srl) C:\Program Files (x86)\Iperius Backup\Iperius.exe
(Michel Krämer) C:\Program Files\Spamihilator\spamihilator.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-13] (Avast Software s.r.o.)
HKU\S-1-5-21-2484450973-2070416738-4278609927-1005\...\Run: [Iperius Backup] => C:\Program Files (x86)\Iperius Backup\Iperius.exe [23611280 2015-05-08] (Enter Srl)
HKU\S-1-5-21-2484450973-2070416738-4278609927-1005\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2484450973-2070416738-4278609927-1005\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2484450973-2070416738-4278609927-1005\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
IFEO\codectweaktool.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO\mediainfo.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
Startup: D:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk [2015-05-28]
ShortcutTarget: Spamihilator.lnk -> C:\Program Files\Spamihilator\spamihilator.exe (Michel Krämer)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-13] (Avast Software s.r.o.)
GroupPolicyUsers\S-1-5-21-2484450973-2070416738-4278609927-1007\User: Group Policy Restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-2484450973-2070416738-4278609927-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2484450973-2070416738-4278609927-1005 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = https://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-13] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-13] (Avast Software s.r.o.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-13] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-13] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-13] (Avast Software s.r.o.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-13] (Oracle Corporation)
Hosts: 127.0.0.1 platform.aimersoft.com
Tcpip\Parameters: [DhcpNameServer] 192.168.177.1
Tcpip\..\Interfaces\{1FB36190-A6F5-4787-A58D-E71835657744}: [DhcpNameServer] 192.168.177.1
FireFox:
========
FF ProfilePath: D:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n89clb7s.default
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-13] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-13] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF Extension: MinimizeToTray revived (MinTrayR) - D:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n89clb7s.default\Extensions\mintrayr@tn123.ath.cx [2015-05-29]
FF Extension: IE Tab - D:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n89clb7s.default\Extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2015-05-29]
FF Extension: Save Text To File - D:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n89clb7s.default\Extensions\HighlightedTextToFile@bobbyrne01.org.xpi [2015-05-22]
FF Extension: Adblock Plus - D:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n89clb7s.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-22]
FF Extension: DownThemAll! - D:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n89clb7s.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-05-22]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-13]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-13]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-13]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-13] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-05-13] (Avast Software)
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed]
R2 IperiusSvc; C:\Program Files (x86)\Iperius Backup\IperiusService.exe [4364192 2015-05-08] (Enter Srl)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)
R2 SONICWALL_NetExtender; C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe [614416 2014-10-21] (Dell Inc.)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2028864 2011-12-13] (TuneUp Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 ASPI32; No ImagePath
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-13] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-13] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-13] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-13] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-27] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-13] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-13] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
R3 NxDrv; C:\Windows\System32\DRIVERS\NxDrv.sys [25536 2014-10-21] (SonicWALL Inc.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2015-05-21] (Duplex Secure Ltd.)
R1 StarPortLite; C:\Windows\System32\DRIVERS\StarPortLite.sys [120704 2013-02-04] (StarWind Software)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [11856 2011-07-07] (TuneUp Software)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-05-13] (Avast Software)
S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2013-01-25] (Wondershare)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-02 21:39 - 2015-07-02 21:40 - 00012348 _____ D:\Users\Ingo\Downloads\FRST.txt
2015-07-02 21:39 - 2015-07-02 21:39 - 00000000 ____D C:\FRST
2015-07-02 21:36 - 2015-07-02 21:36 - 00000580 _____ D:\Users\Ingo\Downloads\defogger_disable.log
2015-07-02 21:36 - 2015-07-02 21:36 - 00000020 _____ D:\Users\Ingo\defogger_reenable
2015-07-02 21:15 - 2015-07-02 21:15 - 02112512 _____ (Farbar) D:\Users\Ingo\Downloads\FRST64.exe
2015-07-02 21:15 - 2015-07-02 21:15 - 00380416 _____ D:\Users\Ingo\Downloads\Gmer-19357.exe
2015-07-02 21:14 - 2015-07-02 21:14 - 00050477 _____ D:\Users\Ingo\Downloads\Defogger.exe
2015-06-30 21:11 - 2015-06-30 21:12 - 44135827 _____ D:\Users\Julia\Downloads\downloads(1).zip
2015-06-30 21:03 - 2015-06-30 21:05 - 74260937 _____ D:\Users\Julia\Downloads\downloads.zip
2015-06-27 21:43 - 2015-06-27 21:57 - 00003584 _____ D:\Users\Julia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-18 23:06 - 2015-06-18 23:06 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-06-18 19:47 - 2015-06-18 19:47 - 00000000 ____D D:\Users\Ingo\VirtualBox VMs
2015-06-16 01:07 - 2015-06-16 01:07 - 00000000 ____D D:\Users\Ingo\AppData\Local\calibre-cache
2015-06-16 01:06 - 2015-06-18 00:35 - 00000000 ____D D:\Users\Ingo\Documents\Calibre-Bibliothek
2015-06-16 01:06 - 2015-06-16 01:09 - 00000000 ____D D:\Users\Ingo\AppData\Roaming\calibre
2015-06-12 14:12 - 2015-06-12 14:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell SonicWALL NetExtender
2015-06-12 13:59 - 2015-06-12 13:59 - 01536632 _____ D:\Users\Julia\Downloads\NXSetupU.exe
2015-06-10 03:08 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 03:08 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 03:08 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 03:08 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 03:08 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 03:08 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 03:08 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 03:08 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 03:08 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 03:08 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 03:08 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 03:08 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 03:08 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 03:08 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 03:08 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 03:08 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 03:08 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 03:08 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 03:08 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 03:08 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 03:08 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 03:08 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 03:08 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 03:08 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 03:08 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 03:08 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 03:08 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 03:08 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 03:08 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 03:08 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 03:08 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 03:08 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 03:08 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 03:08 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 03:08 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 03:08 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 03:08 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 03:08 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 03:08 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 03:08 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 03:08 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 03:08 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 03:08 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 03:08 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 03:08 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 03:08 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 03:08 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 03:08 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 03:08 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 03:08 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 03:08 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 03:08 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 03:08 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 03:08 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 03:08 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 03:08 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 03:08 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 03:08 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 03:08 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 03:08 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 03:08 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 03:08 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 03:08 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 03:08 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 03:08 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 03:07 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 03:07 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 03:07 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 03:07 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 03:07 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 03:07 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 03:07 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 03:07 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-08 21:35 - 2015-06-08 21:35 - 00000000 ____D D:\Users\Julia\AppData\Local\FreeOCR
2015-06-07 10:46 - 2015-06-07 10:46 - 00001147 _____ D:\Users\Klara\Desktop\Hörbücher.lnk
2015-06-07 10:45 - 2015-06-16 02:26 - 00000000 ____D D:\Users\Public\Hörbücher
2015-06-03 23:07 - 2015-06-03 23:07 - 00013854 _____ C:\Windows\system32\hs_err_pid1220.log
2015-06-03 23:05 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-03 23:05 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-03 23:05 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-03 23:05 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-03 23:05 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-03 23:05 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-03 23:05 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-03 23:05 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-03 23:05 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-03 23:05 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-03 23:05 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-03 23:05 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-03 23:05 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-03 23:05 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-03 23:05 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-03 23:05 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-03 23:05 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-03 23:05 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-03 23:05 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-03 23:05 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-03 23:05 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-03 23:05 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-03 23:05 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-03 23:05 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-03 23:05 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-03 23:05 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-03 23:05 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-03 23:05 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-03 23:05 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-03 23:05 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-03 23:05 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-03 23:05 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-03 23:05 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-03 23:05 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-03 23:05 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-03 23:05 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-03 23:05 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-03 23:05 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-03 23:05 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-03 23:05 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-03 23:05 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-03 23:05 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-03 23:05 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-03 23:05 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-03 23:05 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-03 23:05 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-03 23:05 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-03 23:05 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-03 23:05 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-03 23:05 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-03 23:05 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-03 23:05 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-03 23:05 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-03 23:05 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-03 23:05 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-03 23:05 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-03 23:05 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-03 23:05 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-03 23:05 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-03 23:05 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-03 23:05 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-03 23:05 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-03 23:05 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-03 23:05 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-03 23:05 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-03 23:05 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-03 23:05 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-03 23:05 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-03 23:05 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-03 23:05 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-03 23:05 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-03 23:05 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-03 23:05 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-03 23:05 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-03 23:05 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-03 23:05 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-03 23:05 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-03 23:05 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-03 23:05 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-03 23:05 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-03 23:04 - 2015-05-09 05:27 - 03147776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-06-03 23:04 - 2015-05-09 05:27 - 02589184 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-06-03 23:04 - 2015-05-09 05:27 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-06-03 23:04 - 2015-05-09 05:27 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-06-03 23:04 - 2015-05-09 05:27 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-06-03 23:04 - 2015-05-09 05:27 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-06-03 23:04 - 2015-05-09 05:27 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-06-03 23:04 - 2015-05-09 05:26 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-06-03 23:04 - 2015-05-09 05:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-06-03 23:04 - 2015-05-09 05:26 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-06-03 23:04 - 2015-05-09 05:26 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-06-03 23:04 - 2015-05-09 05:14 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-06-03 23:04 - 2015-05-09 05:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-06-03 23:04 - 2015-05-09 05:14 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-06-03 23:04 - 2015-05-09 05:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-06-03 23:04 - 2015-05-09 05:13 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-06-03 21:14 - 2015-06-13 13:13 - 00000000 ____D D:\Users\Ingo\AppData\Local\Audible
2015-06-03 21:14 - 2015-06-03 21:14 - 00255352 _____ (Audible, Inc.) C:\Windows\SysWOW64\awrdscdc.ax
2015-06-03 21:14 - 2015-06-03 21:14 - 00001863 _____ D:\Users\Julia\Desktop\Audible Manager.lnk
2015-06-03 21:14 - 2015-06-03 21:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager
2015-06-03 21:13 - 2015-06-03 21:14 - 00000000 ____D C:\Program Files (x86)\Audible
2015-06-03 21:13 - 2015-06-03 21:13 - 00000000 ____D D:\Users\Public\Documents\Audible
2015-06-03 21:13 - 2001-08-17 22:43 - 00024576 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll
2015-06-02 08:25 - 2015-06-02 08:25 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2015-06-02 08:25 - 2015-06-02 08:25 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2015-06-02 08:25 - 2015-06-02 08:25 - 00000000 ____D C:\Program Files\Realtek
2015-06-02 08:24 - 2015-06-02 08:26 - 00000000 ___HD C:\Program Files (x86)\Temp
2015-06-02 08:24 - 2015-06-02 08:24 - 00000000 ____D C:\Program Files (x86)\Realtek
2015-06-02 08:24 - 2015-05-15 19:27 - 02918104 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-06-02 08:24 - 2015-05-15 18:23 - 04464344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-06-02 08:24 - 2015-05-15 16:32 - 01316056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-06-02 08:24 - 2015-05-15 15:29 - 02847448 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2015-06-02 08:24 - 2015-05-15 15:29 - 02532568 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RltkAPO.dll
2015-06-02 08:24 - 2015-05-15 13:16 - 02048372 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-06-02 08:24 - 2015-05-11 14:01 - 01739992 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-06-02 08:24 - 2015-04-28 10:52 - 05706688 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV2apo.dll
2015-06-02 08:24 - 2015-04-27 16:09 - 00328816 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2015-06-02 08:24 - 2015-04-24 05:42 - 00858256 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDRA64.dll
2015-06-02 08:24 - 2015-04-24 05:42 - 00684176 _____ (Sound Research, Corp.) C:\Windows\system32\SECOMN64.dll
2015-06-02 08:24 - 2015-04-24 05:42 - 00435856 _____ (Sound Research, Corp.) C:\Windows\system32\SEAPO64.dll
2015-06-02 08:24 - 2015-04-24 05:41 - 00555664 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SECOMN32.DLL
2015-06-02 08:24 - 2015-04-13 19:14 - 00168816 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-06-02 08:24 - 2015-04-13 16:25 - 03262184 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE2.dll
2015-06-02 08:24 - 2015-04-09 15:23 - 01559744 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64APO.dll
2015-06-02 08:24 - 2015-04-03 13:24 - 01365768 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2015-06-02 08:24 - 2015-03-11 18:04 - 02825944 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2015-06-02 08:24 - 2015-03-10 18:04 - 02702040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-06-02 08:24 - 2015-03-08 12:22 - 03182104 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-06-02 08:24 - 2015-02-05 17:48 - 12834736 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO4064.dll
2015-06-02 08:24 - 2015-02-05 17:48 - 02789808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO7064.dll
2015-06-02 08:24 - 2015-02-04 00:38 - 01413776 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll
2015-06-02 08:24 - 2015-02-04 00:38 - 00454288 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll
2015-06-02 08:24 - 2015-02-04 00:38 - 00369296 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll
2015-06-02 08:24 - 2015-02-04 00:38 - 00329360 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll
2015-06-02 08:24 - 2015-02-04 00:38 - 00329360 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2015-06-02 08:24 - 2015-01-23 18:16 - 00213432 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaemaxapo64.dll
2015-06-02 08:24 - 2015-01-19 18:10 - 72113152 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2015-06-02 08:24 - 2015-01-19 09:08 - 12975360 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2015-06-02 08:24 - 2014-12-11 08:10 - 01104040 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
2015-06-02 08:24 - 2014-12-11 08:10 - 00943784 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2015-06-02 08:24 - 2014-12-11 08:10 - 00734376 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2015-06-02 08:24 - 2014-12-11 08:10 - 00250536 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2015-06-02 08:24 - 2014-12-02 18:42 - 03218800 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-06-02 08:24 - 2014-11-11 13:44 - 00631000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-06-02 08:24 - 2014-11-04 13:42 - 06242576 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64AF3.dll
2015-06-02 08:24 - 2014-11-04 13:42 - 01933584 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64AF3.dll
2015-06-02 08:24 - 2014-11-04 13:42 - 00336144 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64AF3.dll
2015-06-02 08:24 - 2014-11-04 13:42 - 00284944 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64F3.dll
2015-06-02 08:24 - 2014-10-24 10:12 - 05234952 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2015-06-02 08:24 - 2014-10-24 10:12 - 00995120 _____ (Nahimic Inc) C:\Windows\system32\NahimicAPONSControl.dll
2015-06-02 08:24 - 2014-09-24 11:31 - 07087448 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2015-06-02 08:24 - 2014-09-24 11:31 - 01939800 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2015-06-02 08:24 - 2014-09-24 11:31 - 00315736 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2015-06-02 08:24 - 2014-09-24 11:31 - 00261464 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2015-06-02 08:24 - 2014-08-14 19:16 - 05804772 _____ C:\Windows\system32\Drivers\rtvienna.dat
2015-06-02 08:24 - 2014-07-03 14:44 - 01499984 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2015-06-02 08:24 - 2014-07-03 14:44 - 00979280 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2015-06-02 08:24 - 2014-06-17 19:17 - 00856992 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2015-06-02 08:24 - 2014-06-09 10:59 - 00560328 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-06-02 08:24 - 2014-05-22 16:24 - 00096568 _____ C:\Windows\system32\audioLibVc.dll
2015-06-02 08:24 - 2014-04-17 17:42 - 01136728 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2015-06-02 08:24 - 2014-04-10 12:19 - 02101848 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2015-06-02 08:24 - 2014-04-10 12:19 - 02041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2015-06-02 08:24 - 2014-02-27 20:02 - 02162992 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2015-06-02 08:24 - 2014-01-31 17:27 - 01313904 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
2015-06-02 08:24 - 2013-10-11 12:47 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-06-02 08:24 - 2013-10-11 11:31 - 00947760 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2015-06-02 08:24 - 2013-10-07 00:26 - 00501184 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2015-06-02 08:24 - 2013-10-07 00:26 - 00487360 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2015-06-02 08:24 - 2013-10-07 00:26 - 00415680 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2015-06-02 08:24 - 2013-08-14 15:36 - 00662784 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2015-06-02 08:24 - 2013-08-14 15:35 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2015-06-02 08:24 - 2013-07-23 15:39 - 14048512 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2015-06-02 08:24 - 2013-07-23 15:39 - 00922880 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2015-06-02 08:24 - 2013-06-25 12:47 - 00871856 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll
2015-06-02 08:24 - 2013-06-25 12:47 - 00162224 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll
2015-06-02 08:24 - 2013-06-25 12:46 - 00582056 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll
2015-06-02 08:24 - 2013-06-21 11:01 - 00109848 _____ C:\Windows\system32\AcpiServiceVnA64.dll
2015-06-02 08:24 - 2013-04-03 14:13 - 00906800 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2015-06-02 08:24 - 2012-08-31 19:18 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2015-06-02 08:24 - 2012-08-31 19:17 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2015-06-02 08:24 - 2012-08-31 19:17 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2015-06-02 08:24 - 2012-08-31 19:17 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2015-06-02 08:24 - 2012-08-31 19:17 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2015-06-02 08:24 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-06-02 08:24 - 2012-01-10 10:20 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2015-06-02 08:24 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-06-02 08:24 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2015-06-02 08:24 - 2011-09-02 14:21 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2015-06-02 08:24 - 2011-09-02 14:21 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2015-06-02 08:24 - 2011-09-02 14:21 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2015-06-02 08:24 - 2011-08-23 17:00 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2015-06-02 08:24 - 2011-05-31 09:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2015-06-02 08:24 - 2011-05-31 09:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2015-06-02 08:24 - 2011-05-31 09:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2015-06-02 08:24 - 2011-05-31 09:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2015-06-02 08:24 - 2011-05-31 09:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2015-06-02 08:24 - 2011-05-31 09:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2015-06-02 08:24 - 2011-05-31 09:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2015-06-02 08:24 - 2011-05-31 09:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2015-06-02 08:24 - 2011-05-31 09:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2015-06-02 08:24 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2015-06-02 08:24 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2015-06-02 08:24 - 2011-05-31 09:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2015-06-02 08:24 - 2011-03-17 12:17 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2015-06-02 08:24 - 2011-03-07 17:11 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2015-06-02 08:24 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-06-02 08:24 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-06-02 08:24 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-06-02 08:24 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-06-02 08:24 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-06-02 08:24 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-06-02 08:24 - 2010-09-27 09:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-06-02 08:24 - 2010-07-22 16:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2015-06-02 08:24 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2015-06-02 08:24 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2015-06-02 08:24 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2015-06-02 08:24 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-02 21:38 - 2015-05-21 00:03 - 00000000 ____D D:\Users\Ingo\AppData\Roaming\Spamihilator
2015-07-02 21:37 - 2015-05-24 14:23 - 00033528 _____ C:\Windows\errord.log
2015-07-02 21:37 - 2015-05-24 14:23 - 00016368 _____ C:\Windows\error.log
2015-07-02 21:37 - 2015-05-21 00:48 - 00015799 _____ C:\Windows\setupact.log
2015-07-02 21:37 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-02 21:36 - 2015-05-14 23:16 - 00000000 ____D D:\Users\Ingo
2015-07-02 21:36 - 2015-05-13 20:33 - 02093661 _____ C:\Windows\WindowsUpdate.log
2015-07-02 21:36 - 2009-07-14 06:45 - 00020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-02 21:36 - 2009-07-14 06:45 - 00020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-02 21:32 - 2015-05-26 08:29 - 00037872 _____ C:\Windows\PFRO.log
2015-07-02 21:32 - 2009-07-14 06:45 - 04900304 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-02 21:26 - 2015-05-21 00:02 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2015-07-02 20:47 - 2011-04-12 09:43 - 00702198 _____ C:\Windows\system32\perfh007.dat
2015-07-02 20:47 - 2011-04-12 09:43 - 00149838 _____ C:\Windows\system32\perfc007.dat
2015-07-02 20:47 - 2009-07-14 07:13 - 01626984 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-02 18:08 - 2015-05-13 21:39 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-07-01 00:02 - 2015-05-29 03:58 - 00000000 ____D D:\Users\Ingo\AppData\Local\CrashDumps
2015-06-28 18:22 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-28 17:41 - 2015-05-23 00:35 - 00000000 ____D D:\Users\Julia\AppData\Roaming\Skype
2015-06-28 12:40 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-27 20:22 - 2015-05-13 21:39 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
2015-06-18 22:51 - 2015-05-21 21:26 - 00000000 ____D D:\Users\Ingo\.VirtualBox
2015-06-18 00:33 - 2015-05-23 23:05 - 00000000 ____D D:\Users\Ingo\Documents\decrypted ebooks
2015-06-15 22:24 - 2015-05-22 23:19 - 00000000 ____D D:\Users\Julia\AppData\Roaming\.purple
2015-06-15 02:58 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-14 16:13 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-12 21:50 - 2015-05-21 20:44 - 00000000 ____D D:\Users\Ingo\AppData\Roaming\KeePass
2015-06-12 20:56 - 2015-05-21 21:10 - 00000000 ____D D:\Users\Ingo\Documents\My Digital Editions
2015-06-12 14:11 - 2015-05-25 20:58 - 00000000 ____D C:\Windows\system32\appmgmt
2015-06-10 23:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-10 22:15 - 2015-05-14 01:03 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 22:15 - 2015-05-13 21:00 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-10 22:11 - 2015-05-14 01:03 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-08 23:49 - 2015-05-25 22:36 - 00015779 _____ D:\Users\Julia\Desktop\Wohnungsfinanzierung_1411.xlsx
2015-06-08 21:35 - 2015-05-15 00:00 - 00000000 ____D C:\Program Files (x86)\FreeOCR
2015-06-08 20:03 - 2015-05-24 14:09 - 00000000 ____D D:\Users\Julia\AppData\Roaming\KeePass
2015-06-08 20:02 - 2015-05-13 21:10 - 00000000 ____D C:\ProgramData\Skype
2015-06-04 12:50 - 2015-05-13 23:16 - 01645874 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-06-04 00:25 - 2015-05-14 23:11 - 00000000 ___HD D:\Users\Public\Libraries
2015-06-03 23:07 - 2015-05-13 21:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-03 23:06 - 2015-05-14 01:06 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-03 23:06 - 2015-05-14 01:06 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-03 20:36 - 2015-05-15 00:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-02 08:24 - 2015-05-13 21:15 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
==================== Files in the root of some directories =======
2015-05-25 23:24 - 2015-05-25 23:28 - 0000026 _____ () D:\Users\Ingo\AppData\Local\isoworkshop.ini
2015-06-02 08:25 - 2015-06-02 08:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
D:\Users\Ingo\AppData\Local\Temp\Quarantine.exe
D:\Users\Ingo\AppData\Local\Temp\sqlite3.dll
D:\Users\Julia\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-29 08:08
==================== End of log ============================
Geändert von ingoxxl (02.07.2015 um 23:39 Uhr) |
|
02.07.2015, 23:45
| #4 |
| | Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal" GMER.log Teil 1 Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-07-02 22:06:41
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006d SanDisk_ rev.3.2. 117,38GB
Running: Gmer-19357.exe; Driver: D:\Users\Ingo\AppData\Local\Temp\kxldipow.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f8dc60 5 bytes JMP 0000000149e00460
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f8dcb0 5 bytes JMP 0000000149e00450
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f8de10 5 bytes JMP 0000000149e00370
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f8de60 5 bytes JMP 0000000149e00470
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f8de70 5 bytes JMP 0000000149e003e0
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f8df20 5 bytes JMP 0000000149e00320
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f8df50 5 bytes JMP 0000000149e003b0
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f8df70 5 bytes JMP 0000000149e00390
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f8dfb0 5 bytes JMP 0000000149e002e0
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f8e030 5 bytes JMP 0000000149e002d0
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f8e050 5 bytes JMP 0000000149e00310
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f8e090 5 bytes JMP 0000000149e003c0
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f8e0e0 5 bytes JMP 0000000149e003f0
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f8e240 5 bytes JMP 0000000149e00230
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f8e400 5 bytes JMP 0000000149e00480
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f8e430 5 bytes JMP 0000000149e003a0
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f8e510 5 bytes JMP 0000000149e002f0
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f8e520 5 bytes JMP 0000000149e00350
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f8e580 5 bytes JMP 0000000149e00290
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f8e610 5 bytes JMP 0000000149e002b0
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f8e630 5 bytes JMP 0000000149e003d0
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f8e640 5 bytes JMP 0000000149e00330
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f8e6b0 5 bytes JMP 0000000149e00410
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f8e6e0 5 bytes JMP 0000000149e00240
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f8e9a0 5 bytes JMP 0000000149e001e0
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f8ea60 5 bytes JMP 0000000149e00250
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f8ea90 5 bytes JMP 0000000149e00490
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f8eaa0 5 bytes JMP 0000000149e004a0
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f8ead0 5 bytes JMP 0000000149e00300
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f8eae0 5 bytes JMP 0000000149e00360
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f8eb40 5 bytes JMP 0000000149e002a0
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f8eb90 5 bytes JMP 0000000149e002c0
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f8ebc0 5 bytes JMP 0000000149e00380
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f8ebd0 5 bytes JMP 0000000149e00340
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f8eec0 5 bytes JMP 0000000149e00440
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f8f0c0 5 bytes JMP 0000000149e00260
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f8f0d0 5 bytes JMP 0000000149e00270
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f8f0e0 5 bytes JMP 0000000149e00400
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f8f2a0 5 bytes JMP 0000000149e001f0
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f8f2b0 5 bytes JMP 0000000149e00210
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f8f320 5 bytes JMP 0000000149e00200
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f8f380 5 bytes JMP 0000000149e00420
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f8f390 5 bytes JMP 0000000149e00430
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f8f3a0 5 bytes JMP 0000000149e00220
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f8f480 5 bytes JMP 0000000149e00280
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f8dc60 5 bytes JMP 00000000770f0460
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f8de10 5 bytes JMP 00000000770f0370
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f8de60 5 bytes JMP 00000000770f0470
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f8de70 5 bytes JMP 00000000770f03e0
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f8df20 5 bytes JMP 00000000770f0320
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f8df50 5 bytes JMP 00000000770f03b0
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f8df70 5 bytes JMP 00000000770f0390
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f8e030 5 bytes JMP 00000000770f02d0
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f8e050 5 bytes JMP 00000000770f0310
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f8e090 5 bytes JMP 00000000770f03c0
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f8e240 5 bytes JMP 00000000770f0230
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f8e400 5 bytes JMP 00000000770f0480
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f8e430 5 bytes JMP 00000000770f03a0
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f8e510 5 bytes JMP 00000000770f02f0
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f8e520 5 bytes JMP 00000000770f0350
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f8e580 5 bytes JMP 00000000770f0290
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f8e610 5 bytes JMP 00000000770f02b0
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f8e630 5 bytes JMP 00000000770f03d0
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f8e640 5 bytes JMP 00000000770f0330
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f8ea60 5 bytes JMP 00000000770f0250
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f8ea90 5 bytes JMP 00000000770f0490
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f8ead0 5 bytes JMP 00000000770f0300
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f8eae0 5 bytes JMP 00000000770f0360
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f8eec0 5 bytes JMP 00000000770f0440
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f8f320 5 bytes JMP 00000000770f0200
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f8f380 5 bytes JMP 00000000770f0420
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f8f390 5 bytes JMP 00000000770f0430
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f8f480 5 bytes JMP 00000000770f0280
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f8dc60 5 bytes JMP 0000000149e00460
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f8dcb0 5 bytes JMP 0000000149e00450
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f8de10 5 bytes JMP 0000000149e00370
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f8de60 5 bytes JMP 0000000149e00470
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f8de70 5 bytes JMP 0000000149e003e0
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f8df20 5 bytes JMP 0000000149e00320
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f8df50 5 bytes JMP 0000000149e003b0
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f8df70 5 bytes JMP 0000000149e00390
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f8dfb0 5 bytes JMP 0000000149e002e0
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f8e030 5 bytes JMP 0000000149e002d0
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f8e050 5 bytes JMP 0000000149e00310
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f8e090 5 bytes JMP 0000000149e003c0
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f8e0e0 5 bytes JMP 0000000149e003f0
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f8e240 5 bytes JMP 0000000149e00230
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f8e400 5 bytes JMP 0000000149e00480
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f8e430 5 bytes JMP 0000000149e003a0
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f8e510 5 bytes JMP 0000000149e002f0
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f8e520 5 bytes JMP 0000000149e00350
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f8e580 5 bytes JMP 0000000149e00290
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f8e610 5 bytes JMP 0000000149e002b0
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f8e630 5 bytes JMP 0000000149e003d0
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f8e640 5 bytes JMP 0000000149e00330
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f8e6b0 5 bytes JMP 0000000149e00410
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f8e6e0 5 bytes JMP 0000000149e00240
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f8e9a0 5 bytes JMP 0000000149e001e0
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f8ea60 5 bytes JMP 0000000149e00250
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f8ea90 5 bytes JMP 0000000149e00490
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f8eaa0 5 bytes JMP 0000000149e004a0
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f8ead0 5 bytes JMP 0000000149e00300
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f8eae0 5 bytes JMP 0000000149e00360
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f8eb40 5 bytes JMP 0000000149e002a0
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f8eb90 5 bytes JMP 0000000149e002c0
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f8ebc0 5 bytes JMP 0000000149e00380
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f8ebd0 5 bytes JMP 0000000149e00340
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f8eec0 5 bytes JMP 0000000149e00440
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f8f0c0 5 bytes JMP 0000000149e00260
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f8f0d0 5 bytes JMP 0000000149e00270
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f8f0e0 5 bytes JMP 0000000149e00400
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f8f2a0 5 bytes JMP 0000000149e001f0
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f8f2b0 5 bytes JMP 0000000149e00210
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f8f320 5 bytes JMP 0000000149e00200
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f8f380 5 bytes JMP 0000000149e00420
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f8f390 5 bytes JMP 0000000149e00430
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f8f3a0 5 bytes JMP 0000000149e00220
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f8f480 5 bytes JMP 0000000149e00280
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f8dc60 5 bytes JMP 00000000770f0460
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f8de10 5 bytes JMP 00000000770f0370
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f8de60 5 bytes JMP 00000000770f0470
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f8de70 5 bytes JMP 00000000770f03e0
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f8df20 5 bytes JMP 00000000770f0320
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f8df50 5 bytes JMP 00000000770f03b0
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f8df70 5 bytes JMP 00000000770f0390
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f8e030 5 bytes JMP 00000000770f02d0
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f8e050 5 bytes JMP 00000000770f0310
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f8e090 5 bytes JMP 00000000770f03c0
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f8e240 5 bytes JMP 00000000770f0230
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f8e400 5 bytes JMP 00000000770f0480
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f8e430 5 bytes JMP 00000000770f03a0
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f8e510 5 bytes JMP 00000000770f02f0
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f8e520 5 bytes JMP 00000000770f0350
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f8e580 5 bytes JMP 00000000770f0290
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f8e610 5 bytes JMP 00000000770f02b0
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f8e630 5 bytes JMP 00000000770f03d0
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f8e640 5 bytes JMP 00000000770f0330
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f8ea60 5 bytes JMP 00000000770f0250
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f8ea90 5 bytes JMP 00000000770f0490
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f8ead0 5 bytes JMP 00000000770f0300
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f8eae0 5 bytes JMP 00000000770f0360
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f8eec0 5 bytes JMP 00000000770f0440
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f8f320 5 bytes JMP 00000000770f0200
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f8f380 5 bytes JMP 00000000770f0420
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f8f390 5 bytes JMP 00000000770f0430
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f8f480 5 bytes JMP 00000000770f0280
.text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f8dc60 5 bytes JMP 00000000770f0460
.text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f8de10 5 bytes JMP 00000000770f0370
.text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f8de60 5 bytes JMP 00000000770f0470
.text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f8de70 5 bytes JMP 00000000770f03e0
.text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f8df20 5 bytes JMP 00000000770f0320
.text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f8df50 5 bytes JMP 00000000770f03b0
.text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f8df70 5 bytes JMP 00000000770f0390
.text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f8e030 5 bytes JMP 00000000770f02d0
.text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f8e050 5 bytes JMP 00000000770f0310
.text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f8e090 5 bytes JMP 00000000770f03c0
.text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f8e240 5 bytes JMP 00000000770f0230
.text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f8e400 5 bytes JMP 00000000770f0480
.text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f8e430 5 bytes JMP 00000000770f03a0
.text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f8e510 5 bytes JMP 00000000770f02f0
.text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f8e520 5 bytes JMP 00000000770f0350
.text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f8e580 5 bytes JMP 00000000770f0290
.text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f8e610 5 bytes JMP 00000000770f02b0
.text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f8e630 5 bytes JMP 00000000770f03d0
.text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f8e640 5 bytes JMP 00000000770f0330
.text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f8ea60 5 bytes JMP 00000000770f0250
.text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f8ea90 5 bytes JMP 00000000770f0490
.text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f8ead0 5 bytes JMP 00000000770f0300
.text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f8eae0 5 bytes JMP 00000000770f0360
.text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f8eec0 5 bytes JMP 00000000770f0440
.text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f8f320 5 bytes JMP 00000000770f0200
.text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f8f380 5 bytes JMP 00000000770f0420
.text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f8f390 5 bytes JMP 00000000770f0430
.text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f8f480 5 bytes JMP 00000000770f0280
.text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f8dc60 5 bytes JMP 00000000770f0460
.text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f8de10 5 bytes JMP 00000000770f0370
.text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f8de60 5 bytes JMP 00000000770f0470
.text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f8de70 5 bytes JMP 00000000770f03e0
.text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f8df20 5 bytes JMP 00000000770f0320
.text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f8df50 5 bytes JMP 00000000770f03b0
.text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f8df70 5 bytes JMP 00000000770f0390
.text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f8e030 5 bytes JMP 00000000770f02d0
.text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f8e050 5 bytes JMP 00000000770f0310
.text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f8e090 5 bytes JMP 00000000770f03c0
.text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f8e240 5 bytes JMP 00000000770f0230
.text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f8e400 5 bytes JMP 00000000770f0480
.text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f8e430 5 bytes JMP 00000000770f03a0
.text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f8e510 5 bytes JMP 00000000770f02f0
.text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f8e520 5 bytes JMP 00000000770f0350
.text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f8e580 5 bytes JMP 00000000770f0290
.text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f8e610 5 bytes JMP 00000000770f02b0
.text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f8e630 5 bytes JMP 00000000770f03d0
.text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f8e640 5 bytes JMP 00000000770f0330
.text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f8ea60 5 bytes JMP 00000000770f0250
.text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f8ea90 5 bytes JMP 00000000770f0490
.text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f8ead0 5 bytes JMP 00000000770f0300
.text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f8eae0 5 bytes JMP 00000000770f0360
.text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f8eec0 5 bytes JMP 00000000770f0440
.text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f8f320 5 bytes JMP 00000000770f0200
.text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f8f380 5 bytes JMP 00000000770f0420
.text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f8f390 5 bytes JMP 00000000770f0430
.text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f8f480 5 bytes JMP 00000000770f0280
.text C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f8dc60 5 bytes JMP 00000000770f0460
.text C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f8de10 5 bytes JMP 00000000770f0370
.text C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f8de60 5 bytes JMP 00000000770f0470
.text C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f8de70 5 bytes JMP 00000000770f03e0
.text C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f8df20 5 bytes JMP 00000000770f0320
.text C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f8df50 5 bytes JMP 00000000770f03b0
.text C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f8df70 5 bytes JMP 00000000770f0390
.text C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f8e030 5 bytes JMP 00000000770f02d0
.text C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f8e050 5 bytes JMP 00000000770f0310
.text C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f8e090 5 bytes JMP 00000000770f03c0
.text C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f8e240 5 bytes JMP 00000000770f0230
.text C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f8e400 5 bytes JMP 00000000770f0480
.text C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f8e430 5 bytes JMP 00000000770f03a0
.text C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f8e510 5 bytes JMP 00000000770f02f0
.text C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f8e520 5 bytes JMP 00000000770f0350
.text C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f8e580 5 bytes JMP 00000000770f0290
.text C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f8e610 5 bytes JMP 00000000770f02b0
.text C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f8e630 5 bytes JMP 00000000770f03d0
.text C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f8e640 5 bytes JMP 00000000770f0330
.text C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f8ea60 5 bytes JMP 00000000770f0250
.text C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f8ea90 5 bytes JMP 00000000770f0490
.text C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f8ead0 5 bytes JMP 00000000770f0300
.text C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f8eae0 5 bytes JMP 00000000770f0360
.text C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f8eec0 5 bytes JMP 00000000770f0440
.text C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f8f320 5 bytes JMP 00000000770f0200
.text C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f8f380 5 bytes JMP 00000000770f0420
.text C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f8f390 5 bytes JMP 00000000770f0430
.text C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f8f480 5 bytes JMP 00000000770f0280
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f8dc60 5 bytes JMP 00000000770f0460
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f8de10 5 bytes JMP 00000000770f0370
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f8de60 5 bytes JMP 00000000770f0470
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f8de70 5 bytes JMP 00000000770f03e0
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f8df20 5 bytes JMP 00000000770f0320
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f8df50 5 bytes JMP 00000000770f03b0
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f8df70 5 bytes JMP 00000000770f0390
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f8e030 5 bytes JMP 00000000770f02d0
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f8e050 5 bytes JMP 00000000770f0310
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f8e090 5 bytes JMP 00000000770f03c0
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f8e240 5 bytes JMP 00000000770f0230
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f8e400 5 bytes JMP 00000000770f0480
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f8e430 5 bytes JMP 00000000770f03a0
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f8e510 5 bytes JMP 00000000770f02f0
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f8e520 5 bytes JMP 00000000770f0350
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f8e580 5 bytes JMP 00000000770f0290
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f8e610 5 bytes JMP 00000000770f02b0
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f8e630 5 bytes JMP 00000000770f03d0
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f8e640 5 bytes JMP 00000000770f0330
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f8ea60 5 bytes JMP 00000000770f0250
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f8ea90 5 bytes JMP 00000000770f0490
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f8ead0 5 bytes JMP 00000000770f0300
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f8eae0 5 bytes JMP 00000000770f0360
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f8eec0 5 bytes JMP 00000000770f0440
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f8f320 5 bytes JMP 00000000770f0200
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f8f380 5 bytes JMP 00000000770f0420
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f8f390 5 bytes JMP 00000000770f0430
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f8f480 5 bytes JMP 00000000770f0280
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f8dc60 5 bytes JMP 00000000770f0460
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f8de10 5 bytes JMP 00000000770f0370
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f8de60 5 bytes JMP 00000000770f0470
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f8de70 5 bytes JMP 00000000770f03e0
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f8df20 5 bytes JMP 00000000770f0320
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f8df50 5 bytes JMP 00000000770f03b0
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f8df70 5 bytes JMP 00000000770f0390
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f8e030 5 bytes JMP 00000000770f02d0
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f8e050 5 bytes JMP 00000000770f0310
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f8e090 5 bytes JMP 00000000770f03c0
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f8e240 5 bytes JMP 00000000770f0230
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f8e400 5 bytes JMP 00000000770f0480
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f8e430 5 bytes JMP 00000000770f03a0
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f8e510 5 bytes JMP 00000000770f02f0
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f8e520 5 bytes JMP 00000000770f0350
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f8e580 5 bytes JMP 00000000770f0290
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f8e610 5 bytes JMP 00000000770f02b0
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f8e630 5 bytes JMP 00000000770f03d0
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f8e640 5 bytes JMP 00000000770f0330
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f8ea60 5 bytes JMP 00000000770f0250
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f8ea90 5 bytes JMP 00000000770f0490
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f8ead0 5 bytes JMP 00000000770f0300
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f8eae0 5 bytes JMP 00000000770f0360
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f8eec0 5 bytes JMP 00000000770f0440
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f8f320 5 bytes JMP 00000000770f0200
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f8f380 5 bytes JMP 00000000770f0420
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f8f390 5 bytes JMP 00000000770f0430
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f8f480 5 bytes JMP 00000000770f0280
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f8dc60 5 bytes JMP 00000000770f0460
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f8de10 5 bytes JMP 00000000770f0370
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f8de60 5 bytes JMP 00000000770f0470
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f8de70 5 bytes JMP 00000000770f03e0
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f8df20 5 bytes JMP 00000000770f0320
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f8df50 5 bytes JMP 00000000770f03b0
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f8df70 5 bytes JMP 00000000770f0390
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f8e030 5 bytes JMP 00000000770f02d0
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f8e050 5 bytes JMP 00000000770f0310
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f8e090 5 bytes JMP 00000000770f03c0
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f8e240 5 bytes JMP 00000000770f0230
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f8e400 5 bytes JMP 00000000770f0480
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f8e430 5 bytes JMP 00000000770f03a0
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f8e510 5 bytes JMP 00000000770f02f0
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f8e520 5 bytes JMP 00000000770f0350
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f8e580 5 bytes JMP 00000000770f0290
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f8e610 5 bytes JMP 00000000770f02b0
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f8e630 5 bytes JMP 00000000770f03d0
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f8e640 5 bytes JMP 00000000770f0330
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f8ea60 5 bytes JMP 00000000770f0250
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f8ea90 5 bytes JMP 00000000770f0490
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f8ead0 5 bytes JMP 00000000770f0300
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f8eae0 5 bytes JMP 00000000770f0360
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f8eec0 5 bytes JMP 00000000770f0440
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f8f320 5 bytes JMP 00000000770f0200
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f8f380 5 bytes JMP 00000000770f0420
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f8f390 5 bytes JMP 00000000770f0430
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f8f480 5 bytes JMP 00000000770f0280
|
|
02.07.2015, 23:49
| #5 |
| | Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal" GMER.log Teil 2 Code:
ATTFilter .text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f8dc60 5 bytes JMP 00000000770f0460
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f8de10 5 bytes JMP 00000000770f0370
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f8de60 5 bytes JMP 00000000770f0470
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f8de70 5 bytes JMP 00000000770f03e0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f8df20 5 bytes JMP 00000000770f0320
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f8df50 5 bytes JMP 00000000770f03b0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f8df70 5 bytes JMP 00000000770f0390
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f8e030 5 bytes JMP 00000000770f02d0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f8e050 5 bytes JMP 00000000770f0310
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f8e090 5 bytes JMP 00000000770f03c0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f8e240 5 bytes JMP 00000000770f0230
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f8e400 5 bytes JMP 00000000770f0480
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f8e430 5 bytes JMP 00000000770f03a0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f8e510 5 bytes JMP 00000000770f02f0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f8e520 5 bytes JMP 00000000770f0350
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f8e580 5 bytes JMP 00000000770f0290
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f8e610 5 bytes JMP 00000000770f02b0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f8e630 5 bytes JMP 00000000770f03d0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f8e640 5 bytes JMP 00000000770f0330
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f8ea60 5 bytes JMP 00000000770f0250
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f8ea90 5 bytes JMP 00000000770f0490
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f8ead0 5 bytes JMP 00000000770f0300
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f8eae0 5 bytes JMP 00000000770f0360
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f8eec0 5 bytes JMP 00000000770f0440
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f8f320 5 bytes JMP 00000000770f0200
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f8f380 5 bytes JMP 00000000770f0420
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f8f390 5 bytes JMP 00000000770f0430
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f8f480 5 bytes JMP 00000000770f0280
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f8dc60 5 bytes JMP 00000000770f0460
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f8de10 5 bytes JMP 00000000770f0370
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f8de60 5 bytes JMP 00000000770f0470
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f8de70 5 bytes JMP 00000000770f03e0
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f8df20 5 bytes JMP 00000000770f0320
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f8df50 5 bytes JMP 00000000770f03b0
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f8df70 5 bytes JMP 00000000770f0390
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f8e030 5 bytes JMP 00000000770f02d0
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f8e050 5 bytes JMP 00000000770f0310
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f8e090 5 bytes JMP 00000000770f03c0
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f8e240 5 bytes JMP 00000000770f0230
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f8e400 5 bytes JMP 00000000770f0480
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f8e430 5 bytes JMP 00000000770f03a0
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f8e510 5 bytes JMP 00000000770f02f0
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f8e520 5 bytes JMP 00000000770f0350
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f8e580 5 bytes JMP 00000000770f0290
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f8e610 5 bytes JMP 00000000770f02b0
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f8e630 5 bytes JMP 00000000770f03d0
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f8e640 5 bytes JMP 00000000770f0330
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f8ea60 5 bytes JMP 00000000770f0250
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f8ea90 5 bytes JMP 00000000770f0490
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f8ead0 5 bytes JMP 00000000770f0300
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f8eae0 5 bytes JMP 00000000770f0360
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f8eec0 5 bytes JMP 00000000770f0440
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f8f320 5 bytes JMP 00000000770f0200
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f8f380 5 bytes JMP 00000000770f0420
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f8f390 5 bytes JMP 00000000770f0430
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f8f480 5 bytes JMP 00000000770f0280
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f8dc60 5 bytes JMP 00000000770f0460
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f8de10 5 bytes JMP 00000000770f0370
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f8de60 5 bytes JMP 00000000770f0470
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f8de70 5 bytes JMP 00000000770f03e0
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f8df20 5 bytes JMP 00000000770f0320
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f8df50 5 bytes JMP 00000000770f03b0
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f8df70 5 bytes JMP 00000000770f0390
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f8e030 5 bytes JMP 00000000770f02d0
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f8e050 5 bytes JMP 00000000770f0310
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f8e090 5 bytes JMP 00000000770f03c0
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f8e240 5 bytes JMP 00000000770f0230
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f8e400 5 bytes JMP 00000000770f0480
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f8e430 5 bytes JMP 00000000770f03a0
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f8e510 5 bytes JMP 00000000770f02f0
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f8e520 5 bytes JMP 00000000770f0350
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f8e580 5 bytes JMP 00000000770f0290
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f8e610 5 bytes JMP 00000000770f02b0
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f8e630 5 bytes JMP 00000000770f03d0
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f8e640 5 bytes JMP 00000000770f0330
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f8ea60 5 bytes JMP 00000000770f0250
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f8ea90 5 bytes JMP 00000000770f0490
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f8ead0 5 bytes JMP 00000000770f0300
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f8eae0 5 bytes JMP 00000000770f0360
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f8eec0 5 bytes JMP 00000000770f0440
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f8f320 5 bytes JMP 00000000770f0200
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f8f380 5 bytes JMP 00000000770f0420
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f8f390 5 bytes JMP 00000000770f0430
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f8f480 5 bytes JMP 00000000770f0280
.text C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f8dc60 5 bytes JMP 00000000770f0460
.text C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f8de10 5 bytes JMP 00000000770f0370
.text C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f8de60 5 bytes JMP 00000000770f0470
.text C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f8de70 5 bytes JMP 00000000770f03e0
.text C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f8df20 5 bytes JMP 00000000770f0320
.text C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f8df50 5 bytes JMP 00000000770f03b0
.text C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f8df70 5 bytes JMP 00000000770f0390
.text C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f8e030 5 bytes JMP 00000000770f02d0
.text C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f8e050 5 bytes JMP 00000000770f0310
.text C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f8e090 5 bytes JMP 00000000770f03c0
.text C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f8e240 5 bytes JMP 00000000770f0230
.text C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f8e400 5 bytes JMP 00000000770f0480
.text C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f8e430 5 bytes JMP 00000000770f03a0
.text C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f8e510 5 bytes JMP 00000000770f02f0
.text C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f8e520 5 bytes JMP 00000000770f0350
.text C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f8e580 5 bytes JMP 00000000770f0290
.text C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f8e610 5 bytes JMP 00000000770f02b0
.text C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f8e630 5 bytes JMP 00000000770f03d0
.text C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f8e640 5 bytes JMP 00000000770f0330
.text C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f8ea60 5 bytes JMP 00000000770f0250
.text C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f8ea90 5 bytes JMP 00000000770f0490
.text C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f8ead0 5 bytes JMP 00000000770f0300
.text C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f8eae0 5 bytes JMP 00000000770f0360
.text C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f8eec0 5 bytes JMP 00000000770f0440
.text C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f8f320 5 bytes JMP 00000000770f0200
.text C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f8f380 5 bytes JMP 00000000770f0420
.text C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f8f390 5 bytes JMP 00000000770f0430
.text C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f8f480 5 bytes JMP 00000000770f0280
.text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f8dc60 5 bytes JMP 00000000770f0460
.text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f8de10 5 bytes JMP 00000000770f0370
.text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f8de60 5 bytes JMP 00000000770f0470
.text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f8de70 5 bytes JMP 00000000770f03e0
.text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f8df20 5 bytes JMP 00000000770f0320
.text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f8df50 5 bytes JMP 00000000770f03b0
.text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f8df70 5 bytes JMP 00000000770f0390
.text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f8e030 5 bytes JMP 00000000770f02d0
.text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f8e050 5 bytes JMP 00000000770f0310
.text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f8e090 5 bytes JMP 00000000770f03c0
.text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f8e240 5 bytes JMP 00000000770f0230
.text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f8e400 5 bytes JMP 00000000770f0480
.text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f8e430 5 bytes JMP 00000000770f03a0
.text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f8e510 5 bytes JMP 00000000770f02f0
.text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f8e520 5 bytes JMP 00000000770f0350
.text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f8e580 5 bytes JMP 00000000770f0290
.text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f8e610 5 bytes JMP 00000000770f02b0
.text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f8e630 5 bytes JMP 00000000770f03d0
.text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f8e640 5 bytes JMP 00000000770f0330
.text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f8ea60 5 bytes JMP 00000000770f0250
.text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f8ea90 5 bytes JMP 00000000770f0490
.text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f8ead0 5 bytes JMP 00000000770f0300
.text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f8eae0 5 bytes JMP 00000000770f0360
.text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f8eec0 5 bytes JMP 00000000770f0440
.text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f8f320 5 bytes JMP 00000000770f0200
.text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f8f380 5 bytes JMP 00000000770f0420
.text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f8f390 5 bytes JMP 00000000770f0430
.text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f8f480 5 bytes JMP 00000000770f0280
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f8dc60 5 bytes JMP 00000000770f0460
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f8de10 5 bytes JMP 00000000770f0370
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f8de60 5 bytes JMP 00000000770f0470
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f8de70 5 bytes JMP 00000000770f03e0
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f8df20 5 bytes JMP 00000000770f0320
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f8df50 5 bytes JMP 00000000770f03b0
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f8df70 5 bytes JMP 00000000770f0390
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f8e030 5 bytes JMP 00000000770f02d0
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f8e050 5 bytes JMP 00000000770f0310
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f8e090 5 bytes JMP 00000000770f03c0
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f8e240 5 bytes JMP 00000000770f0230
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f8e400 5 bytes JMP 00000000770f0480
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f8e430 5 bytes JMP 00000000770f03a0
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f8e510 5 bytes JMP 00000000770f02f0
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f8e520 5 bytes JMP 00000000770f0350
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f8e580 5 bytes JMP 00000000770f0290
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f8e610 5 bytes JMP 00000000770f02b0
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f8e630 5 bytes JMP 00000000770f03d0
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f8e640 5 bytes JMP 00000000770f0330
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f8ea60 5 bytes JMP 00000000770f0250
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f8ea90 5 bytes JMP 00000000770f0490
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f8ead0 5 bytes JMP 00000000770f0300
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f8eae0 5 bytes JMP 00000000770f0360
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f8eec0 5 bytes JMP 00000000770f0440
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f8f320 5 bytes JMP 00000000770f0200
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f8f380 5 bytes JMP 00000000770f0420
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f8f390 5 bytes JMP 00000000770f0430
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f8f480 5 bytes JMP 00000000770f0280
.text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f8dc60 5 bytes JMP 00000000770f0460
.text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f8de10 5 bytes JMP 00000000770f0370
.text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f8de60 5 bytes JMP 00000000770f0470
.text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f8de70 5 bytes JMP 00000000770f03e0
.text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f8df20 5 bytes JMP 00000000770f0320
.text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f8df50 5 bytes JMP 00000000770f03b0
.text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f8df70 5 bytes JMP 00000000770f0390
.text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f8e030 5 bytes JMP 00000000770f02d0
.text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f8e050 5 bytes JMP 00000000770f0310
.text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f8e090 5 bytes JMP 00000000770f03c0
.text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f8e240 5 bytes JMP 00000000770f0230
.text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f8e400 5 bytes JMP 00000000770f0480
.text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f8e430 5 bytes JMP 00000000770f03a0
.text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f8e510 5 bytes JMP 00000000770f02f0
.text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f8e520 5 bytes JMP 00000000770f0350
.text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f8e580 5 bytes JMP 00000000770f0290
.text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f8e610 5 bytes JMP 00000000770f02b0
.text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f8e630 5 bytes JMP 00000000770f03d0
.text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f8e640 5 bytes JMP 00000000770f0330
.text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f8ea60 5 bytes JMP 00000000770f0250
.text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f8ea90 5 bytes JMP 00000000770f0490
.text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f8ead0 5 bytes JMP 00000000770f0300
.text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f8eae0 5 bytes JMP 00000000770f0360
.text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f8eec0 5 bytes JMP 00000000770f0440
.text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f8f320 5 bytes JMP 00000000770f0200
.text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f8f380 5 bytes JMP 00000000770f0420
.text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f8f390 5 bytes JMP 00000000770f0430
.text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f8f480 5 bytes JMP 00000000770f0280
.text C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f8dc60 5 bytes JMP 0000000100070460
.text C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f8dcb0 5 bytes JMP 0000000100070450
.text C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f8de10 5 bytes JMP 0000000100070370
.text C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f8de60 5 bytes JMP 0000000100070470
.text C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f8de70 5 bytes JMP 00000001000703e0
.text C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f8df20 5 bytes JMP 0000000100070320
.text C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f8df50 5 bytes JMP 00000001000703b0
.text C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f8df70 5 bytes JMP 0000000100070390
.text C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f8dfb0 5 bytes JMP 00000001000702e0
.text C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f8e030 5 bytes JMP 00000001000702d0
.text C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f8e050 5 bytes JMP 0000000100070310
.text C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f8e090 5 bytes JMP 00000001000703c0
.text C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f8e0e0 5 bytes JMP 00000001000703f0
.text C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f8e240 5 bytes JMP 0000000100070230
.text C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f8e400 5 bytes JMP 0000000100070480
.text C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f8e430 5 bytes JMP 00000001000703a0
.text C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f8e510 5 bytes JMP 00000001000702f0
.text C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f8e520 5 bytes JMP 0000000100070350
.text C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f8e580 5 bytes JMP 0000000100070290
.text C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f8e610 5 bytes JMP 00000001000702b0
.text C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f8e630 5 bytes JMP 00000001000703d0
.text C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f8e640 5 bytes JMP 0000000100070330
.text C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f8e6b0 5 bytes JMP 0000000100070410
.text C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f8e6e0 5 bytes JMP 0000000100070240
.text C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f8e9a0 5 bytes JMP 00000001000701e0
.text C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f8ea60 5 bytes JMP 0000000100070250
.text C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f8ea90 5 bytes JMP 0000000100070490
.text C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f8eaa0 5 bytes JMP 00000001000704a0
.text C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f8ead0 5 bytes JMP 0000000100070300
.text C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f8eae0 5 bytes JMP 0000000100070360
.text C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f8eb40 5 bytes JMP 00000001000702a0
.text C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f8eb90 5 bytes JMP 00000001000702c0
.text C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f8ebc0 5 bytes JMP 0000000100070380
.text C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f8ebd0 5 bytes JMP 0000000100070340
.text C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f8eec0 5 bytes JMP 0000000100070440
.text C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f8f0c0 5 bytes JMP 0000000100070260
.text C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f8f0d0 5 bytes JMP 0000000100070270
.text C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f8f0e0 5 bytes JMP 0000000100070400
.text C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f8f2a0 5 bytes JMP 00000001000701f0
.text C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f8f2b0 5 bytes JMP 0000000100070210
.text C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f8f320 5 bytes JMP 0000000100070200
.text C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f8f380 5 bytes JMP 0000000100070420
.text C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f8f390 5 bytes JMP 0000000100070430
.text C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f8f3a0 5 bytes JMP 0000000100070220
.text C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f8f480 5 bytes JMP 0000000100070280
.text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f8dc60 5 bytes JMP 00000000770f0460
.text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f8de10 5 bytes JMP 00000000770f0370
.text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f8de60 5 bytes JMP 00000000770f0470
.text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f8de70 5 bytes JMP 00000000770f03e0
.text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f8df20 5 bytes JMP 00000000770f0320
.text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f8df50 5 bytes JMP 00000000770f03b0
.text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f8df70 5 bytes JMP 00000000770f0390
.text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f8e030 5 bytes JMP 00000000770f02d0
.text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f8e050 5 bytes JMP 00000000770f0310
.text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f8e090 5 bytes JMP 00000000770f03c0
.text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f8e240 5 bytes JMP 00000000770f0230
.text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f8e400 5 bytes JMP 00000000770f0480
.text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f8e430 5 bytes JMP 00000000770f03a0
.text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f8e510 5 bytes JMP 00000000770f02f0
.text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f8e520 5 bytes JMP 00000000770f0350
.text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f8e580 5 bytes JMP 00000000770f0290
.text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f8e610 5 bytes JMP 00000000770f02b0
.text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f8e630 5 bytes JMP 00000000770f03d0
.text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f8e640 5 bytes JMP 00000000770f0330
.text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f8ea60 5 bytes JMP 00000000770f0250
.text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f8ea90 5 bytes JMP 00000000770f0490
.text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f8ead0 5 bytes JMP 00000000770f0300
.text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f8eae0 5 bytes JMP 00000000770f0360
.text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f8eec0 5 bytes JMP 00000000770f0440
.text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f8f320 5 bytes JMP 00000000770f0200
.text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f8f380 5 bytes JMP 00000000770f0420
.text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f8f390 5 bytes JMP 00000000770f0430
.text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f8f480 5 bytes JMP 00000000770f0280
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f8dc60 5 bytes JMP 00000000770f0460
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f8de10 5 bytes JMP 00000000770f0370
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f8de60 5 bytes JMP 00000000770f0470
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f8de70 5 bytes JMP 00000000770f03e0
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f8df20 5 bytes JMP 00000000770f0320
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f8df50 5 bytes JMP 00000000770f03b0
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f8df70 5 bytes JMP 00000000770f0390
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f8e030 5 bytes JMP 00000000770f02d0
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f8e050 5 bytes JMP 00000000770f0310
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f8e090 5 bytes JMP 00000000770f03c0
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f8e240 5 bytes JMP 00000000770f0230
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f8e400 5 bytes JMP 00000000770f0480
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f8e430 5 bytes JMP 00000000770f03a0
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f8e510 5 bytes JMP 00000000770f02f0
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f8e520 5 bytes JMP 00000000770f0350
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f8e580 5 bytes JMP 00000000770f0290
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f8e610 5 bytes JMP 00000000770f02b0
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f8e630 5 bytes JMP 00000000770f03d0
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f8e640 5 bytes JMP 00000000770f0330
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f8ea60 5 bytes JMP 00000000770f0250
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f8ea90 5 bytes JMP 00000000770f0490
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f8ead0 5 bytes JMP 00000000770f0300
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f8eae0 5 bytes JMP 00000000770f0360
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f8eec0 5 bytes JMP 00000000770f0440
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f8f320 5 bytes JMP 00000000770f0200
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f8f380 5 bytes JMP 00000000770f0420
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f8f390 5 bytes JMP 00000000770f0430
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f8f480 5 bytes JMP 00000000770f0280
|
|
02.07.2015, 23:51
| #6 |
| | Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal" GMER.log Teil 3 Code:
ATTFilter .text C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f8dc60 5 bytes JMP 00000000770f0460
.text C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f8de10 5 bytes JMP 00000000770f0370
.text C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f8de60 5 bytes JMP 00000000770f0470
.text C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f8de70 5 bytes JMP 00000000770f03e0
.text C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f8df20 5 bytes JMP 00000000770f0320
.text C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f8df50 5 bytes JMP 00000000770f03b0
.text C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f8df70 5 bytes JMP 00000000770f0390
.text C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f8e030 5 bytes JMP 00000000770f02d0
.text C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f8e050 5 bytes JMP 00000000770f0310
.text C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f8e090 5 bytes JMP 00000000770f03c0
.text C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f8e240 5 bytes JMP 00000000770f0230
.text C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f8e400 5 bytes JMP 00000000770f0480
.text C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f8e430 5 bytes JMP 00000000770f03a0
.text C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f8e510 5 bytes JMP 00000000770f02f0
.text C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f8e520 5 bytes JMP 00000000770f0350
.text C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f8e580 5 bytes JMP 00000000770f0290
.text C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f8e610 5 bytes JMP 00000000770f02b0
.text C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f8e630 5 bytes JMP 00000000770f03d0
.text C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f8e640 5 bytes JMP 00000000770f0330
.text C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f8ea60 5 bytes JMP 00000000770f0250
.text C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f8ea90 5 bytes JMP 00000000770f0490
.text C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f8ead0 5 bytes JMP 00000000770f0300
.text C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f8eae0 5 bytes JMP 00000000770f0360
.text C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f8eec0 5 bytes JMP 00000000770f0440
.text C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f8f320 5 bytes JMP 00000000770f0200
.text C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f8f380 5 bytes JMP 00000000770f0420
.text C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f8f390 5 bytes JMP 00000000770f0430
.text C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f8f480 5 bytes JMP 00000000770f0280
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f8dc60 5 bytes JMP 00000000770f0460
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f8de10 5 bytes JMP 00000000770f0370
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f8de60 5 bytes JMP 00000000770f0470
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f8de70 5 bytes JMP 00000000770f03e0
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f8df20 5 bytes JMP 00000000770f0320
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f8df50 5 bytes JMP 00000000770f03b0
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f8df70 5 bytes JMP 00000000770f0390
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f8e030 5 bytes JMP 00000000770f02d0
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f8e050 5 bytes JMP 00000000770f0310
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f8e090 5 bytes JMP 00000000770f03c0
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f8e240 5 bytes JMP 00000000770f0230
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f8e400 5 bytes JMP 00000000770f0480
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f8e430 5 bytes JMP 00000000770f03a0
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f8e510 5 bytes JMP 00000000770f02f0
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f8e520 5 bytes JMP 00000000770f0350
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f8e580 5 bytes JMP 00000000770f0290
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f8e610 5 bytes JMP 00000000770f02b0
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f8e630 5 bytes JMP 00000000770f03d0
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f8e640 5 bytes JMP 00000000770f0330
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f8ea60 5 bytes JMP 00000000770f0250
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f8ea90 5 bytes JMP 00000000770f0490
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f8ead0 5 bytes JMP 00000000770f0300
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f8eae0 5 bytes JMP 00000000770f0360
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f8eec0 5 bytes JMP 00000000770f0440
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f8f320 5 bytes JMP 00000000770f0200
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f8f380 5 bytes JMP 00000000770f0420
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f8f390 5 bytes JMP 00000000770f0430
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f8f480 5 bytes JMP 00000000770f0280
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f8dc60 5 bytes JMP 00000000770f0460
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f8de10 5 bytes JMP 00000000770f0370
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f8de60 5 bytes JMP 00000000770f0470
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f8de70 5 bytes JMP 00000000770f03e0
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f8df20 5 bytes JMP 00000000770f0320
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f8df50 5 bytes JMP 00000000770f03b0
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f8df70 5 bytes JMP 00000000770f0390
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f8e030 5 bytes JMP 00000000770f02d0
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f8e050 5 bytes JMP 00000000770f0310
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f8e090 5 bytes JMP 00000000770f03c0
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f8e240 5 bytes JMP 00000000770f0230
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f8e400 5 bytes JMP 00000000770f0480
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f8e430 5 bytes JMP 00000000770f03a0
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f8e510 5 bytes JMP 00000000770f02f0
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f8e520 5 bytes JMP 00000000770f0350
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f8e580 5 bytes JMP 00000000770f0290
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f8e610 5 bytes JMP 00000000770f02b0
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f8e630 5 bytes JMP 00000000770f03d0
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f8e640 5 bytes JMP 00000000770f0330
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f8ea60 5 bytes JMP 00000000770f0250
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f8ea90 5 bytes JMP 00000000770f0490
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f8ead0 5 bytes JMP 00000000770f0300
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f8eae0 5 bytes JMP 00000000770f0360
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f8eec0 5 bytes JMP 00000000770f0440
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f8f320 5 bytes JMP 00000000770f0200
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f8f380 5 bytes JMP 00000000770f0420
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f8f390 5 bytes JMP 00000000770f0430
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f8f480 5 bytes JMP 00000000770f0280
.text C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f8dc60 5 bytes JMP 0000000100060460
.text C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f8dcb0 5 bytes JMP 0000000100060450
.text C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f8de10 5 bytes JMP 0000000100060370
.text C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f8de60 5 bytes JMP 0000000100060470
.text C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f8de70 5 bytes JMP 00000001000603e0
.text C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f8df20 5 bytes JMP 0000000100060320
.text C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f8df50 5 bytes JMP 00000001000603b0
.text C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f8df70 5 bytes JMP 0000000100060390
.text C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f8dfb0 5 bytes JMP 00000001000602e0
.text C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f8e030 5 bytes JMP 00000001000602d0
.text C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f8e050 5 bytes JMP 0000000100060310
.text C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f8e090 5 bytes JMP 00000001000603c0
.text C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f8e0e0 5 bytes JMP 00000001000603f0
.text C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f8e240 5 bytes JMP 0000000100060230
.text C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f8e400 5 bytes JMP 0000000100060480
.text C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f8e430 5 bytes JMP 00000001000603a0
.text C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f8e510 5 bytes JMP 00000001000602f0
.text C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f8e520 5 bytes JMP 0000000100060350
.text C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f8e580 5 bytes JMP 0000000100060290
.text C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f8e610 5 bytes JMP 00000001000602b0
.text C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f8e630 5 bytes JMP 00000001000603d0
.text C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f8e640 5 bytes JMP 0000000100060330
.text C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f8e6b0 5 bytes JMP 0000000100060410
.text C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f8e6e0 5 bytes JMP 0000000100060240
.text C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f8e9a0 5 bytes JMP 00000001000601e0
.text C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f8ea60 5 bytes JMP 0000000100060250
.text C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f8ea90 5 bytes JMP 0000000100060490
.text C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f8eaa0 5 bytes JMP 00000001000604a0
.text C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f8ead0 5 bytes JMP 0000000100060300
.text C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f8eae0 5 bytes JMP 0000000100060360
.text C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f8eb40 5 bytes JMP 00000001000602a0
.text C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f8eb90 5 bytes JMP 00000001000602c0
.text C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f8ebc0 5 bytes JMP 0000000100060380
.text C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f8ebd0 5 bytes JMP 0000000100060340
.text C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f8eec0 5 bytes JMP 0000000100060440
.text C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f8f0c0 5 bytes JMP 0000000100060260
.text C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f8f0d0 5 bytes JMP 0000000100060270
.text C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f8f0e0 5 bytes JMP 0000000100060400
.text C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f8f2a0 5 bytes JMP 00000001000601f0
.text C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f8f2b0 5 bytes JMP 0000000100060210
.text C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f8f320 5 bytes JMP 0000000100060200
.text C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f8f380 5 bytes JMP 0000000100060420
.text C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f8f390 5 bytes JMP 0000000100060430
.text C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f8f3a0 5 bytes JMP 0000000100060220
.text C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f8f480 5 bytes JMP 0000000100060280
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f8dc60 5 bytes JMP 00000000770f0460
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f8de10 5 bytes JMP 00000000770f0370
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f8de60 5 bytes JMP 00000000770f0470
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f8de70 5 bytes JMP 00000000770f03e0
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f8df20 5 bytes JMP 00000000770f0320
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f8df50 5 bytes JMP 00000000770f03b0
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f8df70 5 bytes JMP 00000000770f0390
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f8e030 5 bytes JMP 00000000770f02d0
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f8e050 5 bytes JMP 00000000770f0310
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f8e090 5 bytes JMP 00000000770f03c0
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f8e240 5 bytes JMP 00000000770f0230
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f8e400 5 bytes JMP 00000000770f0480
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f8e430 5 bytes JMP 00000000770f03a0
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f8e510 5 bytes JMP 00000000770f02f0
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f8e520 5 bytes JMP 00000000770f0350
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f8e580 5 bytes JMP 00000000770f0290
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f8e610 5 bytes JMP 00000000770f02b0
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f8e630 5 bytes JMP 00000000770f03d0
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f8e640 5 bytes JMP 00000000770f0330
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f8ea60 5 bytes JMP 00000000770f0250
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f8ea90 5 bytes JMP 00000000770f0490
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f8ead0 5 bytes JMP 00000000770f0300
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f8eae0 5 bytes JMP 00000000770f0360
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f8eec0 5 bytes JMP 00000000770f0440
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f8f320 5 bytes JMP 00000000770f0200
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f8f380 5 bytes JMP 00000000770f0420
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f8f390 5 bytes JMP 00000000770f0430
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f8f480 5 bytes JMP 00000000770f0280
.text C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f8dc60 5 bytes JMP 00000000770f0460
.text C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f8de10 5 bytes JMP 00000000770f0370
.text C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f8de60 5 bytes JMP 00000000770f0470
.text C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f8de70 5 bytes JMP 00000000770f03e0
.text C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f8df20 5 bytes JMP 00000000770f0320
.text C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f8df50 5 bytes JMP 00000000770f03b0
.text C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f8df70 5 bytes JMP 00000000770f0390
.text C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f8e030 5 bytes JMP 00000000770f02d0
.text C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f8e050 5 bytes JMP 00000000770f0310
.text C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f8e090 5 bytes JMP 00000000770f03c0
.text C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f8e240 5 bytes JMP 00000000770f0230
.text C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f8e400 5 bytes JMP 00000000770f0480
.text C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f8e430 5 bytes JMP 00000000770f03a0
.text C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f8e510 5 bytes JMP 00000000770f02f0
.text C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f8e520 5 bytes JMP 00000000770f0350
.text C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f8e580 5 bytes JMP 00000000770f0290
.text C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f8e610 5 bytes JMP 00000000770f02b0
.text C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f8e630 5 bytes JMP 00000000770f03d0
.text C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f8e640 5 bytes JMP 00000000770f0330
.text C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f8ea60 5 bytes JMP 00000000770f0250
.text C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f8ea90 5 bytes JMP 00000000770f0490
.text C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f8ead0 5 bytes JMP 00000000770f0300
.text C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f8eae0 5 bytes JMP 00000000770f0360
.text C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f8eec0 5 bytes JMP 00000000770f0440
.text C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f8f320 5 bytes JMP 00000000770f0200
.text C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f8f380 5 bytes JMP 00000000770f0420
.text C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f8f390 5 bytes JMP 00000000770f0430
.text C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f8f480 5 bytes JMP 00000000770f0280
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f8dc60 5 bytes JMP 0000000100070460
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f8dcb0 5 bytes JMP 0000000100070450
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f8de10 5 bytes JMP 0000000100070370
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f8de60 5 bytes JMP 0000000100070470
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f8de70 5 bytes JMP 00000001000703e0
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f8df20 5 bytes JMP 0000000100070320
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f8df50 5 bytes JMP 00000001000703b0
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f8df70 5 bytes JMP 0000000100070390
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f8dfb0 5 bytes JMP 00000001000702e0
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f8e030 5 bytes JMP 00000001000702d0
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f8e050 5 bytes JMP 0000000100070310
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f8e090 5 bytes JMP 00000001000703c0
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f8e0e0 5 bytes JMP 00000001000703f0
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f8e240 5 bytes JMP 0000000100070230
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f8e400 5 bytes JMP 0000000100070480
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f8e430 5 bytes JMP 00000001000703a0
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f8e510 5 bytes JMP 00000001000702f0
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f8e520 5 bytes JMP 0000000100070350
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f8e580 5 bytes JMP 0000000100070290
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f8e610 5 bytes JMP 00000001000702b0
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f8e630 5 bytes JMP 00000001000703d0
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f8e640 5 bytes JMP 0000000100070330
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f8e6b0 5 bytes JMP 0000000100070410
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f8e6e0 5 bytes JMP 0000000100070240
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f8e9a0 5 bytes JMP 00000001000701e0
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f8ea60 5 bytes JMP 0000000100070250
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f8ea90 5 bytes JMP 0000000100070490
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f8eaa0 5 bytes JMP 00000001000704a0
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f8ead0 5 bytes JMP 0000000100070300
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f8eae0 5 bytes JMP 0000000100070360
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f8eb40 5 bytes JMP 00000001000702a0
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f8eb90 5 bytes JMP 00000001000702c0
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f8ebc0 5 bytes JMP 0000000100070380
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f8ebd0 5 bytes JMP 0000000100070340
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f8eec0 5 bytes JMP 0000000100070440
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f8f0c0 5 bytes JMP 0000000100070260
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f8f0d0 5 bytes JMP 0000000100070270
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f8f0e0 5 bytes JMP 0000000100070400
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f8f2a0 5 bytes JMP 00000001000701f0
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f8f2b0 5 bytes JMP 0000000100070210
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f8f320 5 bytes JMP 0000000100070200
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f8f380 5 bytes JMP 0000000100070420
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f8f390 5 bytes JMP 0000000100070430
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f8f3a0 5 bytes JMP 0000000100070220
.text C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f8f480 5 bytes JMP 0000000100070280
.text C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f8dc60 5 bytes JMP 0000000100070460
.text C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f8dcb0 5 bytes JMP 0000000100070450
.text C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f8de10 5 bytes JMP 0000000100070370
.text C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f8de60 5 bytes JMP 0000000100070470
.text C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f8de70 5 bytes JMP 00000001000703e0
.text C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f8df20 5 bytes JMP 0000000100070320
.text C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f8df50 5 bytes JMP 00000001000703b0
.text C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f8df70 5 bytes JMP 0000000100070390
.text C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f8dfb0 5 bytes JMP 00000001000702e0
.text C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f8e030 5 bytes JMP 00000001000702d0
.text C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f8e050 5 bytes JMP 0000000100070310
.text C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f8e090 5 bytes JMP 00000001000703c0
.text C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f8e0e0 5 bytes JMP 00000001000703f0
.text C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f8e240 5 bytes JMP 0000000100070230
.text C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f8e400 5 bytes JMP 0000000100070480
.text C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f8e430 5 bytes JMP 00000001000703a0
.text C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f8e510 5 bytes JMP 00000001000702f0
.text C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f8e520 5 bytes JMP 0000000100070350
.text C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f8e580 5 bytes JMP 0000000100070290
.text C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f8e610 5 bytes JMP 00000001000702b0
.text C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f8e630 5 bytes JMP 00000001000703d0
.text C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f8e640 5 bytes JMP 0000000100070330
.text C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f8e6b0 5 bytes JMP 0000000100070410
.text C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f8e6e0 5 bytes JMP 0000000100070240
.text C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f8e9a0 5 bytes JMP 00000001000701e0
.text C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f8ea60 5 bytes JMP 0000000100070250
.text C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f8ea90 5 bytes JMP 0000000100070490
.text C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f8eaa0 5 bytes JMP 00000001000704a0
.text C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f8ead0 5 bytes JMP 0000000100070300
.text C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f8eae0 5 bytes JMP 0000000100070360
.text C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f8eb40 5 bytes JMP 00000001000702a0
.text C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f8eb90 5 bytes JMP 00000001000702c0
.text C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f8ebc0 5 bytes JMP 0000000100070380
.text C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f8ebd0 5 bytes JMP 0000000100070340
.text C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f8eec0 5 bytes JMP 0000000100070440
.text C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f8f0c0 5 bytes JMP 0000000100070260
.text C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f8f0d0 5 bytes JMP 0000000100070270
.text C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f8f0e0 5 bytes JMP 0000000100070400
.text C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f8f2a0 5 bytes JMP 00000001000701f0
.text C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f8f2b0 5 bytes JMP 0000000100070210
.text C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f8f320 5 bytes JMP 0000000100070200
.text C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f8f380 5 bytes JMP 0000000100070420
.text C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f8f390 5 bytes JMP 0000000100070430
.text C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f8f3a0 5 bytes JMP 0000000100070220
.text C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f8f480 5 bytes JMP 0000000100070280
|
|
02.07.2015, 23:52
| #7 |
| | Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal" GMER.log Teil 4 Code:
ATTFilter .text C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f8dc60 5 bytes JMP 00000000770f0460
.text C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f8de10 5 bytes JMP 00000000770f0370
.text C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f8de60 5 bytes JMP 00000000770f0470
.text C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f8de70 5 bytes JMP 00000000770f03e0
.text C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f8df20 5 bytes JMP 00000000770f0320
.text C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f8df50 5 bytes JMP 00000000770f03b0
.text C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f8df70 5 bytes JMP 00000000770f0390
.text C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f8e030 5 bytes JMP 00000000770f02d0
.text C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f8e050 5 bytes JMP 00000000770f0310
.text C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f8e090 5 bytes JMP 00000000770f03c0
.text C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f8e240 5 bytes JMP 00000000770f0230
.text C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f8e400 5 bytes JMP 00000000770f0480
.text C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f8e430 5 bytes JMP 00000000770f03a0
.text C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f8e510 5 bytes JMP 00000000770f02f0
.text C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f8e520 5 bytes JMP 00000000770f0350
.text C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f8e580 5 bytes JMP 00000000770f0290
.text C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f8e610 5 bytes JMP 00000000770f02b0
.text C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f8e630 5 bytes JMP 00000000770f03d0
.text C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f8e640 5 bytes JMP 00000000770f0330
.text C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f8ea60 5 bytes JMP 00000000770f0250
.text C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f8ea90 5 bytes JMP 00000000770f0490
.text C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f8ead0 5 bytes JMP 00000000770f0300
.text C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f8eae0 5 bytes JMP 00000000770f0360
.text C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f8eec0 5 bytes JMP 00000000770f0440
.text C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f8f320 5 bytes JMP 00000000770f0200
.text C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f8f380 5 bytes JMP 00000000770f0420
.text C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f8f390 5 bytes JMP 00000000770f0430
.text C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f8f480 5 bytes JMP 00000000770f0280
.text C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f8dc60 5 bytes JMP 0000000100070460
.text C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f8dcb0 5 bytes JMP 0000000100070450
.text C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f8de10 5 bytes JMP 0000000100070370
.text C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f8de60 5 bytes JMP 0000000100070470
.text C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f8de70 5 bytes JMP 00000001000703e0
.text C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f8df20 5 bytes JMP 0000000100070320
.text C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f8df50 5 bytes JMP 00000001000703b0
.text C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f8df70 5 bytes JMP 0000000100070390
.text C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f8dfb0 5 bytes JMP 00000001000702e0
.text C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f8e030 5 bytes JMP 00000001000702d0
.text C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f8e050 5 bytes JMP 0000000100070310
.text C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f8e090 5 bytes JMP 00000001000703c0
.text C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f8e0e0 5 bytes JMP 00000001000703f0
.text C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f8e240 5 bytes JMP 0000000100070230
.text C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f8e400 5 bytes JMP 0000000100070480
.text C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f8e430 5 bytes JMP 00000001000703a0
.text C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f8e510 5 bytes JMP 00000001000702f0
.text C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f8e520 5 bytes JMP 0000000100070350
.text C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f8e580 5 bytes JMP 0000000100070290
.text C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f8e610 5 bytes JMP 00000001000702b0
.text C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f8e630 5 bytes JMP 00000001000703d0
.text C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f8e640 5 bytes JMP 0000000100070330
.text C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f8e6b0 5 bytes JMP 0000000100070410
.text C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f8e6e0 5 bytes JMP 0000000100070240
.text C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f8e9a0 5 bytes JMP 00000001000701e0
.text C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f8ea60 5 bytes JMP 0000000100070250
.text C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f8ea90 5 bytes JMP 0000000100070490
.text C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f8eaa0 5 bytes JMP 00000001000704a0
.text C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f8ead0 5 bytes JMP 0000000100070300
.text C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f8eae0 5 bytes JMP 0000000100070360
.text C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f8eb40 5 bytes JMP 00000001000702a0
.text C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f8eb90 5 bytes JMP 00000001000702c0
.text C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f8ebc0 5 bytes JMP 0000000100070380
.text C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f8ebd0 5 bytes JMP 0000000100070340
.text C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f8eec0 5 bytes JMP 0000000100070440
.text C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f8f0c0 5 bytes JMP 0000000100070260
.text C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f8f0d0 5 bytes JMP 0000000100070270
.text C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f8f0e0 5 bytes JMP 0000000100070400
.text C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f8f2a0 5 bytes JMP 00000001000701f0
.text C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f8f2b0 5 bytes JMP 0000000100070210
.text C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f8f320 5 bytes JMP 0000000100070200
.text C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f8f380 5 bytes JMP 0000000100070420
.text C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f8f390 5 bytes JMP 0000000100070430
.text C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f8f3a0 5 bytes JMP 0000000100070220
.text C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f8f480 5 bytes JMP 0000000100070280
.text C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076f8dc60 5 bytes JMP 00000000770f0460
.text C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076f8de10 5 bytes JMP 00000000770f0370
.text C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076f8de60 5 bytes JMP 00000000770f0470
.text C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076f8de70 5 bytes JMP 00000000770f03e0
.text C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076f8df20 5 bytes JMP 00000000770f0320
.text C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076f8df50 5 bytes JMP 00000000770f03b0
.text C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076f8df70 5 bytes JMP 00000000770f0390
.text C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076f8e030 5 bytes JMP 00000000770f02d0
.text C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076f8e050 5 bytes JMP 00000000770f0310
.text C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076f8e090 5 bytes JMP 00000000770f03c0
.text C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076f8e240 5 bytes JMP 00000000770f0230
.text C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f8e400 5 bytes JMP 00000000770f0480
.text C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076f8e430 5 bytes JMP 00000000770f03a0
.text C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076f8e510 5 bytes JMP 00000000770f02f0
.text C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076f8e520 5 bytes JMP 00000000770f0350
.text C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076f8e580 5 bytes JMP 00000000770f0290
.text C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076f8e610 5 bytes JMP 00000000770f02b0
.text C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076f8e630 5 bytes JMP 00000000770f03d0
.text C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076f8e640 5 bytes JMP 00000000770f0330
.text C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076f8ea60 5 bytes JMP 00000000770f0250
.text C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076f8ea90 5 bytes JMP 00000000770f0490
.text C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076f8ead0 5 bytes JMP 00000000770f0300
.text C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076f8eae0 5 bytes JMP 00000000770f0360
.text C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076f8eec0 5 bytes JMP 00000000770f0440
.text C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076f8f320 5 bytes JMP 00000000770f0200
.text C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076f8f380 5 bytes JMP 00000000770f0420
.text C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076f8f390 5 bytes JMP 00000000770f0430
.text C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076f8f480 5 bytes JMP 00000000770f0280
---- Processes - GMER 2.1 ----
Library C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8B07EE4E-CB47-46C3-B4D0-BDE647116748}\offreg.4516.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [4516](2015-07-02 19:59:27) 000007feef800000
---- Registry - GMER 2.1 ----
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer@CleanShutdown 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\LocalMOF@C:\Program Files (x86)\LowPerfSysDrvEnhance\
---- EOF - GMER 2.1 ----
Viele Grüße Ingo |
|
03.07.2015, 09:03
| #8 |
| /// the machine /// TB-Ausbilder | Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal" perfekt Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.07.2015, 20:16
| #9 |
| | Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal" Hi, ich habe beide Prüfungen ohne Ergebnisse durchgeführt. Hier die logs: MBAR Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.07.03.05
rootkit: v2015.07.03.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17843
Ingo :: HOME-PC [administrator]
03.07.2015 20:55:59
mbar-log-2015-07-03 (20-55-59).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 467562
Time elapsed: 9 minute(s), 58 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 21:07:48.0399 0x0c70 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
21:08:04.0623 0x0c70 ============================================================
21:08:04.0623 0x0c70 Current date / time: 2015/07/03 21:08:04.0623
21:08:04.0623 0x0c70 SystemInfo:
21:08:04.0623 0x0c70
21:08:04.0623 0x0c70 OS Version: 6.1.7601 ServicePack: 1.0
21:08:04.0623 0x0c70 Product type: Workstation
21:08:04.0623 0x0c70 ComputerName: HOME-PC
21:08:04.0623 0x0c70 UserName: Ingo
21:08:04.0623 0x0c70 Windows directory: C:\Windows
21:08:04.0623 0x0c70 System windows directory: C:\Windows
21:08:04.0623 0x0c70 Running under WOW64
21:08:04.0623 0x0c70 Processor architecture: Intel x64
21:08:04.0623 0x0c70 Number of processors: 4
21:08:04.0623 0x0c70 Page size: 0x1000
21:08:04.0623 0x0c70 Boot type: Normal boot
21:08:04.0623 0x0c70 ============================================================
21:08:04.0779 0x0c70 KLMD registered as C:\Windows\system32\drivers\96792057.sys
21:08:04.0997 0x0c70 System UUID: {856AB1F3-C6EF-031B-D3D2-F26161CE825E}
21:08:05.0605 0x0c70 Drive \Device\Harddisk0\DR0 - Size: 0x1D5849E000 ( 117.38 Gb ), SectorSize: 0x200, Cylinders: 0x3BDA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:08:05.0637 0x0c70 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:08:05.0637 0x0c70 ============================================================
21:08:05.0637 0x0c70 \Device\Harddisk0\DR0:
21:08:05.0637 0x0c70 MBR partitions:
21:08:05.0637 0x0c70 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xEAC1000
21:08:05.0637 0x0c70 \Device\Harddisk1\DR1:
21:08:05.0637 0x0c70 MBR partitions:
21:08:05.0637 0x0c70 ============================================================
21:08:05.0637 0x0c70 C: <-> \Device\Harddisk0\DR0\Partition1
21:08:05.0637 0x0c70 ============================================================
21:08:05.0637 0x0c70 Initialize success
21:08:05.0637 0x0c70 ============================================================
21:09:20.0357 0x1378 ============================================================
21:09:20.0357 0x1378 Scan started
21:09:20.0357 0x1378 Mode: Manual; SigCheck; TDLFS;
21:09:20.0357 0x1378 ============================================================
21:09:20.0358 0x1378 KSN ping started
21:09:22.0801 0x1378 KSN ping finished: true
21:09:23.0279 0x1378 ================ Scan system memory ========================
21:09:23.0279 0x1378 System memory - ok
21:09:23.0279 0x1378 ================ Scan services =============================
21:09:23.0335 0x1378 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
21:09:23.0403 0x1378 1394ohci - ok
21:09:23.0425 0x1378 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:09:23.0449 0x1378 ACPI - ok
21:09:23.0455 0x1378 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:09:23.0475 0x1378 AcpiPmi - ok
21:09:23.0493 0x1378 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:09:23.0521 0x1378 adp94xx - ok
21:09:23.0537 0x1378 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:09:23.0560 0x1378 adpahci - ok
21:09:23.0570 0x1378 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:09:23.0589 0x1378 adpu320 - ok
21:09:23.0598 0x1378 [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:09:23.0618 0x1378 AeLookupSvc - ok
21:09:23.0637 0x1378 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
21:09:23.0669 0x1378 AFD - ok
21:09:23.0677 0x1378 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
21:09:23.0692 0x1378 agp440 - ok
21:09:23.0699 0x1378 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
21:09:23.0719 0x1378 ALG - ok
21:09:23.0724 0x1378 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
21:09:23.0738 0x1378 aliide - ok
21:09:23.0744 0x1378 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
21:09:23.0758 0x1378 amdide - ok
21:09:23.0765 0x1378 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:09:23.0783 0x1378 AmdK8 - ok
21:09:23.0790 0x1378 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
21:09:23.0808 0x1378 AmdPPM - ok
21:09:23.0817 0x1378 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:09:23.0834 0x1378 amdsata - ok
21:09:23.0849 0x1378 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
21:09:23.0869 0x1378 amdsbs - ok
21:09:23.0877 0x1378 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:09:23.0891 0x1378 amdxata - ok
21:09:23.0898 0x1378 [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID C:\Windows\system32\drivers\appid.sys
21:09:23.0916 0x1378 AppID - ok
21:09:23.0922 0x1378 [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:09:23.0939 0x1378 AppIDSvc - ok
21:09:23.0946 0x1378 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
21:09:23.0963 0x1378 Appinfo - ok
21:09:23.0980 0x1378 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
21:09:24.0001 0x1378 AppMgmt - ok
21:09:24.0010 0x1378 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
21:09:24.0026 0x1378 arc - ok
21:09:24.0033 0x1378 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:09:24.0049 0x1378 arcsas - ok
21:09:24.0057 0x1378 ASPI32 - ok
21:09:24.0076 0x1378 [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:09:24.0093 0x1378 aspnet_state - ok
21:09:24.0099 0x1378 [ B5B4C90E9F52DA8586F1E5461AD90A5D, D1EAA34E6AEB014E942D22F8CB5FB19BF1E2EADE5B5357274C001F44FDC25F05 ] aswHwid C:\Windows\system32\drivers\aswHwid.sys
21:09:24.0119 0x1378 aswHwid - ok
21:09:24.0127 0x1378 [ 300CB8E510855189CAD0B72FFB5590CB, EB50DC553FA8FD9DE3F60AAFED20702EAFBB1498EBD3220A39CC52A12F694246 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
21:09:24.0142 0x1378 aswMonFlt - ok
21:09:24.0150 0x1378 [ 6D37D8DB30D086739507C5F6E542656A, 746D9E32E729138EA19062F4E6B6C98B6833504020A296E3E2A9CD92E0FED0B9 ] aswRdr C:\Windows\system32\drivers\aswRdr2.sys
21:09:24.0165 0x1378 aswRdr - ok
21:09:24.0171 0x1378 [ 07E32DFCA422A2920482D762D01957EC, A6502D26266D708E55EB2883897673AD3087C41D9EA0B41CD6BF6BD923EBDCB8 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
21:09:24.0186 0x1378 aswRvrt - ok
21:09:24.0221 0x1378 [ 3B4AC2DBFC86F7247C1FF1FAF2860530, A54A693D01C02AAE2B78BFE9B3900B5A6DD0C2C37C8FA58B14B5F57107032FF5 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
21:09:24.0266 0x1378 aswSnx - ok
21:09:24.0288 0x1378 [ A04F190FCD762E7BCC9BFC70563C52DB, 2BF6823F2EADBDA28DF1CCECCAC84D9FF37D3CFB66A7B402575C6B9FCFB45EB3 ] aswSP C:\Windows\system32\drivers\aswSP.sys
21:09:24.0314 0x1378 aswSP - ok
21:09:24.0324 0x1378 [ 6E53278ECCFFBC2ACC2A5006745ED4BB, 392170073A8933DB43CD1D64AD087F972F1971BF83BCAFE5B8FA1273C02026CE ] aswStm C:\Windows\system32\drivers\aswStm.sys
21:09:24.0341 0x1378 aswStm - ok
21:09:24.0353 0x1378 [ 91782404718C6352C26B3242BAC3F0F1, 84B1CDD1EBC83FAEBDCC8F67B13CA405C6CF0C518FC016603889EBE48FC91AB9 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
21:09:24.0375 0x1378 aswVmm - ok
21:09:24.0381 0x1378 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:09:24.0418 0x1378 AsyncMac - ok
21:09:24.0423 0x1378 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
21:09:24.0437 0x1378 atapi - ok
21:09:24.0461 0x1378 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:09:24.0497 0x1378 AudioEndpointBuilder - ok
21:09:24.0521 0x1378 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:09:24.0551 0x1378 AudioSrv - ok
21:09:24.0570 0x1378 [ 54236E79A44F909612391C8A2D70D512, B0DF5BCC4F90AF087D0306F8D81F90B2CAE0176813E3AA6A7D5460F7878677CD ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:09:24.0590 0x1378 avast! Antivirus - ok
21:09:24.0704 0x1378 [ 46C430FE178028F7AD151B62EBA3EEC5, C883B7A974A629549470B28532640C1FD2166CC4F95C69E4C4A1596AF5A5A331 ] AvastVBoxSvc C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
21:09:24.0814 0x1378 AvastVBoxSvc - ok
21:09:24.0834 0x1378 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:09:24.0859 0x1378 AxInstSV - ok
21:09:24.0881 0x1378 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
21:09:24.0909 0x1378 b06bdrv - ok
21:09:24.0923 0x1378 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:09:24.0948 0x1378 b57nd60a - ok
21:09:24.0959 0x1378 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
21:09:24.0978 0x1378 BDESVC - ok
21:09:24.0983 0x1378 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
21:09:25.0019 0x1378 Beep - ok
21:09:25.0044 0x1378 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
21:09:25.0082 0x1378 BFE - ok
21:09:25.0111 0x1378 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
21:09:25.0175 0x1378 BITS - ok
21:09:25.0183 0x1378 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:09:25.0200 0x1378 blbdrive - ok
21:09:25.0208 0x1378 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:09:25.0225 0x1378 bowser - ok
21:09:25.0231 0x1378 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
21:09:25.0249 0x1378 BrFiltLo - ok
21:09:25.0254 0x1378 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
21:09:25.0272 0x1378 BrFiltUp - ok
21:09:25.0280 0x1378 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
21:09:25.0300 0x1378 Browser - ok
21:09:25.0313 0x1378 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:09:25.0337 0x1378 Brserid - ok
21:09:25.0344 0x1378 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:09:25.0364 0x1378 BrSerWdm - ok
21:09:25.0369 0x1378 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:09:25.0387 0x1378 BrUsbMdm - ok
21:09:25.0392 0x1378 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:09:25.0408 0x1378 BrUsbSer - ok
21:09:25.0417 0x1378 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:09:25.0436 0x1378 BTHMODEM - ok
21:09:25.0445 0x1378 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
21:09:25.0484 0x1378 bthserv - ok
21:09:25.0494 0x1378 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:09:25.0535 0x1378 cdfs - ok
21:09:25.0544 0x1378 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:09:25.0563 0x1378 cdrom - ok
21:09:25.0571 0x1378 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
21:09:25.0609 0x1378 CertPropSvc - ok
21:09:25.0616 0x1378 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
21:09:25.0635 0x1378 circlass - ok
21:09:25.0651 0x1378 [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys
21:09:25.0676 0x1378 CLFS - ok
21:09:25.0687 0x1378 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:09:25.0703 0x1378 clr_optimization_v2.0.50727_32 - ok
21:09:25.0713 0x1378 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:09:25.0730 0x1378 clr_optimization_v2.0.50727_64 - ok
21:09:25.0748 0x1378 [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:09:25.0766 0x1378 clr_optimization_v4.0.30319_32 - ok
21:09:25.0774 0x1378 [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:09:25.0792 0x1378 clr_optimization_v4.0.30319_64 - ok
21:09:25.0798 0x1378 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
21:09:25.0815 0x1378 CmBatt - ok
21:09:25.0820 0x1378 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:09:25.0834 0x1378 cmdide - ok
21:09:25.0853 0x1378 [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG C:\Windows\system32\Drivers\cng.sys
21:09:25.0888 0x1378 CNG - ok
21:09:25.0895 0x1378 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
21:09:25.0909 0x1378 Compbatt - ok
21:09:25.0916 0x1378 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
21:09:25.0935 0x1378 CompositeBus - ok
21:09:25.0940 0x1378 COMSysApp - ok
21:09:25.0947 0x1378 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:09:25.0962 0x1378 crcdisk - ok
21:09:25.0965 0x1378 Crypkey License - ok
21:09:25.0978 0x1378 [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:09:26.0000 0x1378 CryptSvc - ok
21:09:26.0021 0x1378 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
21:09:26.0050 0x1378 CSC - ok
21:09:26.0075 0x1378 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
21:09:26.0111 0x1378 CscService - ok
21:09:26.0134 0x1378 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:09:26.0182 0x1378 DcomLaunch - ok
21:09:26.0197 0x1378 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
21:09:26.0243 0x1378 defragsvc - ok
21:09:26.0251 0x1378 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:09:26.0289 0x1378 DfsC - ok
21:09:26.0303 0x1378 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
21:09:26.0328 0x1378 Dhcp - ok
21:09:26.0368 0x1378 [ AA5319FA8602676B5D3A2B4A1355896D, 57532E16FF0DDE3D62B6B6DC35E2598DD453140E9277247965A1E835645E588A ] DiagTrack C:\Windows\system32\diagtrack.dll
21:09:26.0416 0x1378 DiagTrack - ok
21:09:26.0426 0x1378 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
21:09:26.0466 0x1378 discache - ok
21:09:26.0473 0x1378 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
21:09:26.0490 0x1378 Disk - ok
21:09:26.0498 0x1378 [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
21:09:26.0515 0x1378 dmvsc - ok
21:09:26.0526 0x1378 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:09:26.0548 0x1378 Dnscache - ok
21:09:26.0563 0x1378 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
21:09:26.0607 0x1378 dot3svc - ok
21:09:26.0616 0x1378 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
21:09:26.0659 0x1378 DPS - ok
21:09:26.0665 0x1378 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:09:26.0681 0x1378 drmkaud - ok
21:09:26.0713 0x1378 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:09:26.0756 0x1378 DXGKrnl - ok
21:09:26.0766 0x1378 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
21:09:26.0807 0x1378 EapHost - ok
21:09:26.0899 0x1378 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
21:09:27.0013 0x1378 ebdrv - ok
21:09:27.0028 0x1378 [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] EFS C:\Windows\System32\lsass.exe
21:09:27.0046 0x1378 EFS - ok
21:09:27.0071 0x1378 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:09:27.0108 0x1378 ehRecvr - ok
21:09:27.0118 0x1378 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
21:09:27.0138 0x1378 ehSched - ok
21:09:27.0159 0x1378 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:09:27.0188 0x1378 elxstor - ok
21:09:27.0195 0x1378 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:09:27.0212 0x1378 ErrDev - ok
21:09:27.0233 0x1378 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
21:09:27.0282 0x1378 EventSystem - ok
21:09:27.0292 0x1378 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
21:09:27.0334 0x1378 exfat - ok
21:09:27.0345 0x1378 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:09:27.0389 0x1378 fastfat - ok
21:09:27.0413 0x1378 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
21:09:27.0450 0x1378 Fax - ok
21:09:27.0457 0x1378 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:09:27.0474 0x1378 fdc - ok
21:09:27.0479 0x1378 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
21:09:27.0517 0x1378 fdPHost - ok
21:09:27.0523 0x1378 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
21:09:27.0561 0x1378 FDResPub - ok
21:09:27.0569 0x1378 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:09:27.0584 0x1378 FileInfo - ok
21:09:27.0590 0x1378 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:09:27.0626 0x1378 Filetrace - ok
21:09:27.0632 0x1378 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:09:27.0648 0x1378 flpydisk - ok
21:09:27.0661 0x1378 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:09:27.0682 0x1378 FltMgr - ok
21:09:27.0720 0x1378 [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache C:\Windows\system32\FntCache.dll
21:09:27.0776 0x1378 FontCache - ok
21:09:27.0786 0x1378 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:09:27.0800 0x1378 FontCache3.0.0.0 - ok
21:09:27.0807 0x1378 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:09:27.0822 0x1378 FsDepends - ok
21:09:27.0827 0x1378 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:09:27.0842 0x1378 Fs_Rec - ok
21:09:27.0857 0x1378 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:09:27.0880 0x1378 fvevol - ok
21:09:27.0887 0x1378 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:09:27.0903 0x1378 gagp30kx - ok
21:09:27.0933 0x1378 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
21:09:27.0993 0x1378 gpsvc - ok
21:09:28.0000 0x1378 [ B9893A68032A6D9ADDB5B98287C630F7, F0280764D7B31F1EA634E91397229B1C064A7C1B3A77A6BBD123CEA74180789F ] grmnusb C:\Windows\system32\drivers\grmnusb.sys
21:09:28.0014 0x1378 grmnusb - ok
21:09:28.0024 0x1378 [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:09:28.0040 0x1378 gusvc - ok
21:09:28.0046 0x1378 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:09:28.0062 0x1378 hcw85cir - ok
21:09:28.0078 0x1378 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:09:28.0106 0x1378 HdAudAddService - ok
21:09:28.0114 0x1378 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:09:28.0136 0x1378 HDAudBus - ok
21:09:28.0142 0x1378 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
21:09:28.0159 0x1378 HidBatt - ok
21:09:28.0167 0x1378 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:09:28.0188 0x1378 HidBth - ok
21:09:28.0195 0x1378 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
21:09:28.0214 0x1378 HidIr - ok
21:09:28.0220 0x1378 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
21:09:28.0259 0x1378 hidserv - ok
21:09:28.0265 0x1378 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:09:28.0281 0x1378 HidUsb - ok
21:09:28.0288 0x1378 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:09:28.0326 0x1378 hkmsvc - ok
21:09:28.0337 0x1378 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:09:28.0361 0x1378 HomeGroupListener - ok
21:09:28.0373 0x1378 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:09:28.0396 0x1378 HomeGroupProvider - ok
21:09:28.0404 0x1378 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:09:28.0419 0x1378 HpSAMD - ok
21:09:28.0445 0x1378 [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:09:28.0482 0x1378 HTTP - ok
21:09:28.0489 0x1378 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:09:28.0503 0x1378 hwpolicy - ok
21:09:28.0512 0x1378 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:09:28.0530 0x1378 i8042prt - ok
21:09:28.0548 0x1378 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:09:28.0573 0x1378 iaStorV - ok
21:09:28.0602 0x1378 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:09:28.0641 0x1378 idsvc - ok
21:09:28.0648 0x1378 IEEtwCollectorService - ok
21:09:28.0654 0x1378 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:09:28.0669 0x1378 iirsp - ok
21:09:28.0696 0x1378 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
21:09:28.0739 0x1378 IKEEXT - ok
21:09:28.0867 0x1378 [ D63E2B47D1BCB63CCCEF8F591CEDAEE5, AB1E3054D61C10AC565371C6A3FC0CF7433FE2C379C0BFEACF43143C441A56FC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:09:29.0013 0x1378 IntcAzAudAddService - ok
21:09:29.0030 0x1378 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
21:09:29.0044 0x1378 intelide - ok
21:09:29.0051 0x1378 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:09:29.0068 0x1378 intelppm - ok
21:09:29.0076 0x1378 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:09:29.0117 0x1378 IPBusEnum - ok
21:09:29.0239 0x1378 [ 4E9285AEE754564CF6192CD61469CCC5, 2E5DFF1A37A1C4383CFD5353422DB1E78EF5332DC8818CFA588CDF4F9DB9048C ] IperiusSvc C:\Program Files (x86)\Iperius Backup\IperiusService.exe
21:09:29.0351 0x1378 IperiusSvc - ok
21:09:29.0374 0x1378 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:09:29.0411 0x1378 IpFilterDriver - ok
21:09:29.0432 0x1378 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:09:29.0465 0x1378 iphlpsvc - ok
21:09:29.0474 0x1378 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:09:29.0492 0x1378 IPMIDRV - ok
21:09:29.0500 0x1378 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:09:29.0540 0x1378 IPNAT - ok
21:09:29.0546 0x1378 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:09:29.0566 0x1378 IRENUM - ok
21:09:29.0572 0x1378 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:09:29.0586 0x1378 isapnp - ok
21:09:29.0599 0x1378 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:09:29.0621 0x1378 iScsiPrt - ok
21:09:29.0629 0x1378 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:09:29.0643 0x1378 kbdclass - ok
21:09:29.0649 0x1378 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:09:29.0667 0x1378 kbdhid - ok
21:09:29.0673 0x1378 [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] KeyIso C:\Windows\system32\lsass.exe
21:09:29.0691 0x1378 KeyIso - ok
21:09:29.0699 0x1378 [ BF69D973523D539A35807946C6DA7E16, 38F2C59B0857131961DBEA48C4A5DFA9BE7B564941935086B8DC8DBEF896F3EC ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:09:29.0716 0x1378 KSecDD - ok
21:09:29.0726 0x1378 [ 272C27711C8AA6E7815EE33F8ACA9C66, 0A5A10A7A3E87DB92E06395A6676B94FE8B7AD6704864075D443CDC9BABDB4DF ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:09:29.0744 0x1378 KSecPkg - ok
21:09:29.0751 0x1378 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:09:29.0787 0x1378 ksthunk - ok
21:09:29.0802 0x1378 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
21:09:29.0853 0x1378 KtmRm - ok
21:09:29.0865 0x1378 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:09:29.0909 0x1378 LanmanServer - ok
21:09:29.0918 0x1378 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:09:29.0958 0x1378 LanmanWorkstation - ok
21:09:29.0968 0x1378 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:09:30.0006 0x1378 lltdio - ok
21:09:30.0020 0x1378 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:09:30.0067 0x1378 lltdsvc - ok
21:09:30.0074 0x1378 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:09:30.0113 0x1378 lmhosts - ok
21:09:30.0125 0x1378 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:09:30.0142 0x1378 LSI_FC - ok
21:09:30.0151 0x1378 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:09:30.0167 0x1378 LSI_SAS - ok
21:09:30.0175 0x1378 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
21:09:30.0190 0x1378 LSI_SAS2 - ok
21:09:30.0198 0x1378 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:09:30.0214 0x1378 LSI_SCSI - ok
21:09:30.0223 0x1378 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
21:09:30.0262 0x1378 luafv - ok
21:09:30.0270 0x1378 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:09:30.0289 0x1378 Mcx2Svc - ok
21:09:30.0295 0x1378 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
21:09:30.0310 0x1378 megasas - ok
21:09:30.0322 0x1378 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
21:09:30.0344 0x1378 MegaSR - ok
21:09:30.0352 0x1378 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
21:09:30.0391 0x1378 MMCSS - ok
21:09:30.0399 0x1378 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
21:09:30.0434 0x1378 Modem - ok
21:09:30.0440 0x1378 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:09:30.0458 0x1378 monitor - ok
21:09:30.0465 0x1378 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:09:30.0480 0x1378 mouclass - ok
21:09:30.0487 0x1378 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:09:30.0504 0x1378 mouhid - ok
21:09:30.0512 0x1378 [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:09:30.0528 0x1378 mountmgr - ok
21:09:30.0538 0x1378 [ 9FC679D10A7377BB04ECC3D0E2E26B53, 24ACD4EC1618A052C29E4463138B28F62C8B78D442DB82F4925E64FC5849A096 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:09:30.0555 0x1378 MozillaMaintenance - ok
21:09:30.0565 0x1378 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
21:09:30.0583 0x1378 mpio - ok
21:09:30.0591 0x1378 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:09:30.0630 0x1378 mpsdrv - ok
21:09:30.0658 0x1378 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:09:30.0720 0x1378 MpsSvc - ok
21:09:30.0731 0x1378 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:09:30.0751 0x1378 MRxDAV - ok
21:09:30.0761 0x1378 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:09:30.0781 0x1378 mrxsmb - ok
21:09:30.0795 0x1378 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:09:30.0819 0x1378 mrxsmb10 - ok
21:09:30.0829 0x1378 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:09:30.0847 0x1378 mrxsmb20 - ok
21:09:30.0853 0x1378 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
21:09:30.0869 0x1378 msahci - ok
21:09:30.0879 0x1378 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:09:30.0896 0x1378 msdsm - ok
21:09:30.0906 0x1378 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
21:09:30.0928 0x1378 MSDTC - ok
21:09:30.0938 0x1378 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:09:30.0975 0x1378 Msfs - ok
21:09:30.0981 0x1378 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:09:31.0017 0x1378 mshidkmdf - ok
21:09:31.0023 0x1378 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:09:31.0037 0x1378 msisadrv - ok
21:09:31.0046 0x1378 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:09:31.0089 0x1378 MSiSCSI - ok
21:09:31.0094 0x1378 msiserver - ok
21:09:31.0101 0x1378 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:09:31.0139 0x1378 MSKSSRV - ok
21:09:31.0145 0x1378 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:09:31.0181 0x1378 MSPCLOCK - ok
21:09:31.0187 0x1378 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:09:31.0223 0x1378 MSPQM - ok
21:09:31.0239 0x1378 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:09:31.0263 0x1378 MsRPC - ok
21:09:31.0271 0x1378 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:09:31.0285 0x1378 mssmbios - ok
21:09:31.0291 0x1378 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:09:31.0329 0x1378 MSTEE - ok
21:09:31.0334 0x1378 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
21:09:31.0349 0x1378 MTConfig - ok
21:09:31.0354 0x1378 [ 03B7145C889603537E9FFEABB1AD1089, B3CD93B893D4A2370CBF382366C6F596372857F8711EF6FFF83BFE2B449F424E ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
21:09:31.0369 0x1378 MTsensor - ok
21:09:31.0376 0x1378 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
21:09:31.0392 0x1378 Mup - ok
21:09:31.0411 0x1378 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
21:09:31.0461 0x1378 napagent - ok
21:09:31.0477 0x1378 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:09:31.0507 0x1378 NativeWifiP - ok
21:09:31.0538 0x1378 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
21:09:31.0580 0x1378 NDIS - ok
21:09:31.0588 0x1378 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:09:31.0626 0x1378 NdisCap - ok
21:09:31.0631 0x1378 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:09:31.0668 0x1378 NdisTapi - ok
21:09:31.0675 0x1378 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:09:31.0711 0x1378 Ndisuio - ok
21:09:31.0721 0x1378 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:09:31.0761 0x1378 NdisWan - ok
21:09:31.0768 0x1378 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:09:31.0804 0x1378 NDProxy - ok
21:09:31.0810 0x1378 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:09:31.0849 0x1378 NetBIOS - ok
21:09:31.0862 0x1378 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:09:31.0904 0x1378 NetBT - ok
21:09:31.0910 0x1378 [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] Netlogon C:\Windows\system32\lsass.exe
21:09:31.0926 0x1378 Netlogon - ok
21:09:31.0940 0x1378 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
21:09:31.0989 0x1378 Netman - ok
21:09:31.0998 0x1378 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:09:32.0017 0x1378 NetMsmqActivator - ok
21:09:32.0025 0x1378 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:09:32.0043 0x1378 NetPipeActivator - ok
21:09:32.0061 0x1378 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
21:09:32.0112 0x1378 netprofm - ok
21:09:32.0122 0x1378 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:09:32.0140 0x1378 NetTcpActivator - ok
21:09:32.0148 0x1378 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:09:32.0166 0x1378 NetTcpPortSharing - ok
21:09:32.0173 0x1378 [ 2263727032E9B19231A706046B8C82D3, AAAE23FF8164BC03F9C331C324F4C4AC7298535CC0BBBB14E9319D009D92D9E1 ] NetworkX C:\Windows\system32\ckldrv.sys
21:09:32.0186 0x1378 NetworkX - ok
21:09:32.0193 0x1378 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:09:32.0208 0x1378 nfrd960 - ok
21:09:32.0223 0x1378 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
21:09:32.0249 0x1378 NlaSvc - ok
21:09:32.0256 0x1378 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:09:32.0293 0x1378 Npfs - ok
21:09:32.0299 0x1378 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
21:09:32.0338 0x1378 nsi - ok
21:09:32.0343 0x1378 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:09:32.0380 0x1378 nsiproxy - ok
21:09:32.0432 0x1378 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:09:32.0490 0x1378 Ntfs - ok
21:09:32.0499 0x1378 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
21:09:32.0536 0x1378 Null - ok
21:09:32.0553 0x1378 [ A85B4F2EF3A7304A5399EF0526423040, E45854691BA6AE36E53C2922CC93FF13DC2D84CBE7FE13A2F0B1CE1C16D1D158 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
21:09:32.0581 0x1378 NVENETFD - ok
21:09:32.0934 0x1378 [ 5D89C0070BC2643117CF33D0367AFABA, C245E0C0DB6665B6226B4D188F620272C175F0FEA63617ECA45B4FA86273E20C ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:09:33.0344 0x1378 nvlddmkm - ok
21:09:33.0390 0x1378 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:09:33.0408 0x1378 nvraid - ok
21:09:33.0420 0x1378 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:09:33.0437 0x1378 nvstor - ok
21:09:33.0467 0x1378 [ C5647FB500C2A1F946B77C953528042D, E0A53D158B2141EBBE6762165154B4DE9524E6BD3AD7247B6D25AC96E0A34AA0 ] nvsvc C:\Windows\system32\nvvsvc.exe
21:09:33.0509 0x1378 nvsvc - ok
21:09:33.0520 0x1378 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:09:33.0537 0x1378 nv_agp - ok
21:09:33.0544 0x1378 [ E6A949D80E05859E87E248A78953FB50, 0354DB9015C7F2DDE372AEFC5896C6E041A41E8416901F77E874A2B303047263 ] NxDrv C:\Windows\system32\DRIVERS\NxDrv.sys
21:09:33.0557 0x1378 NxDrv - ok
21:09:33.0576 0x1378 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:09:33.0600 0x1378 odserv - ok
21:09:33.0608 0x1378 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:09:33.0626 0x1378 ohci1394 - ok
21:09:33.0635 0x1378 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:09:33.0651 0x1378 ose - ok
21:09:33.0667 0x1378 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:09:33.0695 0x1378 p2pimsvc - ok
21:09:33.0713 0x1378 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
21:09:33.0744 0x1378 p2psvc - ok
21:09:33.0753 0x1378 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:09:33.0772 0x1378 Parport - ok
21:09:33.0779 0x1378 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:09:33.0795 0x1378 partmgr - ok
21:09:33.0805 0x1378 [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:09:33.0828 0x1378 PcaSvc - ok
21:09:33.0838 0x1378 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
21:09:33.0859 0x1378 pci - ok
21:09:33.0864 0x1378 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
21:09:33.0878 0x1378 pciide - ok
21:09:33.0889 0x1378 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:09:33.0909 0x1378 pcmcia - ok
21:09:33.0916 0x1378 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
21:09:33.0931 0x1378 pcw - ok
21:09:33.0954 0x1378 [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:09:33.0990 0x1378 PEAUTH - ok
21:09:34.0035 0x1378 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
21:09:34.0093 0x1378 PeerDistSvc - ok
21:09:34.0126 0x1378 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:09:34.0146 0x1378 PerfHost - ok
21:09:34.0195 0x1378 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
21:09:34.0274 0x1378 pla - ok
21:09:34.0295 0x1378 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:09:34.0325 0x1378 PlugPlay - ok
21:09:34.0331 0x1378 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:09:34.0349 0x1378 PNRPAutoReg - ok
21:09:34.0362 0x1378 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:09:34.0387 0x1378 PNRPsvc - ok
21:09:34.0406 0x1378 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:09:34.0458 0x1378 PolicyAgent - ok
21:09:34.0472 0x1378 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
21:09:34.0516 0x1378 Power - ok
21:09:34.0524 0x1378 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:09:34.0562 0x1378 PptpMiniport - ok
21:09:34.0569 0x1378 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
21:09:34.0587 0x1378 Processor - ok
21:09:34.0598 0x1378 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
21:09:34.0622 0x1378 ProfSvc - ok
21:09:34.0628 0x1378 [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] ProtectedStorage C:\Windows\system32\lsass.exe
21:09:34.0644 0x1378 ProtectedStorage - ok
21:09:34.0653 0x1378 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:09:34.0693 0x1378 Psched - ok
21:09:34.0741 0x1378 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:09:34.0802 0x1378 ql2300 - ok
21:09:34.0815 0x1378 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:09:34.0832 0x1378 ql40xx - ok
21:09:34.0845 0x1378 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
21:09:34.0879 0x1378 QWAVE - ok
21:09:34.0887 0x1378 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:09:34.0912 0x1378 QWAVEdrv - ok
21:09:34.0917 0x1378 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:09:34.0955 0x1378 RasAcd - ok
21:09:34.0963 0x1378 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:09:35.0002 0x1378 RasAgileVpn - ok
21:09:35.0009 0x1378 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
21:09:35.0052 0x1378 RasAuto - ok
21:09:35.0062 0x1378 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:09:35.0100 0x1378 Rasl2tp - ok
21:09:35.0115 0x1378 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
21:09:35.0164 0x1378 RasMan - ok
21:09:35.0173 0x1378 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:09:35.0213 0x1378 RasPppoe - ok
21:09:35.0221 0x1378 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:09:35.0262 0x1378 RasSstp - ok
21:09:35.0275 0x1378 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:09:35.0321 0x1378 rdbss - ok
21:09:35.0327 0x1378 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:09:35.0347 0x1378 rdpbus - ok
21:09:35.0352 0x1378 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:09:35.0390 0x1378 RDPCDD - ok
21:09:35.0402 0x1378 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
21:09:35.0421 0x1378 RDPDR - ok
21:09:35.0426 0x1378 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:09:35.0463 0x1378 RDPENCDD - ok
21:09:35.0471 0x1378 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:09:35.0507 0x1378 RDPREFMP - ok
21:09:35.0516 0x1378 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:09:35.0531 0x1378 RdpVideoMiniport - ok
21:09:35.0541 0x1378 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:09:35.0563 0x1378 RDPWD - ok
21:09:35.0574 0x1378 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:09:35.0594 0x1378 rdyboost - ok
21:09:35.0698 0x1378 [ F51E6123B1897B3F1641259F5E354887, AE0E4E04C64E3FA063D311EFF1476D844ACEF0A41CF70BA33C16F1E61EE00402 ] ReflectService.exe C:\Program Files\Macrium\Reflect\ReflectService.exe
21:09:35.0785 0x1378 ReflectService.exe - ok
21:09:35.0802 0x1378 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:09:35.0843 0x1378 RemoteAccess - ok
21:09:35.0856 0x1378 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:09:35.0900 0x1378 RemoteRegistry - ok
21:09:35.0908 0x1378 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:09:35.0948 0x1378 RpcEptMapper - ok
21:09:35.0954 0x1378 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
21:09:35.0971 0x1378 RpcLocator - ok
21:09:35.0990 0x1378 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
21:09:36.0037 0x1378 RpcSs - ok
21:09:36.0046 0x1378 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:09:36.0084 0x1378 rspndr - ok
21:09:36.0095 0x1378 [ 31DB11C9B2ED9ABAAC8D07FD591820B4, D2FD3A514EB75184432C4C84CCE1689DCCF5F4072EFDAF47F3FCE64C95EFD12A ] RT2500 C:\Windows\system32\DRIVERS\RT2500.sys
21:09:36.0116 0x1378 RT2500 - ok
21:09:36.0121 0x1378 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
21:09:36.0136 0x1378 s3cap - ok
21:09:36.0142 0x1378 [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] SamSs C:\Windows\system32\lsass.exe
21:09:36.0159 0x1378 SamSs - ok
21:09:36.0166 0x1378 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:09:36.0182 0x1378 sbp2port - ok
21:09:36.0193 0x1378 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:09:36.0237 0x1378 SCardSvr - ok
21:09:36.0243 0x1378 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:09:36.0278 0x1378 scfilter - ok
21:09:36.0312 0x1378 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
21:09:36.0384 0x1378 Schedule - ok
21:09:36.0394 0x1378 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
21:09:36.0430 0x1378 SCPolicySvc - ok
21:09:36.0440 0x1378 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:09:36.0462 0x1378 SDRSVC - ok
21:09:36.0468 0x1378 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:09:36.0505 0x1378 secdrv - ok
21:09:36.0511 0x1378 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
21:09:36.0549 0x1378 seclogon - ok
21:09:36.0556 0x1378 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
21:09:36.0596 0x1378 SENS - ok
21:09:36.0602 0x1378 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:09:36.0622 0x1378 SensrSvc - ok
21:09:36.0627 0x1378 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:09:36.0644 0x1378 Serenum - ok
21:09:36.0651 0x1378 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:09:36.0669 0x1378 Serial - ok
21:09:36.0674 0x1378 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:09:36.0690 0x1378 sermouse - ok
21:09:36.0705 0x1378 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
21:09:36.0745 0x1378 SessionEnv - ok
21:09:36.0751 0x1378 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:09:36.0769 0x1378 sffdisk - ok
21:09:36.0774 0x1378 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:09:36.0792 0x1378 sffp_mmc - ok
21:09:36.0797 0x1378 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:09:36.0815 0x1378 sffp_sd - ok
21:09:36.0820 0x1378 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:09:36.0836 0x1378 sfloppy - ok
21:09:36.0851 0x1378 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:09:36.0898 0x1378 SharedAccess - ok
21:09:36.0915 0x1378 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:09:36.0963 0x1378 ShellHWDetection - ok
21:09:36.0970 0x1378 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
21:09:36.0984 0x1378 SiSRaid2 - ok
21:09:36.0991 0x1378 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:09:37.0007 0x1378 SiSRaid4 - ok
21:09:37.0020 0x1378 [ 704B4F81729F676BBF034529FC334D82, 1E50DAF97836807A500284385D99272780A8B69CA88761250451060B207824F8 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:09:37.0045 0x1378 SkypeUpdate - ok
21:09:37.0054 0x1378 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:09:37.0092 0x1378 Smb - ok
21:09:37.0101 0x1378 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:09:37.0120 0x1378 SNMPTRAP - ok
21:09:37.0148 0x1378 [ 0A94C3E99BEFC82E7A95D5FA0C7B25ED, 97D68F5394C0D0AC2669E888569283330A9DCDDC0926ABFA5286E2301E8529FD ] SONICWALL_NetExtender C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe
21:09:37.0174 0x1378 SONICWALL_NetExtender - ok
21:09:37.0180 0x1378 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
21:09:37.0195 0x1378 spldr - ok
21:09:37.0216 0x1378 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
21:09:37.0251 0x1378 Spooler - ok
21:09:37.0358 0x1378 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
21:09:37.0478 0x1378 sppsvc - ok
21:09:37.0493 0x1378 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:09:37.0533 0x1378 sppuinotify - ok
21:09:37.0538 0x1378 sptd - ok
21:09:37.0557 0x1378 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:09:37.0586 0x1378 srv - ok
21:09:37.0603 0x1378 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:09:37.0631 0x1378 srv2 - ok
21:09:37.0641 0x1378 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:09:37.0662 0x1378 srvnet - ok
21:09:37.0673 0x1378 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:09:37.0717 0x1378 SSDPSRV - ok
21:09:37.0725 0x1378 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:09:37.0766 0x1378 SstpSvc - ok
21:09:37.0775 0x1378 [ B1800F5DA5114148E405F21292EDF77A, F0CCE39AA15A7E8EBB8EBA72C053F6489E10601294ACD6E12DCDC6E2BE76403B ] StarPortLite C:\Windows\system32\DRIVERS\StarPortLite.sys
21:09:37.0791 0x1378 StarPortLite - ok
21:09:37.0808 0x1378 [ 32B37DD6E7D423DF3CF3B196C8005F85, 5989DD72AB03009625D5A49CC05D7955D07E3A933AEB292882F22928C5D60565 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:09:37.0832 0x1378 Stereo Service - ok
21:09:37.0839 0x1378 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
21:09:37.0854 0x1378 stexstor - ok
21:09:37.0876 0x1378 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
21:09:37.0918 0x1378 stisvc - ok
21:09:37.0928 0x1378 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
21:09:37.0943 0x1378 storflt - ok
21:09:37.0949 0x1378 [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll
21:09:37.0968 0x1378 StorSvc - ok
21:09:37.0974 0x1378 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
21:09:37.0988 0x1378 storvsc - ok
21:09:37.0994 0x1378 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:09:38.0008 0x1378 swenum - ok
21:09:38.0027 0x1378 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
21:09:38.0081 0x1378 swprv - ok
21:09:38.0138 0x1378 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
21:09:38.0214 0x1378 SysMain - ok
21:09:38.0227 0x1378 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:09:38.0252 0x1378 TabletInputService - ok
21:09:38.0266 0x1378 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
21:09:38.0313 0x1378 TapiSrv - ok
21:09:38.0320 0x1378 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
21:09:38.0362 0x1378 TBS - ok
21:09:38.0420 0x1378 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:09:38.0491 0x1378 Tcpip - ok
21:09:38.0553 0x1378 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:09:38.0611 0x1378 TCPIP6 - ok
21:09:38.0624 0x1378 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:09:38.0642 0x1378 tcpipreg - ok
21:09:38.0650 0x1378 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:09:38.0665 0x1378 TDPIPE - ok
21:09:38.0671 0x1378 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:09:38.0686 0x1378 TDTCP - ok
21:09:38.0694 0x1378 [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:09:38.0712 0x1378 tdx - ok
21:09:38.0868 0x1378 [ 6CA83C69643E7BF144A428B7BDC7D630, DB015BA4428509E1D5BE74FEFB446A29D316564617EB15A379424B3FCE3B74A9 ] TeamViewer C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
21:09:39.0042 0x1378 TeamViewer - ok
21:09:39.0063 0x1378 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:09:39.0079 0x1378 TermDD - ok
21:09:39.0103 0x1378 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
21:09:39.0136 0x1378 TermService - ok
21:09:39.0145 0x1378 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
21:09:39.0169 0x1378 Themes - ok
21:09:39.0176 0x1378 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
21:09:39.0213 0x1378 THREADORDER - ok
21:09:39.0222 0x1378 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
21:09:39.0265 0x1378 TrkWks - ok
21:09:39.0275 0x1378 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:09:39.0314 0x1378 TrustedInstaller - ok
21:09:39.0322 0x1378 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:09:39.0339 0x1378 tssecsrv - ok
21:09:39.0345 0x1378 [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:09:39.0363 0x1378 TsUsbFlt - ok
21:09:39.0371 0x1378 [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
21:09:39.0386 0x1378 TsUsbGD - ok
21:09:39.0450 0x1378 [ 53C9D93D159EE9FF3E23A7BFAFA9CF9E, 62E20F9B1CC2BC1299EFD76831A41206169EA906F15039E37BDD0E579A4CD5EF ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
21:09:39.0508 0x1378 TuneUp.UtilitiesSvc - ok
21:09:39.0518 0x1378 [ DCC94C51D27C7EC0DADECA8F64C94FCF, 90C978C2284C9BDE3EFA1124616D824E0C361C388293FA22DBC8C3B70C920574 ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys
21:09:39.0531 0x1378 TuneUpUtilitiesDrv - ok
21:09:39.0540 0x1378 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:09:39.0578 0x1378 tunnel - ok
21:09:39.0584 0x1378 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:09:39.0600 0x1378 uagp35 - ok
21:09:39.0614 0x1378 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:09:39.0659 0x1378 udfs - ok
21:09:39.0669 0x1378 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:09:39.0690 0x1378 UI0Detect - ok
21:09:39.0697 0x1378 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:09:39.0713 0x1378 uliagpkx - ok
21:09:39.0720 0x1378 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:09:39.0737 0x1378 umbus - ok
21:09:39.0742 0x1378 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
21:09:39.0760 0x1378 UmPass - ok
21:09:39.0771 0x1378 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
21:09:39.0796 0x1378 UmRdpService - ok
21:09:39.0812 0x1378 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
21:09:39.0863 0x1378 upnphost - ok
21:09:39.0872 0x1378 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:09:39.0890 0x1378 usbccgp - ok
21:09:39.0898 0x1378 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:09:39.0916 0x1378 usbcir - ok
21:09:39.0922 0x1378 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:09:39.0939 0x1378 usbehci - ok
21:09:39.0953 0x1378 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:09:39.0979 0x1378 usbhub - ok
21:09:39.0986 0x1378 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
21:09:40.0002 0x1378 usbohci - ok
21:09:40.0010 0x1378 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\drivers\usbprint.sys
21:09:40.0028 0x1378 usbprint - ok
21:09:40.0035 0x1378 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:09:40.0052 0x1378 usbscan - ok
21:09:40.0059 0x1378 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:09:40.0078 0x1378 USBSTOR - ok
21:09:40.0085 0x1378 [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:09:40.0102 0x1378 usbuhci - ok
21:09:40.0108 0x1378 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
21:09:40.0149 0x1378 UxSms - ok
21:09:40.0156 0x1378 [ 951A30E6EFB1A2A2D3BB842807661863, AE85011E85655BB65ABDAB37E3CE264290A389AA0A90B046CF9B62766F38E0E6 ] UxTuneUp C:\Windows\System32\uxtuneup.dll
21:09:40.0170 0x1378 UxTuneUp - ok
21:09:40.0176 0x1378 [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] VaultSvc C:\Windows\system32\lsass.exe
21:09:40.0192 0x1378 VaultSvc - ok
21:09:40.0207 0x1378 [ EB2461E88E1E9F2243FAA3F167BFB94E, 1A7E51BC964CC42A2839FE6DB20A7E2E695E827B62851B0B25CCDB091A144D24 ] VBoxAswDrv C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
21:09:40.0228 0x1378 VBoxAswDrv - ok
21:09:40.0260 0x1378 [ 774E0B5708EC5F8FE3FAE063AD741D1E, 2392DF6EA79634F842B6B1E96988D58ECCE456361C03BB691D4002D5370D57F0 ] VBoxDrv C:\Windows\system32\DRIVERS\VBoxDrv.sys
21:09:40.0301 0x1378 VBoxDrv - ok
21:09:40.0313 0x1378 [ 348A3A2F65CFF137440127A98C307102, 4152AAE06F4A992FBD57F7BB86D5ACFF3FA0A41AB0E68B0A457ECAAF83088D3E ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
21:09:40.0330 0x1378 VBoxNetAdp - ok
21:09:40.0340 0x1378 [ C9232E8BC7DE065C88586A6A8089C94E, DC1C7812F4D014B1106ED8E2FDBAC0D12622C75365B22E0D770F412265F52C77 ] VBoxNetFlt C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
21:09:40.0357 0x1378 VBoxNetFlt - ok
21:09:40.0366 0x1378 [ 79B223A37527EF773621F656310CE525, 8E0252CEC55F4D06849C13EBFA931D40C22BC3EB3D5092764F057C4DE77935E1 ] VBoxUSBMon C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
21:09:40.0383 0x1378 VBoxUSBMon - ok
21:09:40.0389 0x1378 [ 3C8E2C591345F38149C69FE8E5DF8C90, 9F4BB9BDA09CB2E99A6A888B288F322AE5C460B5D124CD714C6F00FF5029144B ] VClone C:\Windows\system32\DRIVERS\VClone.sys
21:09:40.0404 0x1378 VClone - ok
21:09:40.0411 0x1378 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:09:40.0425 0x1378 vdrvroot - ok
21:09:40.0445 0x1378 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
21:09:40.0500 0x1378 vds - ok
21:09:40.0508 0x1378 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:09:40.0526 0x1378 vga - ok
21:09:40.0532 0x1378 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
21:09:40.0569 0x1378 VgaSave - ok
21:09:40.0580 0x1378 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
21:09:40.0600 0x1378 vhdmp - ok
21:09:40.0606 0x1378 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
21:09:40.0621 0x1378 viaide - ok
21:09:40.0632 0x1378 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
21:09:40.0653 0x1378 vmbus - ok
21:09:40.0659 0x1378 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
21:09:40.0675 0x1378 VMBusHID - ok
21:09:40.0682 0x1378 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:09:40.0699 0x1378 volmgr - ok
21:09:40.0714 0x1378 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:09:40.0738 0x1378 volmgrx - ok
21:09:40.0752 0x1378 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:09:40.0775 0x1378 volsnap - ok
21:09:40.0785 0x1378 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:09:40.0804 0x1378 vsmraid - ok
21:09:40.0853 0x1378 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
21:09:40.0932 0x1378 VSS - ok
21:09:40.0942 0x1378 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
21:09:40.0962 0x1378 vwifibus - ok
21:09:40.0978 0x1378 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
21:09:41.0028 0x1378 W32Time - ok
21:09:41.0036 0x1378 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:09:41.0053 0x1378 WacomPen - ok
21:09:41.0061 0x1378 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:09:41.0099 0x1378 WANARP - ok
21:09:41.0105 0x1378 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:09:41.0141 0x1378 Wanarpv6 - ok
21:09:41.0187 0x1378 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
21:09:41.0252 0x1378 wbengine - ok
21:09:41.0271 0x1378 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:09:41.0300 0x1378 WbioSrvc - ok
21:09:41.0315 0x1378 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:09:41.0349 0x1378 wcncsvc - ok
21:09:41.0356 0x1378 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:09:41.0377 0x1378 WcsPlugInService - ok
21:09:41.0383 0x1378 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
21:09:41.0397 0x1378 Wd - ok
21:09:41.0425 0x1378 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:09:41.0464 0x1378 Wdf01000 - ok
21:09:41.0474 0x1378 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:09:41.0495 0x1378 WdiServiceHost - ok
21:09:41.0501 0x1378 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:09:41.0520 0x1378 WdiSystemHost - ok
21:09:41.0533 0x1378 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
21:09:41.0560 0x1378 WebClient - ok
21:09:41.0572 0x1378 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:09:41.0621 0x1378 Wecsvc - ok
21:09:41.0630 0x1378 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:09:41.0671 0x1378 wercplsupport - ok
21:09:41.0678 0x1378 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
21:09:41.0719 0x1378 WerSvc - ok
21:09:41.0726 0x1378 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:09:41.0763 0x1378 WfpLwf - ok
21:09:41.0768 0x1378 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:09:41.0782 0x1378 WIMMount - ok
21:09:41.0786 0x1378 WinDefend - ok
21:09:41.0793 0x1378 WinHttpAutoProxySvc - ok
21:09:41.0811 0x1378 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:09:41.0856 0x1378 Winmgmt - ok
21:09:41.0919 0x1378 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
21:09:42.0000 0x1378 WinRM - ok
21:09:42.0016 0x1378 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:09:42.0035 0x1378 WinUsb - ok
21:09:42.0063 0x1378 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:09:42.0114 0x1378 Wlansvc - ok
21:09:42.0122 0x1378 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:09:42.0138 0x1378 WmiAcpi - ok
21:09:42.0151 0x1378 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:09:42.0173 0x1378 wmiApSrv - ok
21:09:42.0177 0x1378 WMPNetworkSvc - ok
21:09:42.0184 0x1378 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:09:42.0203 0x1378 WPCSvc - ok
21:09:42.0211 0x1378 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:09:42.0234 0x1378 WPDBusEnum - ok
21:09:42.0240 0x1378 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:09:42.0276 0x1378 ws2ifsl - ok
21:09:42.0283 0x1378 [ ADD2FE1A9F4EE41A6D724819550D4E1F, EE8320496D611F6D264AC21684EACB5DC6F9DD82E055726073C7782D0993AFB3 ] WsAudio_Device(1) C:\Windows\system32\drivers\VirtualAudio1.sys
21:09:42.0297 0x1378 WsAudio_Device(1) - ok
21:09:42.0304 0x1378 [ ADD2FE1A9F4EE41A6D724819550D4E1F, EE8320496D611F6D264AC21684EACB5DC6F9DD82E055726073C7782D0993AFB3 ] WsAudio_Device(2) C:\Windows\system32\drivers\VirtualAudio2.sys
21:09:42.0317 0x1378 WsAudio_Device(2) - ok
21:09:42.0324 0x1378 [ ADD2FE1A9F4EE41A6D724819550D4E1F, EE8320496D611F6D264AC21684EACB5DC6F9DD82E055726073C7782D0993AFB3 ] WsAudio_Device(3) C:\Windows\system32\drivers\VirtualAudio3.sys
21:09:42.0337 0x1378 WsAudio_Device(3) - ok
21:09:42.0343 0x1378 [ ADD2FE1A9F4EE41A6D724819550D4E1F, EE8320496D611F6D264AC21684EACB5DC6F9DD82E055726073C7782D0993AFB3 ] WsAudio_Device(4) C:\Windows\system32\drivers\VirtualAudio4.sys
21:09:42.0357 0x1378 WsAudio_Device(4) - ok
21:09:42.0366 0x1378 [ ADD2FE1A9F4EE41A6D724819550D4E1F, EE8320496D611F6D264AC21684EACB5DC6F9DD82E055726073C7782D0993AFB3 ] WsAudio_Device(5) C:\Windows\system32\drivers\VirtualAudio5.sys
21:09:42.0379 0x1378 WsAudio_Device(5) - ok
21:09:42.0387 0x1378 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
21:09:42.0412 0x1378 wscsvc - ok
21:09:42.0417 0x1378 WSearch - ok
21:09:42.0498 0x1378 [ 14882A15F5CE7B8EADC8E7F54FD5B53B, 75CE9845C6EE66B070EA3D11F5B49935B9D0A607DCC93D3105130F3987E39443 ] wuauserv C:\Windows\system32\wuaueng.dll
21:09:42.0579 0x1378 wuauserv - ok
21:09:42.0594 0x1378 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:09:42.0612 0x1378 WudfPf - ok
21:09:42.0625 0x1378 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:09:42.0645 0x1378 WUDFRd - ok
21:09:42.0653 0x1378 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:09:42.0675 0x1378 wudfsvc - ok
21:09:42.0686 0x1378 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
21:09:42.0712 0x1378 WwanSvc - ok
21:09:42.0721 0x1378 ================ Scan global ===============================
21:09:42.0727 0x1378 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
21:09:42.0738 0x1378 [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\Windows\system32\winsrv.dll
21:09:42.0756 0x1378 [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\Windows\system32\winsrv.dll
21:09:42.0768 0x1378 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
21:09:42.0784 0x1378 [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
21:09:42.0796 0x1378 [ Global ] - ok
21:09:42.0796 0x1378 ================ Scan MBR ==================================
21:09:42.0799 0x1378 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:09:42.0948 0x1378 \Device\Harddisk0\DR0 - ok
21:09:42.0971 0x1378 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
21:09:43.0043 0x1378 \Device\Harddisk1\DR1 - ok
21:09:43.0043 0x1378 ================ Scan VBR ==================================
21:09:43.0046 0x1378 [ 2A093BC7381C7822D6BE74044DD98790 ] \Device\Harddisk0\DR0\Partition1
21:09:43.0048 0x1378 \Device\Harddisk0\DR0\Partition1 - ok
21:09:43.0048 0x1378 ================ Scan generic autorun ======================
21:09:43.0206 0x1378 [ 65C6AA484AD2287D20541C7735989437, 1842787640391F4A4CD9ED0A531298A61F4B2FB09BEC98FEE256313AFB458EDB ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
21:09:43.0346 0x1378 AvastUI.exe - ok
21:09:43.0395 0x1378 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
21:09:43.0446 0x1378 Sidebar - ok
21:09:43.0455 0x1378 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
21:09:43.0479 0x1378 mctadmin - ok
21:09:43.0516 0x1378 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
21:09:43.0560 0x1378 Sidebar - ok
21:09:43.0569 0x1378 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
21:09:43.0592 0x1378 mctadmin - ok
21:09:43.0595 0x1378 Iperius Backup - ok
21:09:44.0013 0x1378 [ 15D6EFED817CE145FF05A9829050D547, 8ABE7E22C146F2EEE3F3F3713C92BC1D6734477E488872D22ABE2188D2077A39 ] C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
21:09:44.0484 0x1378 ANT Agent - detected UnsignedFile.Multi.Generic ( 1 )
21:09:46.0897 0x1378 Detect skipped due to KSN trusted
21:09:46.0897 0x1378 ANT Agent - ok
21:09:46.0897 0x1378 Waiting for KSN requests completion. In queue: 39
21:09:47.0902 0x1378 Waiting for KSN requests completion. In queue: 39
21:09:48.0916 0x1378 Waiting for KSN requests completion. In queue: 39
21:09:49.0946 0x1378 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.2.2218.942 ), 0x41000 ( enabled : updated )
21:09:49.0946 0x1378 Win FW state via NFP2: enabled
21:09:52.0457 0x1378 ============================================================
21:09:52.0457 0x1378 Scan finished
21:09:52.0457 0x1378 ============================================================
21:09:52.0457 0x1398 Detected object count: 0
21:09:52.0457 0x1398 Actual detected object count: 0
Ingo |
|
04.07.2015, 15:33
| #10 |
| /// the machine /// TB-Ausbilder | Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal" hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.07.2015, 22:20
| #11 |
| | Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal" Hallo, anbei das Log von Combofix... COMBOFIX Code:
ATTFilter Combofix Logfile: Ingo |
|
06.07.2015, 05:52
| #12 |
| /// the machine /// TB-Ausbilder | Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal" Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.07.2015, 22:21
| #13 |
| | Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal" Hi, hier nun die neuen Logs: MBAM Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 06.07.2015 Suchlaufzeit: 22:42 Protokolldatei: mbam_log.txt Administrator: Ja Version: 2.1.8.1057 Malware-Datenbank: v2015.07.06.07 Rootkit-Datenbank: v2015.07.05.03 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Ingo Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 481126 Abgelaufene Zeit: 9 Min., 30 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.207 - Bericht erstellt 06/07/2015 um 23:00:42
# Aktualisiert 21/06/2015 von Xplode
# Datenbank : 2015-07-05.2 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : Ingo - HOME-PC
# Gestarted von : D:\Users\Ingo\Desktop\AdwCleaner_4.207.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17840
-\\ Mozilla Firefox v38.0.5 (x86 de)
*************************
AdwCleaner[R1].txt - [789 Bytes] - [06/07/2015 22:59:25]
AdwCleaner[S1].txt - [710 Bytes] - [06/07/2015 23:00:42]
########## EOF - D:\AdwCleaner\AdwCleaner[S1].txt - [768 Bytes] ##########
JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.3.3 (07.06.2015:2)
OS: Windows 7 Professional x64
Ran by Ingo on 06.07.2015 at 23:04:44,32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
Successfully deleted: [Task] C:\Windows\system32\tasks\TuneUpUtilities_Task_BkGndMaintenance2011
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\TuneUp Undelete
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\TuneUp Shredder Shell Extension
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\TuneUp Disk Space Explorer Shell Extension
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\TuneUp Shredder Shell Extension
~~~ Files
Successfully deleted: [File] C:\Windows\syswow64\REN600A.tmp
~~~ Folders
Successfully deleted: [Folder] C:\ProgramData\tuneup software
Successfully deleted: [Folder] D:\Users\Ingo\appdata\local\crashrpt
Successfully deleted: [Folder] D:\Users\Ingo\AppData\Roaming\tuneup software
Successfully deleted: [Folder] D:\Users\Ingo\AppData\Roaming\2761
Successfully deleted: [Folder] D:\Users\Ingo\AppData\Roaming\6755
Successfully deleted: [Folder] D:\Users\Ingo\AppData\Roaming\9756
~~~ FireFox
Emptied folder: D:\Users\Ingo\AppData\Roaming\mozilla\firefox\profiles\n89clb7s.default\minidumps [51 files]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.07.2015 at 23:08:16,96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by Ingo (administrator) on HOME-PC on 06-07-2015 23:10:28
Running from D:\Users\Ingo\Desktop
Loaded Profiles: Ingo (Available Profiles: Ingo & Julia & Klara)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-13] (Avast Software s.r.o.)
HKU\S-1-5-21-2484450973-2070416738-4278609927-1005\...\Run: [Iperius Backup] => C:\Program Files (x86)\Iperius Backup\Iperius.exe [23611280 2015-05-08] (Enter Srl)
HKU\S-1-5-21-2484450973-2070416738-4278609927-1005\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2484450973-2070416738-4278609927-1005\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2484450973-2070416738-4278609927-1005\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
Startup: D:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk [2015-05-28]
ShortcutTarget: Spamihilator.lnk -> C:\Program Files\Spamihilator\spamihilator.exe (Michel Krämer)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-13] (Avast Software s.r.o.)
GroupPolicyUsers\S-1-5-21-2484450973-2070416738-4278609927-1007\User: Group Policy Restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2484450973-2070416738-4278609927-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2484450973-2070416738-4278609927-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2484450973-2070416738-4278609927-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2484450973-2070416738-4278609927-1005 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = https://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-13] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-13] (Avast Software s.r.o.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-13] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-13] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-13] (Avast Software s.r.o.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-13] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.177.1
Tcpip\..\Interfaces\{1FB36190-A6F5-4787-A58D-E71835657744}: [DhcpNameServer] 192.168.177.1
FireFox:
========
FF ProfilePath: D:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n89clb7s.default
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-13] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-13] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Extension: MinimizeToTray revived (MinTrayR) - D:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n89clb7s.default\Extensions\mintrayr@tn123.ath.cx [2015-05-29]
FF Extension: IE Tab - D:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n89clb7s.default\Extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2015-05-29]
FF Extension: Save Text To File - D:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n89clb7s.default\Extensions\HighlightedTextToFile@bobbyrne01.org.xpi [2015-05-22]
FF Extension: Adblock Plus - D:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n89clb7s.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-22]
FF Extension: DownThemAll! - D:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n89clb7s.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-05-22]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-13]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-13]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-13]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-13] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-05-13] (Avast Software)
S2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed]
S2 IperiusSvc; C:\Program Files (x86)\Iperius Backup\IperiusService.exe [4364192 2015-05-08] (Enter Srl)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)
S2 SONICWALL_NetExtender; C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe [614416 2014-10-21] (Dell Inc.)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2028864 2011-12-13] (TuneUp Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 ASPI32; No ImagePath
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-13] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-13] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-13] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-13] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-27] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-13] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-13] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
R3 NxDrv; C:\Windows\System32\DRIVERS\NxDrv.sys [25536 2014-10-21] (SonicWALL Inc.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2015-05-21] (Duplex Secure Ltd.)
R1 StarPortLite; C:\Windows\System32\DRIVERS\StarPortLite.sys [120704 2013-02-04] (StarWind Software)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [11856 2011-07-07] (TuneUp Software)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-05-13] (Avast Software)
S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2013-01-25] (Wondershare)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-06 23:10 - 2015-07-06 23:10 - 00012290 _____ D:\Users\Ingo\Desktop\FRST.txt
2015-07-06 23:10 - 2015-07-02 21:15 - 02112512 _____ (Farbar) D:\Users\Ingo\Desktop\FRST64.exe
2015-07-06 23:04 - 2015-07-06 23:04 - 00000207 _____ C:\Windows\tweaking.com-regbackup-HOME-PC-Windows-7-Professional-(64-bit).dat
2015-07-06 23:04 - 2015-07-06 23:04 - 00000000 ____D C:\RegBackup
2015-07-06 22:45 - 2015-07-06 23:10 - 00000000 ____D D:\Users\Ingo\Downloads\Trojaner Board Stuff
2015-07-06 22:39 - 2015-07-06 22:47 - 00000000 ____D D:\Users\Ingo\AppData\Roaming\Adobe
2015-07-06 22:38 - 2015-07-06 22:38 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-06 22:37 - 2015-07-06 22:40 - 00000000 ____D C:\ProgramData\Adobe
2015-07-06 22:37 - 2015-07-06 22:37 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-07-06 22:37 - 2015-07-06 22:37 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-06 22:35 - 2015-07-06 22:40 - 00000000 ____D D:\Users\Ingo\AppData\Local\Adobe
2015-07-06 22:28 - 2015-07-06 22:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-07-06 22:28 - 2015-07-06 22:30 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-07-06 22:28 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-06 22:28 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-05 23:04 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-05 23:04 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-05 23:04 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-05 23:04 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-05 23:04 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-05 23:04 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-05 23:04 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-05 23:04 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-05 23:02 - 2015-07-05 23:12 - 00000000 ____D C:\Qoobox
2015-07-05 23:02 - 2015-07-05 23:11 - 00000000 ____D C:\Windows\erdnt
2015-07-04 13:59 - 2015-07-04 13:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PicGrab
2015-07-04 13:59 - 2015-07-04 13:59 - 00000000 ____D C:\Program Files (x86)\PicGrab
2015-07-04 13:59 - 2003-07-12 01:07 - 00438272 _____ () C:\Windows\SysWOW64\PaintX.dll
2015-07-04 13:58 - 2015-07-04 13:58 - 01198368 _____ D:\Users\Julia\Downloads\PicGrab - CHIP-Installer.exe
2015-07-03 20:55 - 2015-07-06 22:41 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-03 20:55 - 2015-07-06 22:28 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-03 20:55 - 2015-07-03 21:06 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-07-03 20:54 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-02 21:39 - 2015-07-06 23:10 - 00000000 ____D C:\FRST
2015-07-02 21:36 - 2015-07-02 21:36 - 00000020 _____ D:\Users\Ingo\defogger_reenable
2015-06-30 21:11 - 2015-06-30 21:12 - 44135827 _____ D:\Users\Julia\Downloads\downloads(1).zip
2015-06-30 21:03 - 2015-06-30 21:05 - 74260937 _____ D:\Users\Julia\Downloads\downloads.zip
2015-06-27 21:43 - 2015-06-27 21:57 - 00003584 _____ D:\Users\Julia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-18 23:06 - 2015-06-18 23:06 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-06-18 19:47 - 2015-06-18 19:47 - 00000000 ____D D:\Users\Ingo\VirtualBox VMs
2015-06-16 01:07 - 2015-06-16 01:07 - 00000000 ____D D:\Users\Ingo\AppData\Local\calibre-cache
2015-06-16 01:06 - 2015-06-18 00:35 - 00000000 ____D D:\Users\Ingo\Documents\Calibre-Bibliothek
2015-06-16 01:06 - 2015-06-16 01:09 - 00000000 ____D D:\Users\Ingo\AppData\Roaming\calibre
2015-06-12 14:12 - 2015-06-12 14:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell SonicWALL NetExtender
2015-06-12 13:59 - 2015-06-12 13:59 - 01536632 _____ D:\Users\Julia\Downloads\NXSetupU.exe
2015-06-10 03:08 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 03:08 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 03:08 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 03:08 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 03:08 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 03:08 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 03:08 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 03:08 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 03:08 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 03:08 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 03:08 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 03:08 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 03:08 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 03:08 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 03:08 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 03:08 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 03:08 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 03:08 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 03:08 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 03:08 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 03:08 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 03:08 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 03:08 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 03:08 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 03:08 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 03:08 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 03:08 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 03:08 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 03:08 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 03:08 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 03:08 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 03:08 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 03:08 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 03:08 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 03:08 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 03:08 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 03:08 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 03:08 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 03:08 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 03:08 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 03:08 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 03:08 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 03:08 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 03:08 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 03:08 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 03:08 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 03:08 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 03:08 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 03:08 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 03:08 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 03:08 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 03:08 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 03:08 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 03:08 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 03:08 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 03:08 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 03:08 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 03:08 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 03:08 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 03:08 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 03:08 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 03:08 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 03:08 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 03:08 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 03:08 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 03:07 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 03:07 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 03:07 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 03:07 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 03:07 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 03:07 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 03:07 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 03:07 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-08 21:35 - 2015-06-08 21:35 - 00000000 ____D D:\Users\Julia\AppData\Local\FreeOCR
2015-06-07 10:46 - 2015-06-07 10:46 - 00001147 _____ D:\Users\Klara\Desktop\Hörbücher.lnk
2015-06-07 10:45 - 2015-06-16 02:26 - 00000000 ____D D:\Users\Public\Hörbücher
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-06 23:08 - 2011-04-12 09:43 - 00702198 _____ C:\Windows\system32\perfh007.dat
2015-07-06 23:08 - 2011-04-12 09:43 - 00149838 _____ C:\Windows\system32\perfc007.dat
2015-07-06 23:08 - 2009-07-14 07:13 - 01626984 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-06 23:05 - 2015-05-13 20:33 - 01183837 _____ C:\Windows\WindowsUpdate.log
2015-07-06 23:05 - 2009-07-14 06:45 - 00020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-06 23:05 - 2009-07-14 06:45 - 00020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-06 23:03 - 2015-05-21 00:03 - 00000000 ____D D:\Users\Ingo\AppData\Roaming\Spamihilator
2015-07-06 23:01 - 2015-05-26 08:29 - 00038780 _____ C:\Windows\PFRO.log
2015-07-06 23:01 - 2015-05-24 14:23 - 00033976 _____ C:\Windows\errord.log
2015-07-06 23:01 - 2015-05-24 14:23 - 00018228 _____ C:\Windows\error.log
2015-07-06 23:01 - 2015-05-21 00:48 - 00016639 _____ C:\Windows\setupact.log
2015-07-06 23:01 - 2015-05-13 21:39 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-07-06 23:01 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-06 21:14 - 2015-05-15 00:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-05 23:10 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-07-04 13:39 - 2015-05-23 00:28 - 00084984 _____ D:\Users\Julia\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-04 11:59 - 2015-05-23 00:45 - 00001087 _____ D:\Users\Klara\Desktop\Caillou - Skivergnügen und mehr.lnk
2015-07-03 00:28 - 2015-05-21 00:01 - 00000000 ____D D:\Users\Ingo\AppData\Roaming\Notepad++
2015-07-02 21:55 - 2015-05-15 00:00 - 00084984 _____ D:\Users\Ingo\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-02 21:36 - 2015-05-14 23:16 - 00000000 ____D D:\Users\Ingo
2015-07-02 21:32 - 2009-07-14 06:45 - 04900304 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-02 21:26 - 2015-05-21 00:02 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2015-07-01 00:02 - 2015-05-29 03:58 - 00000000 ____D D:\Users\Ingo\AppData\Local\CrashDumps
2015-06-28 18:22 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-28 17:41 - 2015-05-23 00:35 - 00000000 ____D D:\Users\Julia\AppData\Roaming\Skype
2015-06-28 12:40 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-27 20:22 - 2015-05-13 21:39 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
2015-06-18 22:51 - 2015-05-21 21:26 - 00000000 ____D D:\Users\Ingo\.VirtualBox
2015-06-18 00:33 - 2015-05-23 23:05 - 00000000 ____D D:\Users\Ingo\Documents\decrypted ebooks
2015-06-15 22:24 - 2015-05-22 23:19 - 00000000 ____D D:\Users\Julia\AppData\Roaming\.purple
2015-06-15 02:58 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-14 16:13 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-13 13:13 - 2015-06-03 21:14 - 00000000 ____D D:\Users\Ingo\AppData\Local\Audible
2015-06-12 21:50 - 2015-05-21 20:44 - 00000000 ____D D:\Users\Ingo\AppData\Roaming\KeePass
2015-06-12 20:56 - 2015-05-21 21:10 - 00000000 ____D D:\Users\Ingo\Documents\My Digital Editions
2015-06-12 14:11 - 2015-05-25 20:58 - 00000000 ____D C:\Windows\system32\appmgmt
2015-06-10 23:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-10 22:15 - 2015-05-14 01:03 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 22:15 - 2015-05-13 21:00 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-10 22:11 - 2015-05-14 01:03 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-08 23:49 - 2015-05-25 22:36 - 00015779 _____ D:\Users\Julia\Desktop\Wohnungsfinanzierung_1411.xlsx
2015-06-08 21:35 - 2015-05-15 00:00 - 00000000 ____D C:\Program Files (x86)\FreeOCR
2015-06-08 20:03 - 2015-05-24 14:09 - 00000000 ____D D:\Users\Julia\AppData\Roaming\KeePass
2015-06-08 20:02 - 2015-05-13 21:10 - 00000000 ____D C:\ProgramData\Skype
==================== Files in the root of some directories =======
2015-05-25 23:24 - 2015-05-25 23:28 - 0000026 _____ () D:\Users\Ingo\AppData\Local\isoworkshop.ini
2015-06-02 08:25 - 2015-06-02 08:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-06 21:55
==================== End of log ============================
Viele Grüße Ingo |
|
07.07.2015, 06:29
| #14 |
| /// the machine /// TB-Ausbilder | Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal"ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.07.2015, 21:45
| #15 |
| | Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal" Hallo, hier jetzt die Ergebnisse meiner heutigen Prüfungen. Im Übrigen ist die Fehlermeldung seitdem nicht mehr aufgetaucht... ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=06858316fedb39429593d5a75da8976c
# end=init
# utc_time=2015-07-08 06:01:40
# local_time=2015-07-08 08:01:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24704
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=06858316fedb39429593d5a75da8976c
# end=updated
# utc_time=2015-07-08 06:40:12
# local_time=2015-07-08 08:40:12 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=06858316fedb39429593d5a75da8976c
# engine=24704
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-07-08 07:17:14
# local_time=2015-07-08 09:17:14 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 84 872317 4837754 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 96256 188012884 0 0
# scanned=202964
# found=4
# cleaned=0
# scan_time=2221
sh=DF46C418CC40985B1452145D68EC00EE4FB92CDB ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.AH Trojaner" ac=I fn="D:\Users\Ingo\Documents\LG PC Suite IV\LG-P970\Backup\PhoneData_2012_1024_230902\Photo\E\download\assets\gingerbreak.png"
sh=F1BA86B62E8C56C59C3A850C016E9F3AB15FC82D ft=1 fh=77b67014c21a5d01 vn="Variante von Win32/DownloadSponsor.B evtl. unerwünschte Anwendung" ac=I fn="D:\Users\Julia\Downloads\FileNameChange.exe"
sh=0E45B93734E8125DF09E9A3D0FCB5DCE93441534 ft=1 fh=f92dbd4c744344fd vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="D:\Users\Julia\Downloads\Image Resizer - CHIP-Installer.exe"
sh=E2BADB0A8A4BF524E47B066CD9A143FC0274337F ft=1 fh=8c5ee5e5f03b383b vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="D:\Users\Julia\Downloads\PicGrab - CHIP-Installer.exe"
Code:
ATTFilter Results of screen317's Security Check version 1.004
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
TuneUp Utilities 2011
TuneUp Utilities Language Pack (de-DE)
Java 8 Update 45
Java SE Development Kit 8 Update 45
Mozilla Firefox (39.0)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast ng vbox\AvastVBoxSVC.exe
AVAST Software Avast ng ngservice.exe
AVAST Software Avast avastui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by Ingo (administrator) on HOME-PC on 08-07-2015 21:35:06
Running from D:\Users\Ingo\Desktop
Loaded Profiles: Ingo (Available Profiles: Ingo & Julia & Klara)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Enter Srl) C:\Program Files (x86)\Iperius Backup\IperiusService.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Dell Inc.) C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
(Enter Srl) C:\Program Files (x86)\Iperius Backup\Iperius.exe
(Michel Krämer) C:\Program Files\Spamihilator\spamihilator.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-13] (Avast Software s.r.o.)
HKU\S-1-5-21-2484450973-2070416738-4278609927-1005\...\Run: [Iperius Backup] => C:\Program Files (x86)\Iperius Backup\Iperius.exe [23611280 2015-05-08] (Enter Srl)
HKU\S-1-5-21-2484450973-2070416738-4278609927-1005\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2484450973-2070416738-4278609927-1005\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2484450973-2070416738-4278609927-1005\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
Startup: D:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk [2015-05-28]
ShortcutTarget: Spamihilator.lnk -> C:\Program Files\Spamihilator\spamihilator.exe (Michel Krämer)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-13] (Avast Software s.r.o.)
GroupPolicyUsers\S-1-5-21-2484450973-2070416738-4278609927-1007\User: Group Policy Restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2484450973-2070416738-4278609927-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2484450973-2070416738-4278609927-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2484450973-2070416738-4278609927-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2484450973-2070416738-4278609927-1005 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = https://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-13] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-13] (Avast Software s.r.o.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-13] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-13] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-13] (Avast Software s.r.o.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-13] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.177.1
Tcpip\..\Interfaces\{1FB36190-A6F5-4787-A58D-E71835657744}: [DhcpNameServer] 192.168.177.1
FireFox:
========
FF ProfilePath: D:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n89clb7s.default
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-13] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-13] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Extension: MinimizeToTray revived (MinTrayR) - D:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n89clb7s.default\Extensions\mintrayr@tn123.ath.cx [2015-05-29]
FF Extension: IE Tab - D:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n89clb7s.default\Extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2015-05-29]
FF Extension: Save Text To File - D:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n89clb7s.default\Extensions\HighlightedTextToFile@bobbyrne01.org.xpi [2015-05-22]
FF Extension: Adblock Plus - D:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n89clb7s.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-22]
FF Extension: DownThemAll! - D:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n89clb7s.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-05-22]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-13]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-13]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-13]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-13] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-05-13] (Avast Software)
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed]
R2 IperiusSvc; C:\Program Files (x86)\Iperius Backup\IperiusService.exe [4364192 2015-05-08] (Enter Srl)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)
R2 SONICWALL_NetExtender; C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe [614416 2014-10-21] (Dell Inc.)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2028864 2011-12-13] (TuneUp Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 ASPI32; No ImagePath
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-13] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-13] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-13] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-13] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-27] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-13] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-13] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
R3 NxDrv; C:\Windows\System32\DRIVERS\NxDrv.sys [25536 2014-10-21] (SonicWALL Inc.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2015-05-21] (Duplex Secure Ltd.)
R1 StarPortLite; C:\Windows\System32\DRIVERS\StarPortLite.sys [120704 2013-02-04] (StarWind Software)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [11856 2011-07-07] (TuneUp Software)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-05-13] (Avast Software)
S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2013-01-25] (Wondershare)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-08 21:35 - 2015-07-08 21:35 - 00012891 _____ D:\Users\Ingo\Desktop\FRST.txt
2015-07-08 21:03 - 2015-07-02 21:15 - 02112512 _____ (Farbar) D:\Users\Ingo\Desktop\FRST64.exe
2015-07-08 20:01 - 2015-07-08 20:01 - 00000000 ____D C:\Program Files (x86)\ESET
2015-07-07 22:11 - 2015-07-07 22:14 - 00004894 _____ C:\Windows\SM_25_W300.id1
2015-07-07 22:11 - 2015-07-07 22:14 - 00004894 _____ C:\Windows\SM_25_D300.id1
2015-07-07 22:10 - 2015-07-07 22:10 - 00003822 _____ C:\Windows\SM_25_W75.id14
2015-07-07 22:10 - 2015-07-07 22:10 - 00003822 _____ C:\Windows\SM_25_D75.id14
2015-07-07 22:10 - 2015-07-07 22:10 - 00000035 _____ C:\Windows\Ulead32.INI
2015-07-06 23:51 - 2015-07-07 18:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-06 23:43 - 2015-07-06 23:43 - 00000000 ____D D:\Users\Ingo\AppData\Roaming\TuneUp Software
2015-07-06 23:25 - 2015-07-07 21:20 - 00000000 ____D C:\ProgramData\TuneUp Software
2015-07-06 23:04 - 2015-07-06 23:04 - 00000207 _____ C:\Windows\tweaking.com-regbackup-HOME-PC-Windows-7-Professional-(64-bit).dat
2015-07-06 23:04 - 2015-07-06 23:04 - 00000000 ____D C:\RegBackup
2015-07-06 22:45 - 2015-07-08 21:33 - 00000000 ____D D:\Users\Ingo\Downloads\Trojaner Board Stuff
2015-07-06 22:39 - 2015-07-06 22:47 - 00000000 ____D D:\Users\Ingo\AppData\Roaming\Adobe
2015-07-06 22:38 - 2015-07-07 18:25 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-06 22:37 - 2015-07-06 22:40 - 00000000 ____D C:\ProgramData\Adobe
2015-07-06 22:37 - 2015-07-06 22:37 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-07-06 22:37 - 2015-07-06 22:37 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-06 22:35 - 2015-07-06 22:40 - 00000000 ____D D:\Users\Ingo\AppData\Local\Adobe
2015-07-06 22:28 - 2015-07-06 22:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-07-06 22:28 - 2015-07-06 22:30 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-07-06 22:28 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-06 22:28 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-05 23:04 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-05 23:04 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-05 23:04 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-05 23:04 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-05 23:04 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-05 23:04 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-05 23:04 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-05 23:04 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-05 23:02 - 2015-07-05 23:12 - 00000000 ____D C:\Qoobox
2015-07-05 23:02 - 2015-07-05 23:11 - 00000000 ____D C:\Windows\erdnt
2015-07-04 13:59 - 2015-07-04 13:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PicGrab
2015-07-04 13:59 - 2015-07-04 13:59 - 00000000 ____D C:\Program Files (x86)\PicGrab
2015-07-04 13:59 - 2003-07-12 01:07 - 00438272 _____ () C:\Windows\SysWOW64\PaintX.dll
2015-07-04 13:58 - 2015-07-04 13:58 - 01198368 _____ D:\Users\Julia\Downloads\PicGrab - CHIP-Installer.exe
2015-07-03 20:55 - 2015-07-06 22:41 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-03 20:55 - 2015-07-06 22:28 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-03 20:55 - 2015-07-03 21:06 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-07-03 20:54 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-02 21:39 - 2015-07-08 21:35 - 00000000 ____D C:\FRST
2015-07-02 21:36 - 2015-07-02 21:36 - 00000020 _____ D:\Users\Ingo\defogger_reenable
2015-06-30 21:11 - 2015-06-30 21:12 - 44135827 _____ D:\Users\Julia\Downloads\downloads(1).zip
2015-06-30 21:03 - 2015-06-30 21:05 - 74260937 _____ D:\Users\Julia\Downloads\downloads.zip
2015-06-27 21:43 - 2015-06-27 21:57 - 00003584 _____ D:\Users\Julia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-18 23:06 - 2015-06-18 23:06 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-06-18 19:47 - 2015-06-18 19:47 - 00000000 ____D D:\Users\Ingo\VirtualBox VMs
2015-06-16 01:07 - 2015-06-16 01:07 - 00000000 ____D D:\Users\Ingo\AppData\Local\calibre-cache
2015-06-16 01:06 - 2015-06-18 00:35 - 00000000 ____D D:\Users\Ingo\Documents\Calibre-Bibliothek
2015-06-16 01:06 - 2015-06-16 01:09 - 00000000 ____D D:\Users\Ingo\AppData\Roaming\calibre
2015-06-12 14:12 - 2015-06-12 14:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell SonicWALL NetExtender
2015-06-12 13:59 - 2015-06-12 13:59 - 01536632 _____ D:\Users\Julia\Downloads\NXSetupU.exe
2015-06-10 03:08 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 03:08 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 03:08 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 03:08 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 03:08 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 03:08 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 03:08 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 03:08 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 03:08 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 03:08 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 03:08 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 03:08 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 03:08 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 03:08 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 03:08 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 03:08 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 03:08 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 03:08 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 03:08 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 03:08 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 03:08 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 03:08 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 03:08 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 03:08 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 03:08 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 03:08 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 03:08 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 03:08 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 03:08 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 03:08 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 03:08 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 03:08 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 03:08 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 03:08 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 03:08 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 03:08 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 03:08 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 03:08 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 03:08 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 03:08 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 03:08 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 03:08 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 03:08 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 03:08 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 03:08 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 03:08 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 03:08 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 03:08 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 03:08 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 03:08 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 03:08 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 03:08 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 03:08 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 03:08 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 03:08 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 03:08 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 03:08 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 03:08 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 03:08 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 03:08 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 03:08 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 03:08 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 03:08 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 03:08 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 03:08 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 03:07 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 03:07 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 03:07 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 03:07 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 03:07 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 03:07 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 03:07 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 03:07 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-08 21:35 - 2015-06-08 21:35 - 00000000 ____D D:\Users\Julia\AppData\Local\FreeOCR
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-08 20:04 - 2009-07-14 06:45 - 00020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-08 20:04 - 2009-07-14 06:45 - 00020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-08 20:03 - 2015-05-21 00:03 - 00000000 ____D D:\Users\Ingo\AppData\Roaming\Spamihilator
2015-07-08 20:01 - 2011-04-12 09:43 - 00702198 _____ C:\Windows\system32\perfh007.dat
2015-07-08 20:01 - 2011-04-12 09:43 - 00149838 _____ C:\Windows\system32\perfc007.dat
2015-07-08 20:01 - 2009-07-14 07:13 - 01626984 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-08 19:59 - 2015-05-13 20:33 - 01260507 _____ C:\Windows\WindowsUpdate.log
2015-07-08 19:56 - 2015-05-24 14:23 - 00034200 _____ C:\Windows\errord.log
2015-07-08 19:56 - 2015-05-24 14:23 - 00019220 _____ C:\Windows\error.log
2015-07-08 19:56 - 2015-05-21 00:48 - 00017087 _____ C:\Windows\setupact.log
2015-07-08 19:56 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-08 19:47 - 2015-05-22 23:19 - 00000000 ____D D:\Users\Julia\AppData\Roaming\.purple
2015-07-08 02:58 - 2015-05-26 08:29 - 00039144 _____ C:\Windows\PFRO.log
2015-07-08 02:58 - 2015-05-13 21:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-08 02:06 - 2015-05-23 23:16 - 00000000 ____D D:\Users\Ingo\Documents\WHG NeueAnlageStr
2015-07-07 22:37 - 2015-05-23 00:35 - 00000000 ____D D:\Users\Julia\AppData\Roaming\Skype
2015-07-07 22:12 - 2015-05-24 12:39 - 00000000 ____D D:\Users\Julia\AppData\Local\Adobe
2015-07-07 22:12 - 2015-05-22 23:05 - 00000000 ____D D:\Users\Julia\AppData\Roaming\Adobe
2015-07-07 22:10 - 2009-07-14 04:34 - 00000581 _____ C:\Windows\win.ini
2015-07-06 23:01 - 2015-05-13 21:39 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-07-05 23:10 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-07-04 13:39 - 2015-05-23 00:28 - 00084984 _____ D:\Users\Julia\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-04 11:59 - 2015-05-23 00:45 - 00001087 _____ D:\Users\Klara\Desktop\Caillou - Skivergnügen und mehr.lnk
2015-07-03 00:28 - 2015-05-21 00:01 - 00000000 ____D D:\Users\Ingo\AppData\Roaming\Notepad++
2015-07-02 21:55 - 2015-05-15 00:00 - 00084984 _____ D:\Users\Ingo\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-02 21:36 - 2015-05-14 23:16 - 00000000 ____D D:\Users\Ingo
2015-07-02 21:32 - 2009-07-14 06:45 - 04900304 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-02 21:26 - 2015-05-21 00:02 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2015-07-01 00:02 - 2015-05-29 03:58 - 00000000 ____D D:\Users\Ingo\AppData\Local\CrashDumps
2015-06-28 18:22 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-28 12:40 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-27 20:22 - 2015-05-13 21:39 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
2015-06-23 13:30 - 2010-11-21 05:27 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-06-18 22:51 - 2015-05-21 21:26 - 00000000 ____D D:\Users\Ingo\.VirtualBox
2015-06-18 00:33 - 2015-05-23 23:05 - 00000000 ____D D:\Users\Ingo\Documents\decrypted ebooks
2015-06-16 02:26 - 2015-06-07 10:45 - 00000000 ____D D:\Users\Public\Hörbücher
2015-06-15 02:58 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-14 16:13 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-13 13:13 - 2015-06-03 21:14 - 00000000 ____D D:\Users\Ingo\AppData\Local\Audible
2015-06-12 21:50 - 2015-05-21 20:44 - 00000000 ____D D:\Users\Ingo\AppData\Roaming\KeePass
2015-06-12 20:56 - 2015-05-21 21:10 - 00000000 ____D D:\Users\Ingo\Documents\My Digital Editions
2015-06-12 14:11 - 2015-05-25 20:58 - 00000000 ____D C:\Windows\system32\appmgmt
2015-06-10 23:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-10 22:15 - 2015-05-14 01:03 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 22:15 - 2015-05-13 21:00 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-10 22:11 - 2015-05-14 01:03 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-08 23:49 - 2015-05-25 22:36 - 00015779 _____ D:\Users\Julia\Desktop\Wohnungsfinanzierung_1411.xlsx
2015-06-08 21:35 - 2015-05-15 00:00 - 00000000 ____D C:\Program Files (x86)\FreeOCR
2015-06-08 20:03 - 2015-05-24 14:09 - 00000000 ____D D:\Users\Julia\AppData\Roaming\KeePass
2015-06-08 20:02 - 2015-05-13 21:10 - 00000000 ____D C:\ProgramData\Skype
==================== Files in the root of some directories =======
2015-05-25 23:24 - 2015-05-25 23:28 - 0000026 _____ () D:\Users\Ingo\AppData\Local\isoworkshop.ini
2015-06-02 08:25 - 2015-06-02 08:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-06 21:55
==================== End of log ============================
Viele Grüße Ingo |
|
| Themen zu Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal" |
| .dll, .exe, avast, blockiert, c:\windows, firefox, infektionen, infiziert, informationen, melde, meldet, meldung, prozess, rechner, sauber, scan, scanner, start, svchost.exe, system, system32, virenscan, virenscanner, windows, woche |
WARNUNG an die MITLESER: 
Linear-Darstellung
