| |
| |||||||
Log-Analyse und Auswertung: Internet Explorer öffnet Pup ups von "lpcloudbox" nach Installation von FreeYoutubeDownloader "update"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
01.05.2014, 02:44
| #1 |
| |  Internet Explorer öffnet Pup ups von "lpcloudbox" nach Installation von FreeYoutubeDownloader "update" Grüße, ich bin ein Idiot  Folgendes ist also passiert: - FreeYoutubeToMp3Converter hatte eine neue Version die installiert wurde. - Anscheinend habe ich mir wohl beim Update was eingefangen ( evtl. einen falschen Hacken gesetzt ) verdammt peinlich. - Internet Explorer öffnet sich und erzählt " der Downloadmanager ist veraltet. Update!" -Pop up bezüglich lpcloudbox -Hab den Guide auf dieser Seite soweit verfolgt. Ist mir nicht gelungen es selbst zu beheben In chronologischer Reihenfolge habe ich also folgendes getan: -MBAM scan (mit Quarantäne oder Löschen, erinnere mich grade nicht genau) -adwcleaner scan (mit Quarantäne oder Löschen, erinnere mich grade nicht genau) -JRT scan (mit Quarantäne oder Löschen, erinnere mich grade nicht genau) -esetsmart ausgeführt -Defogger ausgeführt -FRST ausgeführt -Gmer ausgeführt Das Problem blieb nach dem entfernen der schädlichen Dateien durch MBAM, adw und JRT bestehen. Daraufhin habe ich also die drei Anderen Programme ausgeführt um für diesen Beitrag Informationen zu sammeln MBAM Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 01.05.2014 Scan Time: 01:26:36 Logfile: MBAM.txt Administrator: Yes Version: 2.00.1.1004 Malware Database: v2014.04.30.12 Rootkit Database: v2014.03.27.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Chameleon: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: NightCompany Scan Type: Threat Scan Result: Completed Objects Scanned: 300179 Time Elapsed: 20 min, 46 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Shuriken: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 2 PUP.Optional.InstallCore.A, HKU\S-1-5-21-999071866-3409995119-814088864-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [3351fe32a5d6bd790b01d2b80200ea16], PUP.Optional.InstallCore.A, HKU\S-1-5-21-999071866-3409995119-814088864-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [ea9a0f2104774ee81223455bb84b17e9], Registry Values: 1 PUP.Optional.InstallCore.A, HKU\S-1-5-21-999071866-3409995119-814088864-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0A2O1C1R1H2Z1S1G1M1F, Quarantined, [ea9a0f2104774ee81223455bb84b17e9] Registry Data: 3 PUP.Optional.SnapDo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=7feb6024-957c-c57b-803a-aaca12e492e4&searchtype=ds&q={searchTerms}&installDate=28/12/2013, Good: (www.google.com), Bad: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=7feb6024-957c-c57b-803a-aaca12e492e4&searchtype=ds&q={searchTerms}&installDate=28/12/2013),Replaced,[750f4ce413683ef8091779b3ad574cb4] PUP.Optional.Snapdo, HKU\S-1-5-21-999071866-3409995119-814088864-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=7feb6024-957c-c57b-803a-aaca12e492e4&searchtype=ds&q={searchTerms}&installDate=28/12/2013, Good: (hxxp://www.google.com), Bad: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=7feb6024-957c-c57b-803a-aaca12e492e4&searchtype=ds&q={searchTerms}&installDate=28/12/2013),Replaced,[8cf8c967582348ee1971b97ccc3825db] PUP.Optional.Snapdo, HKU\S-1-5-21-999071866-3409995119-814088864-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=7feb6024-957c-c57b-803a-aaca12e492e4&searchtype=ds&q={searchTerms}&installDate=28/12/2013, Good: (hxxp://www.google.com), Bad: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=7feb6024-957c-c57b-803a-aaca12e492e4&searchtype=ds&q={searchTerms}&installDate=28/12/2013),Replaced,[b7cdf7390a7153e31e6d340134d030d0] Folders: 0 (No malicious items detected) Files: 1 PUP.Optional.WebSearch.A, C:\Users\NightCompany\AppData\Roaming\Mozilla\Firefox\Profiles\bczuf39q.default\searchplugins\Web Search.xml, Quarantined, [f98b062a3348cb6bab2448376e94817f], Physical Sectors: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.205 - Bericht erstellt am 01/05/2014 um 01:29:54
# Aktualisiert 28/04/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : NightCompany - NIGHTCOMPANY-PC
# Gestartet von : C:\Users\NightCompany\Desktop\adwcleaner-3.205.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Windows\SysWOW64\AI_RecycleBin
Ordner Gelöscht : C:\Users\NightCompany\AppData\Roaming\dvdvideosoftiehelpers
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}]
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\SmartBar
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16866
-\\ Mozilla Firefox v29.0 (de)
[ Datei : C:\Users\NightCompany\AppData\Roaming\Mozilla\Firefox\Profiles\bczuf39q.default\prefs.js ]
Zeile gelöscht : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]
Zeile gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Zeile gelöscht : user_pref("extensions.helperbar.Visibility", true);
Zeile gelöscht : user_pref("extensions.helperbar.countryiso", "de");
Zeile gelöscht : user_pref("extensions.helperbar.downloadprovider", "somoto");
Zeile gelöscht : user_pref("extensions.helperbar.externalJsFiles", "{\"d\":\"[]\"}");
Zeile gelöscht : user_pref("extensions.helperbar.installationid", "7feb6024-957c-c57b-803a-aaca12e492e4");
Zeile gelöscht : user_pref("extensions.helperbar.installdate", "28/12/2013");
Zeile gelöscht : user_pref("extensions.helperbar.lastExternalJsUpdate", "1388267018902");
Zeile gelöscht : user_pref("extensions.helperbar.publisher", "somoto");
*************************
AdwCleaner[R0].txt - [3996 octets] - [01/05/2014 01:27:05]
AdwCleaner[S0].txt - [3800 octets] - [01/05/2014 01:29:54]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3860 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Professional x64
Ran by NightCompany on 01.05.2014 at 1:40:52,64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\NightCompany\AppData\Roaming\mozilla\firefox\profiles\bczuf39q.default\prefs.js
user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-
Emptied folder: C:\Users\NightCompany\AppData\Roaming\mozilla\firefox\profiles\bczuf39q.default\minidumps [94 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.05.2014 at 1:43:22,61
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 02:32 on 01/05/2014 (NightCompany)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-04-2014 03
Ran by NightCompany at 2014-05-01 02:33:50
Running from C:\Users\NightCompany\Desktop\Maleware Removal
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30260 - BitTorrent Inc.)
Absolute Uninstaller 2.9.0.722 (HKLM-x32\...\Absolute Uninstaller_is1) (Version: - Glarysoft.com)
Ace of Spades (HKLM-x32\...\Steam App 224540) (Version: - Jagex Limited)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.20.100.31029 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.938.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1029.1737.29798 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{42619B1A-70F9-8FED-565D-04128D2EA601}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81029.1757 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
Anna - Extended Edition (HKLM-x32\...\Steam App 217690) (Version: - Dreampainters)
ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Arma 2 (HKLM-x32\...\Steam App 33910) (Version: - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive)
Arx Fatalis (HKLM-x32\...\Steam App 1700) (Version: - Arkane Studios)
Astah Community 6.7 (HKLM\...\astah* community_is1) (Version: - Change Vision, Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2016 - Avast Software)
Awesomenauts (HKLM-x32\...\Steam App 204300) (Version: - Ronimo Games)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 1942™ (HKLM-x32\...\{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}) (Version: 1.6.20.0 - Electronic Arts)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - )
BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version: - )
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version: - Irrational Games)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
BRINK (HKLM-x32\...\Steam App 22350) (Version: - Splash Damage)
Build Tools - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Buildtools-Sprachressourcen - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Buildtools-Sprachressourcen - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Capsized (HKLM-x32\...\Steam App 95300) (Version: - Alientrap Games Inc)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1029.1737.29798 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1029.1737.29798 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1029.1737.29798 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1029.1736.29798 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1029.1736.29798 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1029.1736.29798 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1029.1736.29798 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1029.1736.29798 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1029.1736.29798 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1029.1736.29798 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1029.1736.29798 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1029.1736.29798 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1029.1736.29798 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1029.1736.29798 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1029.1736.29798 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1029.1736.29798 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1029.1736.29798 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1029.1736.29798 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1029.1736.29798 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1029.1736.29798 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1029.1736.29798 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1029.1736.29798 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1029.1736.29798 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1029.1736.29798 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1029.1736.29798 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1029.1737.29798 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version: - Cheat Engine)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version: - Torn Banner Studios)
Command & Conquer™ 3 Tiberium Wars and Kane's Wrath (HKLM-x32\...\{35A2FE53-CC80-4D17-941F-3A7C82824FC7}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ 4 Tiberian Twilight (HKLM-x32\...\{BA4C8F9F-D81B-4AFE-AE5A-3837830F5B89}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ The Ultimate Collection Additional Content (HKLM-x32\...\{1A882F29-BC18-4AC2-A71E-0FC30FA32568}) (Version: 1.0.0.0 - Electronic Arts)
Command & Conquer™ Tiberian Sun™ and Firestorm™ (HKLM-x32\...\{78F60BDD-1923-4CF7-B6BD-087D06D7B5BB}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™: Generals and Zero Hour (HKLM-x32\...\{8F0F5689-6900-425B-A8C2-0DBD10DAB694}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version: - Relic Entertainment)
Counter Strike Source v1.0.0.34 (HKLM-x32\...\{91CD08AA-5402-4C64-A9CA-C7B4A479C003}_is1) (Version: - )
Crysis 2 Maximum Edition (HKLM-x32\...\Steam App 108800) (Version: - Crytek Studios)
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.0.0.0 - Electronic Arts)
Dark Messiah of Might & Magic Multi-Player (HKLM-x32\...\Steam App 2130) (Version: - Arkane Studios)
Dawngate (HKLM-x32\...\{25FAB7E0-526C-437F-8D55-7F00436B873D}) (Version: 180.16.77.0 - Electronic Arts, Inc.)
DayZ Commander (HKLM-x32\...\{B3653588-3AC0-4A1D-950F-D96531E84374}) (Version: 0.92.91 - Dotjosh Studios)
Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
Dead Space™ 3 (HKLM-x32\...\{D4329609-4102-4F8C-B83F-7FE024EEA314}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Defiance (HKLM-x32\...\Steam App 224600) (Version: - Trion Worlds)
DefianceRuntimes (HKLM-x32\...\{79B1FF35-9EA8-48ED-98D6-19ABE004BE89}) (Version: 1.0.2 - Trion Worlds, Inc.)
Desura (HKLM-x32\...\Desura) (Version: 100.53 - Desura)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Diablo III Beta (HKLM-x32\...\Diablo III Beta) (Version: - Blizzard Entertainment)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version: - Klei Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Dragon Nest Europe (HKLM-x32\...\Steam App 258700) (Version: - Eyedentity Games)
Duke Nukem 3D: Megaton Edition (HKLM-x32\...\Steam App 225140) (Version: - 3D Realms)
Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version: - Trendy Entertainment)
Dungeon Party (HKLM-x32\...\Steam App 215870) (Version: - Cyanide Studio)
Dungeonland (HKLM-x32\...\Steam App 218130) (Version: - Critical Studio)
Dwarfs!? (HKLM-x32\...\Steam App 35480) (Version: - Power of 2)
E.Y.E: Divine Cybermancy (HKLM-x32\...\Steam App 91700) (Version: - Streum On Studio)
Entity Framework Tools for Visual Studio 2013 (HKLM-x32\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation)
Erforderliche Komponenten für SSDT (HKLM-x32\...\{3FF082A7-A5DE-4BDA-B56A-1D2BEFD617A3}) (Version: 11.1.3000.0 - Microsoft Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Façade (HKLM-x32\...\{24E34264-D483-477C-A9A0-4E53F69834CF}) (Version: 1.1.2 - Procedural Arts)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)
Flash Decompiler Trillix (HKLM-x32\...\Flash Decompiler Trillix_is1) (Version: 5.3 - Eltima Software)
FlatOut (HKLM-x32\...\Steam App 6220) (Version: - Bugbear Entertainment)
FORCED (HKLM-x32\...\Steam App 249990) (Version: - BetaDwarf)
Forge (HKLM-x32\...\Steam App 223390) (Version: - Dark Vale Games)
Free to Play (HKLM-x32\...\Steam App 245550) (Version: - Valve)
Free YouTube Download version 3.2.33.424 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.33.424 - DVDVideoSoft Ltd.)
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version: - Subset Games)
Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version: - Greenheart Games)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Garry)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Gish (HKLM-x32\...\Steam App 9500) (Version: - Cryptic Sea)
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version: - Rockstar North)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Guns of Icarus Online (HKLM-x32\...\Steam App 209080) (Version: - Muse Games)
HAWKEN (HKLM-x32\...\Steam App 271290) (Version: - Adhesive Games)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Hellgate (HKLM-x32\...\{65DF3688-6EF3-4C86-83DE-54AB46029F07}) (Version: 2.0.0.3 - Hanbit Soft)
Heroes of Might & Magic V (HKLM-x32\...\Steam App 15170) (Version: - Nival)
Heroes of Newerth (HKLM-x32\...\hon) (Version: 2.3.0 - S2 Games)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Hospital Tycoon (HKLM-x32\...\Steam App 11590) (Version: - Deep Red Limited)
Impire (HKLM-x32\...\Steam App 202130) (Version: - Cyanide Montreal)
Infestation Survivor Stories version 1.0 (HKLM-x32\...\{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1) (Version: 1.0 - OP Productions LLC)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version: - Avalanche)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version: - JC2-MP Team)
K-Lite Codec Pack 10.1.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.1.0 - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.50 (HKLM\...\Logitech Gaming Software) (Version: 8.50.281 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.188 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.188 - LogMeIn, Inc.) Hidden
MacroX 3.1 (HKLM-x32\...\MacroX) (Version: 3.1 - Uhrzeit.org)
Magicka (HKLM-x32\...\Steam App 42910) (Version: - Arrowhead Game Studios)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
MDK (HKLM-x32\...\Steam App 38450) (Version: - Shiny Entertainment)
MDK 2 (HKLM-x32\...\Steam App 38460) (Version: - BioWare Corporation)
Medal of Honor (TM) (HKLM-x32\...\{415030B8-3E8B-462A-8C03-41D95AA3AB3B}) (Version: 1.0.0.0 - Electronic Arts)
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version: - 4A Games)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{21B0F482-5EF9-45DA-8840-340AFE705A6C}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft C++ REST SDK for Visual Studio 2013 (x32 Version: 1.0 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (x32 Version: 2.1.21005 - Microsoft Corporation) Hidden
Microsoft Help Viewer 2.1 Sprachpaket - DEU (HKLM-x32\...\Microsoft Help Viewer 2.1 Sprachpaket - DEU) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.1 Sprachpaket - DEU (x32 Version: 2.1.21005 - Microsoft Corporation) Hidden
Microsoft IntelliType Pro 8.0 (HKLM\...\{98C8DF59-BE5F-4EC2-9B12-FD2A54928EDB}) (Version: 8.0.225.0 - Microsoft)
Microsoft NuGet - Visual Studio Express 2013 for Windows Desktop (x32 Version: 2.7.40911.287 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (Version: - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Native Client (HKLM\...\{8325FD0C-2FDB-46C3-921A-3A78385EA972}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{F09DEB00-9F41-4BC9-BA81-9F131B12B3D5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{D4E30517-FE6F-491E-942F-AE10E1B18F38}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{B4EDAE03-DB34-4DD0-BA7E-2ED80DEA50B1}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{269A8DF6-BBDA-441F-932B-233F9B746D72}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{EC75BD20-F9CA-4E77-825F-ABD77E95BE91}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{0BF65908-D137-4A9E-B7C9-78F32F74F6FD}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{93945D16-4C3D-433E-B7E4-3D0D86B284C8}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{6F173435-3F19-4043-BA3D-A46AA8472859}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL-Sprachdienst (HKLM-x32\...\{1D812D86-D8EF-41AC-A518-BA12E1913747}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - DEU (12.0.30919.1) (HKLM-x32\...\{7CC03C58-3471-43D2-A251-EC9AE225E772}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - DEU (12.0.30919.1) (HKLM-x32\...\{BCB8A870-2B3D-4CC0-87D6-F931E065AC0C}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{28D06854-572C-4A65-83E5-F8CAF26B9FDC}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft Team Foundation Server 2013 Object Model (x64) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Team Foundation Server 2013-Objektmodell Sprachpaket (x64) - DEU (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ x64 Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ x86 Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - DEU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - DEU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - DEU (x32 Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 32bit Compilers - DEU Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Core Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Debug Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Debug Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86-x64 Compilers (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2013 Express Prerequisites x64 - DEU (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Shell (Minimum) (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Shell (Minimum) Interop Assemblies (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Shell-(Mindest)-Ressourcen (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Team Explorer Sprachpaket - DEU (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013-Vorbereitung (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio Express 2013 for Windows Desktop (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio Express 2013 für Windows Desktop - DEU (HKLM-x32\...\{31e4d2a5-b246-4c2d-a7fb-aee157c26b02}) (Version: 12.0.21005.13 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 für Windows Desktop - DEU (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio Ultimate 2013 XAML UI Designer Core (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio Ultimate 2013 XAML UI Designer deu Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (HKLM-x32\...\{43341417-7882-4F34-8390-53DFD00F6C0F}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (HKLM\...\{24440413-490E-41CA-BD33-0B30FD3EBE3A}) (Version: 11.1.3366.16 - Microsoft Corporation)
Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version: - DICE)
Moon Breakers (HKLM-x32\...\Steam App 208030) (Version: - Imba Entertainment)
Mozilla Firefox 29.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0 (x86 de)) (Version: 29.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mumble 1.2.4 (HKLM-x32\...\{AF348C2E-7596-481B-92E0-B211836AB949}) (Version: 1.2.4 - Thorvald Natvig)
Natural Selection 2 (HKLM-x32\...\Steam App 4920) (Version: - Unknown Worlds Entertainment)
Need For Speed™ World (HKLM-x32\...\{3AF1B16A-7DC9-4C80-BAEC-70B088A7C5B8}) (Version: 1.0.0.0 - Electronic Arts)
No More Room in Hell (HKLM-x32\...\Steam App 224260) (Version: - No More Room in Hell Team)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
OpenVPN 2.3.2-I001 (HKLM-x32\...\OpenVPN) (Version: 2.3.2-I001 - )
Oracle VM VirtualBox 4.3.8 (HKLM\...\{5D328A41-BFF8-4B78-B45E-5BEE1D133EF5}) (Version: 4.3.8 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.10.4710 - Electronic Arts, Inc.)
Overgrowth (HKLM-x32\...\Steam App 25000) (Version: - Wolfire)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM-x32\...\{D5409B11-EF28-37A1-AE7A-6051A5BAD923}) (Version: 4.5.50932 - Microsoft Corporation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.0.6.31580 - Grinding Gear Games)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version: - Grinding Gear Games)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
Plague Inc: Evolved (HKLM-x32\...\Steam App 246620) (Version: - Ndemic Creations)
Planet Explorers (HKLM-x32\...\Steam App 237870) (Version: - Pathea Games)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
Project Zomboid (HKLM-x32\...\Steam App 108600) (Version: - Indie Stone Studios)
QIP 2012 4.0.9332 (HKCU\...\QIP 2012) (Version: 4.0.9332 - )
QuickTime (HKLM-x32\...\QuickTime) (Version: - )
Raptr (HKLM-x32\...\Raptr) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6823 - Realtek Semiconductor Corp.)
Renegade X (HKLM-x32\...\UDK-4fc3a6b6-3d0e-4dce-b127-8e60191e2b1e) (Version: Open Beta 1 - Totem Arts)
Reus (HKLM-x32\...\Steam App 222730) (Version: - Abbey Games)
Rust (HKLM-x32\...\Steam App 252490) (Version: - Facepunch Studios)
Sandboxie 3.66 (64-bit) (HKLM\...\Sandboxie) (Version: 3.66 - SANDBOXIE L.T.D)
Sauerbraten (HKLM-x32\...\Sauerbraten) (Version: - )
SEGA Genesis & Mega Drive Classics (HKLM-x32\...\Steam App 34270) (Version: - Sega)
Service Pack 1 für SQL Server 2008 (KB 968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 1.0.0.0 - Electronic Arts)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SleepTimer Ultimate 1.2 (HKLM-x32\...\{0EE56463-49B2-45E1-B74F-3E0139DBC986}_is1) (Version: - Christian Handorf)
Soldat 1.6.6 (HKLM-x32\...\Soldat_is1) (Version: 1.6.6 - Michal Marcinkowski)
SourceTree (HKLM-x32\...\SourceTree 1.5.1) (Version: 1.5.1 - Atlassian)
SourceTree (x32 Version: 1.5.1 - Atlassian) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Starbound (HKLM-x32\...\Steam App 211820) (Version: - )
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
StarForge Alpha (HKLM-x32\...\Steam App 227680) (Version: - CodeHatch)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stronghold Crusader HD (HKLM-x32\...\Steam App 40970) (Version: - FireFly Studios)
Sublime Text Build 3059 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd)
Surgeon Simulator 2013 (HKLM-x32\...\Steam App 233720) (Version: - Bossa Studios)
SWF Opener (HKLM-x32\...\{01386D1F-ADE7-43B4-A4E9-312FC5BC726F}_is1) (Version: 1.3 - UnH Solutions)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27614 - TeamViewer)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Lord of the Rings Online™ (HKLM-x32\...\Steam App 212500) (Version: - Turbine, Inc.)
The Mighty Quest For Epic Loot (HKLM-x32\...\Steam App 239220) (Version: - Ubisoft Montreal)
The Mighty Quest For Epic Loot Version 1.231910 (HKLM-x32\...\The Mighty Quest For Epic Loot_is1) (Version: 1.231910 - )
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version: - )
Tiny and Big - Grandpa's Leftovers (remove only) (HKLM-x32\...\Tiny and Big - Grandpas Leftovers) (Version: - )
Titan Quest (HKLM-x32\...\Steam App 4540) (Version: - Iron Lore Entertainment)
Titan Quest: Immortal Throne (HKLM-x32\...\Steam App 4550) (Version: - Iron Lore Entertainment)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version: - Runic Games)
TQVault 2.11 (HKLM-x32\...\TQVault_is1) (Version: - bman654)
Tribes: Ascend (HKLM-x32\...\Steam App 17080) (Version: - Hi-Rez Studios)
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version: - Tunngle.net GmbH)
Unity (HKLM-x32\...\Unity) (Version: - Unity Technologies ApS)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Universe Sandbox (HKLM-x32\...\Steam App 72200) (Version: - Giant Army)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Unterstützungsdateien für Microsoft SQL Server 2008-Setup (HKLM\...\{6AF73222-EE90-434C-AE7E-B96F70A68D89}) (Version: 10.1.2731.0 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
War Thunder Launcher 1.0.1.278 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - 2013 Gaijin Entertainment Corporation)
Warhammer 40,000 Space Marine (HKLM-x32\...\Steam App 55150) (Version: - Relic)
Warhammer 40,000: Dawn of War - Game of the Year Edition (HKLM-x32\...\Steam App 4570) (Version: - Relic Entertainment)
WAV To MP3 V2 (HKLM-x32\...\WAV To MP3_is1) (Version: - hxxp://www.WAVMP3.net)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
Winamp (HKLM-x32\...\Winamp) (Version: 5.65 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Software Development Kit (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
Windows Software Development Kit DirectX x64 Remote (Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit DirectX x64 Remote (Version: 8.59.29989 - Microsoft Corporation) Hidden
Windows Software Development Kit DirectX x86 Remote (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit DirectX x86 Remote (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote (Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows XP Targeting with C++ (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Wireshark 1.10.3 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.10.3 - The Wireshark developer community, hxxp://www.wireshark.org)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
X3: Albion Prelude (HKLM-x32\...\Steam App 201310) (Version: - Egosoft)
==================== Restore Points =========================
29-04-2014 00:58:48 Geplanter Prüfpunkt
29-04-2014 09:50:07 DirectX wurde installiert
29-04-2014 09:50:29 DirectX wurde installiert
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {03EA09B3-0055-4D88-83C7-F004E0058B12} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2010-07-21] (Microsoft Corporation)
Task: {1192C319-2DAF-42C7-AF60-45B470F5F9DB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {368A6D9E-A309-4F60-B4EE-36AC70E311C6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-01] (AVAST Software)
Task: {51078D0A-28F9-48A0-8ADD-BE5167CF57F4} - System32\Tasks\{882D084A-FD48-4C28-8B60-79B3603F5176} => C:\Users\NightCompany\Downloads\Counter-Strike 1.6 LAN\Counter-Strike 1.6 non Steam\Counter-Strike 1.6 non Steame.EXE
Task: {658D5304-464B-4E45-8342-5120A08BD540} - System32\Tasks\{310428D0-F045-4C49-914C-AD9DF22E5707} => C:\Users\NightCompany\Downloads\Counter-Strike 1.6 LAN\Counter-Strike 1.6 non Steam\Counter-Strike 1.6 non Steame.EXE
==================== Loaded Modules (whitelisted) =============
2014-03-14 16:35 - 2014-03-14 16:35 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2010-07-15 06:44 - 2010-07-15 06:44 - 00020032 _____ () C:\Nuetzliches\Unlocker\UnlockerCOM.dll
2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\Nuetzliches\Notepad++\NppShell_05.dll
2014-03-13 17:30 - 2014-03-13 17:30 - 00173568 _____ () C:\Nuetzliches\TS3\quazip.dll
2014-03-13 17:30 - 2014-03-13 17:30 - 01080832 _____ () C:\Nuetzliches\TS3\platforms\qwindows.dll
2014-03-13 17:30 - 2014-03-13 17:30 - 00833024 _____ () C:\Nuetzliches\TS3\sqldrivers\qsqlite.dll
2013-10-23 14:15 - 2014-03-13 17:30 - 00102344 _____ () C:\Nuetzliches\TS3\soundbackends\directsound_win64.dll
2013-10-23 14:15 - 2014-03-13 17:30 - 00108488 _____ () C:\Nuetzliches\TS3\soundbackends\windowsaudiosession_win64.dll
2014-03-13 17:30 - 2014-03-13 17:30 - 00030208 _____ () C:\Nuetzliches\TS3\imageformats\qgif.dll
2014-03-13 17:30 - 2014-03-13 17:30 - 00233984 _____ () C:\Nuetzliches\TS3\imageformats\qjpeg.dll
2013-10-23 14:15 - 2014-03-13 17:30 - 00563656 _____ () C:\Nuetzliches\TS3\plugins\clientquery_plugin.dll
2014-05-01 00:05 - 2014-05-01 00:05 - 00325120 _____ () C:\Nuetzliches\TS3\plugins\soundboard.dll
2013-10-23 14:15 - 2014-03-13 17:30 - 00577480 _____ () C:\Nuetzliches\TS3\plugins\teamspeak_control_plugin.dll
2014-03-13 17:30 - 2014-03-13 17:30 - 00159232 _____ () C:\Nuetzliches\TS3\accessible\qtaccessiblewidgets.dll
2014-05-01 01:14 - 2014-05-01 01:14 - 02252800 _____ () C:\Program Files\AVAST Software\Avast\defs\14043002\algo.dll
2014-05-01 01:32 - 2014-04-30 02:08 - 01135104 _____ () C:\Program Files (x86)\Steam\libavcodec-55.dll
2014-04-19 22:45 - 2014-04-30 02:08 - 00471552 _____ () C:\Program Files (x86)\Steam\libavutil-53.dll
2014-05-01 01:32 - 2014-04-30 02:08 - 00404992 _____ () C:\Program Files (x86)\Steam\libavformat-55.dll
2014-01-08 04:23 - 2014-04-30 02:08 - 00340992 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2013-08-21 14:18 - 2014-04-29 02:37 - 00754688 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-01 01:32 - 2014-04-29 02:37 - 02198720 _____ () C:\Program Files (x86)\Steam\video.dll
2014-05-01 01:32 - 2014-04-29 02:37 - 00519168 _____ () C:\Program Files (x86)\Steam\libswscale-2.dll
2013-10-08 18:19 - 2014-05-01 01:09 - 01146048 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-09-10 14:20 - 2014-03-03 21:15 - 20626624 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2013-06-14 15:49 - 2013-06-15 01:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2013-06-14 15:49 - 2013-06-15 01:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2013-06-14 15:49 - 2013-06-15 01:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2013-10-08 18:19 - 2014-05-01 01:09 - 00131264 _____ () C:\Program Files (x86)\Steam\bin\audio.dll
2013-06-14 15:49 - 2013-06-15 01:49 - 00071680 _____ () C:\Program Files (x86)\Steam\bin\mssmp3.asi
2013-06-14 15:49 - 2013-06-15 01:49 - 00153088 _____ () C:\Program Files (x86)\Steam\bin\mssvoice.asi
2013-10-24 15:15 - 2013-10-24 15:15 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-04-30 01:45 - 2014-04-30 01:45 - 03845232 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-04-16 11:07 - 2014-04-16 11:07 - 16351920 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll
2013-11-16 16:50 - 2010-01-26 08:38 - 00098304 _____ () C:\Nuetzliches\Audacity\Plug-Ins\hard_limiter_1413.dll
2013-11-16 16:50 - 2010-01-26 08:38 - 00106496 _____ () C:\Nuetzliches\Audacity\Plug-Ins\sc4_1882.dll
2014-05-01 02:07 - 2014-05-01 02:07 - 00010752 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\auth.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00069120 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\burnlib.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00025088 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\dsp_sc.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00013824 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\dsp_sps.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00006656 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\enc_fhgaac.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00004096 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\enc_flac.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00005632 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\enc_lame.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00004096 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\enc_vorbis.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00004096 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\enc_wav.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00006144 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\enc_wma.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00023552 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\gen_classicart.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00007168 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\gen_crasher.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00023040 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\gen_ff.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00012288 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\gen_hotkeys.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00041984 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\gen_jumpex.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00022528 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\gen_ml.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00009728 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\gen_nopro.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00011776 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\gen_skinmanager.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00010240 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\gen_timerestore.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00008192 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\gen_tray.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00010752 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\gen_undo.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00005120 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\in_avi.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00014848 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\in_cdda.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00006656 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\in_dshow.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00005632 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\in_flac.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00003584 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\in_flv.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00003584 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\in_linein.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00020480 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\in_midi.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00004608 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\in_mkv.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00018432 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\in_mod.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00023040 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\in_mp3.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00005120 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\in_mp4.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00011776 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\in_nsv.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00003584 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\in_swf.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00011264 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\in_vorbis.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00006656 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\in_wav.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00005632 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\in_wave.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00015360 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\in_wm.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00004608 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\in_wv.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00003584 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\ml_addons.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00006656 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\ml_autotag.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00005120 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\ml_bookmarks.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00024064 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\ml_cloud.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00008192 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\ml_devices.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00047616 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\ml_disc.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00009728 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\ml_downloads.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00004608 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\ml_enqplay.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00009728 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\ml_history.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00005120 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\ml_impex.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00056320 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\ml_local.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00003584 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\ml_nowplaying.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00014336 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\ml_online.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00017408 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\ml_playlists.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00034816 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\ml_plg.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00055296 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\ml_pmp.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00005120 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\ml_rg.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00008192 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\ml_transcode.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00015360 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\ml_wire.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00036352 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\ombrowser.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00006144 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\out_disk.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00016384 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\out_ds.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00007680 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\out_wave.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00003072 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\playlist.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00004608 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\pmp_activesync.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00019968 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\pmp_android.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00007680 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\pmp_cloud.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00036864 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\pmp_ipod.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00003584 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\pmp_njb.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00004096 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\pmp_p4s.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00011776 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\pmp_usb.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00039936 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\pmp_wifi.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00006144 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\tagz.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00088064 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\vis_avs.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00155648 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\vis_milk2.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00007680 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\vis_nsfs.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00211456 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\winamp.lng
2014-05-01 02:07 - 2014-05-01 02:07 - 00004096 _____ () C:\Users\NightCompany\AppData\Local\Temp\WDEF824.tmp\winampa.lng
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:DED17083
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: Serieller PCI-Anschluss
Description: Serieller PCI-Anschluss
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: TAP-Win32 Adapter V9 (Tunngle)
Description: TAP-Win32 Adapter V9 (Tunngle)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider V9 (Tunngle)
Service: tap0901t
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: PCI-Kommunikationscontroller (einfach)
Description: PCI-Kommunikationscontroller (einfach)
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/01/2014 02:31:24 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (05/01/2014 02:19:27 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (05/01/2014 02:19:26 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (05/01/2014 02:18:50 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (05/01/2014 01:54:02 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FreeYouTubeToMP3Converter.exe, Version: 3.12.17.1125, Zeitstempel: 0x52935518
Name des fehlerhaften Moduls: mscorwks.dll, Version: 2.0.50727.5420, Zeitstempel: 0x4ca2b820
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000626a7
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xFreeYouTubeToMP3Converter.exe0
Pfad der fehlerhaften Anwendung: FreeYouTubeToMP3Converter.exe1
Pfad des fehlerhaften Moduls: FreeYouTubeToMP3Converter.exe2
Berichtskennung: FreeYouTubeToMP3Converter.exe3
Error: (05/01/2014 01:54:02 AM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.5420 - Schwerwiegender Fehler im Ausführungsmodul (5E37E92A) (80131506).
Error: (05/01/2014 01:53:56 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FreeYouTubeToMP3Converter.exe, Version: 3.12.17.1125, Zeitstempel: 0x52935518
Name des fehlerhaften Moduls: mscorwks.dll, Version: 2.0.50727.5420, Zeitstempel: 0x4ca2b820
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000626a7
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xFreeYouTubeToMP3Converter.exe0
Pfad der fehlerhaften Anwendung: FreeYouTubeToMP3Converter.exe1
Pfad des fehlerhaften Moduls: FreeYouTubeToMP3Converter.exe2
Berichtskennung: FreeYouTubeToMP3Converter.exe3
Error: (05/01/2014 01:53:56 AM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.5420 - Schwerwiegender Fehler im Ausführungsmodul (5E37E92A) (80131506).
System errors:
=============
Microsoft Office Sessions:
=========================
Error: (05/01/2014 02:31:24 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\NightCompany\Desktop\Maleware Removal\esetsmartinstaller_enu.exe
Error: (05/01/2014 02:19:27 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\NightCompany\Desktop\esetsmartinstaller_enu.exe
Error: (05/01/2014 02:19:26 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\NightCompany\Desktop\esetsmartinstaller_enu.exe
Error: (05/01/2014 02:18:50 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\NightCompany\Desktop\esetsmartinstaller_enu.exe
Error: (05/01/2014 01:54:02 AM) (Source: Application Error)(User: )
Description: FreeYouTubeToMP3Converter.exe3.12.17.112552935518mscorwks.dll2.0.50727.54204ca2b820c0000005000626a7
Error: (05/01/2014 01:54:02 AM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.5420 - Schwerwiegender Fehler im Ausführungsmodul (5E37E92A) (80131506).
Error: (05/01/2014 01:53:56 AM) (Source: Application Error)(User: )
Description: FreeYouTubeToMP3Converter.exe3.12.17.112552935518mscorwks.dll2.0.50727.54204ca2b820c0000005000626a7
Error: (05/01/2014 01:53:56 AM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.5420 - Schwerwiegender Fehler im Ausführungsmodul (5E37E92A) (80131506).
CodeIntegrity Errors:
===================================
Date: 2014-03-04 23:45:20.788
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Nuetzliches\Sandboxie\SbieDrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-03-04 23:45:20.783
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Nuetzliches\Sandboxie\SbieDrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-03-04 23:45:09.483
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Nuetzliches\Sandboxie\SbieDrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-03-04 23:45:09.478
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Nuetzliches\Sandboxie\SbieDrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-03-04 23:45:03.315
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Nuetzliches\Sandboxie\SbieDrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-03-04 23:45:03.310
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Nuetzliches\Sandboxie\SbieDrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-03-04 23:44:59.010
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Nuetzliches\Sandboxie\SbieDrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-03-04 23:44:59.003
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Nuetzliches\Sandboxie\SbieDrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-03-04 23:44:39.192
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Nuetzliches\Sandboxie\SbieDrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-03-04 23:44:39.160
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Nuetzliches\Sandboxie\SbieDrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 20%
Total physical RAM: 16313.92 MB
Available physical RAM: 12936.23 MB
Total Pagefile: 32626.03 MB
Available Pagefile: 28790.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:1862.92 GB) (Free:931.13 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive j: (Elements) (Fixed) (Total:931.51 GB) (Free:15.67 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: C8136B10)
Partition 1: (Active) - (Size=-198731366400) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 0002846E)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
01.05.2014, 02:49
| #2 |
| | Internet Explorer öffnet Pup ups von "lpcloudbox" nach Installation von FreeYoutubeDownloader "update" FRST
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-04-2014 03
Ran by NightCompany (administrator) on NIGHTCOMPANY-PC on 01-05-2014 02:33:13
Running from C:\Users\NightCompany\Desktop\Maleware Removal
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(SANDBOXIE L.T.D) C:\Nuetzliches\Sandboxie\SbieSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(LogMeIn Inc.) C:\Nuetzliches\Hamachi\hamachi-2.exe
(LogMeIn, Inc.) C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(SANDBOXIE L.T.D) C:\Nuetzliches\Sandboxie\SbieCtrl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(LogMeIn Inc.) C:\Nuetzliches\Hamachi\hamachi-2-ui.exe
(LogMeIn, Inc.) C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TeamSpeak Systems GmbH) C:\Nuetzliches\TS3\ts3client_win64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(The Audacity Team) C:\Nuetzliches\Audacity\audacity.exe
(Nullsoft, Inc.) C:\Nuetzliches\WinAmp\winamp.exe
(Glarysoft Ltd) C:\Nuetzliches\Absolute Uninstaller\uninstaller.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6963272 2013-01-15] (Realtek Semiconductor)
HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [2306448 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-01] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => "c:\Nuetzliches\QuicktimePlayer\qttask.exe" -atboottime
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Nuetzliches\Hamachi\hamachi-2-ui.exe [3814736 2014-04-15] (LogMeIn Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
HKU\S-1-5-21-999071866-3409995119-814088864-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1775808 2014-05-01] (Valve Corporation)
HKU\S-1-5-21-999071866-3409995119-814088864-1000\...\Run: [SandboxieControl] => C:\Nuetzliches\Sandboxie\SbieCtrl.exe [667920 2012-03-22] (SANDBOXIE L.T.D)
HKU\S-1-5-21-999071866-3409995119-814088864-1000\...\Policies\Explorer: [DisallowRun] 1
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\NightCompany\AppData\Roaming\Mozilla\Firefox\Profiles\bczuf39q.default
FF NewTab: about:blank
FF Homepage: www.google.de
FF NetworkProxy: "backup.ftp", "91.105.232.144"
FF NetworkProxy: "backup.ftp_port", 3129
FF NetworkProxy: "backup.socks", "91.105.232.144"
FF NetworkProxy: "backup.socks_port", 3129
FF NetworkProxy: "backup.ssl", "91.105.232.144"
FF NetworkProxy: "backup.ssl_port", 3129
FF NetworkProxy: "ftp", "195.225.144.38"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "195.225.144.38"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "195.225.144.38"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "195.225.144.38"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Nuetzliches\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Nuetzliches\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\NightCompany\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Computer, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Popular Website Buddy - C:\Users\NightCompany\AppData\Roaming\Mozilla\Firefox\Profiles\bczuf39q.default\Extensions\jid1-l6V8exwLVv1lBw@jetpack [2014-04-02]
FF Extension: YouTube Unblocker - C:\Users\NightCompany\AppData\Roaming\Mozilla\Firefox\Profiles\bczuf39q.default\Extensions\youtubeunblocker@unblocker.yt [2014-01-26]
FF Extension: MEGA - C:\Users\NightCompany\AppData\Roaming\Mozilla\Firefox\Profiles\bczuf39q.default\Extensions\firefox@mega.co.nz.xpi [2014-04-21]
FF Extension: Stealthy - C:\Users\NightCompany\AppData\Roaming\Mozilla\Firefox\Profiles\bczuf39q.default\Extensions\stealthyextension@gmail.com.xpi [2013-11-14]
FF Extension: Adblock Plus - C:\Users\NightCompany\AppData\Roaming\Mozilla\Firefox\Profiles\bczuf39q.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-24]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-24]
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-01] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-10-26] ()
R2 Hamachi2Svc; C:\Nuetzliches\Hamachi\hamachi-2.exe [2227536 2014-04-15] (LogMeIn Inc.)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
S3 OpenVPNService; C:\Nuetzliches\OpenVPN\bin\openvpnserv.exe [29920 2013-06-03] (The OpenVPN Project)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-03-14] ()
R2 SbieSvc; C:\Nuetzliches\Sandboxie\SbieSvc.exe [97552 2012-03-22] (SANDBOXIE L.T.D)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
S3 TunngleService; C:\Nuetzliches\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
S3 VsEtwService120; C:\Nuetzliches\VisualStudio2013\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-01] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-01] ()
S3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2013-12-22] (Echobit, LLC)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)
R3 SbieDrv; C:\Nuetzliches\Sandboxie\SbieDrv.sys [155136 2014-03-05] (SANDBOXIE L.T.D)
S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
U5 UnlockerDriver5; C:\Nuetzliches\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () <===== ATTENTION Necurs Rootkit?
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-01 02:33 - 2014-05-01 02:33 - 00000000 ____D () C:\FRST
2014-05-01 02:32 - 2014-05-01 02:32 - 00000000 _____ () C:\Users\NightCompany\defogger_reenable
2014-05-01 02:29 - 2014-05-01 02:30 - 00000000 ____D () C:\Users\NightCompany\AppData\Roaming\GlarySoft
2014-05-01 02:19 - 2014-05-01 02:19 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-01 02:02 - 2014-05-01 02:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-05-01 02:01 - 2014-05-01 02:02 - 00000000 ____D () C:\Users\NightCompany\AppData\Roaming\DVDVideoSoft
2014-05-01 02:01 - 2014-05-01 02:01 - 32346240 _____ (DVDVideoSoft Ltd. ) C:\Users\NightCompany\Desktop\FreeYouTubeDownload-3.2.33.424.exe
2014-05-01 01:56 - 2014-05-01 01:56 - 00000000 ____D () C:\Users\NightCompany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2014-05-01 01:43 - 2014-05-01 01:43 - 00001103 _____ () C:\Users\NightCompany\Desktop\JRT.txt
2014-05-01 01:39 - 2014-05-01 01:39 - 00007601 _____ () C:\Users\NightCompany\AppData\Local\Resmon.ResmonCfg
2014-05-01 01:34 - 2014-05-01 01:34 - 00000000 ____D () C:\Windows\ERUNT
2014-05-01 01:28 - 2014-05-01 02:33 - 00000000 ____D () C:\Users\NightCompany\Desktop\Maleware Removal
2014-05-01 01:27 - 2014-05-01 01:29 - 00000000 ____D () C:\AdwCleaner
2014-05-01 01:05 - 2014-05-01 01:05 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-01 01:05 - 2014-05-01 01:05 - 00000853 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-01 01:05 - 2014-05-01 01:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-01 01:05 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-01 01:05 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-01 01:05 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-01 01:02 - 2014-05-01 01:02 - 00000077 _____ () C:\Windows\wininit.ini
2014-05-01 01:02 - 2014-05-01 01:02 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-05-01 00:46 - 2014-05-01 01:02 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-01 00:22 - 2014-05-01 00:22 - 00001874 _____ () C:\Users\NightCompany\Desktop\Temporary Internet Files - Verknüpfung.lnk
2014-04-30 12:21 - 2014-04-30 12:56 - 00000000 ____D () C:\Users\NightCompany\Desktop\AdventureTime eng HD
2014-04-30 01:45 - 2014-05-01 02:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-29 11:50 - 2014-04-29 11:57 - 00000000 ____D () C:\Users\NightCompany\AppData\Roaming\Dwarfs
2014-04-28 23:12 - 2014-04-28 23:12 - 00043758 _____ () C:\d6f4e900-bf68-49b6-b1b2-307d924b1767.dmp
2014-04-27 03:11 - 2014-04-27 03:11 - 00000000 ____D () C:\Users\NightCompany\AppData\Roaming\DivX
2014-04-27 03:08 - 2014-04-27 03:16 - 00000000 ____D () C:\ProgramData\DivX
2014-04-27 03:08 - 2014-04-27 03:16 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-04-26 16:56 - 2014-04-26 17:03 - 00000000 ____D () C:\Users\NightCompany\Documents\HospitalTycoon
2014-04-25 20:42 - 2014-04-25 20:42 - 00000826 _____ () C:\Users\Pathof exile blah\Desktop\Notepad++.lnk
2014-04-25 20:42 - 2014-04-25 20:42 - 00000826 _____ () C:\Users\NightCompany\Desktop\Notepad++.lnk
2014-04-25 20:42 - 2014-04-25 20:42 - 00000000 ____D () C:\Users\NightCompany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-04-25 20:42 - 2014-04-25 20:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-04-25 20:41 - 2014-04-25 20:41 - 07624808 _____ () C:\Users\NightCompany\Desktop\npp.6.5.5.Installer.exe
2014-04-25 16:07 - 2014-04-26 02:48 - 00000000 ____D () C:\Users\NightCompany\AppData\Local\Game Dev Tycoon - Steam
2014-04-24 14:36 - 2014-04-24 14:36 - 00000000 ____D () C:\Users\NightCompany\Documents\Egosoft
2014-04-24 14:31 - 2008-07-12 08:18 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-04-24 14:31 - 2008-07-12 08:18 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-04-24 14:31 - 2008-07-12 08:18 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-04-22 13:49 - 2014-04-22 13:49 - 00000000 _____ () C:\Users\NightCompany\Desktop\bufti.txt
2014-04-22 12:07 - 2014-04-22 12:15 - 00000000 ____D () C:\Users\NightCompany\AppData\Local\Skyrim
2014-04-22 11:39 - 2014-04-22 11:39 - 00000000 ____D () C:\Users\NightCompany\AppData\Roaming\Microsoft FxCop
2014-04-22 11:35 - 2014-04-22 11:35 - 00000000 ____D () C:\Users\NightCompany\AppData\Roaming\NuGet
2014-04-21 21:56 - 2014-04-22 11:38 - 00000000 ____D () C:\Users\NightCompany\Documents\Visual Studio 2013
2014-04-21 21:56 - 2014-04-21 21:56 - 00000000 ____D () C:\ProgramData\NuGet
2014-04-21 21:56 - 2014-04-21 21:56 - 00000000 ____D () C:\Program Files (x86)\NuGet
2014-04-21 21:48 - 2014-04-21 21:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2014-04-21 21:48 - 2014-04-21 21:48 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
2014-04-21 21:47 - 2014-04-21 21:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Help Viewer
2014-04-21 21:44 - 2014-04-21 21:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2013
2014-04-21 21:36 - 2013-02-17 01:40 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-04-21 21:32 - 2014-04-21 21:32 - 19273728 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-21 21:32 - 2014-04-21 21:32 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-21 21:32 - 2014-04-21 21:32 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-21 21:32 - 2014-04-21 21:32 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-21 21:32 - 2014-04-21 21:32 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-04-21 21:32 - 2014-04-21 21:32 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-04-21 21:32 - 2014-04-21 21:32 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-21 21:32 - 2014-04-21 21:32 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-04-21 21:32 - 2014-04-21 21:32 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-04-21 21:32 - 2014-04-21 21:32 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-21 21:32 - 2014-04-21 21:32 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-04-21 21:32 - 2014-04-21 21:32 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-04-21 21:32 - 2014-04-21 21:32 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-04-21 21:32 - 2014-04-21 21:32 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-04-21 21:32 - 2014-04-21 21:32 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-21 21:32 - 2014-04-21 21:32 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-04-21 21:32 - 2014-04-21 21:32 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-21 21:32 - 2014-04-21 21:32 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-04-21 21:32 - 2014-04-21 21:32 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-04-21 21:32 - 2014-04-21 21:32 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-04-21 21:32 - 2014-04-21 21:32 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-04-21 21:32 - 2014-04-21 21:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-21 21:32 - 2014-04-21 21:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-04-21 21:32 - 2014-04-21 21:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-04-21 21:32 - 2014-04-21 21:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-04-21 21:32 - 2014-04-21 21:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-04-21 21:31 - 2014-04-21 21:31 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-04-21 21:31 - 2014-04-21 21:31 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2014-04-21 21:31 - 2014-04-21 21:31 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-21 21:31 - 2014-04-21 21:31 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-21 21:31 - 2014-04-21 21:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-21 21:30 - 2014-04-21 21:30 - 05559152 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-04-21 21:30 - 2014-04-21 21:30 - 03968368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-04-21 21:30 - 2014-04-21 21:30 - 03913584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-04-21 21:29 - 2014-04-21 21:29 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-04-21 21:27 - 2014-04-21 21:27 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-04-21 21:27 - 2014-04-21 21:27 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-04-20 21:51 - 2014-04-20 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-04-20 21:50 - 2014-04-20 21:51 - 00000723 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-04-19 23:36 - 2014-04-19 23:36 - 00000000 ____D () C:\Users\NightCompany\AppData\Local\LogMeIn
2014-04-19 23:36 - 2014-04-19 23:36 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-04-19 23:36 - 2009-03-18 18:35 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2014-04-19 23:35 - 2014-05-01 02:24 - 00000000 ____D () C:\Users\NightCompany\AppData\Local\LogMeIn Hamachi
2014-04-19 23:05 - 2014-04-19 23:36 - 00000000 ____D () C:\Users\NightCompany\AppData\Roaming\Tunngle
2014-04-19 23:05 - 2014-04-19 23:36 - 00000000 ____D () C:\ProgramData\Tunngle
2014-04-19 23:05 - 2014-04-19 23:05 - 00000000 ____D () C:\Users\Public\Documents\Tunngle
2014-04-19 23:05 - 2014-04-19 23:05 - 00000000 ____D () C:\Users\NightCompany\Documents\Tunngle
2014-04-19 23:05 - 2009-09-16 07:02 - 00031232 _____ (Tunngle.net) C:\Windows\system32\Drivers\tap0901t.sys
2014-04-19 23:01 - 2014-04-21 12:26 - 00000000 ____D () C:\Users\NightCompany\Documents\Stronghold Crusader
2014-04-19 23:01 - 2014-04-19 23:11 - 00000000 ____D () C:\Users\NightCompany\AppData\Roaming\GameRanger
2014-04-17 15:59 - 2014-04-17 15:59 - 00002443 _____ () C:\Users\NightCompany\Desktop\Emergency internet breakdown.txt
2014-04-16 11:41 - 2014-04-16 11:41 - 02494970 _____ () C:\Users\NightCompany\Desktop\AllItems_und_Allerzeugnisse.sww
2014-04-15 00:05 - 2014-04-15 00:05 - 00000000 ____D () C:\Users\NightCompany\Documents\ANNO 2070
2014-04-14 23:58 - 2014-04-14 23:58 - 00000000 ____D () C:\ProgramData\Solidshield
2014-04-14 22:42 - 2014-04-14 22:42 - 00001229 _____ () C:\Users\Public\Desktop\The Mighty Quest For Epic Loot.lnk
2014-04-14 22:42 - 2014-04-14 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Mighty Quest For Epic Loot
2014-04-14 22:24 - 2014-04-14 22:24 - 00000000 ____D () C:\Users\NightCompany\AppData\Roaming\Ubisoft
2014-04-14 21:50 - 2014-04-14 21:55 - 00000000 ____D () C:\Users\NightCompany\AppData\Local\Ubisoft Game Launcher
2014-04-14 21:50 - 2014-04-14 21:50 - 00000686 _____ () C:\Users\NightCompany\Desktop\Uplay.lnk
2014-04-14 21:50 - 2014-04-14 21:50 - 00000000 ____D () C:\Users\NightCompany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2014-04-14 16:17 - 2014-04-14 16:20 - 00000000 ____D () C:\Users\NightCompany\AppData\Local\Sublime Text 3
2014-04-14 16:17 - 2014-04-14 16:17 - 00000832 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 3.lnk
2014-04-14 16:17 - 2014-04-14 16:17 - 00000000 ____D () C:\Users\NightCompany\AppData\Roaming\Sublime Text 3
2014-04-14 16:12 - 2014-04-14 16:12 - 00000000 ____D () C:\Users\NightCompany\AppData\Local\Atlassian
2014-04-14 16:09 - 2014-04-14 16:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atlassian
2014-04-14 16:09 - 2014-04-14 16:09 - 00000000 ____D () C:\ProgramData\Caphyon
2014-04-14 16:07 - 2014-04-14 16:14 - 00000000 ____D () C:\ProgramData\Atlassian
2014-04-14 12:45 - 2014-04-14 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tiny and Big - Grandpa's Leftovers
2014-04-13 23:35 - 2014-04-13 23:35 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-04-13 23:35 - 2014-04-13 23:35 - 00001162 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-04-13 23:35 - 2014-04-13 23:35 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-04-13 21:25 - 2014-04-21 22:24 - 00033752 _____ () C:\Users\NightCompany\Desktop\Spiel_Unbenannt.odt
2014-04-12 23:32 - 2014-04-12 23:32 - 00001088 _____ () C:\Users\Public\Desktop\Façade.lnk
2014-04-12 23:32 - 2014-04-12 23:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Façade
2014-04-11 15:59 - 2014-04-11 16:05 - 00000000 ____D () C:\Users\NightCompany\AppData\Roaming\ftblauncher
2014-04-11 15:27 - 2014-04-11 15:30 - 00000000 ____D () C:\Users\NightCompany\AppData\Roaming\.technic
2014-04-11 00:30 - 2014-04-11 00:30 - 00000000 ____D () C:\Users\NightCompany\AppData\Roaming\LOVE
2014-04-05 13:56 - 2014-04-05 13:56 - 00000000 ____D () C:\Users\NightCompany\Documents\Wolfire
2014-04-03 20:23 - 2014-04-03 20:23 - 00000000 ____D () C:\Users\NightCompany\AppData\Local\Chromium
2014-04-03 20:22 - 2014-04-03 20:22 - 00000000 ____D () C:\Users\NightCompany\AppData\Local\The Lord of the Rings Online
2014-04-03 19:44 - 2014-04-03 20:47 - 00000000 ____D () C:\Users\NightCompany\Documents\The Lord of the Rings Online
2014-04-03 19:44 - 2014-04-03 20:08 - 00000000 ____D () C:\Users\NightCompany\AppData\Local\Turbine
2014-04-03 18:54 - 2014-04-03 18:54 - 00000000 ____D () C:\Users\NightCompany\AppData\Local\Overwolf
2014-04-02 12:31 - 2014-04-02 12:42 - 00000017 _____ () C:\Users\NightCompany\Desktop\steam.txt
2014-04-02 01:05 - 2014-04-02 01:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SWF Decompiler
2014-04-02 01:05 - 2014-04-02 01:05 - 00000000 ____D () C:\ProgramData\AutoUpdate
2014-04-02 01:04 - 2014-04-02 01:04 - 00000000 ____D () C:\Users\NightCompany\AppData\Local\Tempcaa7e3460111d267ddddf61171d82110
2014-04-01 13:01 - 2014-04-03 14:33 - 00002010 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-01 13:01 - 2014-04-01 13:01 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-01 12:14 - 2014-04-01 12:14 - 00000000 ____D () C:\Users\NightCompany\Documents\Command and Conquer Generals Data
2014-04-01 12:10 - 2014-04-01 12:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Westwood Online
2014-04-01 12:10 - 2014-04-01 12:10 - 00000000 ____D () C:\Program Files (x86)\WestwoodOnline
==================== One Month Modified Files and Folders =======
2014-05-01 02:33 - 2014-05-01 02:33 - 00000000 ____D () C:\FRST
2014-05-01 02:33 - 2014-05-01 01:28 - 00000000 ____D () C:\Users\NightCompany\Desktop\Maleware Removal
2014-05-01 02:32 - 2014-05-01 02:32 - 00000000 _____ () C:\Users\NightCompany\defogger_reenable
2014-05-01 02:32 - 2013-10-24 14:55 - 00000000 ____D () C:\Users\NightCompany
2014-05-01 02:30 - 2014-05-01 02:29 - 00000000 ____D () C:\Users\NightCompany\AppData\Roaming\GlarySoft
2014-05-01 02:30 - 2014-04-30 01:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-01 02:29 - 2013-12-05 05:49 - 00625664 ___SH () C:\Users\NightCompany\Desktop\Thumbs.db
2014-05-01 02:29 - 2013-10-24 17:24 - 00000000 ____D () C:\Nuetzliches
2014-05-01 02:24 - 2014-04-19 23:35 - 00000000 ____D () C:\Users\NightCompany\AppData\Local\LogMeIn Hamachi
2014-05-01 02:24 - 2013-10-24 17:46 - 00000000 ____D () C:\Users\NightCompany\AppData\Roaming\WinAmp
2014-05-01 02:24 - 2013-10-24 15:46 - 00000000 ____D () C:\Windows\Panther
2014-05-01 02:24 - 2013-10-24 15:43 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-01 02:19 - 2014-05-01 02:19 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-01 02:17 - 2013-11-16 16:50 - 00000000 ____D () C:\Users\NightCompany\AppData\Roaming\Audacity
2014-05-01 02:02 - 2014-05-01 02:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-05-01 02:02 - 2014-05-01 02:01 - 00000000 ____D () C:\Users\NightCompany\AppData\Roaming\DVDVideoSoft
2014-05-01 02:01 - 2014-05-01 02:01 - 32346240 _____ (DVDVideoSoft Ltd. ) C:\Users\NightCompany\Desktop\FreeYouTubeDownload-3.2.33.424.exe
2014-05-01 01:56 - 2014-05-01 01:56 - 00000000 ____D () C:\Users\NightCompany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2014-05-01 01:56 - 2013-10-26 14:57 - 00000000 ___RD () C:\M Basukias
2014-05-01 01:47 - 2009-07-14 06:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-01 01:47 - 2009-07-14 06:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-01 01:43 - 2014-05-01 01:43 - 00001103 _____ () C:\Users\NightCompany\Desktop\JRT.txt
2014-05-01 01:43 - 2013-10-24 14:55 - 01825810 ____N () C:\Windows\WindowsUpdate.log
2014-05-01 01:40 - 2013-11-12 22:40 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-01 01:40 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-01 01:39 - 2014-05-01 01:39 - 00007601 _____ () C:\Users\NightCompany\AppData\Local\Resmon.ResmonCfg
2014-05-01 01:34 - 2014-05-01 01:34 - 00000000 ____D () C:\Windows\ERUNT
2014-05-01 01:31 - 2013-11-02 01:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-01 01:29 - 2014-05-01 01:27 - 00000000 ____D () C:\AdwCleaner
2014-05-01 01:05 - 2014-05-01 01:05 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-01 01:05 - 2014-05-01 01:05 - 00000853 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-01 01:05 - 2014-05-01 01:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-01 01:02 - 2014-05-01 01:02 - 00000077 _____ () C:\Windows\wininit.ini
2014-05-01 01:02 - 2014-05-01 01:02 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-05-01 01:02 - 2014-05-01 00:46 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-01 00:22 - 2014-05-01 00:22 - 00001874 _____ () C:\Users\NightCompany\Desktop\Temporary Internet Files - Verknüpfung.lnk
2014-04-30 13:08 - 2014-03-28 17:11 - 00000000 ____D () C:\Users\NightCompany\Desktop\Bewerbungen
2014-04-30 12:56 - 2014-04-30 12:21 - 00000000 ____D () C:\Users\NightCompany\Desktop\AdventureTime eng HD
2014-04-30 12:22 - 2013-10-24 17:44 - 00000000 ____D () C:\Users\NightCompany\AppData\Roaming\vlc
2014-04-29 11:57 - 2014-04-29 11:50 - 00000000 ____D () C:\Users\NightCompany\AppData\Roaming\Dwarfs
2014-04-29 00:36 - 2013-10-26 15:27 - 00000000 ____D () C:\Bilder lustig
2014-04-28 23:12 - 2014-04-28 23:12 - 00043758 _____ () C:\d6f4e900-bf68-49b6-b1b2-307d924b1767.dmp
2014-04-27 03:16 - 2014-04-27 03:08 - 00000000 ____D () C:\ProgramData\DivX
2014-04-27 03:16 - 2014-04-27 03:08 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-04-27 03:11 - 2014-04-27 03:11 - 00000000 ____D () C:\Users\NightCompany\AppData\Roaming\DivX
2014-04-26 17:15 - 2013-10-24 20:37 - 00000000 ____D () C:\Users\NightCompany\Documents\My Games
2014-04-26 17:14 - 2013-11-23 01:30 - 00000000 ____D () C:\Users\NightCompany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-04-26 17:03 - 2014-04-26 16:56 - 00000000 ____D () C:\Users\NightCompany\Documents\HospitalTycoon
2014-04-26 02:48 - 2014-04-25 16:07 - 00000000 ____D () C:\Users\NightCompany\AppData\Local\Game Dev Tycoon - Steam
2014-04-25 20:42 - 2014-04-25 20:42 - 00000826 _____ () C:\Users\Pathof exile blah\Desktop\Notepad++.lnk
2014-04-25 20:42 - 2014-04-25 20:42 - 00000826 _____ () C:\Users\NightCompany\Desktop\Notepad++.lnk
2014-04-25 20:42 - 2014-04-25 20:42 - 00000000 ____D () C:\Users\NightCompany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-04-25 20:42 - 2014-04-25 20:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-04-25 20:41 - 2014-04-25 20:41 - 07624808 _____ () C:\Users\NightCompany\Desktop\npp.6.5.5.Installer.exe
2014-04-24 14:36 - 2014-04-24 14:36 - 00000000 ____D () C:\Users\NightCompany\Documents\Egosoft
2014-04-24 01:46 - 2013-11-29 17:39 - 00000000 ____D () C:\swf
2014-04-22 14:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-22 13:49 - 2014-04-22 13:49 - 00000000 _____ () C:\Users\NightCompany\Desktop\bufti.txt
2014-04-22 12:15 - 2014-04-22 12:07 - 00000000 ____D () C:\Users\NightCompany\AppData\Local\Skyrim
2014-04-22 11:39 - 2014-04-22 11:39 - 00000000 ____D () C:\Users\NightCompany\AppData\Roaming\Microsoft FxCop
2014-04-22 11:38 - 2014-04-21 21:56 - 00000000 ____D () C:\Users\NightCompany\Documents\Visual Studio 2013
2014-04-22 11:35 - 2014-04-22 11:35 - 00000000 ____D () C:\Users\NightCompany\AppData\Roaming\NuGet
2014-04-22 11:32 - 2013-10-24 14:55 - 00001421 _____ () C:\Users\NightCompany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-22 11:27 - 2009-07-14 06:45 - 00298088 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-22 02:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2014-04-22 02:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2014-04-22 02:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-04-22 02:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-04-22 02:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-21 22:24 - 2014-04-13 21:25 - 00033752 _____ () C:\Users\NightCompany\Desktop\Spiel_Unbenannt.odt
2014-04-21 21:56 - 2014-04-21 21:56 - 00000000 ____D () C:\ProgramData\NuGet
2014-04-21 21:56 - 2014-04-21 21:56 - 00000000 ____D () C:\Program Files (x86)\NuGet
2014-04-21 21:54 - 2013-11-02 14:38 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-21 21:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-04-21 21:53 - 2013-11-21 18:33 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2014-04-21 21:48 - 2014-04-21 21:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2014-04-21 21:48 - 2014-04-21 21:48 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
2014-04-21 21:48 - 2014-04-21 21:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2013
2014-04-21 21:47 - 2014-04-21 21:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Help Viewer
2014-04-21 21:46 - 2013-11-21 18:37 - 00000000 ____D () C:\Windows\SysWOW64\1033
2014-04-21 21:46 - 2013-11-21 18:37 - 00000000 ____D () C:\Windows\SysWOW64\1031
2014-04-21 21:46 - 2013-11-21 18:37 - 00000000 ____D () C:\Windows\system32\1033
2014-04-21 21:46 - 2013-11-21 18:37 - 00000000 ____D () C:\Windows\system32\1031
2014-04-21 21:46 - 2013-11-21 18:36 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-04-21 21:46 - 2013-11-21 18:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-04-21 21:45 - 2013-11-21 18:35 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-04-21 21:45 - 2013-11-21 18:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-04-21 21:45 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-04-21 21:32 - 2014-04-21 21:32 - 19273728 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-21 21:32 - 2014-04-21 21:32 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-21 21:32 - 2014-04-21 21:32 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-21 21:32 - 2014-04-21 21:32 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-21 21:32 - 2014-04-21 21:32 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-04-21 21:32 - 2014-04-21 21:32 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-04-21 21:32 - 2014-04-21 21:32 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-21 21:32 - 2014-04-21 21:32 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-04-21 21:32 - 2014-04-21 21:32 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-04-21 21:32 - 2014-04-21 21:32 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-21 21:32 - 2014-04-21 21:32 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-04-21 21:32 - 2014-04-21 21:32 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-04-21 21:32 - 2014-04-21 21:32 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-04-21 21:32 - 2014-04-21 21:32 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-04-21 21:32 - 2014-04-21 21:32 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-21 21:32 - 2014-04-21 21:32 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-04-21 21:32 - 2014-04-21 21:32 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-21 21:32 - 2014-04-21 21:32 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-04-21 21:32 - 2014-04-21 21:32 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-04-21 21:32 - 2014-04-21 21:32 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-04-21 21:32 - 2014-04-21 21:32 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-04-21 21:32 - 2014-04-21 21:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-21 21:32 - 2014-04-21 21:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-04-21 21:32 - 2014-04-21 21:32 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-04-21 21:32 - 2014-04-21 21:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-04-21 21:32 - 2014-04-21 21:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-04-21 21:32 - 2014-04-21 21:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-04-21 21:31 - 2014-04-21 21:31 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-04-21 21:31 - 2014-04-21 21:31 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2014-04-21 21:31 - 2014-04-21 21:31 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-21 21:31 - 2014-04-21 21:31 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-21 21:31 - 2014-04-21 21:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-04-21 21:31 - 2014-04-21 21:31 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-21 21:30 - 2014-04-21 21:30 - 05559152 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-04-21 21:30 - 2014-04-21 21:30 - 03968368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-04-21 21:30 - 2014-04-21 21:30 - 03913584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-04-21 21:29 - 2014-04-21 21:29 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-04-21 21:29 - 2014-04-21 21:29 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-04-21 21:27 - 2014-04-21 21:27 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-04-21 21:27 - 2014-04-21 21:27 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-04-21 12:26 - 2014-04-19 23:01 - 00000000 ____D () C:\Users\NightCompany\Documents\Stronghold Crusader
2014-04-20 21:51 - 2014-04-20 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-04-20 21:51 - 2014-04-20 21:50 - 00000723 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-04-19 23:36 - 2014-04-19 23:36 - 00000000 ____D () C:\Users\NightCompany\AppData\Local\LogMeIn
2014-04-19 23:36 - 2014-04-19 23:36 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-04-19 23:36 - 2014-04-19 23:05 - 00000000 ____D () C:\Users\NightCompany\AppData\Roaming\Tunngle
2014-04-19 23:36 - 2014-04-19 23:05 - 00000000 ____D () C:\ProgramData\Tunngle
2014-04-19 23:11 - 2014-04-19 23:01 - 00000000 ____D () C:\Users\NightCompany\AppData\Roaming\GameRanger
2014-04-19 23:11 - 2013-10-24 14:55 - 00000000 ___RD () C:\Users\NightCompany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-19 23:10 - 2013-10-24 15:01 - 00065536 _____ () C:\Users\NightCompany\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-19 23:05 - 2014-04-19 23:05 - 00000000 ____D () C:\Users\Public\Documents\Tunngle
2014-04-19 23:05 - 2014-04-19 23:05 - 00000000 ____D () C:\Users\NightCompany\Documents\Tunngle
2014-04-18 23:45 - 2013-10-26 15:26 - 00000000 ____D () C:\Desktop bilder
2014-04-17 15:59 - 2014-04-17 15:59 - 00002443 _____ () C:\Users\NightCompany\Desktop\Emergency internet breakdown.txt
2014-04-16 11:41 - 2014-04-16 11:41 - 02494970 _____ () C:\Users\NightCompany\Desktop\AllItems_und_Allerzeugnisse.sww
2014-04-16 11:11 - 2013-10-24 16:24 - 00000000 ____D () C:\Users\NightCompany\AppData\Local\Adobe
2014-04-16 11:07 - 2013-11-05 10:08 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-16 11:07 - 2013-11-05 10:08 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-15 11:51 - 2013-11-21 18:08 - 00000000 ____D () C:\Users\NightCompany\Desktop\löschen
2014-04-15 00:05 - 2014-04-15 00:05 - 00000000 ____D () C:\Users\NightCompany\Documents\ANNO 2070
2014-04-14 23:58 - 2014-04-14 23:58 - 00000000 ____D () C:\ProgramData\Solidshield
2014-04-14 22:42 - 2014-04-14 22:42 - 00001229 _____ () C:\Users\Public\Desktop\The Mighty Quest For Epic Loot.lnk
2014-04-14 22:42 - 2014-04-14 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Mighty Quest For Epic Loot
2014-04-14 22:24 - 2014-04-14 22:24 - 00000000 ____D () C:\Users\NightCompany\AppData\Roaming\Ubisoft
2014-04-14 22:24 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-04-14 22:20 - 2013-10-24 15:04 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-14 21:55 - 2014-04-14 21:50 - 00000000 ____D () C:\Users\NightCompany\AppData\Local\Ubisoft Game Launcher
2014-04-14 21:52 - 2013-10-24 17:57 - 00000000 ____D () C:\Users\NightCompany\AppData\Roaming\Skype
2014-04-14 21:50 - 2014-04-14 21:50 - 00000686 _____ () C:\Users\NightCompany\Desktop\Uplay.lnk
2014-04-14 21:50 - 2014-04-14 21:50 - 00000000 ____D () C:\Users\NightCompany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2014-04-14 21:50 - 2013-10-24 16:53 - 00000000 ____D () C:\Spiele
2014-04-14 16:20 - 2014-04-14 16:17 - 00000000 ____D () C:\Users\NightCompany\AppData\Local\Sublime Text 3
2014-04-14 16:17 - 2014-04-14 16:17 - 00000832 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 3.lnk
2014-04-14 16:17 - 2014-04-14 16:17 - 00000000 ____D () C:\Users\NightCompany\AppData\Roaming\Sublime Text 3
2014-04-14 16:14 - 2014-04-14 16:07 - 00000000 ____D () C:\ProgramData\Atlassian
2014-04-14 16:12 - 2014-04-14 16:12 - 00000000 ____D () C:\Users\NightCompany\AppData\Local\Atlassian
2014-04-14 16:09 - 2014-04-14 16:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atlassian
2014-04-14 16:09 - 2014-04-14 16:09 - 00000000 ____D () C:\ProgramData\Caphyon
2014-04-14 12:45 - 2014-04-14 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tiny and Big - Grandpa's Leftovers
2014-04-14 01:36 - 2013-10-24 16:54 - 00000000 ____D () C:\Users\NightCompany\AppData\Local\PMB Files
2014-04-14 01:15 - 2013-10-25 19:39 - 00000000 ____D () C:\Users\NightCompany\AppData\Roaming\.minecraft
2014-04-14 01:12 - 2013-10-26 15:43 - 00000000 ____D () C:\ProgramData\Origin
2014-04-14 00:05 - 2013-11-09 00:04 - 00000000 ____D () C:\Users\NightCompany\AppData\Roaming\TeamViewer
2014-04-13 23:35 - 2014-04-13 23:35 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-04-13 23:35 - 2014-04-13 23:35 - 00001162 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-04-13 23:35 - 2014-04-13 23:35 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-04-13 20:50 - 2013-10-24 16:54 - 00000000 ____D () C:\ProgramData\PMB Files
2014-04-13 12:35 - 2013-10-27 21:36 - 00000000 ____D () C:\Users\NightCompany\Documents\SimCity
2014-04-12 23:32 - 2014-04-12 23:32 - 00001088 _____ () C:\Users\Public\Desktop\Façade.lnk
2014-04-12 23:32 - 2014-04-12 23:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Façade
2014-04-11 16:05 - 2014-04-11 15:59 - 00000000 ____D () C:\Users\NightCompany\AppData\Roaming\ftblauncher
2014-04-11 15:30 - 2014-04-11 15:27 - 00000000 ____D () C:\Users\NightCompany\AppData\Roaming\.technic
2014-04-11 00:30 - 2014-04-11 00:30 - 00000000 ____D () C:\Users\NightCompany\AppData\Roaming\LOVE
2014-04-05 13:56 - 2014-04-05 13:56 - 00000000 ____D () C:\Users\NightCompany\Documents\Wolfire
2014-04-05 13:56 - 2013-10-31 17:03 - 00000000 ____D () C:\Users\NightCompany\AppData\Roaming\Awesomium
2014-04-04 01:12 - 2013-10-25 16:20 - 00000000 ____D () C:\Users\NightCompany\AppData\Local\Battle.net
2014-04-03 20:47 - 2014-04-03 19:44 - 00000000 ____D () C:\Users\NightCompany\Documents\The Lord of the Rings Online
2014-04-03 20:23 - 2014-04-03 20:23 - 00000000 ____D () C:\Users\NightCompany\AppData\Local\Chromium
2014-04-03 20:22 - 2014-04-03 20:22 - 00000000 ____D () C:\Users\NightCompany\AppData\Local\The Lord of the Rings Online
2014-04-03 20:08 - 2014-04-03 19:44 - 00000000 ____D () C:\Users\NightCompany\AppData\Local\Turbine
2014-04-03 19:00 - 2013-10-26 15:49 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-04-03 18:54 - 2014-04-03 18:54 - 00000000 ____D () C:\Users\NightCompany\AppData\Local\Overwolf
2014-04-03 14:33 - 2014-04-01 13:01 - 00002010 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-03 10:34 - 2011-04-12 09:43 - 00764000 _____ () C:\Windows\system32\perfh007.dat
2014-04-03 10:34 - 2011-04-12 09:43 - 00173230 _____ () C:\Windows\system32\perfc007.dat
2014-04-03 10:34 - 2009-07-14 07:13 - 01801590 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-03 09:51 - 2014-05-01 01:05 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-05-01 01:05 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-05-01 01:05 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 12:42 - 2014-04-02 12:31 - 00000017 _____ () C:\Users\NightCompany\Desktop\steam.txt
2014-04-02 01:05 - 2014-04-02 01:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SWF Decompiler
2014-04-02 01:05 - 2014-04-02 01:05 - 00000000 ____D () C:\ProgramData\AutoUpdate
2014-04-02 01:04 - 2014-04-02 01:04 - 00000000 ____D () C:\Users\NightCompany\AppData\Local\Tempcaa7e3460111d267ddddf61171d82110
2014-04-01 13:01 - 2014-04-01 13:01 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-01 13:01 - 2013-12-28 08:44 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-04-01 13:01 - 2013-10-24 15:15 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-01 13:01 - 2013-10-24 15:15 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-04-01 13:01 - 2013-10-24 15:15 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-01 13:01 - 2013-10-24 15:15 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-01 13:01 - 2013-10-24 15:15 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-01 13:01 - 2013-10-24 15:15 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-01 13:01 - 2013-10-24 15:15 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-01 12:14 - 2014-04-01 12:14 - 00000000 ____D () C:\Users\NightCompany\Documents\Command and Conquer Generals Data
2014-04-01 12:14 - 2013-11-23 20:03 - 00000000 ____D () C:\Users\NightCompany\Documents\Command and Conquer Generals Zero Hour Data
2014-04-01 12:10 - 2014-04-01 12:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Westwood Online
2014-04-01 12:10 - 2014-04-01 12:10 - 00000000 ____D () C:\Program Files (x86)\WestwoodOnline
Some content of TEMP:
====================
C:\Users\NightCompany\AppData\Local\Temp\ICReinstall_FreeYouTubeToMP3Converter.exe
C:\Users\NightCompany\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
LastRegBack: 2014-04-29 02:51
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- --- --- --- Gmer Teil 1 von x Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-01 03:16:19
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HDS5C3020BLE630 rev.MZ4OAAB0 1863,02GB
Running: Gmer-19357.exe; Driver: C:\Users\NIGHTC~1\AppData\Local\Temp\awrcykog.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779a13c0 5 bytes JMP 0000000149c00460
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779a1410 5 bytes JMP 0000000149c00450
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779a1570 5 bytes JMP 0000000149c00370
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779a15c0 5 bytes JMP 0000000149c00470
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779a15d0 5 bytes JMP 0000000149c003e0
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779a1680 5 bytes JMP 0000000149c00320
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779a16b0 5 bytes JMP 0000000149c003b0
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779a16d0 5 bytes JMP 0000000149c00390
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779a1710 5 bytes JMP 0000000149c002e0
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779a1790 5 bytes JMP 0000000149c002d0
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779a17b0 5 bytes JMP 0000000149c00310
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779a17f0 5 bytes JMP 0000000149c003c0
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779a1840 5 bytes JMP 0000000149c003f0
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779a19a0 1 byte JMP 0000000149c00230
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000779a19a2 3 bytes {JMP 0xffffffffd225e890}
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779a1b60 5 bytes JMP 0000000149c00480
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779a1b90 5 bytes JMP 0000000149c003a0
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779a1c70 5 bytes JMP 0000000149c002f0
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779a1c80 5 bytes JMP 0000000149c00350
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779a1ce0 5 bytes JMP 0000000149c00290
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779a1d70 5 bytes JMP 0000000149c002b0
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779a1d90 5 bytes JMP 0000000149c003d0
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779a1da0 1 byte JMP 0000000149c00330
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000779a1da2 3 bytes {JMP 0xffffffffd225e590}
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779a1e10 5 bytes JMP 0000000149c00410
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779a1e40 5 bytes JMP 0000000149c00240
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779a2100 5 bytes JMP 0000000149c001e0
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779a21c0 1 byte JMP 0000000149c00250
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000779a21c2 3 bytes {JMP 0xffffffffd225e090}
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779a21f0 5 bytes JMP 0000000149c00490
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779a2200 5 bytes JMP 0000000149c004a0
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779a2230 5 bytes JMP 0000000149c00300
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779a2240 5 bytes JMP 0000000149c00360
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779a22a0 5 bytes JMP 0000000149c002a0
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779a22f0 5 bytes JMP 0000000149c002c0
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779a2320 5 bytes JMP 0000000149c00380
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779a2330 5 bytes JMP 0000000149c00340
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779a2620 5 bytes JMP 0000000149c00440
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779a2820 5 bytes JMP 0000000149c00260
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779a2830 5 bytes JMP 0000000149c00270
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779a2840 5 bytes JMP 0000000149c00400
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779a2a00 5 bytes JMP 0000000149c001f0
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779a2a10 5 bytes JMP 0000000149c00210
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779a2a80 5 bytes JMP 0000000149c00200
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779a2ae0 5 bytes JMP 0000000149c00420
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779a2af0 5 bytes JMP 0000000149c00430
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779a2b00 5 bytes JMP 0000000149c00220
.text C:\Windows\system32\csrss.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779a2be0 5 bytes JMP 0000000149c00280
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779a13c0 5 bytes JMP 0000000077b00460
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779a1410 5 bytes JMP 0000000077b00450
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779a1570 5 bytes JMP 0000000077b00370
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779a15c0 5 bytes JMP 0000000077b00470
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779a15d0 5 bytes JMP 0000000077b003e0
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779a1680 5 bytes JMP 0000000077b00320
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779a16b0 5 bytes JMP 0000000077b003b0
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779a16d0 5 bytes JMP 0000000077b00390
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779a1710 5 bytes JMP 0000000077b002e0
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779a1790 5 bytes JMP 0000000077b002d0
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779a17b0 5 bytes JMP 0000000077b00310
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779a17f0 5 bytes JMP 0000000077b003c0
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779a1840 5 bytes JMP 0000000077b003f0
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779a19a0 1 byte JMP 0000000077b00230
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000779a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779a1b60 5 bytes JMP 0000000077b00480
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779a1b90 5 bytes JMP 0000000077b003a0
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779a1c70 5 bytes JMP 0000000077b002f0
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779a1c80 5 bytes JMP 0000000077b00350
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779a1ce0 5 bytes JMP 0000000077b00290
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779a1d70 5 bytes JMP 0000000077b002b0
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779a1d90 5 bytes JMP 0000000077b003d0
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779a1da0 1 byte JMP 0000000077b00330
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000779a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779a1e10 5 bytes JMP 0000000077b00410
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779a1e40 5 bytes JMP 0000000077b00240
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779a2100 5 bytes JMP 0000000077b001e0
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779a21c0 1 byte JMP 0000000077b00250
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000779a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779a21f0 5 bytes JMP 0000000077b00490
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779a2200 5 bytes JMP 0000000077b004a0
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779a2230 5 bytes JMP 0000000077b00300
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779a2240 5 bytes JMP 0000000077b00360
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779a22a0 5 bytes JMP 0000000077b002a0
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779a22f0 5 bytes JMP 0000000077b002c0
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779a2320 5 bytes JMP 0000000077b00380
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779a2330 5 bytes JMP 0000000077b00340
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779a2620 5 bytes JMP 0000000077b00440
Geändert von Austauschbar (01.05.2014 um 02:56 Uhr) |
|
01.05.2014, 02:57
| #3 |
| | Internet Explorer öffnet Pup ups von "lpcloudbox" nach Installation von FreeYoutubeDownloader "update" Gmer Teil 2 von x
__________________Code:
ATTFilter .text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779a2820 5 bytes JMP 0000000077b00260
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779a2830 5 bytes JMP 0000000077b00270
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779a2840 5 bytes JMP 0000000077b00400
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779a2a00 5 bytes JMP 0000000077b001f0
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779a2a10 5 bytes JMP 0000000077b00210
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779a2a80 5 bytes JMP 0000000077b00200
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779a2ae0 5 bytes JMP 0000000077b00420
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779a2af0 5 bytes JMP 0000000077b00430
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779a2b00 5 bytes JMP 0000000077b00220
.text C:\Windows\system32\wininit.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779a2be0 5 bytes JMP 0000000077b00280
.text C:\Windows\system32\wininit.exe[580] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007788eecd 1 byte [62]
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779a13c0 5 bytes JMP 0000000149c00460
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779a1410 5 bytes JMP 0000000149c00450
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779a1570 5 bytes JMP 0000000149c00370
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779a15c0 5 bytes JMP 0000000149c00470
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779a15d0 5 bytes JMP 0000000149c003e0
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779a1680 5 bytes JMP 0000000149c00320
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779a16b0 5 bytes JMP 0000000149c003b0
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779a16d0 5 bytes JMP 0000000149c00390
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779a1710 5 bytes JMP 0000000149c002e0
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779a1790 5 bytes JMP 0000000149c002d0
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779a17b0 5 bytes JMP 0000000149c00310
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779a17f0 5 bytes JMP 0000000149c003c0
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779a1840 5 bytes JMP 0000000149c003f0
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779a19a0 1 byte JMP 0000000149c00230
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000779a19a2 3 bytes {JMP 0xffffffffd225e890}
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779a1b60 5 bytes JMP 0000000149c00480
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779a1b90 5 bytes JMP 0000000149c003a0
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779a1c70 5 bytes JMP 0000000149c002f0
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779a1c80 5 bytes JMP 0000000149c00350
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779a1ce0 5 bytes JMP 0000000149c00290
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779a1d70 5 bytes JMP 0000000149c002b0
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779a1d90 5 bytes JMP 0000000149c003d0
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779a1da0 1 byte JMP 0000000149c00330
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000779a1da2 3 bytes {JMP 0xffffffffd225e590}
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779a1e10 5 bytes JMP 0000000149c00410
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779a1e40 5 bytes JMP 0000000149c00240
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779a2100 5 bytes JMP 0000000149c001e0
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779a21c0 1 byte JMP 0000000149c00250
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000779a21c2 3 bytes {JMP 0xffffffffd225e090}
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779a21f0 5 bytes JMP 0000000149c00490
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779a2200 5 bytes JMP 0000000149c004a0
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779a2230 5 bytes JMP 0000000149c00300
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779a2240 5 bytes JMP 0000000149c00360
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779a22a0 5 bytes JMP 0000000149c002a0
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779a22f0 5 bytes JMP 0000000149c002c0
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779a2320 5 bytes JMP 0000000149c00380
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779a2330 5 bytes JMP 0000000149c00340
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779a2620 5 bytes JMP 0000000149c00440
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779a2820 5 bytes JMP 0000000149c00260
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779a2830 5 bytes JMP 0000000149c00270
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779a2840 5 bytes JMP 0000000149c00400
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779a2a00 5 bytes JMP 0000000149c001f0
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779a2a10 5 bytes JMP 0000000149c00210
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779a2a80 5 bytes JMP 0000000149c00200
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779a2ae0 5 bytes JMP 0000000149c00420
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779a2af0 5 bytes JMP 0000000149c00430
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779a2b00 5 bytes JMP 0000000149c00220
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779a2be0 5 bytes JMP 0000000149c00280
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779a13c0 5 bytes JMP 0000000077b00460
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779a1410 5 bytes JMP 0000000077b00450
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779a1570 5 bytes JMP 0000000077b00370
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779a15c0 5 bytes JMP 0000000077b00470
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779a15d0 5 bytes JMP 0000000077b003e0
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779a1680 5 bytes JMP 0000000077b00320
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779a16b0 5 bytes JMP 0000000077b003b0
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779a16d0 5 bytes JMP 0000000077b00390
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779a1710 5 bytes JMP 0000000077b002e0
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779a1790 5 bytes JMP 0000000077b002d0
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779a17b0 5 bytes JMP 0000000077b00310
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779a17f0 5 bytes JMP 0000000077b003c0
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779a1840 5 bytes JMP 0000000077b003f0
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779a19a0 1 byte JMP 0000000077b00230
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000779a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779a1b60 5 bytes JMP 0000000077b00480
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779a1b90 5 bytes JMP 0000000077b003a0
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779a1c70 5 bytes JMP 0000000077b002f0
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779a1c80 5 bytes JMP 0000000077b00350
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779a1ce0 5 bytes JMP 0000000077b00290
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779a1d70 5 bytes JMP 0000000077b002b0
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779a1d90 5 bytes JMP 0000000077b003d0
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779a1da0 1 byte JMP 0000000077b00330
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000779a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779a1e10 5 bytes JMP 0000000077b00410
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779a1e40 5 bytes JMP 0000000077b00240
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779a2100 5 bytes JMP 0000000077b001e0
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779a21c0 1 byte JMP 0000000077b00250
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000779a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779a21f0 5 bytes JMP 0000000077b00490
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779a2200 5 bytes JMP 0000000077b004a0
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779a2230 5 bytes JMP 0000000077b00300
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779a2240 5 bytes JMP 0000000077b00360
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779a22a0 5 bytes JMP 0000000077b002a0
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779a22f0 5 bytes JMP 0000000077b002c0
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779a2320 5 bytes JMP 0000000077b00380
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779a2330 5 bytes JMP 0000000077b00340
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779a2620 5 bytes JMP 0000000077b00440
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779a2820 5 bytes JMP 0000000077b00260
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779a2830 5 bytes JMP 0000000077b00270
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779a2840 5 bytes JMP 0000000077b00400
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779a2a00 5 bytes JMP 0000000077b001f0
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779a2a10 5 bytes JMP 0000000077b00210
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779a2a80 5 bytes JMP 0000000077b00200
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779a2ae0 5 bytes JMP 0000000077b00420
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779a2af0 5 bytes JMP 0000000077b00430
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779a2b00 5 bytes JMP 0000000077b00220
.text C:\Windows\system32\services.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779a2be0 5 bytes JMP 0000000077b00280
.text C:\Windows\system32\services.exe[636] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007788eecd 1 byte [62]
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779a13c0 5 bytes JMP 0000000077b00460
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779a1410 5 bytes JMP 0000000077b00450
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779a1570 5 bytes JMP 0000000077b00370
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779a15c0 5 bytes JMP 0000000077b00470
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779a15d0 5 bytes JMP 0000000077b003e0
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779a1680 5 bytes JMP 0000000077b00320
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779a16b0 5 bytes JMP 0000000077b003b0
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779a16d0 5 bytes JMP 0000000077b00390
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779a1710 5 bytes JMP 0000000077b002e0
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779a1790 5 bytes JMP 0000000077b002d0
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779a17b0 5 bytes JMP 0000000077b00310
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779a17f0 5 bytes JMP 0000000077b003c0
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779a1840 5 bytes JMP 0000000077b003f0
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779a19a0 1 byte JMP 0000000077b00230
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000779a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779a1b60 5 bytes JMP 0000000077b00480
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779a1b90 5 bytes JMP 0000000077b003a0
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779a1c70 5 bytes JMP 0000000077b002f0
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779a1c80 5 bytes JMP 0000000077b00350
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779a1ce0 5 bytes JMP 0000000077b00290
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779a1d70 5 bytes JMP 0000000077b002b0
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779a1d90 5 bytes JMP 0000000077b003d0
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779a1da0 1 byte JMP 0000000077b00330
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000779a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779a1e10 5 bytes JMP 0000000077b00410
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779a1e40 5 bytes JMP 0000000077b00240
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779a2100 5 bytes JMP 0000000077b001e0
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779a21c0 1 byte JMP 0000000077b00250
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000779a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779a21f0 5 bytes JMP 0000000077b00490
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779a2200 5 bytes JMP 0000000077b004a0
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779a2230 5 bytes JMP 0000000077b00300
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779a2240 5 bytes JMP 0000000077b00360
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779a22a0 5 bytes JMP 0000000077b002a0
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779a22f0 5 bytes JMP 0000000077b002c0
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779a2320 5 bytes JMP 0000000077b00380
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779a2330 5 bytes JMP 0000000077b00340
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779a2620 5 bytes JMP 0000000077b00440
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779a2820 5 bytes JMP 0000000077b00260
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779a2830 5 bytes JMP 0000000077b00270
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779a2840 5 bytes JMP 0000000077b00400
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779a2a00 5 bytes JMP 0000000077b001f0
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779a2a10 5 bytes JMP 0000000077b00210
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779a2a80 5 bytes JMP 0000000077b00200
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779a2ae0 5 bytes JMP 0000000077b00420
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779a2af0 5 bytes JMP 0000000077b00430
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779a2b00 5 bytes JMP 0000000077b00220
.text C:\Windows\system32\lsass.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779a2be0 5 bytes JMP 0000000077b00280
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779a13c0 5 bytes JMP 0000000077b00460
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779a1410 5 bytes JMP 0000000077b00450
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779a1570 5 bytes JMP 0000000077b00370
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779a15c0 5 bytes JMP 0000000077b00470
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779a15d0 5 bytes JMP 0000000077b003e0
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779a1680 5 bytes JMP 0000000077b00320
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779a16b0 5 bytes JMP 0000000077b003b0
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779a16d0 5 bytes JMP 0000000077b00390
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779a1710 5 bytes JMP 0000000077b002e0
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779a1790 5 bytes JMP 0000000077b002d0
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779a17b0 5 bytes JMP 0000000077b00310
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779a17f0 5 bytes JMP 0000000077b003c0
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779a1840 5 bytes JMP 0000000077b003f0
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779a19a0 1 byte JMP 0000000077b00230
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000779a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779a1b60 5 bytes JMP 0000000077b00480
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779a1b90 5 bytes JMP 0000000077b003a0
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779a1c70 5 bytes JMP 0000000077b002f0
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779a1c80 5 bytes JMP 0000000077b00350
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779a1ce0 5 bytes JMP 0000000077b00290
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779a1d70 5 bytes JMP 0000000077b002b0
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779a1d90 5 bytes JMP 0000000077b003d0
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779a1da0 1 byte JMP 0000000077b00330
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000779a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779a1e10 5 bytes JMP 0000000077b00410
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779a1e40 5 bytes JMP 0000000077b00240
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779a2100 5 bytes JMP 0000000077b001e0
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779a21c0 1 byte JMP 0000000077b00250
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000779a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779a21f0 5 bytes JMP 0000000077b00490
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779a2200 5 bytes JMP 0000000077b004a0
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779a2230 5 bytes JMP 0000000077b00300
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779a2240 5 bytes JMP 0000000077b00360
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779a22a0 5 bytes JMP 0000000077b002a0
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779a22f0 5 bytes JMP 0000000077b002c0
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779a2320 5 bytes JMP 0000000077b00380
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779a2330 5 bytes JMP 0000000077b00340
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779a2620 5 bytes JMP 0000000077b00440
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779a2820 5 bytes JMP 0000000077b00260
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779a2830 5 bytes JMP 0000000077b00270
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779a2840 5 bytes JMP 0000000077b00400
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779a2a00 5 bytes JMP 0000000077b001f0
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779a2a10 5 bytes JMP 0000000077b00210
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779a2a80 5 bytes JMP 0000000077b00200
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779a2ae0 5 bytes JMP 0000000077b00420
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779a2af0 5 bytes JMP 0000000077b00430
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779a2b00 5 bytes JMP 0000000077b00220
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779a2be0 5 bytes JMP 0000000077b00280
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779a13c0 5 bytes JMP 0000000077b00460
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779a1410 5 bytes JMP 0000000077b00450
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779a1570 5 bytes JMP 0000000077b00370
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779a15c0 5 bytes JMP 0000000077b00470
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779a15d0 5 bytes JMP 0000000077b003e0
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779a1680 5 bytes JMP 0000000077b00320
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779a16b0 5 bytes JMP 0000000077b003b0
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779a16d0 5 bytes JMP 0000000077b00390
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779a1710 5 bytes JMP 0000000077b002e0
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779a1790 5 bytes JMP 0000000077b002d0
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779a17b0 5 bytes JMP 0000000077b00310
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779a17f0 5 bytes JMP 0000000077b003c0
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779a1840 5 bytes JMP 0000000077b003f0
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779a19a0 1 byte JMP 0000000077b00230
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000779a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779a1b60 5 bytes JMP 0000000077b00480
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779a1b90 5 bytes JMP 0000000077b003a0
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779a1c70 5 bytes JMP 0000000077b002f0
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779a1c80 5 bytes JMP 0000000077b00350
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779a1ce0 5 bytes JMP 0000000077b00290
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779a1d70 5 bytes JMP 0000000077b002b0
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779a1d90 5 bytes JMP 0000000077b003d0
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779a1da0 1 byte JMP 0000000077b00330
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000779a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779a1e10 5 bytes JMP 0000000077b00410
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779a1e40 5 bytes JMP 0000000077b00240
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779a2100 5 bytes JMP 0000000077b001e0
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779a21c0 1 byte JMP 0000000077b00250
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000779a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779a21f0 5 bytes JMP 0000000077b00490
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779a2200 5 bytes JMP 0000000077b004a0
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779a2230 5 bytes JMP 0000000077b00300
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779a2240 5 bytes JMP 0000000077b00360
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779a22a0 5 bytes JMP 0000000077b002a0
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779a22f0 5 bytes JMP 0000000077b002c0
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779a2320 5 bytes JMP 0000000077b00380
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779a2330 5 bytes JMP 0000000077b00340
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779a2620 5 bytes JMP 0000000077b00440
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779a2820 5 bytes JMP 0000000077b00260
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779a2830 5 bytes JMP 0000000077b00270
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779a2840 5 bytes JMP 0000000077b00400
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779a2a00 5 bytes JMP 0000000077b001f0
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779a2a10 5 bytes JMP 0000000077b00210
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779a2a80 5 bytes JMP 0000000077b00200
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779a2ae0 5 bytes JMP 0000000077b00420
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779a2af0 5 bytes JMP 0000000077b00430
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779a2b00 5 bytes JMP 0000000077b00220
.text C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779a2be0 5 bytes JMP 0000000077b00280
.text C:\Windows\system32\svchost.exe[776] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007788eecd 1 byte [62]
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779a13c0 5 bytes JMP 0000000077b00460
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779a1410 5 bytes JMP 0000000077b00450
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779a1570 5 bytes JMP 0000000077b00370
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779a15c0 5 bytes JMP 0000000077b00470
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779a15d0 5 bytes JMP 0000000077b003e0
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779a1680 5 bytes JMP 0000000077b00320
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779a16b0 5 bytes JMP 0000000077b003b0
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779a16d0 5 bytes JMP 0000000077b00390
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779a1710 5 bytes JMP 0000000077b002e0
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779a1790 5 bytes JMP 0000000077b002d0
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779a17b0 5 bytes JMP 0000000077b00310
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779a17f0 5 bytes JMP 0000000077b003c0
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779a1840 5 bytes JMP 0000000077b003f0
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779a19a0 1 byte JMP 0000000077b00230
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000779a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779a1b60 5 bytes JMP 0000000077b00480
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779a1b90 5 bytes JMP 0000000077b003a0
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779a1c70 5 bytes JMP 0000000077b002f0
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779a1c80 5 bytes JMP 0000000077b00350
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779a1ce0 5 bytes JMP 0000000077b00290
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779a1d70 5 bytes JMP 0000000077b002b0
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779a1d90 5 bytes JMP 0000000077b003d0
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779a1da0 1 byte JMP 0000000077b00330
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000779a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779a1e10 5 bytes JMP 0000000077b00410
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779a1e40 5 bytes JMP 0000000077b00240
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779a2100 5 bytes JMP 0000000077b001e0
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779a21c0 1 byte JMP 0000000077b00250
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000779a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779a21f0 5 bytes JMP 0000000077b00490
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779a2200 5 bytes JMP 0000000077b004a0
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779a2230 5 bytes JMP 0000000077b00300
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779a2240 5 bytes JMP 0000000077b00360
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779a22a0 5 bytes JMP 0000000077b002a0
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779a22f0 5 bytes JMP 0000000077b002c0
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779a2320 5 bytes JMP 0000000077b00380
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779a2330 5 bytes JMP 0000000077b00340
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779a2620 5 bytes JMP 0000000077b00440
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779a2820 5 bytes JMP 0000000077b00260
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779a2830 5 bytes JMP 0000000077b00270
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779a2840 5 bytes JMP 0000000077b00400
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779a2a00 5 bytes JMP 0000000077b001f0
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779a2a10 5 bytes JMP 0000000077b00210
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779a2a80 5 bytes JMP 0000000077b00200
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779a2ae0 5 bytes JMP 0000000077b00420
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779a2af0 5 bytes JMP 0000000077b00430
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779a2b00 5 bytes JMP 0000000077b00220
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779a2be0 5 bytes JMP 0000000077b00280
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007788eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779a13c0 5 bytes JMP 0000000077b00460
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779a1410 5 bytes JMP 0000000077b00450
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779a1570 5 bytes JMP 0000000077b00370
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779a15c0 5 bytes JMP 0000000077b00470
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779a15d0 5 bytes JMP 0000000077b003e0
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779a1680 5 bytes JMP 0000000077b00320
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779a16b0 5 bytes JMP 0000000077b003b0
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779a16d0 5 bytes JMP 0000000077b00390
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779a1710 5 bytes JMP 0000000077b002e0
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779a1790 5 bytes JMP 0000000077b002d0
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779a17b0 5 bytes JMP 0000000077b00310
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779a17f0 5 bytes JMP 0000000077b003c0
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779a1840 5 bytes JMP 0000000077b003f0
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779a19a0 1 byte JMP 0000000077b00230
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000779a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779a1b60 5 bytes JMP 0000000077b00480
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779a1b90 5 bytes JMP 0000000077b003a0
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779a1c70 5 bytes JMP 0000000077b002f0
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779a1c80 5 bytes JMP 0000000077b00350
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779a1ce0 5 bytes JMP 0000000077b00290
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779a1d70 5 bytes JMP 0000000077b002b0
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779a1d90 5 bytes JMP 0000000077b003d0
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779a1da0 1 byte JMP 0000000077b00330
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000779a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779a1e10 5 bytes JMP 0000000077b00410
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779a1e40 5 bytes JMP 0000000077b00240
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779a2100 5 bytes JMP 0000000077b001e0
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779a21c0 1 byte JMP 0000000077b00250
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000779a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779a21f0 5 bytes JMP 0000000077b00490
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779a2200 5 bytes JMP 0000000077b004a0
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779a2230 5 bytes JMP 0000000077b00300
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779a2240 5 bytes JMP 0000000077b00360
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779a22a0 5 bytes JMP 0000000077b002a0
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779a22f0 5 bytes JMP 0000000077b002c0
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779a2320 5 bytes JMP 0000000077b00380
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779a2330 5 bytes JMP 0000000077b00340
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779a2620 5 bytes JMP 0000000077b00440
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779a2820 5 bytes JMP 0000000077b00260
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779a2830 5 bytes JMP 0000000077b00270
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779a2840 5 bytes JMP 0000000077b00400
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779a2a00 5 bytes JMP 0000000077b001f0
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779a2a10 5 bytes JMP 0000000077b00210
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779a2a80 5 bytes JMP 0000000077b00200
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779a2ae0 5 bytes JMP 0000000077b00420
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779a2af0 5 bytes JMP 0000000077b00430
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779a2b00 5 bytes JMP 0000000077b00220
.text C:\Windows\system32\svchost.exe[916] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779a2be0 5 bytes JMP 0000000077b00280
.text C:\Windows\system32\atiesrxx.exe[980] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007788eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779a13c0 5 bytes JMP 0000000077b00460
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779a1410 5 bytes JMP 0000000077b00450
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779a1570 5 bytes JMP 0000000077b00370
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779a15c0 5 bytes JMP 0000000077b00470
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779a15d0 5 bytes JMP 0000000077b003e0
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779a1680 5 bytes JMP 0000000077b00320
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779a16b0 5 bytes JMP 0000000077b003b0
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779a16d0 5 bytes JMP 0000000077b00390
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779a1710 5 bytes JMP 0000000077b002e0
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779a1790 5 bytes JMP 0000000077b002d0
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779a17b0 5 bytes JMP 0000000077b00310
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779a17f0 5 bytes JMP 0000000077b003c0
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779a1840 5 bytes JMP 0000000077b003f0
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779a19a0 1 byte JMP 0000000077b00230
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000779a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779a1b60 5 bytes JMP 0000000077b00480
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779a1b90 5 bytes JMP 0000000077b003a0
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779a1c70 5 bytes JMP 0000000077b002f0
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779a1c80 5 bytes JMP 0000000077b00350
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779a1ce0 5 bytes JMP 0000000077b00290
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779a1d70 5 bytes JMP 0000000077b002b0
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779a1d90 5 bytes JMP 0000000077b003d0
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779a1da0 1 byte JMP 0000000077b00330
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000779a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779a1e10 5 bytes JMP 0000000077b00410
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779a1e40 5 bytes JMP 0000000077b00240
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779a2100 5 bytes JMP 0000000077b001e0
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779a21c0 1 byte JMP 0000000077b00250
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000779a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779a21f0 5 bytes JMP 0000000077b00490
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779a2200 5 bytes JMP 0000000077b004a0
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779a2230 5 bytes JMP 0000000077b00300
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779a2240 5 bytes JMP 0000000077b00360
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779a22a0 5 bytes JMP 0000000077b002a0
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779a22f0 5 bytes JMP 0000000077b002c0
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779a2320 5 bytes JMP 0000000077b00380
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779a2330 5 bytes JMP 0000000077b00340
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779a2620 5 bytes JMP 0000000077b00440
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779a2820 5 bytes JMP 0000000077b00260
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779a2830 5 bytes JMP 0000000077b00270
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779a2840 5 bytes JMP 0000000077b00400
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779a2a00 5 bytes JMP 0000000077b001f0
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779a2a10 5 bytes JMP 0000000077b00210
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779a2a80 5 bytes JMP 0000000077b00200
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779a2ae0 5 bytes JMP 0000000077b00420
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779a2af0 5 bytes JMP 0000000077b00430
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779a2b00 5 bytes JMP 0000000077b00220
.text C:\Windows\System32\svchost.exe[132] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779a2be0 5 bytes JMP 0000000077b00280
.text C:\Windows\System32\svchost.exe[132] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007788eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779a13c0 5 bytes JMP 0000000077b00460
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779a1410 5 bytes JMP 0000000077b00450
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779a1570 5 bytes JMP 0000000077b00370
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779a15c0 5 bytes JMP 0000000077b00470
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779a15d0 5 bytes JMP 0000000077b003e0
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779a1680 5 bytes JMP 0000000077b00320
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779a16b0 5 bytes JMP 0000000077b003b0
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779a16d0 5 bytes JMP 0000000077b00390
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779a1710 5 bytes JMP 0000000077b002e0
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779a1790 5 bytes JMP 0000000077b002d0
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779a17b0 5 bytes JMP 0000000077b00310
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779a17f0 5 bytes JMP 0000000077b003c0
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779a1840 5 bytes JMP 0000000077b003f0
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779a19a0 1 byte JMP 0000000077b00230
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000779a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779a1b60 5 bytes JMP 0000000077b00480
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779a1b90 5 bytes JMP 0000000077b003a0
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779a1c70 5 bytes JMP 0000000077b002f0
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779a1c80 5 bytes JMP 0000000077b00350
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779a1ce0 5 bytes JMP 0000000077b00290
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779a1d70 5 bytes JMP 0000000077b002b0
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779a1d90 5 bytes JMP 0000000077b003d0
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779a1da0 1 byte JMP 0000000077b00330
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000779a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779a1e10 5 bytes JMP 0000000077b00410
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779a1e40 5 bytes JMP 0000000077b00240
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779a2100 5 bytes JMP 0000000077b001e0
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779a21c0 1 byte JMP 0000000077b00250
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000779a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779a21f0 5 bytes JMP 0000000077b00490
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779a2200 5 bytes JMP 0000000077b004a0
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779a2230 5 bytes JMP 0000000077b00300
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779a2240 5 bytes JMP 0000000077b00360
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779a22a0 5 bytes JMP 0000000077b002a0
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779a22f0 5 bytes JMP 0000000077b002c0
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779a2320 5 bytes JMP 0000000077b00380
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779a2330 5 bytes JMP 0000000077b00340
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779a2620 5 bytes JMP 0000000077b00440
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779a2820 5 bytes JMP 0000000077b00260
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779a2830 5 bytes JMP 0000000077b00270
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779a2840 5 bytes JMP 0000000077b00400
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779a2a00 5 bytes JMP 0000000077b001f0
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779a2a10 5 bytes JMP 0000000077b00210
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779a2a80 5 bytes JMP 0000000077b00200
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779a2ae0 5 bytes JMP 0000000077b00420
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779a2af0 5 bytes JMP 0000000077b00430
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779a2b00 5 bytes JMP 0000000077b00220
.text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779a2be0 5 bytes JMP 0000000077b00280
.text C:\Windows\System32\svchost.exe[456] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007788eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779a13c0 5 bytes JMP 0000000077b00460
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779a1410 5 bytes JMP 0000000077b00450
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779a1570 5 bytes JMP 0000000077b00370
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779a15c0 5 bytes JMP 0000000077b00470
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779a15d0 5 bytes JMP 0000000077b003e0
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779a1680 5 bytes JMP 0000000077b00320
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779a16b0 5 bytes JMP 0000000077b003b0
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779a16d0 5 bytes JMP 0000000077b00390
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779a1710 5 bytes JMP 0000000077b002e0
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779a1790 5 bytes JMP 0000000077b002d0
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779a17b0 5 bytes JMP 0000000077b00310
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779a17f0 5 bytes JMP 0000000077b003c0
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779a1840 5 bytes JMP 0000000077b003f0
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779a19a0 1 byte JMP 0000000077b00230
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000779a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779a1b60 5 bytes JMP 0000000077b00480
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779a1b90 5 bytes JMP 0000000077b003a0
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779a1c70 5 bytes JMP 0000000077b002f0
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779a1c80 5 bytes JMP 0000000077b00350
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779a1ce0 5 bytes JMP 0000000077b00290
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779a1d70 5 bytes JMP 0000000077b002b0
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779a1d90 5 bytes JMP 0000000077b003d0
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779a1da0 1 byte JMP 0000000077b00330
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000779a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779a1e10 5 bytes JMP 0000000077b00410
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779a1e40 5 bytes JMP 0000000077b00240
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779a2100 5 bytes JMP 0000000077b001e0
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779a21c0 1 byte JMP 0000000077b00250
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000779a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779a21f0 5 bytes JMP 0000000077b00490
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779a2200 5 bytes JMP 0000000077b004a0
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779a2230 5 bytes JMP 0000000077b00300
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779a2240 5 bytes JMP 0000000077b00360
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779a22a0 5 bytes JMP 0000000077b002a0
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779a22f0 5 bytes JMP 0000000077b002c0
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779a2320 5 bytes JMP 0000000077b00380
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779a2330 5 bytes JMP 0000000077b00340
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779a2620 5 bytes JMP 0000000077b00440
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779a2820 5 bytes JMP 0000000077b00260
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779a2830 5 bytes JMP 0000000077b00270
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779a2840 5 bytes JMP 0000000077b00400
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779a2a00 5 bytes JMP 0000000077b001f0
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779a2a10 5 bytes JMP 0000000077b00210
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779a2a80 5 bytes JMP 0000000077b00200
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779a2ae0 5 bytes JMP 0000000077b00420
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779a2af0 5 bytes JMP 0000000077b00430
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779a2b00 5 bytes JMP 0000000077b00220
.text C:\Windows\system32\svchost.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779a2be0 5 bytes JMP 0000000077b00280
.text C:\Windows\system32\svchost.exe[660] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007788eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779a13c0 5 bytes JMP 0000000077b00460
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779a1410 5 bytes JMP 0000000077b00450
|
|
01.05.2014, 02:58
| #4 |
| | Internet Explorer öffnet Pup ups von "lpcloudbox" nach Installation von FreeYoutubeDownloader "update" Gmer Teil 3 von 4 Code:
ATTFilter .text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779a1570 5 bytes JMP 0000000077b00370
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779a15c0 5 bytes JMP 0000000077b00470
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779a15d0 5 bytes JMP 0000000077b003e0
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779a1680 5 bytes JMP 0000000077b00320
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779a16b0 5 bytes JMP 0000000077b003b0
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779a16d0 5 bytes JMP 0000000077b00390
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779a1710 5 bytes JMP 0000000077b002e0
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779a1790 5 bytes JMP 0000000077b002d0
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779a17b0 5 bytes JMP 0000000077b00310
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779a17f0 5 bytes JMP 0000000077b003c0
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779a1840 5 bytes JMP 0000000077b003f0
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779a19a0 1 byte JMP 0000000077b00230
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000779a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779a1b60 5 bytes JMP 0000000077b00480
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779a1b90 5 bytes JMP 0000000077b003a0
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779a1c70 5 bytes JMP 0000000077b002f0
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779a1c80 5 bytes JMP 0000000077b00350
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779a1ce0 5 bytes JMP 0000000077b00290
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779a1d70 5 bytes JMP 0000000077b002b0
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779a1d90 5 bytes JMP 0000000077b003d0
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779a1da0 1 byte JMP 0000000077b00330
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000779a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779a1e10 5 bytes JMP 0000000077b00410
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779a1e40 5 bytes JMP 0000000077b00240
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779a2100 5 bytes JMP 0000000077b001e0
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779a21c0 1 byte JMP 0000000077b00250
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000779a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779a21f0 5 bytes JMP 0000000077b00490
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779a2200 5 bytes JMP 0000000077b004a0
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779a2230 5 bytes JMP 0000000077b00300
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779a2240 5 bytes JMP 0000000077b00360
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779a22a0 5 bytes JMP 0000000077b002a0
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779a22f0 5 bytes JMP 0000000077b002c0
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779a2320 5 bytes JMP 0000000077b00380
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779a2330 5 bytes JMP 0000000077b00340
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779a2620 5 bytes JMP 0000000077b00440
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779a2820 5 bytes JMP 0000000077b00260
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779a2830 5 bytes JMP 0000000077b00270
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779a2840 5 bytes JMP 0000000077b00400
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779a2a00 5 bytes JMP 0000000077b001f0
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779a2a10 5 bytes JMP 0000000077b00210
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779a2a80 5 bytes JMP 0000000077b00200
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779a2ae0 5 bytes JMP 0000000077b00420
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779a2af0 5 bytes JMP 0000000077b00430
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779a2b00 5 bytes JMP 0000000077b00220
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779a2be0 5 bytes JMP 0000000077b00280
.text C:\Windows\system32\svchost.exe[932] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007788eecd 1 byte [62]
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779a13c0 5 bytes JMP 0000000077b00460
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779a1410 5 bytes JMP 0000000077b00450
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779a1570 5 bytes JMP 0000000077b00370
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779a15c0 5 bytes JMP 0000000077b00470
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779a15d0 5 bytes JMP 0000000077b003e0
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779a1680 5 bytes JMP 0000000077b00320
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779a16b0 5 bytes JMP 0000000077b003b0
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779a16d0 5 bytes JMP 0000000077b00390
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779a1710 5 bytes JMP 0000000077b002e0
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779a1790 5 bytes JMP 0000000077b002d0
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779a17b0 5 bytes JMP 0000000077b00310
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779a17f0 5 bytes JMP 0000000077b003c0
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779a1840 5 bytes JMP 0000000077b003f0
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779a19a0 1 byte JMP 0000000077b00230
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000779a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779a1b60 5 bytes JMP 0000000077b00480
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779a1b90 5 bytes JMP 0000000077b003a0
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779a1c70 5 bytes JMP 0000000077b002f0
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779a1c80 5 bytes JMP 0000000077b00350
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779a1ce0 5 bytes JMP 0000000077b00290
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779a1d70 5 bytes JMP 0000000077b002b0
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779a1d90 5 bytes JMP 0000000077b003d0
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779a1da0 1 byte JMP 0000000077b00330
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000779a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779a1e10 5 bytes JMP 0000000077b00410
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779a1e40 5 bytes JMP 0000000077b00240
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779a2100 5 bytes JMP 0000000077b001e0
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779a21c0 1 byte JMP 0000000077b00250
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000779a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779a21f0 5 bytes JMP 0000000077b00490
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779a2200 5 bytes JMP 0000000077b004a0
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779a2230 5 bytes JMP 0000000077b00300
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779a2240 5 bytes JMP 0000000077b00360
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779a22a0 5 bytes JMP 0000000077b002a0
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779a22f0 5 bytes JMP 0000000077b002c0
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779a2320 5 bytes JMP 0000000077b00380
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779a2330 5 bytes JMP 0000000077b00340
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779a2620 5 bytes JMP 0000000077b00440
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779a2820 5 bytes JMP 0000000077b00260
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779a2830 5 bytes JMP 0000000077b00270
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779a2840 5 bytes JMP 0000000077b00400
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779a2a00 5 bytes JMP 0000000077b001f0
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779a2a10 5 bytes JMP 0000000077b00210
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779a2a80 5 bytes JMP 0000000077b00200
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779a2ae0 5 bytes JMP 0000000077b00420
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779a2af0 5 bytes JMP 0000000077b00430
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779a2b00 5 bytes JMP 0000000077b00220
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779a2be0 5 bytes JMP 0000000077b00280
.text C:\Windows\system32\AUDIODG.EXE[1100] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 000000007788eecd 1 byte [62]
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779a13c0 5 bytes JMP 0000000077b00460
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779a1410 5 bytes JMP 0000000077b00450
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779a1570 5 bytes JMP 0000000077b00370
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779a15c0 5 bytes JMP 0000000077b00470
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779a15d0 5 bytes JMP 0000000077b003e0
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779a1680 5 bytes JMP 0000000077b00320
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779a16b0 5 bytes JMP 0000000077b003b0
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779a16d0 5 bytes JMP 0000000077b00390
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779a1710 5 bytes JMP 0000000077b002e0
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779a1790 5 bytes JMP 0000000077b002d0
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779a17b0 5 bytes JMP 0000000077b00310
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779a17f0 5 bytes JMP 0000000077b003c0
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779a1840 5 bytes JMP 0000000077b003f0
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779a19a0 1 byte JMP 0000000077b00230
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000779a19a2 3 bytes {JMP 0x15e890}
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779a1b60 5 bytes JMP 0000000077b00480
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779a1b90 5 bytes JMP 0000000077b003a0
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779a1c70 5 bytes JMP 0000000077b002f0
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779a1c80 5 bytes JMP 0000000077b00350
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779a1ce0 5 bytes JMP 0000000077b00290
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779a1d70 5 bytes JMP 0000000077b002b0
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779a1d90 5 bytes JMP 0000000077b003d0
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779a1da0 1 byte JMP 0000000077b00330
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000779a1da2 3 bytes {JMP 0x15e590}
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779a1e10 5 bytes JMP 0000000077b00410
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779a1e40 5 bytes JMP 0000000077b00240
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779a2100 5 bytes JMP 0000000077b001e0
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779a21c0 1 byte JMP 0000000077b00250
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000779a21c2 3 bytes {JMP 0x15e090}
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779a21f0 5 bytes JMP 0000000077b00490
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779a2200 5 bytes JMP 0000000077b004a0
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779a2230 5 bytes JMP 0000000077b00300
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779a2240 5 bytes JMP 0000000077b00360
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779a22a0 5 bytes JMP 0000000077b002a0
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779a22f0 5 bytes JMP 0000000077b002c0
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779a2320 5 bytes JMP 0000000077b00380
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779a2330 5 bytes JMP 0000000077b00340
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779a2620 5 bytes JMP 0000000077b00440
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779a2820 5 bytes JMP 0000000077b00260
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779a2830 5 bytes JMP 0000000077b00270
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779a2840 5 bytes JMP 0000000077b00400
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779a2a00 5 bytes JMP 0000000077b001f0
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779a2a10 5 bytes JMP 0000000077b00210
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779a2a80 5 bytes JMP 0000000077b00200
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779a2ae0 5 bytes JMP 0000000077b00420
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779a2af0 5 bytes JMP 0000000077b00430
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779a2b00 5 bytes JMP 0000000077b00220
.text C:\Nuetzliches\Sandboxie\SbieSvc.exe[1212] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779a2be0 5 bytes JMP 0000000077b00280
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779a13c0 5 bytes JMP 0000000077b00460
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779a1410 5 bytes JMP 0000000077b00450
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779a1570 5 bytes JMP 0000000077b00370
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779a15c0 5 bytes JMP 0000000077b00470
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779a15d0 5 bytes JMP 0000000077b003e0
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779a1680 5 bytes JMP 0000000077b00320
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779a16b0 5 bytes JMP 0000000077b003b0
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779a16d0 5 bytes JMP 0000000077b00390
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779a1710 5 bytes JMP 0000000077b002e0
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779a1790 5 bytes JMP 0000000077b002d0
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779a17b0 5 bytes JMP 0000000077b00310
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779a17f0 5 bytes JMP 0000000077b003c0
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779a1840 5 bytes JMP 0000000077b003f0
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779a19a0 1 byte JMP 0000000077b00230
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000779a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779a1b60 5 bytes JMP 0000000077b00480
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779a1b90 5 bytes JMP 0000000077b003a0
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779a1c70 5 bytes JMP 0000000077b002f0
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779a1c80 5 bytes JMP 0000000077b00350
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779a1ce0 5 bytes JMP 0000000077b00290
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779a1d70 5 bytes JMP 0000000077b002b0
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779a1d90 5 bytes JMP 0000000077b003d0
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779a1da0 1 byte JMP 0000000077b00330
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000779a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779a1e10 5 bytes JMP 0000000077b00410
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779a1e40 5 bytes JMP 0000000077b00240
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779a2100 5 bytes JMP 0000000077b001e0
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779a21c0 1 byte JMP 0000000077b00250
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000779a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779a21f0 5 bytes JMP 0000000077b00490
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779a2200 5 bytes JMP 0000000077b004a0
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779a2230 5 bytes JMP 0000000077b00300
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779a2240 5 bytes JMP 0000000077b00360
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779a22a0 5 bytes JMP 0000000077b002a0
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779a22f0 5 bytes JMP 0000000077b002c0
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779a2320 5 bytes JMP 0000000077b00380
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779a2330 5 bytes JMP 0000000077b00340
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779a2620 5 bytes JMP 0000000077b00440
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779a2820 5 bytes JMP 0000000077b00260
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779a2830 5 bytes JMP 0000000077b00270
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779a2840 5 bytes JMP 0000000077b00400
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779a2a00 5 bytes JMP 0000000077b001f0
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779a2a10 5 bytes JMP 0000000077b00210
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779a2a80 5 bytes JMP 0000000077b00200
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779a2ae0 5 bytes JMP 0000000077b00420
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779a2af0 5 bytes JMP 0000000077b00430
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779a2b00 5 bytes JMP 0000000077b00220
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779a2be0 5 bytes JMP 0000000077b00280
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007788eecd 1 byte [62]
.text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779a13c0 5 bytes JMP 0000000077b00460
.text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779a1410 5 bytes JMP 0000000077b00450
.text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779a1570 5 bytes JMP 0000000077b00370
.text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779a15c0 5 bytes JMP 0000000077b00470
.text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779a15d0 5 bytes JMP 0000000077b003e0
.text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779a1680 5 bytes JMP 0000000077b00320
.text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779a16b0 5 bytes JMP 0000000077b003b0
.text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779a16d0 5 bytes JMP 0000000077b00390
.text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779a1710 5 bytes JMP 0000000077b002e0
.text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779a1790 5 bytes JMP 0000000077b002d0
.text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779a17b0 5 bytes JMP 0000000077b00310
.text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779a17f0 5 bytes JMP 0000000077b003c0
.text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779a1840 5 bytes JMP 0000000077b003f0
.text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779a19a0 1 byte JMP 0000000077b00230
.text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000779a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779a1b60 5 bytes JMP 0000000077b00480
.text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779a1b90 5 bytes JMP 0000000077b003a0
.text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779a1c70 5 bytes JMP 0000000077b002f0
.text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779a1c80 5 bytes JMP 0000000077b00350
.text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779a1ce0 5 bytes JMP 0000000077b00290
.text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779a1d70 5 bytes JMP 0000000077b002b0
.text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779a1d90 5 bytes JMP 0000000077b003d0
.text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779a1da0 1 byte JMP 0000000077b00330
.text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000779a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779a1e10 5 bytes JMP 0000000077b00410
.text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779a1e40 5 bytes JMP 0000000077b00240
.text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779a2100 5 bytes JMP 0000000077b001e0
.text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779a21c0 1 byte JMP 0000000077b00250
.text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000779a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779a21f0 5 bytes JMP 0000000077b00490
.text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779a2200 5 bytes JMP 0000000077b004a0
.text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779a2230 5 bytes JMP 0000000077b00300
.text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779a2240 5 bytes JMP 0000000077b00360
.text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779a22a0 5 bytes JMP 0000000077b002a0
.text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779a22f0 5 bytes JMP 0000000077b002c0
.text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779a2320 5 bytes JMP 0000000077b00380
.text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779a2330 5 bytes JMP 0000000077b00340
.text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779a2620 5 bytes JMP 0000000077b00440
.text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779a2820 5 bytes JMP 0000000077b00260
.text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779a2830 5 bytes JMP 0000000077b00270
|
|
01.05.2014, 02:59
| #5 |
| | Internet Explorer öffnet Pup ups von "lpcloudbox" nach Installation von FreeYoutubeDownloader "update" Gmer Teil 4 von 4 Code:
ATTFilter .text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779a2840 5 bytes JMP 0000000077b00400
.text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779a2a00 5 bytes JMP 0000000077b001f0
.text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779a2a10 5 bytes JMP 0000000077b00210
.text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779a2a80 5 bytes JMP 0000000077b00200
.text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779a2ae0 5 bytes JMP 0000000077b00420
.text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779a2af0 5 bytes JMP 0000000077b00430
.text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779a2b00 5 bytes JMP 0000000077b00220
.text C:\Windows\system32\atieclxx.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779a2be0 5 bytes JMP 0000000077b00280
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779a13c0 5 bytes JMP 0000000100070460
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779a1410 5 bytes JMP 0000000100070450
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779a1570 5 bytes JMP 0000000100070370
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779a15c0 5 bytes JMP 0000000100070470
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779a15d0 5 bytes JMP 00000001000703e0
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779a1680 5 bytes JMP 0000000100070320
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779a16b0 5 bytes JMP 00000001000703b0
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779a16d0 5 bytes JMP 0000000100070390
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779a1710 5 bytes JMP 00000001000702e0
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779a1790 5 bytes JMP 00000001000702d0
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779a17b0 5 bytes JMP 0000000100070310
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779a17f0 5 bytes JMP 00000001000703c0
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779a1840 5 bytes JMP 00000001000703f0
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779a19a0 1 byte JMP 0000000100070230
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000779a19a2 3 bytes {JMP 0xffffffff886ce890}
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779a1b60 5 bytes JMP 0000000100070480
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779a1b90 5 bytes JMP 00000001000703a0
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779a1c70 5 bytes JMP 00000001000702f0
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779a1c80 5 bytes JMP 0000000100070350
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779a1ce0 5 bytes JMP 0000000100070290
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779a1d70 5 bytes JMP 00000001000702b0
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779a1d90 5 bytes JMP 00000001000703d0
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779a1da0 1 byte JMP 0000000100070330
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000779a1da2 3 bytes {JMP 0xffffffff886ce590}
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779a1e10 5 bytes JMP 0000000100070410
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779a1e40 5 bytes JMP 0000000100070240
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779a2100 5 bytes JMP 00000001000701e0
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779a21c0 1 byte JMP 0000000100070250
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000779a21c2 3 bytes {JMP 0xffffffff886ce090}
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779a21f0 5 bytes JMP 0000000100070490
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779a2200 5 bytes JMP 00000001000704a0
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779a2230 5 bytes JMP 0000000100070300
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779a2240 5 bytes JMP 0000000100070360
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779a22a0 5 bytes JMP 00000001000702a0
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779a22f0 5 bytes JMP 00000001000702c0
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779a2320 5 bytes JMP 0000000100070380
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779a2330 5 bytes JMP 0000000100070340
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779a2620 5 bytes JMP 0000000100070440
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779a2820 5 bytes JMP 0000000100070260
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779a2830 5 bytes JMP 0000000100070270
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779a2840 5 bytes JMP 0000000100070400
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779a2a00 5 bytes JMP 00000001000701f0
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779a2a10 5 bytes JMP 0000000100070210
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779a2a80 5 bytes JMP 0000000100070200
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779a2ae0 5 bytes JMP 0000000100070420
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779a2af0 5 bytes JMP 0000000100070430
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779a2b00 5 bytes JMP 0000000100070220
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779a2be0 5 bytes JMP 0000000100070280
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007788eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779a13c0 5 bytes JMP 0000000100070460
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779a1410 5 bytes JMP 0000000100070450
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779a1570 5 bytes JMP 0000000100070370
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779a15c0 5 bytes JMP 0000000100070470
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779a15d0 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779a1680 5 bytes JMP 0000000100070320
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779a16b0 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779a16d0 5 bytes JMP 0000000100070390
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779a1710 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779a1790 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779a17b0 5 bytes JMP 0000000100070310
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779a17f0 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779a1840 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779a19a0 1 byte JMP 0000000100070230
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000779a19a2 3 bytes {JMP 0xffffffff886ce890}
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779a1b60 5 bytes JMP 0000000100070480
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779a1b90 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779a1c70 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779a1c80 5 bytes JMP 0000000100070350
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779a1ce0 5 bytes JMP 0000000100070290
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779a1d70 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779a1d90 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779a1da0 1 byte JMP 0000000100070330
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000779a1da2 3 bytes {JMP 0xffffffff886ce590}
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779a1e10 5 bytes JMP 0000000100070410
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779a1e40 5 bytes JMP 0000000100070240
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779a2100 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779a21c0 1 byte JMP 0000000100070250
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000779a21c2 3 bytes {JMP 0xffffffff886ce090}
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779a21f0 5 bytes JMP 0000000100070490
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779a2200 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779a2230 5 bytes JMP 0000000100070300
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779a2240 5 bytes JMP 0000000100070360
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779a22a0 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779a22f0 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779a2320 5 bytes JMP 0000000100070380
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779a2330 5 bytes JMP 0000000100070340
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779a2620 5 bytes JMP 0000000100070440
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779a2820 5 bytes JMP 0000000100070260
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779a2830 5 bytes JMP 0000000100070270
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779a2840 5 bytes JMP 0000000100070400
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779a2a00 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779a2a10 5 bytes JMP 0000000100070210
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779a2a80 5 bytes JMP 0000000100070200
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779a2ae0 5 bytes JMP 0000000100070420
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779a2af0 5 bytes JMP 0000000100070430
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779a2b00 5 bytes JMP 0000000100070220
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779a2be0 5 bytes JMP 0000000100070280
.text C:\Windows\system32\svchost.exe[1728] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007788eecd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1816] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007710a30a 1 byte [62]
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779a13c0 5 bytes JMP 0000000077b00460
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779a1410 5 bytes JMP 0000000077b00450
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779a1570 5 bytes JMP 0000000077b00370
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779a15c0 5 bytes JMP 0000000077b00470
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779a15d0 5 bytes JMP 0000000077b003e0
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779a1680 5 bytes JMP 0000000077b00320
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779a16b0 5 bytes JMP 0000000077b003b0
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779a16d0 5 bytes JMP 0000000077b00390
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779a1710 5 bytes JMP 0000000077b002e0
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779a1790 5 bytes JMP 0000000077b002d0
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779a17b0 5 bytes JMP 0000000077b00310
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779a17f0 5 bytes JMP 0000000077b003c0
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779a1840 5 bytes JMP 0000000077b003f0
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779a19a0 1 byte JMP 0000000077b00230
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000779a19a2 3 bytes {JMP 0x15e890}
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779a1b60 5 bytes JMP 0000000077b00480
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779a1b90 5 bytes JMP 0000000077b003a0
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779a1c70 5 bytes JMP 0000000077b002f0
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779a1c80 5 bytes JMP 0000000077b00350
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779a1ce0 5 bytes JMP 0000000077b00290
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779a1d70 5 bytes JMP 0000000077b002b0
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779a1d90 5 bytes JMP 0000000077b003d0
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779a1da0 1 byte JMP 0000000077b00330
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000779a1da2 3 bytes {JMP 0x15e590}
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779a1e10 5 bytes JMP 0000000077b00410
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779a1e40 5 bytes JMP 0000000077b00240
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779a2100 5 bytes JMP 0000000077b001e0
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779a21c0 1 byte JMP 0000000077b00250
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000779a21c2 3 bytes {JMP 0x15e090}
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779a21f0 5 bytes JMP 0000000077b00490
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779a2200 5 bytes JMP 0000000077b004a0
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779a2230 5 bytes JMP 0000000077b00300
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779a2240 5 bytes JMP 0000000077b00360
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779a22a0 5 bytes JMP 0000000077b002a0
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779a22f0 5 bytes JMP 0000000077b002c0
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779a2320 5 bytes JMP 0000000077b00380
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779a2330 5 bytes JMP 0000000077b00340
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779a2620 5 bytes JMP 0000000077b00440
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779a2820 5 bytes JMP 0000000077b00260
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779a2830 5 bytes JMP 0000000077b00270
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779a2840 5 bytes JMP 0000000077b00400
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779a2a00 5 bytes JMP 0000000077b001f0
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779a2a10 5 bytes JMP 0000000077b00210
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779a2a80 5 bytes JMP 0000000077b00200
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779a2ae0 5 bytes JMP 0000000077b00420
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779a2af0 5 bytes JMP 0000000077b00430
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779a2b00 5 bytes JMP 0000000077b00220
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779a2be0 5 bytes JMP 0000000077b00280
.text C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe[1868] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007788eecd 1 byte [62]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2212] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007710a30a 1 byte [62]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2212] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 00000000753c1a22 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2212] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 00000000753c1ad0 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2212] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 00000000753c1b08 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2212] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 00000000753c1bba 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2212] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 00000000753c1bda 2 bytes [3C, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c31465 2 bytes [C3, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c314bb 2 bytes [C3, 76]
.text ... * 2
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779a13c0 5 bytes JMP 0000000077b00460
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779a1410 5 bytes JMP 0000000077b00450
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779a1570 5 bytes JMP 0000000077b00370
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779a15c0 5 bytes JMP 0000000077b00470
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779a15d0 5 bytes JMP 0000000077b003e0
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779a1680 5 bytes JMP 0000000077b00320
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779a16b0 5 bytes JMP 0000000077b003b0
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779a16d0 5 bytes JMP 0000000077b00390
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779a1710 5 bytes JMP 0000000077b002e0
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779a1790 5 bytes JMP 0000000077b002d0
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779a17b0 5 bytes JMP 0000000077b00310
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779a17f0 5 bytes JMP 0000000077b003c0
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779a1840 5 bytes JMP 0000000077b003f0
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779a19a0 1 byte JMP 0000000077b00230
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000779a19a2 3 bytes {JMP 0x15e890}
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779a1b60 5 bytes JMP 0000000077b00480
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779a1b90 5 bytes JMP 0000000077b003a0
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779a1c70 5 bytes JMP 0000000077b002f0
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779a1c80 5 bytes JMP 0000000077b00350
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779a1ce0 5 bytes JMP 0000000077b00290
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779a1d70 5 bytes JMP 0000000077b002b0
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779a1d90 5 bytes JMP 0000000077b003d0
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779a1da0 1 byte JMP 0000000077b00330
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000779a1da2 3 bytes {JMP 0x15e590}
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779a1e10 5 bytes JMP 0000000077b00410
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779a1e40 5 bytes JMP 0000000077b00240
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779a2100 5 bytes JMP 0000000077b001e0
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779a21c0 1 byte JMP 0000000077b00250
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000779a21c2 3 bytes {JMP 0x15e090}
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779a21f0 5 bytes JMP 0000000077b00490
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779a2200 5 bytes JMP 0000000077b004a0
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779a2230 5 bytes JMP 0000000077b00300
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779a2240 5 bytes JMP 0000000077b00360
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779a22a0 5 bytes JMP 0000000077b002a0
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779a22f0 5 bytes JMP 0000000077b002c0
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779a2320 5 bytes JMP 0000000077b00380
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779a2330 5 bytes JMP 0000000077b00340
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779a2620 5 bytes JMP 0000000077b00440
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779a2820 5 bytes JMP 0000000077b00260
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779a2830 5 bytes JMP 0000000077b00270
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779a2840 5 bytes JMP 0000000077b00400
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779a2a00 5 bytes JMP 0000000077b001f0
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779a2a10 5 bytes JMP 0000000077b00210
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779a2a80 5 bytes JMP 0000000077b00200
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779a2ae0 5 bytes JMP 0000000077b00420
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779a2af0 5 bytes JMP 0000000077b00430
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779a2b00 5 bytes JMP 0000000077b00220
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779a2be0 5 bytes JMP 0000000077b00280
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2340] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007788eecd 1 byte [62]
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779a13c0 5 bytes JMP 0000000077b00460
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779a1410 5 bytes JMP 0000000077b00450
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779a1570 5 bytes JMP 0000000077b00370
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779a15c0 5 bytes JMP 0000000077b00470
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779a15d0 5 bytes JMP 0000000077b003e0
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779a1680 5 bytes JMP 0000000077b00320
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779a16b0 5 bytes JMP 0000000077b003b0
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779a16d0 5 bytes JMP 0000000077b00390
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779a1710 5 bytes JMP 0000000077b002e0
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779a1790 5 bytes JMP 0000000077b002d0
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779a17b0 5 bytes JMP 0000000077b00310
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779a17f0 5 bytes JMP 0000000077b003c0
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779a1840 5 bytes JMP 0000000077b003f0
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779a19a0 1 byte JMP 0000000077b00230
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000779a19a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779a1b60 5 bytes JMP 0000000077b00480
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779a1b90 5 bytes JMP 0000000077b003a0
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779a1c70 5 bytes JMP 0000000077b002f0
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779a1c80 5 bytes JMP 0000000077b00350
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779a1ce0 5 bytes JMP 0000000077b00290
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779a1d70 5 bytes JMP 0000000077b002b0
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779a1d90 5 bytes JMP 0000000077b003d0
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779a1da0 1 byte JMP 0000000077b00330
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000779a1da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779a1e10 5 bytes JMP 0000000077b00410
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779a1e40 5 bytes JMP 0000000077b00240
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779a2100 5 bytes JMP 0000000077b001e0
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779a21c0 1 byte JMP 0000000077b00250
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000779a21c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779a21f0 5 bytes JMP 0000000077b00490
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779a2200 5 bytes JMP 0000000077b004a0
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779a2230 5 bytes JMP 0000000077b00300
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779a2240 5 bytes JMP 0000000077b00360
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779a22a0 5 bytes JMP 0000000077b002a0
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779a22f0 5 bytes JMP 0000000077b002c0
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779a2320 5 bytes JMP 0000000077b00380
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779a2330 5 bytes JMP 0000000077b00340
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779a2620 5 bytes JMP 0000000077b00440
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779a2820 5 bytes JMP 0000000077b00260
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779a2830 5 bytes JMP 0000000077b00270
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779a2840 5 bytes JMP 0000000077b00400
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779a2a00 5 bytes JMP 0000000077b001f0
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779a2a10 5 bytes JMP 0000000077b00210
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779a2a80 5 bytes JMP 0000000077b00200
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779a2ae0 5 bytes JMP 0000000077b00420
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779a2af0 5 bytes JMP 0000000077b00430
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779a2b00 5 bytes JMP 0000000077b00220
.text C:\Windows\system32\Dwm.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779a2be0 5 bytes JMP 0000000077b00280
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779a13c0 5 bytes JMP 0000000100060460
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779a1410 5 bytes JMP 0000000100060450
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779a1570 5 bytes JMP 0000000100060370
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779a15c0 5 bytes JMP 0000000100060470
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779a15d0 5 bytes JMP 00000001000603e0
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779a1680 5 bytes JMP 0000000100060320
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779a16b0 5 bytes JMP 00000001000603b0
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779a16d0 5 bytes JMP 0000000100060390
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779a1710 5 bytes JMP 00000001000602e0
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779a1790 5 bytes JMP 00000001000602d0
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779a17b0 5 bytes JMP 0000000100060310
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779a17f0 5 bytes JMP 00000001000603c0
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779a1840 5 bytes JMP 00000001000603f0
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779a19a0 1 byte JMP 0000000100060230
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000779a19a2 3 bytes {JMP 0xffffffff886be890}
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779a1b60 5 bytes JMP 0000000100060480
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779a1b90 5 bytes JMP 00000001000603a0
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779a1c70 5 bytes JMP 00000001000602f0
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779a1c80 5 bytes JMP 0000000100060350
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779a1ce0 5 bytes JMP 0000000100060290
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779a1d70 5 bytes JMP 00000001000602b0
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779a1d90 5 bytes JMP 00000001000603d0
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779a1da0 1 byte JMP 0000000100060330
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000779a1da2 3 bytes {JMP 0xffffffff886be590}
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779a1e10 5 bytes JMP 0000000100060410
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779a1e40 5 bytes JMP 0000000100060240
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779a2100 5 bytes JMP 00000001000601e0
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779a21c0 1 byte JMP 0000000100060250
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000779a21c2 3 bytes {JMP 0xffffffff886be090}
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779a21f0 5 bytes JMP 0000000100060490
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779a2200 5 bytes JMP 00000001000604a0
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779a2230 5 bytes JMP 0000000100060300
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779a2240 5 bytes JMP 0000000100060360
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779a22a0 5 bytes JMP 00000001000602a0
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779a22f0 5 bytes JMP 00000001000602c0
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779a2320 5 bytes JMP 0000000100060380
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779a2330 5 bytes JMP 0000000100060340
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779a2620 5 bytes JMP 0000000100060440
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779a2820 5 bytes JMP 0000000100060260
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779a2830 5 bytes JMP 0000000100060270
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779a2840 5 bytes JMP 0000000100060400
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779a2a00 5 bytes JMP 00000001000601f0
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779a2a10 5 bytes JMP 0000000100060210
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779a2a80 5 bytes JMP 0000000100060200
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779a2ae0 5 bytes JMP 0000000100060420
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779a2af0 5 bytes JMP 0000000100060430
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779a2b00 5 bytes JMP 0000000100060220
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779a2be0 5 bytes JMP 0000000100060280
.text C:\Windows\system32\taskhost.exe[2376] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007788eecd 1 byte [62]
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2692] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007710a30a 1 byte [62]
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779a13c0 5 bytes JMP 0000000077b00460
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779a1410 5 bytes JMP 0000000077b00450
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779a1570 5 bytes JMP 0000000077b00370
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779a15c0 5 bytes JMP 0000000077b00470
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779a15d0 5 bytes JMP 0000000077b003e0
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779a1680 5 bytes JMP 0000000077b00320
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779a16b0 5 bytes JMP 0000000077b003b0
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779a16d0 5 bytes JMP 0000000077b00390
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779a1710 5 bytes JMP 0000000077b002e0
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779a1790 5 bytes JMP 0000000077b002d0
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779a17b0 5 bytes JMP 0000000077b00310
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779a17f0 5 bytes JMP 0000000077b003c0
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779a1840 5 bytes JMP 0000000077b003f0
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779a19a0 1 byte JMP 0000000077b00230
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000779a19a2 3 bytes {JMP 0x15e890}
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779a1b60 5 bytes JMP 0000000077b00480
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779a1b90 5 bytes JMP 0000000077b003a0
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779a1c70 5 bytes JMP 0000000077b002f0
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779a1c80 5 bytes JMP 0000000077b00350
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779a1ce0 5 bytes JMP 0000000077b00290
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779a1d70 5 bytes JMP 0000000077b002b0
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779a1d90 5 bytes JMP 0000000077b003d0
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779a1da0 1 byte JMP 0000000077b00330
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000779a1da2 3 bytes {JMP 0x15e590}
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779a1e10 5 bytes JMP 0000000077b00410
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779a1e40 5 bytes JMP 0000000077b00240
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779a2100 5 bytes JMP 0000000077b001e0
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779a21c0 1 byte JMP 0000000077b00250
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000779a21c2 3 bytes {JMP 0x15e090}
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779a21f0 5 bytes JMP 0000000077b00490
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779a2200 5 bytes JMP 0000000077b004a0
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779a2230 5 bytes JMP 0000000077b00300
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779a2240 5 bytes JMP 0000000077b00360
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779a22a0 5 bytes JMP 0000000077b002a0
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779a22f0 5 bytes JMP 0000000077b002c0
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779a2320 5 bytes JMP 0000000077b00380
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779a2330 5 bytes JMP 0000000077b00340
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779a2620 5 bytes JMP 0000000077b00440
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779a2820 5 bytes JMP 0000000077b00260
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779a2830 5 bytes JMP 0000000077b00270
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779a2840 5 bytes JMP 0000000077b00400
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779a2a00 5 bytes JMP 0000000077b001f0
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779a2a10 5 bytes JMP 0000000077b00210
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779a2a80 5 bytes JMP 0000000077b00200
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779a2ae0 5 bytes JMP 0000000077b00420
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779a2af0 5 bytes JMP 0000000077b00430
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779a2b00 5 bytes JMP 0000000077b00220
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779a2be0 5 bytes JMP 0000000077b00280
.text C:\Nuetzliches\Hamachi\hamachi-2.exe[2812] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007788eecd 1 byte [62]
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779a13c0 5 bytes JMP 0000000077b00460
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779a1410 5 bytes JMP 0000000077b00450
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779a1570 5 bytes JMP 0000000077b00370
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779a15c0 5 bytes JMP 0000000077b00470
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779a15d0 5 bytes JMP 0000000077b003e0
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779a1680 5 bytes JMP 0000000077b00320
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779a16b0 5 bytes JMP 0000000077b003b0
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779a16d0 5 bytes JMP 0000000077b00390
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779a1710 5 bytes JMP 0000000077b002e0
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779a1790 5 bytes JMP 0000000077b002d0
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779a17b0 5 bytes JMP 0000000077b00310
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779a17f0 5 bytes JMP 0000000077b003c0
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779a1840 5 bytes JMP 0000000077b003f0
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779a19a0 1 byte JMP 0000000077b00230
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000779a19a2 3 bytes {JMP 0x15e890}
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779a1b60 5 bytes JMP 0000000077b00480
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779a1b90 5 bytes JMP 0000000077b003a0
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779a1c70 5 bytes JMP 0000000077b002f0
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779a1c80 5 bytes JMP 0000000077b00350
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779a1ce0 5 bytes JMP 0000000077b00290
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779a1d70 5 bytes JMP 0000000077b002b0
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779a1d90 5 bytes JMP 0000000077b003d0
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779a1da0 1 byte JMP 0000000077b00330
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000779a1da2 3 bytes {JMP 0x15e590}
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779a1e10 5 bytes JMP 0000000077b00410
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779a1e40 5 bytes JMP 0000000077b00240
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779a2100 5 bytes JMP 0000000077b001e0
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779a21c0 1 byte JMP 0000000077b00250
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000779a21c2 3 bytes {JMP 0x15e090}
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779a21f0 5 bytes JMP 0000000077b00490
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779a2200 5 bytes JMP 0000000077b004a0
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779a2230 5 bytes JMP 0000000077b00300
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779a2240 5 bytes JMP 0000000077b00360
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779a22a0 5 bytes JMP 0000000077b002a0
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779a22f0 5 bytes JMP 0000000077b002c0
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779a2320 5 bytes JMP 0000000077b00380
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779a2330 5 bytes JMP 0000000077b00340
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779a2620 5 bytes JMP 0000000077b00440
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779a2820 5 bytes JMP 0000000077b00260
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779a2830 5 bytes JMP 0000000077b00270
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779a2840 5 bytes JMP 0000000077b00400
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779a2a00 5 bytes JMP 0000000077b001f0
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779a2a10 5 bytes JMP 0000000077b00210
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779a2a80 5 bytes JMP 0000000077b00200
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779a2ae0 5 bytes JMP 0000000077b00420
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779a2af0 5 bytes JMP 0000000077b00430
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779a2b00 5 bytes JMP 0000000077b00220
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779a2be0 5 bytes JMP 0000000077b00280
.text C:\Nuetzliches\Hamachi\LMIGuardianSvc.exe[2980] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007788eecd 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779a13c0 5 bytes JMP 0000000077b00460
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779a1410 5 bytes JMP 0000000077b00450
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779a1570 5 bytes JMP 0000000077b00370
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779a15c0 5 bytes JMP 0000000077b00470
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779a15d0 5 bytes JMP 0000000077b003e0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779a1680 5 bytes JMP 0000000077b00320
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779a16b0 5 bytes JMP 0000000077b003b0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779a16d0 5 bytes JMP 0000000077b00390
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779a1710 5 bytes JMP 0000000077b002e0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779a1790 5 bytes JMP 0000000077b002d0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779a17b0 5 bytes JMP 0000000077b00310
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779a17f0 5 bytes JMP 0000000077b003c0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779a1840 5 bytes JMP 0000000077b003f0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779a19a0 1 byte JMP 0000000077b00230
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000779a19a2 3 bytes {JMP 0x15e890}
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779a1b60 5 bytes JMP 0000000077b00480
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779a1b90 5 bytes JMP 0000000077b003a0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779a1c70 5 bytes JMP 0000000077b002f0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779a1c80 5 bytes JMP 0000000077b00350
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779a1ce0 5 bytes JMP 0000000077b00290
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779a1d70 5 bytes JMP 0000000077b002b0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779a1d90 5 bytes JMP 0000000077b003d0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779a1da0 1 byte JMP 0000000077b00330
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000779a1da2 3 bytes {JMP 0x15e590}
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779a1e10 5 bytes JMP 0000000077b00410
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779a1e40 5 bytes JMP 0000000077b00240
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779a2100 5 bytes JMP 0000000077b001e0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779a21c0 1 byte JMP 0000000077b00250
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000779a21c2 3 bytes {JMP 0x15e090}
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779a21f0 5 bytes JMP 0000000077b00490
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779a2200 5 bytes JMP 0000000077b004a0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779a2230 5 bytes JMP 0000000077b00300
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779a2240 5 bytes JMP 0000000077b00360
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779a22a0 5 bytes JMP 0000000077b002a0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779a22f0 5 bytes JMP 0000000077b002c0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779a2320 5 bytes JMP 0000000077b00380
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779a2330 5 bytes JMP 0000000077b00340
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779a2620 5 bytes JMP 0000000077b00440
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779a2820 5 bytes JMP 0000000077b00260
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779a2830 5 bytes JMP 0000000077b00270
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779a2840 5 bytes JMP 0000000077b00400
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779a2a00 5 bytes JMP 0000000077b001f0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779a2a10 5 bytes JMP 0000000077b00210
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779a2a80 5 bytes JMP 0000000077b00200
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779a2ae0 5 bytes JMP 0000000077b00420
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779a2af0 5 bytes JMP 0000000077b00430
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779a2b00 5 bytes JMP 0000000077b00220
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779a2be0 5 bytes JMP 0000000077b00280
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2136] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007788eecd 1 byte [62]
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779a13c0 5 bytes JMP 0000000077b00460
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779a1410 5 bytes JMP 0000000077b00450
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779a1570 5 bytes JMP 0000000077b00370
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779a15c0 5 bytes JMP 0000000077b00470
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779a15d0 5 bytes JMP 0000000077b003e0
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779a1680 5 bytes JMP 0000000077b00320
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779a16b0 5 bytes JMP 0000000077b003b0
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779a16d0 5 bytes JMP 0000000077b00390
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779a1710 5 bytes JMP 0000000077b002e0
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779a1790 5 bytes JMP 0000000077b002d0
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779a17b0 5 bytes JMP 0000000077b00310
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779a17f0 5 bytes JMP 0000000077b003c0
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779a1840 5 bytes JMP 0000000077b003f0
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779a19a0 1 byte JMP 0000000077b00230
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000779a19a2 3 bytes {JMP 0x15e890}
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779a1b60 5 bytes JMP 0000000077b00480
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779a1b90 5 bytes JMP 0000000077b003a0
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779a1c70 5 bytes JMP 0000000077b002f0
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779a1c80 5 bytes JMP 0000000077b00350
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779a1ce0 5 bytes JMP 0000000077b00290
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779a1d70 5 bytes JMP 0000000077b002b0
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779a1d90 5 bytes JMP 0000000077b003d0
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779a1da0 1 byte JMP 0000000077b00330
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000779a1da2 3 bytes {JMP 0x15e590}
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779a1e10 5 bytes JMP 0000000077b00410
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779a1e40 5 bytes JMP 0000000077b00240
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779a2100 5 bytes JMP 0000000077b001e0
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779a21c0 1 byte JMP 0000000077b00250
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000779a21c2 3 bytes {JMP 0x15e090}
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779a21f0 5 bytes JMP 0000000077b00490
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779a2200 5 bytes JMP 0000000077b004a0
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779a2230 5 bytes JMP 0000000077b00300
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779a2240 5 bytes JMP 0000000077b00360
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779a22a0 5 bytes JMP 0000000077b002a0
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779a22f0 5 bytes JMP 0000000077b002c0
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779a2320 5 bytes JMP 0000000077b00380
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779a2330 5 bytes JMP 0000000077b00340
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779a2620 5 bytes JMP 0000000077b00440
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779a2820 5 bytes JMP 0000000077b00260
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779a2830 5 bytes JMP 0000000077b00270
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779a2840 5 bytes JMP 0000000077b00400
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779a2a00 5 bytes JMP 0000000077b001f0
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779a2a10 5 bytes JMP 0000000077b00210
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779a2a80 5 bytes JMP 0000000077b00200
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779a2ae0 5 bytes JMP 0000000077b00420
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779a2af0 5 bytes JMP 0000000077b00430
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779a2b00 5 bytes JMP 0000000077b00220
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779a2be0 5 bytes JMP 0000000077b00280
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[1364] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007788eecd 1 byte [62]
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779a13c0 5 bytes JMP 0000000077b00460
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779a1410 5 bytes JMP 0000000077b00450
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779a1570 5 bytes JMP 0000000077b00370
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779a15c0 5 bytes JMP 0000000077b00470
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779a15d0 5 bytes JMP 0000000077b003e0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779a1680 5 bytes JMP 0000000077b00320
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779a16b0 5 bytes JMP 0000000077b003b0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779a16d0 5 bytes JMP 0000000077b00390
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779a1710 5 bytes JMP 0000000077b002e0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779a1790 5 bytes JMP 0000000077b002d0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779a17b0 5 bytes JMP 0000000077b00310
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779a17f0 5 bytes JMP 0000000077b003c0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779a1840 5 bytes JMP 0000000077b003f0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779a19a0 1 byte JMP 0000000077b00230
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000779a19a2 3 bytes {JMP 0x15e890}
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779a1b60 5 bytes JMP 0000000077b00480
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779a1b90 5 bytes JMP 0000000077b003a0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779a1c70 5 bytes JMP 0000000077b002f0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779a1c80 5 bytes JMP 0000000077b00350
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779a1ce0 5 bytes JMP 0000000077b00290
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779a1d70 5 bytes JMP 0000000077b002b0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779a1d90 5 bytes JMP 0000000077b003d0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779a1da0 1 byte JMP 0000000077b00330
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000779a1da2 3 bytes {JMP 0x15e590}
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779a1e10 5 bytes JMP 0000000077b00410
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779a1e40 5 bytes JMP 0000000077b00240
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779a2100 5 bytes JMP 0000000077b001e0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779a21c0 1 byte JMP 0000000077b00250
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000779a21c2 3 bytes {JMP 0x15e090}
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779a21f0 5 bytes JMP 0000000077b00490
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779a2200 5 bytes JMP 0000000077b004a0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779a2230 5 bytes JMP 0000000077b00300
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779a2240 5 bytes JMP 0000000077b00360
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779a22a0 5 bytes JMP 0000000077b002a0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779a22f0 5 bytes JMP 0000000077b002c0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779a2320 5 bytes JMP 0000000077b00380
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779a2330 5 bytes JMP 0000000077b00340
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779a2620 5 bytes JMP 0000000077b00440
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779a2820 5 bytes JMP 0000000077b00260
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779a2830 5 bytes JMP 0000000077b00270
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779a2840 5 bytes JMP 0000000077b00400
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779a2a00 5 bytes JMP 0000000077b001f0
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779a2a10 5 bytes JMP 0000000077b00210
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779a2a80 5 bytes JMP 0000000077b00200
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779a2ae0 5 bytes JMP 0000000077b00420
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779a2af0 5 bytes JMP 0000000077b00430
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779a2b00 5 bytes JMP 0000000077b00220
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779a2be0 5 bytes JMP 0000000077b00280
.text C:\Program Files\Logitech Gaming Software\LCore.exe[2228] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007788eecd 1 byte [62]
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779a13c0 5 bytes JMP 0000000077b00460
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779a1410 5 bytes JMP 0000000077b00450
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779a1570 5 bytes JMP 0000000077b00370
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779a15c0 5 bytes JMP 0000000077b00470
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779a15d0 5 bytes JMP 0000000077b003e0
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779a1680 5 bytes JMP 0000000077b00320
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779a16b0 5 bytes JMP 0000000077b003b0
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779a16d0 5 bytes JMP 0000000077b00390
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779a1710 5 bytes JMP 0000000077b002e0
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779a1790 5 bytes JMP 0000000077b002d0
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779a17b0 5 bytes JMP 0000000077b00310
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779a17f0 5 bytes JMP 0000000077b003c0
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779a1840 5 bytes JMP 0000000077b003f0
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779a19a0 1 byte JMP 0000000077b00230
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000779a19a2 3 bytes {JMP 0x15e890}
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779a1b60 5 bytes JMP 0000000077b00480
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779a1b90 5 bytes JMP 0000000077b003a0
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779a1c70 5 bytes JMP 0000000077b002f0
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779a1c80 5 bytes JMP 0000000077b00350
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779a1ce0 5 bytes JMP 0000000077b00290
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779a1d70 5 bytes JMP 0000000077b002b0
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779a1d90 5 bytes JMP 0000000077b003d0
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779a1da0 1 byte JMP 0000000077b00330
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000779a1da2 3 bytes {JMP 0x15e590}
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779a1e10 5 bytes JMP 0000000077b00410
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779a1e40 5 bytes JMP 0000000077b00240
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779a2100 5 bytes JMP 0000000077b001e0
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779a21c0 1 byte JMP 0000000077b00250
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000779a21c2 3 bytes {JMP 0x15e090}
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779a21f0 5 bytes JMP 0000000077b00490
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779a2200 5 bytes JMP 0000000077b004a0
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779a2230 5 bytes JMP 0000000077b00300
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779a2240 5 bytes JMP 0000000077b00360
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779a22a0 5 bytes JMP 0000000077b002a0
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779a22f0 5 bytes JMP 0000000077b002c0
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779a2320 5 bytes JMP 0000000077b00380
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779a2330 5 bytes JMP 0000000077b00340
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779a2620 5 bytes JMP 0000000077b00440
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779a2820 5 bytes JMP 0000000077b00260
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779a2830 5 bytes JMP 0000000077b00270
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779a2840 5 bytes JMP 0000000077b00400
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779a2a00 5 bytes JMP 0000000077b001f0
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779a2a10 5 bytes JMP 0000000077b00210
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779a2a80 5 bytes JMP 0000000077b00200
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779a2ae0 5 bytes JMP 0000000077b00420
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779a2af0 5 bytes JMP 0000000077b00430
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779a2b00 5 bytes JMP 0000000077b00220
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779a2be0 5 bytes JMP 0000000077b00280
.text C:\Nuetzliches\Sandboxie\SbieCtrl.exe[3772] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007788eecd 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3180] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000770e87b1 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3180] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007710a30a 1 byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000779a13c0 5 bytes JMP 0000000100070460
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000779a1410 5 bytes JMP 0000000100070450
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000779a1570 5 bytes JMP 0000000100070370
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000779a15c0 5 bytes JMP 0000000100070470
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779a15d0 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000779a1680 5 bytes JMP 0000000100070320
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000779a16b0 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000779a16d0 5 bytes JMP 0000000100070390
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000779a1710 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000779a1790 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000779a17b0 5 bytes JMP 0000000100070310
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000779a17f0 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000779a1840 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000779a19a0 1 byte JMP 0000000100070230
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000779a19a2 3 bytes {JMP 0xffffffff886ce890}
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000779a1b60 5 bytes JMP 0000000100070480
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000779a1b90 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000779a1c70 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000779a1c80 5 bytes JMP 0000000100070350
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000779a1ce0 5 bytes JMP 0000000100070290
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000779a1d70 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000779a1d90 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000779a1da0 1 byte JMP 0000000100070330
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 00000000779a1da2 3 bytes {JMP 0xffffffff886ce590}
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000779a1e10 5 bytes JMP 0000000100070410
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000779a1e40 5 bytes JMP 0000000100070240
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000779a2100 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000779a21c0 1 byte JMP 0000000100070250
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000779a21c2 3 bytes {JMP 0xffffffff886ce090}
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000779a21f0 5 bytes JMP 0000000100070490
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000779a2200 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000779a2230 5 bytes JMP 0000000100070300
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000779a2240 5 bytes JMP 0000000100070360
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000779a22a0 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000779a22f0 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000779a2320 5 bytes JMP 0000000100070380
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000779a2330 5 bytes JMP 0000000100070340
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000779a2620 5 bytes JMP 0000000100070440
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000779a2820 5 bytes JMP 0000000100070260
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000779a2830 5 bytes JMP 0000000100070270
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779a2840 5 bytes JMP 0000000100070400
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000779a2a00 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000779a2a10 5 bytes JMP 0000000100070210
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000779a2a80 5 bytes JMP 0000000100070200
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000779a2ae0 5 bytes JMP 0000000100070420
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000779a2af0 5 bytes JMP 0000000100070430
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000779a2b00 5 bytes JMP 0000000100070220
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000779a2be0 5 bytes JMP 0000000100070280
.text C:\Windows\system32\SearchIndexer.exe[3936] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007788eecd 1 byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3764] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007788eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[832] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007788eecd 1 byte [62]
.text C:\Windows\system32\taskmgr.exe[4220] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007788eecd 1 byte [62]
.text C:\Windows\system32\NOTEPAD.EXE[4204] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007788eecd 1 byte [62]
.text C:\Users\NightCompany\Desktop\Maleware Removal\Gmer-19357.exe[6556] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007710a30a 1 byte [62]
---- EOF - GMER 2.1 ----
|
|
07.09.2014, 14:44
| #6 |
| Administrator /// technical service   | Internet Explorer öffnet Pup ups von "lpcloudbox" nach Installation von FreeYoutubeDownloader "update" Hallo, leider wurde Dein Thema aus (technischen Gründen) übersehen. Da mehrere Antworten in Deinem Thema vorhanden waren, wurde es versehentlich als 'bereits in Arbeit' eingestuft. Dies bitten wir zu entschuldigen. Wir versuchen jedem Hilfesuchenden binnen kurzer Zeit zu antworten und Lösungen für das Problem anzubieten. Bitte erstelle ggf. ein neues Thema, damit sich ein Teammitglied deinem Problem annehmen kann. Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten? Vielen Dank für Dein Verständnis. |
|
| Themen zu Internet Explorer öffnet Pup ups von "lpcloudbox" nach Installation von FreeYoutubeDownloader "update" |
| 4d36e972-e325-11ce-bfc1-08002be10318, branding, converter, dvdvideosoft ltd., eingefangen, entfernen, genesis, hacken, installation, installiert, internet, internet explorer, lpcloudbox, löschen, problem, programme, pup.optional.installcore.a, pup.optional.snapdo, pup.optional.snapdo.a, pup.optional.websearch.a, quarantäne, refresh, registrierungsdatenbank, version, virtualbox, youtube |
Linear-Darstellung
