Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: trojan.hijacker - win7 auch nach neuinstallation infiziert? rootkit?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 30.01.2013, 13:40   #1
LouCyphre
 
trojan.hijacker - win7 auch nach neuinstallation infiziert? rootkit? - Icon31

trojan.hijacker - win7 auch nach neuinstallation infiziert? rootkit?



Hallo lieber Helfender,

habe folgendes Problem: Auf meinem Win7 x64 wurde der Trojan.Hijacker lokalisiert, welchen ich vom AV-Programm löschen ließ. Nach einem Neustart war Windows nicht mehr bootfähig und ging immer wieder in die Reparatur woraufhin ich habe das System neu aufgesetzt habe. Doch auch nach der Neuinstallation per Recovery-Disk verhält sich der Rechner nicht angemessen, so kann ich z.B. keine Verbindung zu meinem NAS herstellen. Zudem wurden Tunneladapter erstellt.
Ich habe bereits mit verschiedenen Anti-Rootkit-Tools versucht das Problem zu beheben, jedoch vergeblich. Vielleicht handelt es sich ja auch um ein anderes Problem...
Malwarebytes findet nichts. Ob der Defogger seinen Dienst getan hat bin ich nicht sicher. das log-file befindet sich im Anhang. Ebenso wie die OTL.txt, Extras.txt sowie das Gmer.log.

Zudem wurde mit einem anderen Rechner (LinuxMint) auf die externe Festplatte (F zugegriffen. Muss man hier auch mit einer Infizierung rechnen?

Der Rechner hält zudem eine FTP-Bluetooth-Verbindung, die mir auch relativ ausgelastet scheint. Außerdem sind z.B. .flv und .pdf-Dateien offensichtlich verschlüsselt und in den Eigenschaften als Windows-Shell-DLL gekennzeichnet. Ich schätze dies liegt am Trojan.Hijacker...?

Schon einmal vielen vielen Dank für eine Antwort. So langsam verzweifle ich hier...

Liebe Grüße. Lou

Geändert von LouCyphre (30.01.2013 um 14:12 Uhr) Grund: was ich vergaß zu erwähnen...

Alt 31.01.2013, 11:42   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
trojan.hijacker - win7 auch nach neuinstallation infiziert? rootkit? - Standard

trojan.hijacker - win7 auch nach neuinstallation infiziert? rootkit?



Hallo und

Mal eine kurze Frage, das ist jetzt nichts speziell gegen dich, ich hätte auch jeden anderen fragen können der die Logs so postet - wo bitte steht, dass die Logs in den Anhang gelegt werden sollen bzw. wo genau hast du das herausgelesen?

Logfiles im Anhang erschweren die Auswertung massivst

Bitte um Erläuterung damit man die Textstelle in der Anleitung für alle Neulinge mal gezielt ändern/verbessern kann. Danke.

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 31.01.2013, 13:04   #3
LouCyphre
 
trojan.hijacker - win7 auch nach neuinstallation infiziert? rootkit? - Standard

trojan.hijacker - win7 auch nach neuinstallation infiziert? rootkit?



Hallo Cosinus.

Zuerst einmal schon mal vielen Dank für deine Hilfe!!

Habe die logs als zip upgeloaded, da mir beim posten des Threads gesagt wurde die Dateien wären zu lang. da hatte ich sie jedoch auch als zitat gepostet glaube ich...

Jedoch sind diese logs sowieso nicht mehr aktuell, da mein Bruder, der zum Glück eben gegangen ist , meinte er könne mit bei meinem Problem doch auch helfen, mit der Kaspersky Rescue Disk. Er hat es zwischenzeitlich geschafft in den abgesicherten modus von windows zu kommen. der funktioniert aber jetzt schon nicht mehr, ich weiß aber nicht was er genau gemacht hat. Werde die logs neu erstellen und im code-tag posten.

Der Defogger hat erfolgreich seinen Dienst getan. Allerdings kriege ich jetzt bei der OTL.exe nur ein Dokument. Habe ich evtl. vergessen ein Häckchen zu setzen?

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 31.01.2013 13:23:43 - Run 7
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\bla\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,80 Gb Total Physical Memory | 2,56 Gb Available Physical Memory | 67,27% Memory free
7,60 Gb Paging File | 6,36 Gb Available in Paging File | 83,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 101,90 Gb Total Space | 74,05 Gb Free Space | 72,67% Space Free | Partition Type: NTFS
Drive D: | 363,76 Gb Total Space | 185,76 Gb Free Space | 51,07% Space Free | Partition Type: NTFS
 
Computer Name: BLA-PC | User Name: bla | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\bla\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
PRC - C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (VFPRadioSupportService) -- C:\Programme\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe (CSR, plc)
SRV - (PowerSavingUtilityService) -- C:\Programme\Fujitsu\PSUtility\PSUService.exe (FUJITSU LIMITED)
SRV - (WirelessSelectorService) -- C:\Programme\Fujitsu\WirelessSelector\WSUService.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (FUJ02E3) -- C:\Windows\SysNative\drivers\fuj02e3.sys (FUJITSU LIMITED)
DRV:64bit: - (FUJ02B1) -- C:\Windows\SysNative\drivers\fuj02b1.sys (FUJITSU LIMITED)
DRV - (CFRMD) -- C:\Windows\SysWOW64\drivers\CFRMD.sys (Windows (R) Win 7 DDK provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3264586188-425189666-1243810878-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3264586188-425189666-1243810878-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3264586188-425189666-1243810878-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7C 4D B4 F9 68 FE CD 01  [binary data]
IE - HKU\S-1-5-21-3264586188-425189666-1243810878-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3264586188-425189666-1243810878-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3264586188-425189666-1243810878-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found
 
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.01.30 02:25:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.30 02:21:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.01.30 02:23:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bla\AppData\Roaming\mozilla\Extensions
[2013.01.30 02:21:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.16 21:10:14 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.01.17 01:11:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.17 01:11:04 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.01.17 01:11:04 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.17 01:11:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.17 01:11:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.17 01:11:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [ConMgr] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe (CSR, plc)
O4:64bit: - HKLM..\Run: [CSRSkype] C:\Programme\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe (CSR, plc)
O4:64bit: - HKLM..\Run: [FDM7] C:\Programme\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Programme\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Programme\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PSUTility] C:\Programme\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.214 80.69.100.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2E78110-627E-4AF4-9DBD-51B707F5ED7A}: DhcpNameServer = 80.69.100.214 80.69.100.206
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.31 13:19:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\bla\Desktop\OTL.exe
[2013.01.30 13:33:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.01.30 13:33:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2013.01.30 07:57:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.01.30 06:10:16 | 000,000,000 | ---D | C] -- C:\Windows\panther
[2013.01.30 06:10:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\OEM
[2013.01.30 06:09:32 | 000,000,000 | ---D | C] -- C:\Windows\de-DE
[2013.01.30 06:09:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer
[2013.01.30 06:09:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\de-DE
[2013.01.30 06:09:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\de
[2013.01.30 06:09:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0407
[2013.01.30 06:09:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\de-DE
[2013.01.30 06:09:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\de
[2013.01.30 06:09:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0407
[2013.01.30 06:07:18 | 000,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\de-DE\pscr.sys.mui
[2013.01.30 06:06:55 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerId.sys.mui
[2013.01.30 06:06:55 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerIb.sys.mui
[2013.01.30 06:06:55 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrParwdm.sys.mui
[2013.01.30 05:44:23 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013.01.30 04:21:29 | 000,000,000 | ---D | C] -- C:\Users\bla\AppData\Local\Apps
[2013.01.30 04:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2013.01.30 04:04:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2013.01.30 03:04:57 | 000,016,200 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2013.01.30 02:59:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger
[2013.01.30 02:44:27 | 000,000,000 | ---D | C] -- C:\Users\bla\AppData\Roaming\Malwarebytes
[2013.01.30 02:44:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.30 02:44:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.30 02:44:16 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.30 02:44:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.30 02:43:48 | 000,000,000 | ---D | C] -- C:\Users\bla\AppData\Local\Programs
[2013.01.30 02:42:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013.01.30 02:41:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2013.01.30 02:34:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.01.30 02:34:58 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.01.30 02:26:46 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.01.30 02:26:46 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013.01.30 02:26:46 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013.01.30 02:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013.01.30 02:26:45 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.01.30 02:26:45 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013.01.30 02:26:41 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013.01.30 02:26:40 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013.01.30 02:25:48 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2013.01.30 02:25:48 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.01.30 02:25:37 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.01.30 02:25:37 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.01.30 02:22:56 | 000,000,000 | ---D | C] -- C:\Users\bla\AppData\Roaming\Mozilla
[2013.01.30 02:22:56 | 000,000,000 | ---D | C] -- C:\Users\bla\AppData\Local\Mozilla
[2013.01.30 02:21:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.30 01:31:14 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013.01.30 00:16:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013.01.29 23:28:45 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO
[2013.01.29 23:28:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2013.01.29 23:28:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2013.01.29 23:28:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2013.01.29 22:55:48 | 000,000,000 | ---D | C] -- C:\Users\bla\Documents\Bluetooth FTP Share
[2013.01.29 21:46:28 | 000,000,000 | ---D | C] -- C:\Users\bla\AppData\Local\Diagnostics
[2013.01.29 21:37:36 | 000,000,000 | ---D | C] -- C:\Program Files\CSR
[2013.01.29 21:37:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Feature Pack 5.0
[2013.01.29 21:36:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fujitsu Display Manager
[2013.01.29 21:35:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WirelessSelector
[2013.01.29 21:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Power Saving Utility
[2013.01.29 21:34:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LifeBook Application Panel
[2013.01.29 21:33:48 | 000,000,000 | ---D | C] -- C:\Program Files\Fujitsu
[2013.01.29 21:33:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fujitsu
[2013.01.29 21:32:57 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013.01.29 21:32:19 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2013.01.29 21:31:45 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013.01.29 21:31:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013.01.29 21:31:36 | 000,513,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013.01.29 21:31:36 | 000,363,008 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013.01.29 21:31:36 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013.01.29 21:31:36 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013.01.29 21:31:36 | 000,211,376 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013.01.29 21:31:36 | 000,198,656 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013.01.29 21:31:36 | 000,193,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013.01.29 21:31:36 | 000,150,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013.01.29 21:31:36 | 000,095,744 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013.01.29 21:31:36 | 000,073,216 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013.01.29 21:31:35 | 000,320,512 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013.01.29 21:31:35 | 000,310,784 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013.01.29 21:31:35 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2013.01.29 21:31:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013.01.29 21:30:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2013.01.29 21:30:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2013.01.29 21:29:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2013.01.29 21:28:03 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013.01.29 21:27:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013.01.29 21:27:15 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2013.01.29 21:27:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013.01.29 21:27:12 | 000,000,000 | ---D | C] -- C:\Intel
[2013.01.29 21:24:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Fujitsu
[2013.01.29 21:20:56 | 000,000,000 | R--D | C] -- C:\Users\bla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.01.29 21:20:56 | 000,000,000 | R--D | C] -- C:\Users\bla\Searches
[2013.01.29 21:20:56 | 000,000,000 | R--D | C] -- C:\Users\bla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.01.29 21:20:44 | 000,000,000 | ---D | C] -- C:\Users\bla\AppData\Roaming\Identities
[2013.01.29 21:20:40 | 000,000,000 | R--D | C] -- C:\Users\bla\Contacts
[2013.01.29 21:20:37 | 000,000,000 | ---D | C] -- C:\Users\bla\AppData\Local\VirtualStore
[2013.01.29 21:20:21 | 000,000,000 | --SD | C] -- C:\Users\bla\AppData\Roaming\Microsoft
[2013.01.29 21:20:21 | 000,000,000 | R--D | C] -- C:\Users\bla\Videos
[2013.01.29 21:20:21 | 000,000,000 | R--D | C] -- C:\Users\bla\Saved Games
[2013.01.29 21:20:21 | 000,000,000 | R--D | C] -- C:\Users\bla\Pictures
[2013.01.29 21:20:21 | 000,000,000 | R--D | C] -- C:\Users\bla\Music
[2013.01.29 21:20:21 | 000,000,000 | R--D | C] -- C:\Users\bla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.01.29 21:20:21 | 000,000,000 | R--D | C] -- C:\Users\bla\Links
[2013.01.29 21:20:21 | 000,000,000 | R--D | C] -- C:\Users\bla\Favorites
[2013.01.29 21:20:21 | 000,000,000 | R--D | C] -- C:\Users\bla\Downloads
[2013.01.29 21:20:21 | 000,000,000 | R--D | C] -- C:\Users\bla\Documents
[2013.01.29 21:20:21 | 000,000,000 | R--D | C] -- C:\Users\bla\Desktop
[2013.01.29 21:20:21 | 000,000,000 | R--D | C] -- C:\Users\bla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.01.29 21:20:21 | 000,000,000 | -HSD | C] -- C:\Users\bla\Vorlagen
[2013.01.29 21:20:21 | 000,000,000 | -HSD | C] -- C:\Users\bla\AppData\Local\Verlauf
[2013.01.29 21:20:21 | 000,000,000 | -HSD | C] -- C:\Users\bla\AppData\Local\Temporary Internet Files
[2013.01.29 21:20:21 | 000,000,000 | -HSD | C] -- C:\Users\bla\Startmenü
[2013.01.29 21:20:21 | 000,000,000 | -HSD | C] -- C:\Users\bla\SendTo
[2013.01.29 21:20:21 | 000,000,000 | -HSD | C] -- C:\Users\bla\Recent
[2013.01.29 21:20:21 | 000,000,000 | -HSD | C] -- C:\Users\bla\Netzwerkumgebung
[2013.01.29 21:20:21 | 000,000,000 | -HSD | C] -- C:\Users\bla\Lokale Einstellungen
[2013.01.29 21:20:21 | 000,000,000 | -HSD | C] -- C:\Users\bla\Documents\Eigene Videos
[2013.01.29 21:20:21 | 000,000,000 | -HSD | C] -- C:\Users\bla\Documents\Eigene Musik
[2013.01.29 21:20:21 | 000,000,000 | -HSD | C] -- C:\Users\bla\Eigene Dateien
[2013.01.29 21:20:21 | 000,000,000 | -HSD | C] -- C:\Users\bla\Documents\Eigene Bilder
[2013.01.29 21:20:21 | 000,000,000 | -HSD | C] -- C:\Users\bla\Druckumgebung
[2013.01.29 21:20:21 | 000,000,000 | -HSD | C] -- C:\Users\bla\Cookies
[2013.01.29 21:20:21 | 000,000,000 | -HSD | C] -- C:\Users\bla\AppData\Local\Anwendungsdaten
[2013.01.29 21:20:21 | 000,000,000 | -HSD | C] -- C:\Users\bla\Anwendungsdaten
[2013.01.29 21:20:21 | 000,000,000 | -H-D | C] -- C:\Users\bla\AppData
[2013.01.29 21:20:21 | 000,000,000 | ---D | C] -- C:\Users\bla\AppData\Local\Temp
[2013.01.29 21:20:21 | 000,000,000 | ---D | C] -- C:\Users\bla\AppData\Local\Microsoft
[2013.01.29 21:20:21 | 000,000,000 | ---D | C] -- C:\Users\bla\AppData\Roaming\Media Center Programs
[2013.01.29 21:19:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.01.29 21:19:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.01.29 21:19:30 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013.01.29 21:19:30 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.01.29 21:19:30 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.01.29 21:19:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.01.29 21:19:30 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.01.29 21:19:30 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.01.29 21:19:30 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.01.29 21:19:30 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.01.29 21:19:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.01.29 21:19:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.01.29 21:16:00 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.01.29 21:13:29 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013.01.29 21:13:02 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.31 13:19:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\bla\Desktop\OTL.exe
[2013.01.31 13:17:57 | 000,365,568 | ---- | M] () -- C:\Users\bla\Desktop\gmer_2.0.18454.exe
[2013.01.31 13:05:08 | 000,050,477 | ---- | M] () -- C:\Users\bla\Desktop\Defogger.exe
[2013.01.31 12:51:53 | 000,007,616 | ---- | M] () -- C:\Users\bla\AppData\Local\Resmon.ResmonCfg
[2013.01.31 12:29:39 | 000,014,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.31 12:29:39 | 000,014,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.31 12:22:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.31 12:22:03 | 3061,227,520 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.30 10:05:56 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.30 10:05:56 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.30 10:05:56 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.30 10:05:56 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.30 10:05:56 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.30 09:38:29 | 000,000,000 | ---- | M] () -- C:\Users\bla\defogger_reenable
[2013.01.30 07:14:27 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2013.01.30 06:09:24 | 000,295,922 | ---- | M] () -- C:\Windows\SysNative\perfi007.dat
[2013.01.30 06:09:24 | 000,038,104 | ---- | M] () -- C:\Windows\SysNative\perfd007.dat
[2013.01.30 02:26:41 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013.01.30 00:10:21 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.29 23:08:32 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.01.29 23:08:30 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.01.29 21:41:40 | 000,015,912 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2013.01.29 21:32:23 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013.01.29 21:19:40 | 000,000,012 | ---- | M] () -- C:\Windows\SysWow64\drivers\10CF_FUJITSU_FTS_LIFEBOOK AH530_RC_FUJITSU_FJNBB06_Ver 1.00PARTTBL_FSC - 11800_Version 1.18 _Standard-VGA-Grafikkarte.MRK
[2013.01.29 21:19:40 | 000,000,012 | ---- | M] () -- C:\Windows\SysNative\drivers\10CF_FUJITSU_FTS_LIFEBOOK AH530_RC_FUJITSU_FJNBB06_Ver 1.00PARTTBL_FSC - 11800_Version 1.18 _Standard-VGA-Grafikkarte.MRK
[2013.01.29 21:16:14 | 000,052,953 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013.01.29 21:16:14 | 000,052,953 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.31 13:17:56 | 000,365,568 | ---- | C] () -- C:\Users\bla\Desktop\gmer_2.0.18454.exe
[2013.01.31 13:05:08 | 000,050,477 | ---- | C] () -- C:\Users\bla\Desktop\Defogger.exe
[2013.01.30 09:38:29 | 000,000,000 | ---- | C] () -- C:\Users\bla\defogger_reenable
[2013.01.30 06:10:16 | 000,043,256 | R--- | C] () -- C:\Windows\SysNative\OEMLOGO.bmp
[2013.01.30 06:10:16 | 000,043,256 | R--- | C] () -- C:\Windows\Logo_positive_jpg_middle.bmp
[2013.01.30 06:09:51 | 000,654,166 | ---- | C] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.30 06:09:51 | 000,295,922 | ---- | C] () -- C:\Windows\SysNative\perfi007.dat
[2013.01.30 06:09:51 | 000,130,006 | ---- | C] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.30 06:09:51 | 000,038,104 | ---- | C] () -- C:\Windows\SysNative\perfd007.dat
[2013.01.30 02:26:40 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013.01.30 02:21:56 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.01.29 23:34:19 | 000,007,616 | ---- | C] () -- C:\Users\bla\AppData\Local\Resmon.ResmonCfg
[2013.01.29 23:24:51 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.01.29 23:08:32 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.01.29 23:08:30 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.01.29 23:00:35 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.01.29 21:41:40 | 000,015,912 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2013.01.29 21:32:23 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013.01.29 21:31:37 | 000,000,008 | ---- | C] () -- C:\Windows\SysNative\drivers\rtkhdaud.dat
[2013.01.29 21:21:04 | 000,001,405 | ---- | C] () -- C:\Users\bla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013.01.29 21:20:59 | 000,001,439 | ---- | C] () -- C:\Users\bla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.01.29 21:20:15 | 000,383,562 | RHS- | C] () -- C:\bootmgr
[2013.01.29 21:19:40 | 000,000,012 | ---- | C] () -- C:\Windows\SysWow64\drivers\10CF_FUJITSU_FTS_LIFEBOOK AH530_RC_FUJITSU_FJNBB06_Ver 1.00PARTTBL_FSC - 11800_Version 1.18 _Standard-VGA-Grafikkarte.MRK
[2013.01.29 21:19:40 | 000,000,012 | ---- | C] () -- C:\Windows\SysNative\drivers\10CF_FUJITSU_FTS_LIFEBOOK AH530_RC_FUJITSU_FJNBB06_Ver 1.00PARTTBL_FSC - 11800_Version 1.18 _Standard-VGA-Grafikkarte.MRK
[2013.01.29 21:15:52 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013.01.29 21:15:46 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013.01.29 21:13:02 | 3061,227,520 | -HS- | C] () -- C:\hiberfil.sys
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


[/CODE]
__________________

Alt 31.01.2013, 14:21   #4
LouCyphre
 
trojan.hijacker - win7 auch nach neuinstallation infiziert? rootkit? - Standard

trojan.hijacker - win7 auch nach neuinstallation infiziert? rootkit?



Code:
ATTFilter
GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-01-31 14:10:56
Windows 6.1.7600  x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0001 465,76GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\bla\AppData\Local\Temp\uwldqpow.sys


---- User code sections - GMER 2.0 ----

.text   C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                    00000000773cf760 5 bytes JMP 0000000100120440
.text   C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                             00000000773cf7b0 5 bytes JMP 0000000100120430
.text   C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                  00000000773cf960 5 bytes JMP 0000000100120450
.text   C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                        00000000773cf970 5 bytes JMP 00000001001203b0
.text   C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                             00000000773cfa20 5 bytes JMP 0000000100120320
.text   C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                      00000000773cfa50 5 bytes JMP 0000000100120380
.text   C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                               00000000773cfab0 5 bytes JMP 00000001001202e0
.text   C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                          00000000773cfb00 5 bytes JMP 0000000100120410
.text   C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                             00000000773cfb30 5 bytes JMP 00000001001202d0
.text   C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                           00000000773cfb50 5 bytes JMP 0000000100120310
.text   C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                            00000000773cfb90 5 bytes JMP 0000000100120390
.text   C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                         00000000773cfbe0 5 bytes JMP 00000001001203c0
.text   C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                            00000000773cfd40 5 bytes JMP 0000000100120230
.text   C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                 00000000773cff00 5 bytes JMP 0000000100120460
.text   C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                00000000773cff30 5 bytes JMP 0000000100120370
.text   C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                         00000000773d0010 5 bytes JMP 00000001001202f0
.text   C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                      00000000773d0020 5 bytes JMP 0000000100120350
.text   C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                            00000000773d0080 5 bytes JMP 0000000100120290
.text   C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                         00000000773d0110 5 bytes JMP 00000001001202b0
.text   C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                          00000000773d0130 5 bytes JMP 00000001001203a0
.text   C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                             00000000773d0140 5 bytes JMP 0000000100120330
.text   C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                      00000000773d01b0 5 bytes JMP 00000001001203e0
.text   C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                         00000000773d01e0 5 bytes JMP 0000000100120240
.text   C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                              00000000773d04a0 5 bytes JMP 00000001001201e0
.text   C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                         00000000773d0560 5 bytes JMP 0000000100120250
.text   C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                         00000000773d0590 5 bytes JMP 0000000100120470
.text   C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                00000000773d05a0 5 bytes JMP 0000000100120480
.text   C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                           00000000773d05d0 5 bytes JMP 0000000100120300
.text   C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                        00000000773d05e0 5 bytes JMP 0000000100120360
.text   C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                              00000000773d0640 5 bytes JMP 00000001001202a0
.text   C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                           00000000773d0690 5 bytes JMP 00000001001202c0
.text   C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                               00000000773d06d0 5 bytes JMP 0000000100120340
.text   C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                        00000000773d09c0 5 bytes JMP 0000000100120420
.text   C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                       00000000773d0bc0 5 bytes JMP 0000000100120260
.text   C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                          00000000773d0bd0 5 bytes JMP 0000000100120270
.text   C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                        00000000773d0be0 5 bytes JMP 00000001001203d0
.text   C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                    00000000773d0da0 5 bytes JMP 00000001001201f0
.text   C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                     00000000773d0db0 5 bytes JMP 0000000100120210
.text   C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                          00000000773d0e20 5 bytes JMP 0000000100120200
.text   C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                          00000000773d0e80 5 bytes JMP 00000001001203f0
.text   C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                           00000000773d0e90 5 bytes JMP 0000000100120400
.text   C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                      00000000773d0ea0 5 bytes JMP 0000000100120220
.text   C:\Windows\system32\csrss.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                              00000000773d0f80 5 bytes JMP 0000000100120280
.text   C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                  00000000773cf760 5 bytes JMP 0000000077530440
.text   C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                           00000000773cf7b0 5 bytes JMP 0000000077530430
.text   C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                00000000773cf960 5 bytes JMP 0000000077530450
.text   C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                      00000000773cf970 5 bytes JMP 00000000775303b0
.text   C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                           00000000773cfa20 5 bytes JMP 0000000077530320
.text   C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                    00000000773cfa50 5 bytes JMP 0000000077530380
.text   C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                             00000000773cfab0 5 bytes JMP 00000000775302e0
.text   C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                        00000000773cfb00 5 bytes JMP 0000000077530410
.text   C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                           00000000773cfb30 5 bytes JMP 00000000775302d0
.text   C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                         00000000773cfb50 5 bytes JMP 0000000077530310
.text   C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                          00000000773cfb90 5 bytes JMP 0000000077530390
.text   C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                       00000000773cfbe0 5 bytes JMP 00000000775303c0
.text   C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                          00000000773cfd40 5 bytes JMP 0000000077530230
.text   C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                               00000000773cff00 5 bytes JMP 0000000077530460
.text   C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                              00000000773cff30 5 bytes JMP 0000000077530370
.text   C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                       00000000773d0010 5 bytes JMP 00000000775302f0
.text   C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                    00000000773d0020 5 bytes JMP 0000000077530350
.text   C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                          00000000773d0080 5 bytes JMP 0000000077530290
.text   C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                       00000000773d0110 5 bytes JMP 00000000775302b0
.text   C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                        00000000773d0130 5 bytes JMP 00000000775303a0
.text   C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                           00000000773d0140 5 bytes JMP 0000000077530330
.text   C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                    00000000773d01b0 5 bytes JMP 00000000775303e0
.text   C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                       00000000773d01e0 5 bytes JMP 0000000077530240
.text   C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                            00000000773d04a0 5 bytes JMP 00000000775301e0
.text   C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                       00000000773d0560 5 bytes JMP 0000000077530250
.text   C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                       00000000773d0590 5 bytes JMP 0000000077530470
.text   C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                              00000000773d05a0 5 bytes JMP 0000000077530480
.text   C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                         00000000773d05d0 5 bytes JMP 0000000077530300
.text   C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                      00000000773d05e0 5 bytes JMP 0000000077530360
.text   C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                            00000000773d0640 5 bytes JMP 00000000775302a0
.text   C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                         00000000773d0690 5 bytes JMP 00000000775302c0
.text   C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                             00000000773d06d0 5 bytes JMP 0000000077530340
.text   C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                      00000000773d09c0 5 bytes JMP 0000000077530420
.text   C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                     00000000773d0bc0 5 bytes JMP 0000000077530260
.text   C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                        00000000773d0bd0 5 bytes JMP 0000000077530270
.text   C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                      00000000773d0be0 5 bytes JMP 00000000775303d0
.text   C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                  00000000773d0da0 5 bytes JMP 00000000775301f0
.text   C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                   00000000773d0db0 5 bytes JMP 0000000077530210
.text   C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                        00000000773d0e20 5 bytes JMP 0000000077530200
.text   C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                        00000000773d0e80 5 bytes JMP 00000000775303f0
.text   C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                         00000000773d0e90 5 bytes JMP 0000000077530400
.text   C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                    00000000773d0ea0 5 bytes JMP 0000000077530220
.text   C:\Windows\system32\wininit.exe[564] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                            00000000773d0f80 5 bytes JMP 0000000077530280
.text   C:\Windows\system32\wininit.exe[564] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                 000000007705f1fd 1 byte [62]
.text   C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                    00000000773cf760 5 bytes JMP 0000000100120440
.text   C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                             00000000773cf7b0 5 bytes JMP 0000000100120430
.text   C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                  00000000773cf960 5 bytes JMP 0000000100120450
.text   C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                        00000000773cf970 5 bytes JMP 00000001001203b0
.text   C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                             00000000773cfa20 5 bytes JMP 0000000100120320
.text   C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                      00000000773cfa50 5 bytes JMP 0000000100120380
.text   C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                               00000000773cfab0 5 bytes JMP 00000001001202e0
.text   C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                          00000000773cfb00 5 bytes JMP 0000000100120410
.text   C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                             00000000773cfb30 5 bytes JMP 00000001001202d0
.text   C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                           00000000773cfb50 5 bytes JMP 0000000100120310
.text   C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                            00000000773cfb90 5 bytes JMP 0000000100120390
.text   C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                         00000000773cfbe0 5 bytes JMP 00000001001203c0
.text   C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                            00000000773cfd40 5 bytes JMP 0000000100120230
.text   C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                 00000000773cff00 5 bytes JMP 0000000100120460
.text   C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                00000000773cff30 5 bytes JMP 0000000100120370
.text   C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                         00000000773d0010 5 bytes JMP 00000001001202f0
.text   C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                      00000000773d0020 5 bytes JMP 0000000100120350
.text   C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                            00000000773d0080 5 bytes JMP 0000000100120290
.text   C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                         00000000773d0110 5 bytes JMP 00000001001202b0
.text   C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                          00000000773d0130 5 bytes JMP 00000001001203a0
.text   C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                             00000000773d0140 5 bytes JMP 0000000100120330
.text   C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                      00000000773d01b0 5 bytes JMP 00000001001203e0
.text   C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                         00000000773d01e0 5 bytes JMP 0000000100120240
.text   C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                              00000000773d04a0 5 bytes JMP 00000001001201e0
.text   C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                         00000000773d0560 5 bytes JMP 0000000100120250
.text   C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                         00000000773d0590 5 bytes JMP 0000000100120470
.text   C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                00000000773d05a0 5 bytes JMP 0000000100120480
.text   C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                           00000000773d05d0 5 bytes JMP 0000000100120300
.text   C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                        00000000773d05e0 5 bytes JMP 0000000100120360
.text   C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                              00000000773d0640 5 bytes JMP 00000001001202a0
.text   C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                           00000000773d0690 5 bytes JMP 00000001001202c0
.text   C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                               00000000773d06d0 5 bytes JMP 0000000100120340
.text   C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                        00000000773d09c0 5 bytes JMP 0000000100120420
.text   C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                       00000000773d0bc0 5 bytes JMP 0000000100120260
.text   C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                          00000000773d0bd0 5 bytes JMP 0000000100120270
.text   C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                        00000000773d0be0 5 bytes JMP 00000001001203d0
.text   C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                    00000000773d0da0 5 bytes JMP 00000001001201f0
.text   C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                     00000000773d0db0 5 bytes JMP 0000000100120210
.text   C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                          00000000773d0e20 5 bytes JMP 0000000100120200
.text   C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                          00000000773d0e80 5 bytes JMP 00000001001203f0
.text   C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                           00000000773d0e90 5 bytes JMP 0000000100120400
.text   C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                      00000000773d0ea0 5 bytes JMP 0000000100120220
.text   C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                              00000000773d0f80 5 bytes JMP 0000000100120280
.text   C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                 00000000773cf760 5 bytes JMP 0000000077530440
.text   C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                          00000000773cf7b0 5 bytes JMP 0000000077530430
.text   C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                               00000000773cf960 5 bytes JMP 0000000077530450
.text   C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                     00000000773cf970 5 bytes JMP 00000000775303b0
.text   C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                          00000000773cfa20 5 bytes JMP 0000000077530320
.text   C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                   00000000773cfa50 5 bytes JMP 0000000077530380
.text   C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                            00000000773cfab0 5 bytes JMP 00000000775302e0
.text   C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                       00000000773cfb00 5 bytes JMP 0000000077530410
.text   C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                          00000000773cfb30 5 bytes JMP 00000000775302d0
.text   C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                        00000000773cfb50 5 bytes JMP 0000000077530310
.text   C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                         00000000773cfb90 5 bytes JMP 0000000077530390
.text   C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                      00000000773cfbe0 5 bytes JMP 00000000775303c0
.text   C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                         00000000773cfd40 5 bytes JMP 0000000077530230
.text   C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                              00000000773cff00 5 bytes JMP 0000000077530460
.text   C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                             00000000773cff30 5 bytes JMP 0000000077530370
.text   C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                      00000000773d0010 5 bytes JMP 00000000775302f0
.text   C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                   00000000773d0020 5 bytes JMP 0000000077530350
.text   C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                         00000000773d0080 5 bytes JMP 0000000077530290
.text   C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                      00000000773d0110 5 bytes JMP 00000000775302b0
.text   C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                       00000000773d0130 5 bytes JMP 00000000775303a0
.text   C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                          00000000773d0140 5 bytes JMP 0000000077530330
.text   C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                   00000000773d01b0 5 bytes JMP 00000000775303e0
.text   C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                      00000000773d01e0 5 bytes JMP 0000000077530240
.text   C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                           00000000773d04a0 5 bytes JMP 00000000775301e0
.text   C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                      00000000773d0560 5 bytes JMP 0000000077530250
.text   C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                      00000000773d0590 5 bytes JMP 0000000077530470
.text   C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                             00000000773d05a0 5 bytes JMP 0000000077530480
.text   C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                        00000000773d05d0 5 bytes JMP 0000000077530300
.text   C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                     00000000773d05e0 5 bytes JMP 0000000077530360
.text   C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                           00000000773d0640 5 bytes JMP 00000000775302a0
.text   C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                        00000000773d0690 5 bytes JMP 00000000775302c0
.text   C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                            00000000773d06d0 5 bytes JMP 0000000077530340
.text   C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                     00000000773d09c0 5 bytes JMP 0000000077530420
.text   C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                    00000000773d0bc0 5 bytes JMP 0000000077530260
.text   C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                       00000000773d0bd0 5 bytes JMP 0000000077530270
.text   C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                     00000000773d0be0 5 bytes JMP 00000000775303d0
.text   C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                 00000000773d0da0 5 bytes JMP 00000000775301f0
.text   C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                  00000000773d0db0 5 bytes JMP 0000000077530210
.text   C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                       00000000773d0e20 5 bytes JMP 0000000077530200
.text   C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                       00000000773d0e80 5 bytes JMP 00000000775303f0
.text   C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                        00000000773d0e90 5 bytes JMP 0000000077530400
.text   C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                   00000000773d0ea0 5 bytes JMP 0000000077530220
.text   C:\Windows\system32\services.exe[640] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                           00000000773d0f80 5 bytes JMP 0000000077530280
.text   C:\Windows\system32\services.exe[640] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                000000007705f1fd 1 byte [62]
.text   C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                    00000000773cf760 5 bytes JMP 0000000077530440
.text   C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                             00000000773cf7b0 5 bytes JMP 0000000077530430
.text   C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                  00000000773cf960 5 bytes JMP 0000000077530450
.text   C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                        00000000773cf970 5 bytes JMP 00000000775303b0
.text   C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                             00000000773cfa20 5 bytes JMP 0000000077530320
.text   C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                      00000000773cfa50 5 bytes JMP 0000000077530380
.text   C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                               00000000773cfab0 5 bytes JMP 00000000775302e0
.text   C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                          00000000773cfb00 5 bytes JMP 0000000077530410
.text   C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                             00000000773cfb30 5 bytes JMP 00000000775302d0
.text   C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                           00000000773cfb50 5 bytes JMP 0000000077530310
.text   C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                            00000000773cfb90 5 bytes JMP 0000000077530390
.text   C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                         00000000773cfbe0 5 bytes JMP 00000000775303c0
.text   C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                            00000000773cfd40 5 bytes JMP 0000000077530230
.text   C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                 00000000773cff00 5 bytes JMP 0000000077530460
.text   C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                00000000773cff30 5 bytes JMP 0000000077530370
.text   C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                         00000000773d0010 5 bytes JMP 00000000775302f0
.text   C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                      00000000773d0020 5 bytes JMP 0000000077530350
.text   C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                            00000000773d0080 5 bytes JMP 0000000077530290
.text   C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                         00000000773d0110 5 bytes JMP 00000000775302b0
.text   C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                          00000000773d0130 5 bytes JMP 00000000775303a0
.text   C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                             00000000773d0140 5 bytes JMP 0000000077530330
.text   C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                      00000000773d01b0 5 bytes JMP 00000000775303e0
.text   C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                         00000000773d01e0 5 bytes JMP 0000000077530240
.text   C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                              00000000773d04a0 5 bytes JMP 00000000775301e0
.text   C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                         00000000773d0560 5 bytes JMP 0000000077530250
.text   C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                         00000000773d0590 5 bytes JMP 0000000077530470
.text   C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                00000000773d05a0 5 bytes JMP 0000000077530480
.text   C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                           00000000773d05d0 5 bytes JMP 0000000077530300
.text   C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                        00000000773d05e0 5 bytes JMP 0000000077530360
.text   C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                              00000000773d0640 5 bytes JMP 00000000775302a0
.text   C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                           00000000773d0690 5 bytes JMP 00000000775302c0
.text   C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                               00000000773d06d0 5 bytes JMP 0000000077530340
.text   C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                        00000000773d09c0 5 bytes JMP 0000000077530420
.text   C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                       00000000773d0bc0 5 bytes JMP 0000000077530260
.text   C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                          00000000773d0bd0 5 bytes JMP 0000000077530270
.text   C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                        00000000773d0be0 5 bytes JMP 00000000775303d0
.text   C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                    00000000773d0da0 5 bytes JMP 00000000775301f0
.text   C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                     00000000773d0db0 5 bytes JMP 0000000077530210
.text   C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                          00000000773d0e20 5 bytes JMP 0000000077530200
.text   C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                          00000000773d0e80 5 bytes JMP 00000000775303f0
.text   C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                           00000000773d0e90 5 bytes JMP 0000000077530400
.text   C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                      00000000773d0ea0 5 bytes JMP 0000000077530220
.text   C:\Windows\system32\lsass.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                              00000000773d0f80 5 bytes JMP 0000000077530280
.text   C:\Windows\system32\lsass.exe[664] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                   000000007705f1fd 1 byte [62]
.text   C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                 00000000773cf760 5 bytes JMP 0000000077530440
.text   C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                          00000000773cf7b0 5 bytes JMP 0000000077530430
.text   C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                               00000000773cf960 5 bytes JMP 0000000077530450
.text   C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                     00000000773cf970 5 bytes JMP 00000000775303b0
.text   C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                          00000000773cfa20 5 bytes JMP 0000000077530320
.text   C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                   00000000773cfa50 5 bytes JMP 0000000077530380
.text   C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                            00000000773cfab0 5 bytes JMP 00000000775302e0
.text   C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                       00000000773cfb00 5 bytes JMP 0000000077530410
.text   C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                          00000000773cfb30 5 bytes JMP 00000000775302d0
.text   C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                        00000000773cfb50 5 bytes JMP 0000000077530310
.text   C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                         00000000773cfb90 5 bytes JMP 0000000077530390
.text   C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                      00000000773cfbe0 5 bytes JMP 00000000775303c0
.text   C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                         00000000773cfd40 5 bytes JMP 0000000077530230
.text   C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                              00000000773cff00 5 bytes JMP 0000000077530460
.text   C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                             00000000773cff30 5 bytes JMP 0000000077530370
.text   C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                      00000000773d0010 5 bytes JMP 00000000775302f0
.text   C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                   00000000773d0020 5 bytes JMP 0000000077530350
.text   C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                         00000000773d0080 5 bytes JMP 0000000077530290
.text   C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                      00000000773d0110 5 bytes JMP 00000000775302b0
.text   C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                       00000000773d0130 5 bytes JMP 00000000775303a0
.text   C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                          00000000773d0140 5 bytes JMP 0000000077530330
.text   C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                   00000000773d01b0 5 bytes JMP 00000000775303e0
.text   C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                      00000000773d01e0 5 bytes JMP 0000000077530240
.text   C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                           00000000773d04a0 5 bytes JMP 00000000775301e0
.text   C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                      00000000773d0560 5 bytes JMP 0000000077530250
.text   C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                      00000000773d0590 5 bytes JMP 0000000077530470
.text   C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                             00000000773d05a0 5 bytes JMP 0000000077530480
.text   C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                        00000000773d05d0 5 bytes JMP 0000000077530300
.text   C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                     00000000773d05e0 5 bytes JMP 0000000077530360
.text   C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                           00000000773d0640 5 bytes JMP 00000000775302a0
.text   C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                        00000000773d0690 5 bytes JMP 00000000775302c0
.text   C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                            00000000773d06d0 5 bytes JMP 0000000077530340
.text   C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                     00000000773d09c0 5 bytes JMP 0000000077530420
.text   C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                    00000000773d0bc0 5 bytes JMP 0000000077530260
.text   C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                       00000000773d0bd0 5 bytes JMP 0000000077530270
.text   C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                     00000000773d0be0 5 bytes JMP 00000000775303d0
.text   C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                 00000000773d0da0 5 bytes JMP 00000000775301f0
.text   C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                  00000000773d0db0 5 bytes JMP 0000000077530210
.text   C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                       00000000773d0e20 5 bytes JMP 0000000077530200
.text   C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                       00000000773d0e80 5 bytes JMP 00000000775303f0
.text   C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                        00000000773d0e90 5 bytes JMP 0000000077530400
.text   C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                   00000000773d0ea0 5 bytes JMP 0000000077530220
.text   C:\Windows\system32\winlogon.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                           00000000773d0f80 5 bytes JMP 0000000077530280
.text   C:\Windows\system32\winlogon.exe[676] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                000000007705f1fd 1 byte [62]
.text   C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                      00000000773cf760 5 bytes JMP 0000000100070440
.text   C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                               00000000773cf7b0 5 bytes JMP 0000000100070430
.text   C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                    00000000773cf960 5 bytes JMP 0000000100070450
.text   C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                          00000000773cf970 5 bytes JMP 00000001000703b0
.text   C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                               00000000773cfa20 5 bytes JMP 0000000100070320
.text   C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                        00000000773cfa50 5 bytes JMP 0000000100070380
.text   C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                 00000000773cfab0 5 bytes JMP 00000001000702e0
.text   C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                            00000000773cfb00 5 bytes JMP 0000000100070410
.text   C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                               00000000773cfb30 5 bytes JMP 00000001000702d0
.text   C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                             00000000773cfb50 5 bytes JMP 0000000100070310
.text   C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                              00000000773cfb90 5 bytes JMP 0000000100070390
.text   C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                           00000000773cfbe0 5 bytes JMP 00000001000703c0
.text   C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                              00000000773cfd40 5 bytes JMP 0000000100070230
.text   C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                   00000000773cff00 5 bytes JMP 0000000100070460
.text   C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                  00000000773cff30 5 bytes JMP 0000000100070370
.text   C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                           00000000773d0010 5 bytes JMP 00000001000702f0
.text   C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                        00000000773d0020 5 bytes JMP 0000000100070350
.text   C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                              00000000773d0080 5 bytes JMP 0000000100070290
.text   C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                           00000000773d0110 5 bytes JMP 00000001000702b0
.text   C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                            00000000773d0130 5 bytes JMP 00000001000703a0
.text   C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                               00000000773d0140 5 bytes JMP 0000000100070330
.text   C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                        00000000773d01b0 5 bytes JMP 00000001000703e0
.text   C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                           00000000773d01e0 5 bytes JMP 0000000100070240
.text   C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                00000000773d04a0 5 bytes JMP 00000001000701e0
.text   C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                           00000000773d0560 5 bytes JMP 0000000100070250
.text   C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                           00000000773d0590 5 bytes JMP 0000000100070470
.text   C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                  00000000773d05a0 5 bytes JMP 0000000100070480
.text   C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                             00000000773d05d0 5 bytes JMP 0000000100070300
.text   C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                          00000000773d05e0 5 bytes JMP 0000000100070360
.text   C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                00000000773d0640 5 bytes JMP 00000001000702a0
.text   C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                             00000000773d0690 5 bytes JMP 00000001000702c0
.text   C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                 00000000773d06d0 5 bytes JMP 0000000100070340
.text   C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                          00000000773d09c0 5 bytes JMP 0000000100070420
.text   C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                         00000000773d0bc0 5 bytes JMP 0000000100070260
.text   C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                            00000000773d0bd0 5 bytes JMP 0000000100070270
.text   C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                          00000000773d0be0 5 bytes JMP 00000001000703d0
.text   C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                      00000000773d0da0 5 bytes JMP 00000001000701f0
.text   C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                       00000000773d0db0 5 bytes JMP 0000000100070210
.text   C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                            00000000773d0e20 5 bytes JMP 0000000100070200
.text   C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                            00000000773d0e80 5 bytes JMP 00000001000703f0
.text   C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                             00000000773d0e90 5 bytes JMP 0000000100070400
.text   C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                        00000000773d0ea0 5 bytes JMP 0000000100070220
.text   C:\Windows\system32\lsm.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                00000000773d0f80 5 bytes JMP 0000000100070280
.text   C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                  00000000773cf760 5 bytes JMP 0000000077530440
.text   C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                           00000000773cf7b0 5 bytes JMP 0000000077530430
.text   C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                00000000773cf960 5 bytes JMP 0000000077530450
.text   C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                      00000000773cf970 5 bytes JMP 00000000775303b0
.text   C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                           00000000773cfa20 5 bytes JMP 0000000077530320
.text   C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                    00000000773cfa50 5 bytes JMP 0000000077530380
.text   C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                             00000000773cfab0 5 bytes JMP 00000000775302e0
.text   C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                        00000000773cfb00 5 bytes JMP 0000000077530410
.text   C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                           00000000773cfb30 5 bytes JMP 00000000775302d0
.text   C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                         00000000773cfb50 5 bytes JMP 0000000077530310
.text   C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                          00000000773cfb90 5 bytes JMP 0000000077530390
.text   C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                       00000000773cfbe0 5 bytes JMP 00000000775303c0
.text   C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                          00000000773cfd40 5 bytes JMP 0000000077530230
.text   C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                               00000000773cff00 5 bytes JMP 0000000077530460
.text   C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                              00000000773cff30 5 bytes JMP 0000000077530370
.text   C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                       00000000773d0010 5 bytes JMP 00000000775302f0
.text   C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                    00000000773d0020 5 bytes JMP 0000000077530350
.text   C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                          00000000773d0080 5 bytes JMP 0000000077530290
.text   C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                       00000000773d0110 5 bytes JMP 00000000775302b0
.text   C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                        00000000773d0130 5 bytes JMP 00000000775303a0
.text   C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                           00000000773d0140 5 bytes JMP 0000000077530330
.text   C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                    00000000773d01b0 5 bytes JMP 00000000775303e0
.text   C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                       00000000773d01e0 5 bytes JMP 0000000077530240
.text   C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                            00000000773d04a0 5 bytes JMP 00000000775301e0
.text   C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                       00000000773d0560 5 bytes JMP 0000000077530250
.text   C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                       00000000773d0590 5 bytes JMP 0000000077530470
.text   C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                              00000000773d05a0 5 bytes JMP 0000000077530480
.text   C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                         00000000773d05d0 5 bytes JMP 0000000077530300
.text   C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                      00000000773d05e0 5 bytes JMP 0000000077530360
.text   C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                            00000000773d0640 5 bytes JMP 00000000775302a0
.text   C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                         00000000773d0690 5 bytes JMP 00000000775302c0
.text   C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                             00000000773d06d0 5 bytes JMP 0000000077530340
.text   C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                      00000000773d09c0 5 bytes JMP 0000000077530420
.text   C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                     00000000773d0bc0 5 bytes JMP 0000000077530260
.text   C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                        00000000773d0bd0 5 bytes JMP 0000000077530270
.text   C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                      00000000773d0be0 5 bytes JMP 00000000775303d0
.text   C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                  00000000773d0da0 5 bytes JMP 00000000775301f0
.text   C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                   00000000773d0db0 5 bytes JMP 0000000077530210
.text   C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                        00000000773d0e20 5 bytes JMP 0000000077530200
.text   C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                        00000000773d0e80 5 bytes JMP 00000000775303f0
.text   C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                         00000000773d0e90 5 bytes JMP 0000000077530400
.text   C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                    00000000773d0ea0 5 bytes JMP 0000000077530220
.text   C:\Windows\system32\svchost.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                            00000000773d0f80 5 bytes JMP 0000000077530280
.text   C:\Windows\system32\svchost.exe[792] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                 000000007705f1fd 1 byte [62]
.text   C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                  00000000773cf760 5 bytes JMP 0000000077530440
.text   C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                           00000000773cf7b0 5 bytes JMP 0000000077530430
.text   C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                00000000773cf960 5 bytes JMP 0000000077530450
.text   C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                      00000000773cf970 5 bytes JMP 00000000775303b0
.text   C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                           00000000773cfa20 5 bytes JMP 0000000077530320
.text   C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                    00000000773cfa50 5 bytes JMP 0000000077530380
.text   C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                             00000000773cfab0 5 bytes JMP 00000000775302e0
.text   C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                        00000000773cfb00 5 bytes JMP 0000000077530410
.text   C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                           00000000773cfb30 5 bytes JMP 00000000775302d0
.text   C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                         00000000773cfb50 5 bytes JMP 0000000077530310
.text   C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                          00000000773cfb90 5 bytes JMP 0000000077530390
.text   C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                       00000000773cfbe0 5 bytes JMP 00000000775303c0
.text   C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                          00000000773cfd40 5 bytes JMP 0000000077530230
.text   C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                               00000000773cff00 5 bytes JMP 0000000077530460
.text   C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                              00000000773cff30 5 bytes JMP 0000000077530370
.text   C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                       00000000773d0010 5 bytes JMP 00000000775302f0
.text   C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                    00000000773d0020 5 bytes JMP 0000000077530350
.text   C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                          00000000773d0080 5 bytes JMP 0000000077530290
.text   C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                       00000000773d0110 5 bytes JMP 00000000775302b0
.text   C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                        00000000773d0130 5 bytes JMP 00000000775303a0
.text   C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                           00000000773d0140 5 bytes JMP 0000000077530330
.text   C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                    00000000773d01b0 5 bytes JMP 00000000775303e0
.text   C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                       00000000773d01e0 5 bytes JMP 0000000077530240
.text   C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                            00000000773d04a0 5 bytes JMP 00000000775301e0
.text   C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                       00000000773d0560 5 bytes JMP 0000000077530250
.text   C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                       00000000773d0590 5 bytes JMP 0000000077530470
.text   C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                              00000000773d05a0 5 bytes JMP 0000000077530480
.text   C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                         00000000773d05d0 5 bytes JMP 0000000077530300
.text   C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                      00000000773d05e0 5 bytes JMP 0000000077530360
.text   C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                            00000000773d0640 5 bytes JMP 00000000775302a0
.text   C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                         00000000773d0690 5 bytes JMP 00000000775302c0
.text   C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                             00000000773d06d0 5 bytes JMP 0000000077530340
.text   C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                      00000000773d09c0 5 bytes JMP 0000000077530420
.text   C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                     00000000773d0bc0 5 bytes JMP 0000000077530260
.text   C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                        00000000773d0bd0 5 bytes JMP 0000000077530270
.text   C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                      00000000773d0be0 5 bytes JMP 00000000775303d0
.text   C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                  00000000773d0da0 5 bytes JMP 00000000775301f0
.text   C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                   00000000773d0db0 5 bytes JMP 0000000077530210
.text   C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                        00000000773d0e20 5 bytes JMP 0000000077530200
.text   C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                        00000000773d0e80 5 bytes JMP 00000000775303f0
.text   C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                         00000000773d0e90 5 bytes JMP 0000000077530400
.text   C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                    00000000773d0ea0 5 bytes JMP 0000000077530220
.text   C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                            00000000773d0f80 5 bytes JMP 0000000077530280
.text   C:\Windows\system32\svchost.exe[892] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                 000000007705f1fd 1 byte [62]
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                  00000000773cf760 5 bytes JMP 0000000077530440
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                           00000000773cf7b0 5 bytes JMP 0000000077530430
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                00000000773cf960 5 bytes JMP 0000000077530450
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                      00000000773cf970 5 bytes JMP 00000000775303b0
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                           00000000773cfa20 5 bytes JMP 0000000077530320
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                    00000000773cfa50 5 bytes JMP 0000000077530380
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                             00000000773cfab0 5 bytes JMP 00000000775302e0
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                        00000000773cfb00 5 bytes JMP 0000000077530410
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                           00000000773cfb30 5 bytes JMP 00000000775302d0
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                         00000000773cfb50 5 bytes JMP 0000000077530310
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                          00000000773cfb90 5 bytes JMP 0000000077530390
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                       00000000773cfbe0 5 bytes JMP 00000000775303c0
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                          00000000773cfd40 5 bytes JMP 0000000077530230
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                               00000000773cff00 5 bytes JMP 0000000077530460
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                              00000000773cff30 5 bytes JMP 0000000077530370
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                       00000000773d0010 5 bytes JMP 00000000775302f0
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                    00000000773d0020 5 bytes JMP 0000000077530350
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                          00000000773d0080 5 bytes JMP 0000000077530290
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                       00000000773d0110 5 bytes JMP 00000000775302b0
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                        00000000773d0130 5 bytes JMP 00000000775303a0
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                           00000000773d0140 5 bytes JMP 0000000077530330
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                    00000000773d01b0 5 bytes JMP 00000000775303e0
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                       00000000773d01e0 5 bytes JMP 0000000077530240
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                            00000000773d04a0 5 bytes JMP 00000000775301e0
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                       00000000773d0560 5 bytes JMP 0000000077530250
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                       00000000773d0590 5 bytes JMP 0000000077530470
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                              00000000773d05a0 5 bytes JMP 0000000077530480
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                         00000000773d05d0 5 bytes JMP 0000000077530300
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                      00000000773d05e0 5 bytes JMP 0000000077530360
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                            00000000773d0640 5 bytes JMP 00000000775302a0
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                         00000000773d0690 5 bytes JMP 00000000775302c0
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                             00000000773d06d0 5 bytes JMP 0000000077530340
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                      00000000773d09c0 5 bytes JMP 0000000077530420
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                     00000000773d0bc0 5 bytes JMP 0000000077530260
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                        00000000773d0bd0 5 bytes JMP 0000000077530270
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                      00000000773d0be0 5 bytes JMP 00000000775303d0
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                  00000000773d0da0 5 bytes JMP 00000000775301f0
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                   00000000773d0db0 5 bytes JMP 0000000077530210
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                        00000000773d0e20 5 bytes JMP 0000000077530200
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                        00000000773d0e80 5 bytes JMP 00000000775303f0
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                         00000000773d0e90 5 bytes JMP 0000000077530400
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                    00000000773d0ea0 5 bytes JMP 0000000077530220
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                            00000000773d0f80 5 bytes JMP 0000000077530280
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                 000000007705f1fd 1 byte [62]
.text   C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                 00000000773cf760 5 bytes JMP 0000000077530440
.text   C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                          00000000773cf7b0 5 bytes JMP 0000000077530430
.text   C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                               00000000773cf960 5 bytes JMP 0000000077530450
.text   C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                     00000000773cf970 5 bytes JMP 00000000775303b0
.text   C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                          00000000773cfa20 5 bytes JMP 0000000077530320
.text   C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                   00000000773cfa50 5 bytes JMP 0000000077530380
.text   C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                            00000000773cfab0 5 bytes JMP 00000000775302e0
.text   C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                       00000000773cfb00 5 bytes JMP 0000000077530410
.text   C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                          00000000773cfb30 5 bytes JMP 00000000775302d0
.text   C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                        00000000773cfb50 5 bytes JMP 0000000077530310
.text   C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                         00000000773cfb90 5 bytes JMP 0000000077530390
.text   C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                      00000000773cfbe0 5 bytes JMP 00000000775303c0
.text   C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                         00000000773cfd40 5 bytes JMP 0000000077530230
.text   C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                              00000000773cff00 5 bytes JMP 0000000077530460
.text   C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                             00000000773cff30 5 bytes JMP 0000000077530370
.text   C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                      00000000773d0010 5 bytes JMP 00000000775302f0
.text   C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                   00000000773d0020 5 bytes JMP 0000000077530350
.text   C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                         00000000773d0080 5 bytes JMP 0000000077530290
.text   C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                      00000000773d0110 5 bytes JMP 00000000775302b0
.text   C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                       00000000773d0130 5 bytes JMP 00000000775303a0
.text   C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                          00000000773d0140 5 bytes JMP 0000000077530330
.text   C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                   00000000773d01b0 5 bytes JMP 00000000775303e0
.text   C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                      00000000773d01e0 5 bytes JMP 0000000077530240
.text   C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                           00000000773d04a0 5 bytes JMP 00000000775301e0
.text   C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                      00000000773d0560 5 bytes JMP 0000000077530250
.text   C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                      00000000773d0590 5 bytes JMP 0000000077530470
.text   C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                             00000000773d05a0 5 bytes JMP 0000000077530480
.text   C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                        00000000773d05d0 5 bytes JMP 0000000077530300
.text   C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                     00000000773d05e0 5 bytes JMP 0000000077530360
.text   C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                           00000000773d0640 5 bytes JMP 00000000775302a0
.text   C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                        00000000773d0690 5 bytes JMP 00000000775302c0
.text   C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                            00000000773d06d0 5 bytes JMP 0000000077530340
.text   C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                     00000000773d09c0 5 bytes JMP 0000000077530420
.text   C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                    00000000773d0bc0 5 bytes JMP 0000000077530260
.text   C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                       00000000773d0bd0 5 bytes JMP 0000000077530270
.text   C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                     00000000773d0be0 5 bytes JMP 00000000775303d0
.text   C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                 00000000773d0da0 5 bytes JMP 00000000775301f0
.text   C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                  00000000773d0db0 5 bytes JMP 0000000077530210
.text   C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                       00000000773d0e20 5 bytes JMP 0000000077530200
.text   C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                       00000000773d0e80 5 bytes JMP 00000000775303f0
.text   C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                        00000000773d0e90 5 bytes JMP 0000000077530400
.text   C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                   00000000773d0ea0 5 bytes JMP 0000000077530220
.text   C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                           00000000773d0f80 5 bytes JMP 0000000077530280
.text   C:\Windows\System32\svchost.exe[1020] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                000000007705f1fd 1 byte [62]
.text   C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                  00000000773cf760 5 bytes JMP 0000000077530440
.text   C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                           00000000773cf7b0 5 bytes JMP 0000000077530430
.text   C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                00000000773cf960 5 bytes JMP 0000000077530450
.text   C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                      00000000773cf970 5 bytes JMP 00000000775303b0
.text   C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                           00000000773cfa20 5 bytes JMP 0000000077530320
.text   C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                    00000000773cfa50 5 bytes JMP 0000000077530380
.text   C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                             00000000773cfab0 5 bytes JMP 00000000775302e0
.text   C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                        00000000773cfb00 5 bytes JMP 0000000077530410
.text   C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                           00000000773cfb30 5 bytes JMP 00000000775302d0
.text   C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                         00000000773cfb50 5 bytes JMP 0000000077530310
.text   C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                          00000000773cfb90 5 bytes JMP 0000000077530390
.text   C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                       00000000773cfbe0 5 bytes JMP 00000000775303c0
.text   C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                          00000000773cfd40 5 bytes JMP 0000000077530230
.text   C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                               00000000773cff00 5 bytes JMP 0000000077530460
.text   C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                              00000000773cff30 5 bytes JMP 0000000077530370
.text   C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                       00000000773d0010 5 bytes JMP 00000000775302f0
.text   C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                    00000000773d0020 5 bytes JMP 0000000077530350
.text   C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                          00000000773d0080 5 bytes JMP 0000000077530290
.text   C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                       00000000773d0110 5 bytes JMP 00000000775302b0
.text   C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                        00000000773d0130 5 bytes JMP 00000000775303a0
.text   C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                           00000000773d0140 5 bytes JMP 0000000077530330
.text   C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                    00000000773d01b0 5 bytes JMP 00000000775303e0
.text   C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                       00000000773d01e0 5 bytes JMP 0000000077530240
.text   C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                            00000000773d04a0 5 bytes JMP 00000000775301e0
.text   C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                       00000000773d0560 5 bytes JMP 0000000077530250
.text   C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                       00000000773d0590 5 bytes JMP 0000000077530470
.text   C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                              00000000773d05a0 5 bytes JMP 0000000077530480
.text   C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                         00000000773d05d0 5 bytes JMP 0000000077530300
.text   C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                      00000000773d05e0 5 bytes JMP 0000000077530360
.text   C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                            00000000773d0640 5 bytes JMP 00000000775302a0
.text   C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                         00000000773d0690 5 bytes JMP 00000000775302c0
.text   C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                             00000000773d06d0 5 bytes JMP 0000000077530340
.text   C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                      00000000773d09c0 5 bytes JMP 0000000077530420
.text   C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                     00000000773d0bc0 5 bytes JMP 0000000077530260
.text   C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                        00000000773d0bd0 5 bytes JMP 0000000077530270
.text   C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                      00000000773d0be0 5 bytes JMP 00000000775303d0
.text   C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                  00000000773d0da0 5 bytes JMP 00000000775301f0
.text   C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                   00000000773d0db0 5 bytes JMP 0000000077530210
.text   C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                        00000000773d0e20 5 bytes JMP 0000000077530200
.text   C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                        00000000773d0e80 5 bytes JMP 00000000775303f0
.text   C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                         00000000773d0e90 5 bytes JMP 0000000077530400
.text   C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                    00000000773d0ea0 5 bytes JMP 0000000077530220
.text   C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                            00000000773d0f80 5 bytes JMP 0000000077530280
.text   C:\Windows\system32\svchost.exe[404] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                 000000007705f1fd 1 byte [62]
.text   C:\Windows\system32\AUDIODG.EXE[592] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                  00000000773cf760 5 bytes JMP 0000000077530440
.text   C:\Windows\system32\AUDIODG.EXE[592] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                           00000000773cf7b0 5 bytes JMP 0000000077530430
.text   C:\Windows\system32\AUDIODG.EXE[592] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                00000000773cf960 5 bytes JMP 0000000077530450
.text   C:\Windows\system32\AUDIODG.EXE[592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                      00000000773cf970 5 bytes JMP 00000000775303b0
.text   C:\Windows\system32\AUDIODG.EXE[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                           00000000773cfa20 5 bytes JMP 0000000077530320
.text   C:\Windows\system32\AUDIODG.EXE[592] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                    00000000773cfa50 5 bytes JMP 0000000077530380
.text   C:\Windows\system32\AUDIODG.EXE[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                             00000000773cfab0 5 bytes JMP 00000000775302e0
.text   C:\Windows\system32\AUDIODG.EXE[592] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                        00000000773cfb00 5 bytes JMP 0000000077530410
.text   C:\Windows\system32\AUDIODG.EXE[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                           00000000773cfb30 5 bytes JMP 00000000775302d0
.text   C:\Windows\system32\AUDIODG.EXE[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                         00000000773cfb50 5 bytes JMP 0000000077530310
.text   C:\Windows\system32\AUDIODG.EXE[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                          00000000773cfb90 5 bytes JMP 0000000077530390
.text   C:\Windows\system32\AUDIODG.EXE[592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                       00000000773cfbe0 5 bytes JMP 00000000775303c0
.text   C:\Windows\system32\AUDIODG.EXE[592] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                          00000000773cfd40 5 bytes JMP 0000000077530230
.text   C:\Windows\system32\AUDIODG.EXE[592] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                               00000000773cff00 5 bytes JMP 0000000077530460
.text   C:\Windows\system32\AUDIODG.EXE[592] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                              00000000773cff30 5 bytes JMP 0000000077530370
.text   C:\Windows\system32\AUDIODG.EXE[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                       00000000773d0010 5 bytes JMP 00000000775302f0
.text   C:\Windows\system32\AUDIODG.EXE[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                    00000000773d0020 5 bytes JMP 0000000077530350
.text   C:\Windows\system32\AUDIODG.EXE[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                          00000000773d0080 5 bytes JMP 0000000077530290
.text   C:\Windows\system32\AUDIODG.EXE[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                       00000000773d0110 5 bytes JMP 00000000775302b0
.text   C:\Windows\system32\AUDIODG.EXE[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                        00000000773d0130 5 bytes JMP 00000000775303a0
.text   C:\Windows\system32\AUDIODG.EXE[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                           00000000773d0140 5 bytes JMP 0000000077530330
.text   C:\Windows\system32\AUDIODG.EXE[592] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                    00000000773d01b0 5 bytes JMP 00000000775303e0
.text   C:\Windows\system32\AUDIODG.EXE[592] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                       00000000773d01e0 5 bytes JMP 0000000077530240
.text   C:\Windows\system32\AUDIODG.EXE[592] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                            00000000773d04a0 5 bytes JMP 00000000775301e0
.text   C:\Windows\system32\AUDIODG.EXE[592] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                       00000000773d0560 5 bytes JMP 0000000077530250
.text   C:\Windows\system32\AUDIODG.EXE[592] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                       00000000773d0590 5 bytes JMP 0000000077530470
.text   C:\Windows\system32\AUDIODG.EXE[592] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                              00000000773d05a0 5 bytes JMP 0000000077530480
.text   C:\Windows\system32\AUDIODG.EXE[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                         00000000773d05d0 5 bytes JMP 0000000077530300
.text   C:\Windows\system32\AUDIODG.EXE[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                      00000000773d05e0 5 bytes JMP 0000000077530360
.text   C:\Windows\system32\AUDIODG.EXE[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                            00000000773d0640 5 bytes JMP 00000000775302a0
.text   C:\Windows\system32\AUDIODG.EXE[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                         00000000773d0690 5 bytes JMP 00000000775302c0
.text   C:\Windows\system32\AUDIODG.EXE[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                             00000000773d06d0 5 bytes JMP 0000000077530340
.text   C:\Windows\system32\AUDIODG.EXE[592] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                      00000000773d09c0 5 bytes JMP 0000000077530420
.text   C:\Windows\system32\AUDIODG.EXE[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                     00000000773d0bc0 5 bytes JMP 0000000077530260
.text   C:\Windows\system32\AUDIODG.EXE[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                        00000000773d0bd0 5 bytes JMP 0000000077530270
.text   C:\Windows\system32\AUDIODG.EXE[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                      00000000773d0be0 5 bytes JMP 00000000775303d0
.text   C:\Windows\system32\AUDIODG.EXE[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                  00000000773d0da0 5 bytes JMP 00000000775301f0
.text   C:\Windows\system32\AUDIODG.EXE[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                   00000000773d0db0 5 bytes JMP 0000000077530210
.text   C:\Windows\system32\AUDIODG.EXE[592] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                        00000000773d0e20 5 bytes JMP 0000000077530200
.text   C:\Windows\system32\AUDIODG.EXE[592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                        00000000773d0e80 5 bytes JMP 00000000775303f0
.text   C:\Windows\system32\AUDIODG.EXE[592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                         00000000773d0e90 5 bytes JMP 0000000077530400
.text   C:\Windows\system32\AUDIODG.EXE[592] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                    00000000773d0ea0 5 bytes JMP 0000000077530220
.text   C:\Windows\system32\AUDIODG.EXE[592] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                            00000000773d0f80 5 bytes JMP 0000000077530280
.text   C:\Windows\system32\AUDIODG.EXE[592] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189                                                 000000007705f1fd 1 byte [62]
         

Alt 31.01.2013, 14:27   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
trojan.hijacker - win7 auch nach neuinstallation infiziert? rootkit? - Standard

trojan.hijacker - win7 auch nach neuinstallation infiziert? rootkit?



Zitat:
[2013.01.30 05:44:23 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013.01.30 05:22:28 | 000,000,000 | ---D | C] -- C:\Users\bla\Desktop\tdsskiller
Was hast du da schon auf eigene Faust alles gemacht?
Sowas ist absolut kontraproduktiv wenn du selbst hier und da rumbastelst und dann erst nen Strang eröffnest!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 31.01.2013, 14:27   #6
LouCyphre
 
trojan.hijacker - win7 auch nach neuinstallation infiziert? rootkit? - Standard

trojan.hijacker - win7 auch nach neuinstallation infiziert? rootkit?



Code:
ATTFilter
.text   C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                  00000000773cf760 5 bytes JMP 0000000100070440
.text   C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                           00000000773cf7b0 5 bytes JMP 0000000100070430
.text   C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                00000000773cf960 5 bytes JMP 0000000100070450
.text   C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                      00000000773cf970 5 bytes JMP 00000001000703b0
.text   C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                           00000000773cfa20 5 bytes JMP 0000000100070320
.text   C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                    00000000773cfa50 5 bytes JMP 0000000100070380
.text   C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                             00000000773cfab0 5 bytes JMP 00000001000702e0
.text   C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                        00000000773cfb00 5 bytes JMP 0000000100070410
.text   C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                           00000000773cfb30 5 bytes JMP 00000001000702d0
.text   C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                         00000000773cfb50 5 bytes JMP 0000000100070310
.text   C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                          00000000773cfb90 5 bytes JMP 0000000100070390
.text   C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                       00000000773cfbe0 5 bytes JMP 00000001000703c0
.text   C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                          00000000773cfd40 5 bytes JMP 0000000100070230
.text   C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                               00000000773cff00 5 bytes JMP 0000000100070460
.text   C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                              00000000773cff30 5 bytes JMP 0000000100070370
.text   C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                       00000000773d0010 5 bytes JMP 00000001000702f0
.text   C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                    00000000773d0020 5 bytes JMP 0000000100070350
.text   C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                          00000000773d0080 5 bytes JMP 0000000100070290
.text   C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                       00000000773d0110 5 bytes JMP 00000001000702b0
.text   C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                        00000000773d0130 5 bytes JMP 00000001000703a0
.text   C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                           00000000773d0140 5 bytes JMP 0000000100070330
.text   C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                    00000000773d01b0 5 bytes JMP 00000001000703e0
.text   C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                       00000000773d01e0 5 bytes JMP 0000000100070240
.text   C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                            00000000773d04a0 5 bytes JMP 00000001000701e0
.text   C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                       00000000773d0560 5 bytes JMP 0000000100070250
.text   C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                       00000000773d0590 5 bytes JMP 0000000100070470
.text   C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                              00000000773d05a0 5 bytes JMP 0000000100070480
.text   C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                         00000000773d05d0 5 bytes JMP 0000000100070300
.text   C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                      00000000773d05e0 5 bytes JMP 0000000100070360
.text   C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                            00000000773d0640 5 bytes JMP 00000001000702a0
.text   C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                         00000000773d0690 5 bytes JMP 00000001000702c0
.text   C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                             00000000773d06d0 5 bytes JMP 0000000100070340
.text   C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                      00000000773d09c0 5 bytes JMP 0000000100070420
.text   C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                     00000000773d0bc0 5 bytes JMP 0000000100070260
.text   C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                        00000000773d0bd0 5 bytes JMP 0000000100070270
.text   C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                      00000000773d0be0 5 bytes JMP 00000001000703d0
.text   C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                  00000000773d0da0 5 bytes JMP 00000001000701f0
.text   C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                   00000000773d0db0 5 bytes JMP 0000000100070210
.text   C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                        00000000773d0e20 5 bytes JMP 0000000100070200
.text   C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                        00000000773d0e80 5 bytes JMP 00000001000703f0
.text   C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                         00000000773d0e90 5 bytes JMP 0000000100070400
.text   C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                    00000000773d0ea0 5 bytes JMP 0000000100070220
.text   C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                            00000000773d0f80 5 bytes JMP 0000000100070280
.text   C:\Windows\system32\svchost.exe[808] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                 000000007705f1fd 1 byte [62]
.text   C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                 00000000773cf760 5 bytes JMP 0000000077530440
.text   C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                          00000000773cf7b0 5 bytes JMP 0000000077530430
.text   C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                               00000000773cf960 5 bytes JMP 0000000077530450
.text   C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                     00000000773cf970 5 bytes JMP 00000000775303b0
.text   C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                          00000000773cfa20 5 bytes JMP 0000000077530320
.text   C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                   00000000773cfa50 5 bytes JMP 0000000077530380
.text   C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                            00000000773cfab0 5 bytes JMP 00000000775302e0
.text   C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                       00000000773cfb00 5 bytes JMP 0000000077530410
.text   C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                          00000000773cfb30 5 bytes JMP 00000000775302d0
.text   C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                        00000000773cfb50 5 bytes JMP 0000000077530310
.text   C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                         00000000773cfb90 5 bytes JMP 0000000077530390
.text   C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                      00000000773cfbe0 5 bytes JMP 00000000775303c0
.text   C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                         00000000773cfd40 5 bytes JMP 0000000077530230
.text   C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                              00000000773cff00 5 bytes JMP 0000000077530460
.text   C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                             00000000773cff30 5 bytes JMP 0000000077530370
.text   C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                      00000000773d0010 5 bytes JMP 00000000775302f0
.text   C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                   00000000773d0020 5 bytes JMP 0000000077530350
.text   C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                         00000000773d0080 5 bytes JMP 0000000077530290
.text   C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                      00000000773d0110 5 bytes JMP 00000000775302b0
.text   C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                       00000000773d0130 5 bytes JMP 00000000775303a0
.text   C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                          00000000773d0140 5 bytes JMP 0000000077530330
.text   C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                   00000000773d01b0 5 bytes JMP 00000000775303e0
.text   C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                      00000000773d01e0 5 bytes JMP 0000000077530240
.text   C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                           00000000773d04a0 5 bytes JMP 00000000775301e0
.text   C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                      00000000773d0560 5 bytes JMP 0000000077530250
.text   C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                      00000000773d0590 5 bytes JMP 0000000077530470
.text   C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                             00000000773d05a0 5 bytes JMP 0000000077530480
.text   C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                        00000000773d05d0 5 bytes JMP 0000000077530300
.text   C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                     00000000773d05e0 5 bytes JMP 0000000077530360
.text   C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                           00000000773d0640 5 bytes JMP 00000000775302a0
.text   C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                        00000000773d0690 5 bytes JMP 00000000775302c0
.text   C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                            00000000773d06d0 5 bytes JMP 0000000077530340
.text   C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                     00000000773d09c0 5 bytes JMP 0000000077530420
.text   C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                    00000000773d0bc0 5 bytes JMP 0000000077530260
.text   C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                       00000000773d0bd0 5 bytes JMP 0000000077530270
.text   C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                     00000000773d0be0 5 bytes JMP 00000000775303d0
.text   C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                 00000000773d0da0 5 bytes JMP 00000000775301f0
.text   C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                  00000000773d0db0 5 bytes JMP 0000000077530210
.text   C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                       00000000773d0e20 5 bytes JMP 0000000077530200
.text   C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                       00000000773d0e80 5 bytes JMP 00000000775303f0
.text   C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                        00000000773d0e90 5 bytes JMP 0000000077530400
.text   C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                   00000000773d0ea0 5 bytes JMP 0000000077530220
.text   C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                           00000000773d0f80 5 bytes JMP 0000000077530280
.text   C:\Windows\system32\svchost.exe[1076] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                000000007705f1fd 1 byte [62]
.text   C:\Windows\System32\spoolsv.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                 00000000773cf760 5 bytes JMP 0000000100070440
.text   C:\Windows\System32\spoolsv.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                          00000000773cf7b0 5 bytes JMP 0000000100070430
.text   C:\Windows\System32\spoolsv.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                               00000000773cf960 5 bytes JMP 0000000100070450
.text   C:\Windows\System32\spoolsv.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                     00000000773cf970 5 bytes JMP 00000001000703b0
.text   C:\Windows\System32\spoolsv.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                          00000000773cfa20 5 bytes JMP 0000000100070320
.text   C:\Windows\System32\spoolsv.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                   00000000773cfa50 5 bytes JMP 0000000100070380
.text   C:\Windows\System32\spoolsv.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                            00000000773cfab0 5 bytes JMP 00000001000702e0
.text   C:\Windows\System32\spoolsv.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                       00000000773cfb00 5 bytes JMP 0000000100070410
.text   C:\Windows\System32\spoolsv.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                          00000000773cfb30 5 bytes JMP 00000001000702d0
.text   C:\Windows\System32\spoolsv.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                        00000000773cfb50 5 bytes JMP 0000000100070310
.text   C:\Windows\System32\spoolsv.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                         00000000773cfb90 5 bytes JMP 0000000100070390
.text   C:\Windows\System32\spoolsv.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                      00000000773cfbe0 5 bytes JMP 00000001000703c0
.text   C:\Windows\System32\spoolsv.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                         00000000773cfd40 5 bytes JMP 0000000100070230
.text   C:\Windows\System32\spoolsv.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                              00000000773cff00 5 bytes JMP 0000000100070460
.text   C:\Windows\System32\spoolsv.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                             00000000773cff30 5 bytes JMP 0000000100070370
.text   C:\Windows\System32\spoolsv.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                      00000000773d0010 5 bytes JMP 00000001000702f0
.text   C:\Windows\System32\spoolsv.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                   00000000773d0020 5 bytes JMP 0000000100070350
.text   C:\Windows\System32\spoolsv.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                         00000000773d0080 5 bytes JMP 0000000100070290
.text   C:\Windows\System32\spoolsv.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                      00000000773d0110 5 bytes JMP 00000001000702b0
.text   C:\Windows\System32\spoolsv.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                       00000000773d0130 5 bytes JMP 00000001000703a0
.text   C:\Windows\System32\spoolsv.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                          00000000773d0140 5 bytes JMP 0000000100070330
.text   C:\Windows\System32\spoolsv.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                   00000000773d01b0 5 bytes JMP 00000001000703e0
.text   C:\Windows\System32\spoolsv.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                      00000000773d01e0 5 bytes JMP 0000000100070240
.text   C:\Windows\System32\spoolsv.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                           00000000773d04a0 5 bytes JMP 00000001000701e0
.text   C:\Windows\System32\spoolsv.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                      00000000773d0560 5 bytes JMP 0000000100070250
.text   C:\Windows\System32\spoolsv.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                      00000000773d0590 5 bytes JMP 0000000100070470
.text   C:\Windows\System32\spoolsv.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                             00000000773d05a0 5 bytes JMP 0000000100070480
.text   C:\Windows\System32\spoolsv.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                        00000000773d05d0 5 bytes JMP 0000000100070300
.text   C:\Windows\System32\spoolsv.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                     00000000773d05e0 5 bytes JMP 0000000100070360
.text   C:\Windows\System32\spoolsv.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                           00000000773d0640 5 bytes JMP 00000001000702a0
.text   C:\Windows\System32\spoolsv.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                        00000000773d0690 5 bytes JMP 00000001000702c0
.text   C:\Windows\System32\spoolsv.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                            00000000773d06d0 5 bytes JMP 0000000100070340
.text   C:\Windows\System32\spoolsv.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                     00000000773d09c0 5 bytes JMP 0000000100070420
.text   C:\Windows\System32\spoolsv.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                    00000000773d0bc0 5 bytes JMP 0000000100070260
.text   C:\Windows\System32\spoolsv.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                       00000000773d0bd0 5 bytes JMP 0000000100070270
.text   C:\Windows\System32\spoolsv.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                     00000000773d0be0 5 bytes JMP 00000001000703d0
.text   C:\Windows\System32\spoolsv.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                 00000000773d0da0 5 bytes JMP 00000001000701f0
.text   C:\Windows\System32\spoolsv.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                  00000000773d0db0 5 bytes JMP 0000000100070210
.text   C:\Windows\System32\spoolsv.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                       00000000773d0e20 5 bytes JMP 0000000100070200
.text   C:\Windows\System32\spoolsv.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                       00000000773d0e80 5 bytes JMP 00000001000703f0
.text   C:\Windows\System32\spoolsv.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                        00000000773d0e90 5 bytes JMP 0000000100070400
.text   C:\Windows\System32\spoolsv.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                   00000000773d0ea0 5 bytes JMP 0000000100070220
.text   C:\Windows\System32\spoolsv.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                           00000000773d0f80 5 bytes JMP 0000000100070280
.text   C:\Windows\System32\spoolsv.exe[1404] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                000000007705f1fd 1 byte [62]
.text   C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                 00000000773cf760 5 bytes JMP 0000000100070440
.text   C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                          00000000773cf7b0 5 bytes JMP 0000000100070430
.text   C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                               00000000773cf960 5 bytes JMP 0000000100070450
.text   C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                     00000000773cf970 5 bytes JMP 00000001000703b0
.text   C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                          00000000773cfa20 5 bytes JMP 0000000100070320
.text   C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                   00000000773cfa50 5 bytes JMP 0000000100070380
.text   C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                            00000000773cfab0 5 bytes JMP 00000001000702e0
.text   C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                       00000000773cfb00 5 bytes JMP 0000000100070410
.text   C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                          00000000773cfb30 5 bytes JMP 00000001000702d0
.text   C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                        00000000773cfb50 5 bytes JMP 0000000100070310
.text   C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                         00000000773cfb90 5 bytes JMP 0000000100070390
.text   C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                      00000000773cfbe0 5 bytes JMP 00000001000703c0
.text   C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                         00000000773cfd40 5 bytes JMP 0000000100070230
.text   C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                              00000000773cff00 5 bytes JMP 0000000100070460
.text   C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                             00000000773cff30 5 bytes JMP 0000000100070370
.text   C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                      00000000773d0010 5 bytes JMP 00000001000702f0
.text   C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                   00000000773d0020 5 bytes JMP 0000000100070350
.text   C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                         00000000773d0080 5 bytes JMP 0000000100070290
.text   C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                      00000000773d0110 5 bytes JMP 00000001000702b0
.text   C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                       00000000773d0130 5 bytes JMP 00000001000703a0
.text   C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                          00000000773d0140 5 bytes JMP 0000000100070330
.text   C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                   00000000773d01b0 5 bytes JMP 00000001000703e0
.text   C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                      00000000773d01e0 5 bytes JMP 0000000100070240
.text   C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                           00000000773d04a0 5 bytes JMP 00000001000701e0
.text   C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                      00000000773d0560 5 bytes JMP 0000000100070250
.text   C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                      00000000773d0590 5 bytes JMP 0000000100070470
.text   C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                             00000000773d05a0 5 bytes JMP 0000000100070480
.text   C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                        00000000773d05d0 5 bytes JMP 0000000100070300
.text   C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                     00000000773d05e0 5 bytes JMP 0000000100070360
.text   C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                           00000000773d0640 5 bytes JMP 00000001000702a0
.text   C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                        00000000773d0690 5 bytes JMP 00000001000702c0
.text   C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                            00000000773d06d0 5 bytes JMP 0000000100070340
.text   C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                     00000000773d09c0 5 bytes JMP 0000000100070420
.text   C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                    00000000773d0bc0 5 bytes JMP 0000000100070260
.text   C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                       00000000773d0bd0 5 bytes JMP 0000000100070270
.text   C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                     00000000773d0be0 5 bytes JMP 00000001000703d0
.text   C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                 00000000773d0da0 5 bytes JMP 00000001000701f0
.text   C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                  00000000773d0db0 5 bytes JMP 0000000100070210
.text   C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                       00000000773d0e20 5 bytes JMP 0000000100070200
.text   C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                       00000000773d0e80 5 bytes JMP 00000001000703f0
.text   C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                        00000000773d0e90 5 bytes JMP 0000000100070400
.text   C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                   00000000773d0ea0 5 bytes JMP 0000000100070220
.text   C:\Windows\system32\svchost.exe[1432] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                           00000000773d0f80 5 bytes JMP 0000000100070280
.text   C:\Windows\system32\svchost.exe[1432] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                000000007705f1fd 1 byte [62]
.text   C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                 00000000773cf760 5 bytes JMP 0000000077530440
.text   C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                          00000000773cf7b0 5 bytes JMP 0000000077530430
.text   C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                               00000000773cf960 5 bytes JMP 0000000077530450
.text   C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                     00000000773cf970 5 bytes JMP 00000000775303b0
.text   C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                          00000000773cfa20 5 bytes JMP 0000000077530320
.text   C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                   00000000773cfa50 5 bytes JMP 0000000077530380
.text   C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                            00000000773cfab0 5 bytes JMP 00000000775302e0
.text   C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                       00000000773cfb00 5 bytes JMP 0000000077530410
.text   C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                          00000000773cfb30 5 bytes JMP 00000000775302d0
.text   C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                        00000000773cfb50 5 bytes JMP 0000000077530310
.text   C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                         00000000773cfb90 5 bytes JMP 0000000077530390
.text   C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                      00000000773cfbe0 5 bytes JMP 00000000775303c0
.text   C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                         00000000773cfd40 5 bytes JMP 0000000077530230
.text   C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                              00000000773cff00 5 bytes JMP 0000000077530460
.text   C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                             00000000773cff30 5 bytes JMP 0000000077530370
.text   C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                      00000000773d0010 5 bytes JMP 00000000775302f0
.text   C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                   00000000773d0020 5 bytes JMP 0000000077530350
.text   C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                         00000000773d0080 5 bytes JMP 0000000077530290
.text   C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                      00000000773d0110 5 bytes JMP 00000000775302b0
.text   C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                       00000000773d0130 5 bytes JMP 00000000775303a0
.text   C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                          00000000773d0140 5 bytes JMP 0000000077530330
.text   C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                   00000000773d01b0 5 bytes JMP 00000000775303e0
.text   C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                      00000000773d01e0 5 bytes JMP 0000000077530240
.text   C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                           00000000773d04a0 5 bytes JMP 00000000775301e0
.text   C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                      00000000773d0560 5 bytes JMP 0000000077530250
.text   C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                      00000000773d0590 5 bytes JMP 0000000077530470
.text   C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                             00000000773d05a0 5 bytes JMP 0000000077530480
.text   C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                        00000000773d05d0 5 bytes JMP 0000000077530300
.text   C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                     00000000773d05e0 5 bytes JMP 0000000077530360
.text   C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                           00000000773d0640 5 bytes JMP 00000000775302a0
.text   C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                        00000000773d0690 5 bytes JMP 00000000775302c0
.text   C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                            00000000773d06d0 5 bytes JMP 0000000077530340
.text   C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                     00000000773d09c0 5 bytes JMP 0000000077530420
.text   C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                    00000000773d0bc0 5 bytes JMP 0000000077530260
.text   C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                       00000000773d0bd0 5 bytes JMP 0000000077530270
.text   C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                     00000000773d0be0 5 bytes JMP 00000000775303d0
.text   C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                 00000000773d0da0 5 bytes JMP 00000000775301f0
.text   C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                  00000000773d0db0 5 bytes JMP 0000000077530210
.text   C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                       00000000773d0e20 5 bytes JMP 0000000077530200
.text   C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                       00000000773d0e80 5 bytes JMP 00000000775303f0
.text   C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                        00000000773d0e90 5 bytes JMP 0000000077530400
.text   C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                   00000000773d0ea0 5 bytes JMP 0000000077530220
.text   C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                           00000000773d0f80 5 bytes JMP 0000000077530280
.text   C:\Program Files\Fujitsu\PSUtility\PSUService.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                               00000000773cf760 5 bytes JMP 0000000077530440
.text   C:\Program Files\Fujitsu\PSUtility\PSUService.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                        00000000773cf7b0 5 bytes JMP 0000000077530430
.text   C:\Program Files\Fujitsu\PSUtility\PSUService.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                             00000000773cf960 5 bytes JMP 0000000077530450
.text   C:\Program Files\Fujitsu\PSUtility\PSUService.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                   00000000773cf970 5 bytes JMP 00000000775303b0
.text   C:\Program Files\Fujitsu\PSUtility\PSUService.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                        00000000773cfa20 5 bytes JMP 0000000077530320
.text   C:\Program Files\Fujitsu\PSUtility\PSUService.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                 00000000773cfa50 5 bytes JMP 0000000077530380
.text   C:\Program Files\Fujitsu\PSUtility\PSUService.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                          00000000773cfab0 5 bytes JMP 00000000775302e0
.text   C:\Program Files\Fujitsu\PSUtility\PSUService.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                     00000000773cfb00 5 bytes JMP 0000000077530410
.text   C:\Program Files\Fujitsu\PSUtility\PSUService.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                        00000000773cfb30 5 bytes JMP 00000000775302d0
.text   C:\Program Files\Fujitsu\PSUtility\PSUService.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                      00000000773cfb50 5 bytes JMP 0000000077530310
.text   C:\Program Files\Fujitsu\PSUtility\PSUService.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                       00000000773cfb90 5 bytes JMP 0000000077530390
.text   C:\Program Files\Fujitsu\PSUtility\PSUService.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                    00000000773cfbe0 5 bytes JMP 00000000775303c0
.text   C:\Program Files\Fujitsu\PSUtility\PSUService.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                       00000000773cfd40 5 bytes JMP 0000000077530230
.text   C:\Program Files\Fujitsu\PSUtility\PSUService.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                            00000000773cff00 5 bytes JMP 0000000077530460
.text   C:\Program Files\Fujitsu\PSUtility\PSUService.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                           00000000773cff30 5 bytes JMP 0000000077530370
.text   C:\Program Files\Fujitsu\PSUtility\PSUService.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                    00000000773d0010 5 bytes JMP 00000000775302f0
.text   C:\Program Files\Fujitsu\PSUtility\PSUService.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                 00000000773d0020 5 bytes JMP 0000000077530350
.text   C:\Program Files\Fujitsu\PSUtility\PSUService.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                       00000000773d0080 5 bytes JMP 0000000077530290
.text   C:\Program Files\Fujitsu\PSUtility\PSUService.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                    00000000773d0110 5 bytes JMP 00000000775302b0
.text   C:\Program Files\Fujitsu\PSUtility\PSUService.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                     00000000773d0130 5 bytes JMP 00000000775303a0
.text   C:\Program Files\Fujitsu\PSUtility\PSUService.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                        00000000773d0140 5 bytes JMP 0000000077530330
.text   C:\Program Files\Fujitsu\PSUtility\PSUService.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                 00000000773d01b0 5 bytes JMP 00000000775303e0
.text   C:\Program Files\Fujitsu\PSUtility\PSUService.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                    00000000773d01e0 5 bytes JMP 0000000077530240
.text   C:\Program Files\Fujitsu\PSUtility\PSUService.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                         00000000773d04a0 5 bytes JMP 00000000775301e0
.text   C:\Program Files\Fujitsu\PSUtility\PSUService.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                    00000000773d0560 5 bytes JMP 0000000077530250
.text   C:\Program Files\Fujitsu\PSUtility\PSUService.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                    00000000773d0590 5 bytes JMP 0000000077530470
.text   C:\Program Files\Fujitsu\PSUtility\PSUService.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                           00000000773d05a0 5 bytes JMP 0000000077530480
.text   C:\Program Files\Fujitsu\PSUtility\PSUService.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                      00000000773d05d0 5 bytes JMP 0000000077530300
.text   C:\Program Files\Fujitsu\PSUtility\PSUService.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                   00000000773d05e0 5 bytes JMP 0000000077530360
.text   C:\Program Files\Fujitsu\PSUtility\PSUService.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                         00000000773d0640 5 bytes JMP 00000000775302a0
.text   C:\Program Files\Fujitsu\PSUtility\PSUService.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                      00000000773d0690 5 bytes JMP 00000000775302c0
.text   C:\Program Files\Fujitsu\PSUtility\PSUService.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                          00000000773d06d0 5 bytes JMP 0000000077530340
.text   C:\Program Files\Fujitsu\PSUtility\PSUService.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                   00000000773d09c0 5 bytes JMP 0000000077530420
.text   C:\Program Files\Fujitsu\PSUtility\PSUService.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                  00000000773d0bc0 5 bytes JMP 0000000077530260
.text   C:\Program Files\Fujitsu\PSUtility\PSUService.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                     00000000773d0bd0 5 bytes JMP 0000000077530270
.text   C:\Program Files\Fujitsu\PSUtility\PSUService.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                   00000000773d0be0 5 bytes JMP 00000000775303d0
.text   C:\Program Files\Fujitsu\PSUtility\PSUService.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                               00000000773d0da0 5 bytes JMP 00000000775301f0
.text   C:\Program Files\Fujitsu\PSUtility\PSUService.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                00000000773d0db0 5 bytes JMP 0000000077530210
.text   C:\Program Files\Fujitsu\PSUtility\PSUService.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                     00000000773d0e20 5 bytes JMP 0000000077530200
.text   C:\Program Files\Fujitsu\PSUtility\PSUService.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                     00000000773d0e80 5 bytes JMP 00000000775303f0
.text   C:\Program Files\Fujitsu\PSUtility\PSUService.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                      00000000773d0e90 5 bytes JMP 0000000077530400
.text   C:\Program Files\Fujitsu\PSUtility\PSUService.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                 00000000773d0ea0 5 bytes JMP 0000000077530220
.text   C:\Program Files\Fujitsu\PSUtility\PSUService.exe[1760] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                         00000000773d0f80 5 bytes JMP 0000000077530280
.text   C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort      00000000773cf760 5 bytes JMP 0000000077530440
.text   C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject               00000000773cf7b0 5 bytes JMP 0000000077530430
.text   C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx    00000000773cf960 5 bytes JMP 0000000077530450
.text   C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess          00000000773cf970 5 bytes JMP 00000000775303b0
.text   C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection               00000000773cfa20 5 bytes JMP 0000000077530320
.text   C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory        00000000773cfa50 5 bytes JMP 0000000077530380
.text   C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                 00000000773cfab0 5 bytes JMP 00000000775302e0
.text   C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread            00000000773cfb00 5 bytes JMP 0000000077530410
.text   C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent               00000000773cfb30 5 bytes JMP 00000000775302d0
.text   C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection             00000000773cfb50 5 bytes JMP 0000000077530310
.text   C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread              00000000773cfb90 5 bytes JMP 0000000077530390
.text   C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread           00000000773cfbe0 5 bytes JMP 00000000775303c0
.text   C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry              00000000773cfd40 5 bytes JMP 0000000077530230
.text   C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort   00000000773cff00 5 bytes JMP 0000000077530460
.text   C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject  00000000773cff30 5 bytes JMP 0000000077530370
.text   C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair           00000000773d0010 5 bytes JMP 00000000775302f0
.text   C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion        00000000773d0020 5 bytes JMP 0000000077530350
.text   C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant              00000000773d0080 5 bytes JMP 0000000077530290
.text   C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore           00000000773d0110 5 bytes JMP 00000000775302b0
.text   C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx            00000000773d0130 5 bytes JMP 00000000775303a0
.text   C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer               00000000773d0140 5 bytes JMP 0000000077530330
.text   C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess        00000000773d01b0 5 bytes JMP 00000000775303e0
.text   C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry           00000000773d01e0 5 bytes JMP 0000000077530240
.text   C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                00000000773d04a0 5 bytes JMP 00000000775301e0
.text   C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry           00000000773d0560 5 bytes JMP 0000000077530250
.text   C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey           00000000773d0590 5 bytes JMP 0000000077530470
.text   C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys  00000000773d05a0 5 bytes JMP 0000000077530480
.text   C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair             00000000773d05d0 5 bytes JMP 0000000077530300
.text   C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion          00000000773d05e0 5 bytes JMP 0000000077530360
.text   C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                00000000773d0640 5 bytes JMP 00000000775302a0
.text   C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore             00000000773d0690 5 bytes JMP 00000000775302c0
.text   C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                 00000000773d06d0 5 bytes JMP 0000000077530340
.text   C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx          00000000773d09c0 5 bytes JMP 0000000077530420
.text   C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder         00000000773d0bc0 5 bytes JMP 0000000077530260
.text   C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions            00000000773d0bd0 5 bytes JMP 0000000077530270
.text   C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread          00000000773d0be0 5 bytes JMP 00000000775303d0
.text   C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation      00000000773d0da0 5 bytes JMP 00000000775301f0
.text   C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState       00000000773d0db0 5 bytes JMP 0000000077530210
.text   C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem            00000000773d0e20 5 bytes JMP 0000000077530200
.text   C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess            00000000773d0e80 5 bytes JMP 00000000775303f0
.text   C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread             00000000773d0e90 5 bytes JMP 0000000077530400
.text   C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl        00000000773d0ea0 5 bytes JMP 0000000077530220
.text   C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                00000000773d0f80 5 bytes JMP 0000000077530280
.text   C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                        00000000773cf760 5 bytes JMP 0000000077530440
.text   C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                 00000000773cf7b0 5 bytes JMP 0000000077530430
.text   C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                      00000000773cf960 5 bytes JMP 0000000077530450
.text   C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                            00000000773cf970 5 bytes JMP 00000000775303b0
.text   C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                 00000000773cfa20 5 bytes JMP 0000000077530320
.text   C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                          00000000773cfa50 5 bytes JMP 0000000077530380
.text   C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                   00000000773cfab0 5 bytes JMP 00000000775302e0
.text   C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                              00000000773cfb00 5 bytes JMP 0000000077530410
.text   C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                 00000000773cfb30 5 bytes JMP 00000000775302d0
.text   C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                               00000000773cfb50 5 bytes JMP 0000000077530310
.text   C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                00000000773cfb90 5 bytes JMP 0000000077530390
.text   C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                             00000000773cfbe0 5 bytes JMP 00000000775303c0
.text   C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                00000000773cfd40 5 bytes JMP 0000000077530230
.text   C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                     00000000773cff00 5 bytes JMP 0000000077530460
.text   C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                    00000000773cff30 5 bytes JMP 0000000077530370
.text   C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                             00000000773d0010 5 bytes JMP 00000000775302f0
.text   C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                          00000000773d0020 5 bytes JMP 0000000077530350
.text   C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                00000000773d0080 5 bytes JMP 0000000077530290
.text   C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                             00000000773d0110 5 bytes JMP 00000000775302b0
.text   C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                              00000000773d0130 5 bytes JMP 00000000775303a0
.text   C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                 00000000773d0140 5 bytes JMP 0000000077530330
.text   C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                          00000000773d01b0 5 bytes JMP 00000000775303e0
.text   C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                             00000000773d01e0 5 bytes JMP 0000000077530240
.text   C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                  00000000773d04a0 5 bytes JMP 00000000775301e0
.text   C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                             00000000773d0560 5 bytes JMP 0000000077530250
.text   C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                             00000000773d0590 5 bytes JMP 0000000077530470
.text   C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                    00000000773d05a0 5 bytes JMP 0000000077530480
.text   C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                               00000000773d05d0 5 bytes JMP 0000000077530300
.text   C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                            00000000773d05e0 5 bytes JMP 0000000077530360
.text   C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                  00000000773d0640 5 bytes JMP 00000000775302a0
.text   C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                               00000000773d0690 5 bytes JMP 00000000775302c0
.text   C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                   00000000773d06d0 5 bytes JMP 0000000077530340
.text   C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                            00000000773d09c0 5 bytes JMP 0000000077530420
.text   C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                           00000000773d0bc0 5 bytes JMP 0000000077530260
.text   C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                              00000000773d0bd0 5 bytes JMP 0000000077530270
.text   C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                            00000000773d0be0 5 bytes JMP 00000000775303d0
.text   C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                        00000000773d0da0 5 bytes JMP 00000000775301f0
.text   C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                         00000000773d0db0 5 bytes JMP 0000000077530210
.text   C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                              00000000773d0e20 5 bytes JMP 0000000077530200
.text   C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                              00000000773d0e80 5 bytes JMP 00000000775303f0
.text   C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                               00000000773d0e90 5 bytes JMP 0000000077530400
.text   C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                          00000000773d0ea0 5 bytes JMP 0000000077530220
.text   C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                  00000000773d0f80 5 bytes JMP 0000000077530280
.text   C:\Windows\system32\taskhost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                00000000773cf760 5 bytes JMP 0000000100060440
.text   C:\Windows\system32\taskhost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                         00000000773cf7b0 5 bytes JMP 0000000100060430
.text   C:\Windows\system32\taskhost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                              00000000773cf960 5 bytes JMP 0000000100060450
.text   C:\Windows\system32\taskhost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                    00000000773cf970 5 bytes JMP 00000001000603b0
.text   C:\Windows\system32\taskhost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                         00000000773cfa20 5 bytes JMP 0000000100060320
.text   C:\Windows\system32\taskhost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                  00000000773cfa50 5 bytes JMP 0000000100060380
.text   C:\Windows\system32\taskhost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                           00000000773cfab0 5 bytes JMP 00000001000602e0
.text   C:\Windows\system32\taskhost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                      00000000773cfb00 5 bytes JMP 0000000100060410
.text   C:\Windows\system32\taskhost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                         00000000773cfb30 5 bytes JMP 00000001000602d0
.text   C:\Windows\system32\taskhost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                       00000000773cfb50 5 bytes JMP 0000000100060310
.text   C:\Windows\system32\taskhost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                        00000000773cfb90 5 bytes JMP 0000000100060390
.text   C:\Windows\system32\taskhost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                     00000000773cfbe0 5 bytes JMP 00000001000603c0
.text   C:\Windows\system32\taskhost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                        00000000773cfd40 5 bytes JMP 0000000100060230
.text   C:\Windows\system32\taskhost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                             00000000773cff00 5 bytes JMP 0000000100060460
.text   C:\Windows\system32\taskhost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                            00000000773cff30 5 bytes JMP 0000000100060370
.text   C:\Windows\system32\taskhost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                     00000000773d0010 5 bytes JMP 00000001000602f0
.text   C:\Windows\system32\taskhost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                  00000000773d0020 5 bytes JMP 0000000100060350
.text   C:\Windows\system32\taskhost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                        00000000773d0080 5 bytes JMP 0000000100060290
.text   C:\Windows\system32\taskhost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                     00000000773d0110 5 bytes JMP 00000001000602b0
.text   C:\Windows\system32\taskhost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                      00000000773d0130 5 bytes JMP 00000001000603a0
.text   C:\Windows\system32\taskhost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                         00000000773d0140 5 bytes JMP 0000000100060330
.text   C:\Windows\system32\taskhost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                  00000000773d01b0 5 bytes JMP 00000001000603e0
.text   C:\Windows\system32\taskhost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                     00000000773d01e0 5 bytes JMP 0000000100060240
.text   C:\Windows\system32\taskhost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                          00000000773d04a0 5 bytes JMP 00000001000601e0
.text   C:\Windows\system32\taskhost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                     00000000773d0560 5 bytes JMP 0000000100060250
.text   C:\Windows\system32\taskhost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                     00000000773d0590 5 bytes JMP 0000000100060470
.text   C:\Windows\system32\taskhost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                            00000000773d05a0 5 bytes JMP 0000000100060480
.text   C:\Windows\system32\taskhost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                       00000000773d05d0 5 bytes JMP 0000000100060300
.text   C:\Windows\system32\taskhost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                    00000000773d05e0 5 bytes JMP 0000000100060360
.text   C:\Windows\system32\taskhost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                          00000000773d0640 5 bytes JMP 00000001000602a0
.text   C:\Windows\system32\taskhost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                       00000000773d0690 5 bytes JMP 00000001000602c0
.text   C:\Windows\system32\taskhost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                           00000000773d06d0 5 bytes JMP 0000000100060340
.text   C:\Windows\system32\taskhost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                    00000000773d09c0 5 bytes JMP 0000000100060420
.text   C:\Windows\system32\taskhost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                   00000000773d0bc0 5 bytes JMP 0000000100060260
.text   C:\Windows\system32\taskhost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                      00000000773d0bd0 5 bytes JMP 0000000100060270
.text   C:\Windows\system32\taskhost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                    00000000773d0be0 5 bytes JMP 00000001000603d0
.text   C:\Windows\system32\taskhost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                00000000773d0da0 5 bytes JMP 00000001000601f0
.text   C:\Windows\system32\taskhost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                 00000000773d0db0 5 bytes JMP 0000000100060210
.text   C:\Windows\system32\taskhost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                      00000000773d0e20 5 bytes JMP 0000000100060200
.text   C:\Windows\system32\taskhost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                      00000000773d0e80 5 bytes JMP 00000001000603f0
.text   C:\Windows\system32\taskhost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                       00000000773d0e90 5 bytes JMP 0000000100060400
.text   C:\Windows\system32\taskhost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                  00000000773d0ea0 5 bytes JMP 0000000100060220
.text   C:\Windows\system32\taskhost.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                          00000000773d0f80 5 bytes JMP 0000000100060280
.text   C:\Windows\system32\Dwm.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                     00000000773cf760 5 bytes JMP 0000000077530440
.text   C:\Windows\system32\Dwm.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                              00000000773cf7b0 5 bytes JMP 0000000077530430
.text   C:\Windows\system32\Dwm.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                   00000000773cf960 5 bytes JMP 0000000077530450
.text   C:\Windows\system32\Dwm.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                         00000000773cf970 5 bytes JMP 00000000775303b0
.text   C:\Windows\system32\Dwm.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                              00000000773cfa20 5 bytes JMP 0000000077530320
.text   C:\Windows\system32\Dwm.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                       00000000773cfa50 5 bytes JMP 0000000077530380
.text   C:\Windows\system32\Dwm.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                00000000773cfab0 5 bytes JMP 00000000775302e0
.text   C:\Windows\system32\Dwm.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                           00000000773cfb00 5 bytes JMP 0000000077530410
.text   C:\Windows\system32\Dwm.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                              00000000773cfb30 5 bytes JMP 00000000775302d0
.text   C:\Windows\system32\Dwm.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                            00000000773cfb50 5 bytes JMP 0000000077530310
.text   C:\Windows\system32\Dwm.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                             00000000773cfb90 5 bytes JMP 0000000077530390
.text   C:\Windows\system32\Dwm.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                          00000000773cfbe0 5 bytes JMP 00000000775303c0
.text   C:\Windows\system32\Dwm.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                             00000000773cfd40 5 bytes JMP 0000000077530230
.text   C:\Windows\system32\Dwm.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                  00000000773cff00 5 bytes JMP 0000000077530460
.text   C:\Windows\system32\Dwm.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                 00000000773cff30 5 bytes JMP 0000000077530370
.text   C:\Windows\system32\Dwm.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                          00000000773d0010 5 bytes JMP 00000000775302f0
.text   C:\Windows\system32\Dwm.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                       00000000773d0020 5 bytes JMP 0000000077530350
.text   C:\Windows\system32\Dwm.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                             00000000773d0080 5 bytes JMP 0000000077530290
.text   C:\Windows\system32\Dwm.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                          00000000773d0110 5 bytes JMP 00000000775302b0
.text   C:\Windows\system32\Dwm.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                           00000000773d0130 5 bytes JMP 00000000775303a0
.text   C:\Windows\system32\Dwm.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                              00000000773d0140 5 bytes JMP 0000000077530330
.text   C:\Windows\system32\Dwm.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                       00000000773d01b0 5 bytes JMP 00000000775303e0
.text   C:\Windows\system32\Dwm.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                          00000000773d01e0 5 bytes JMP 0000000077530240
.text   C:\Windows\system32\Dwm.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                               00000000773d04a0 5 bytes JMP 00000000775301e0
.text   C:\Windows\system32\Dwm.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                          00000000773d0560 5 bytes JMP 0000000077530250
.text   C:\Windows\system32\Dwm.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                          00000000773d0590 5 bytes JMP 0000000077530470
.text   C:\Windows\system32\Dwm.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                 00000000773d05a0 5 bytes JMP 0000000077530480
.text   C:\Windows\system32\Dwm.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                            00000000773d05d0 5 bytes JMP 0000000077530300
.text   C:\Windows\system32\Dwm.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                         00000000773d05e0 5 bytes JMP 0000000077530360
.text   C:\Windows\system32\Dwm.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                               00000000773d0640 5 bytes JMP 00000000775302a0
.text   C:\Windows\system32\Dwm.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                            00000000773d0690 5 bytes JMP 00000000775302c0
.text   C:\Windows\system32\Dwm.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                00000000773d06d0 5 bytes JMP 0000000077530340
.text   C:\Windows\system32\Dwm.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                         00000000773d09c0 5 bytes JMP 0000000077530420
.text   C:\Windows\system32\Dwm.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                        00000000773d0bc0 5 bytes JMP 0000000077530260
.text   C:\Windows\system32\Dwm.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                           00000000773d0bd0 5 bytes JMP 0000000077530270
.text   C:\Windows\system32\Dwm.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                         00000000773d0be0 5 bytes JMP 00000000775303d0
.text   C:\Windows\system32\Dwm.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                     00000000773d0da0 5 bytes JMP 00000000775301f0
.text   C:\Windows\system32\Dwm.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                      00000000773d0db0 5 bytes JMP 0000000077530210
.text   C:\Windows\system32\Dwm.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                           00000000773d0e20 5 bytes JMP 0000000077530200
.text   C:\Windows\system32\Dwm.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                           00000000773d0e80 5 bytes JMP 00000000775303f0
.text   C:\Windows\system32\Dwm.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                            00000000773d0e90 5 bytes JMP 0000000077530400
.text   C:\Windows\system32\Dwm.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                       00000000773d0ea0 5 bytes JMP 0000000077530220
.text   C:\Windows\system32\Dwm.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                               00000000773d0f80 5 bytes JMP 0000000077530280
.text   C:\Windows\Explorer.EXE[2268] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                         00000000773cf760 5 bytes JMP 0000000077530440
.text   C:\Windows\Explorer.EXE[2268] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                  00000000773cf7b0 5 bytes JMP 0000000077530430
.text   C:\Windows\Explorer.EXE[2268] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                       00000000773cf960 5 bytes JMP 0000000077530450
.text   C:\Windows\Explorer.EXE[2268] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                             00000000773cf970 5 bytes JMP 00000000775303b0
.text   C:\Windows\Explorer.EXE[2268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                  00000000773cfa20 5 bytes JMP 0000000077530320
.text   C:\Windows\Explorer.EXE[2268] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                           00000000773cfa50 5 bytes JMP 0000000077530380
.text   C:\Windows\Explorer.EXE[2268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                    00000000773cfab0 5 bytes JMP 00000000775302e0
.text   C:\Windows\Explorer.EXE[2268] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                               00000000773cfb00 5 bytes JMP 0000000077530410
.text   C:\Windows\Explorer.EXE[2268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                  00000000773cfb30 5 bytes JMP 00000000775302d0
.text   C:\Windows\Explorer.EXE[2268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                00000000773cfb50 5 bytes JMP 0000000077530310
.text   C:\Windows\Explorer.EXE[2268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                 00000000773cfb90 5 bytes JMP 0000000077530390
.text   C:\Windows\Explorer.EXE[2268] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                              00000000773cfbe0 5 bytes JMP 00000000775303c0
.text   C:\Windows\Explorer.EXE[2268] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                 00000000773cfd40 5 bytes JMP 0000000077530230
.text   C:\Windows\Explorer.EXE[2268] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                      00000000773cff00 5 bytes JMP 0000000077530460
.text   C:\Windows\Explorer.EXE[2268] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                     00000000773cff30 5 bytes JMP 0000000077530370
.text   C:\Windows\Explorer.EXE[2268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                              00000000773d0010 5 bytes JMP 00000000775302f0
.text   C:\Windows\Explorer.EXE[2268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                           00000000773d0020 5 bytes JMP 0000000077530350
.text   C:\Windows\Explorer.EXE[2268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                 00000000773d0080 5 bytes JMP 0000000077530290
.text   C:\Windows\Explorer.EXE[2268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                              00000000773d0110 5 bytes JMP 00000000775302b0
.text   C:\Windows\Explorer.EXE[2268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                               00000000773d0130 5 bytes JMP 00000000775303a0
.text   C:\Windows\Explorer.EXE[2268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                  00000000773d0140 5 bytes JMP 0000000077530330
.text   C:\Windows\Explorer.EXE[2268] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                           00000000773d01b0 5 bytes JMP 00000000775303e0
.text   C:\Windows\Explorer.EXE[2268] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                              00000000773d01e0 5 bytes JMP 0000000077530240
.text   C:\Windows\Explorer.EXE[2268] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                   00000000773d04a0 5 bytes JMP 00000000775301e0
.text   C:\Windows\Explorer.EXE[2268] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                              00000000773d0560 5 bytes JMP 0000000077530250
.text   C:\Windows\Explorer.EXE[2268] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                              00000000773d0590 5 bytes JMP 0000000077530470
.text   C:\Windows\Explorer.EXE[2268] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                     00000000773d05a0 5 bytes JMP 0000000077530480
.text   C:\Windows\Explorer.EXE[2268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                00000000773d05d0 5 bytes JMP 0000000077530300
.text   C:\Windows\Explorer.EXE[2268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                             00000000773d05e0 5 bytes JMP 0000000077530360
.text   C:\Windows\Explorer.EXE[2268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                   00000000773d0640 5 bytes JMP 00000000775302a0
.text   C:\Windows\Explorer.EXE[2268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                00000000773d0690 5 bytes JMP 00000000775302c0
.text   C:\Windows\Explorer.EXE[2268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                    00000000773d06d0 5 bytes JMP 0000000077530340
.text   C:\Windows\Explorer.EXE[2268] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                             00000000773d09c0 5 bytes JMP 0000000077530420
.text   C:\Windows\Explorer.EXE[2268] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                            00000000773d0bc0 5 bytes JMP 0000000077530260
.text   C:\Windows\Explorer.EXE[2268] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                               00000000773d0bd0 5 bytes JMP 0000000077530270
.text   C:\Windows\Explorer.EXE[2268] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                             00000000773d0be0 5 bytes JMP 00000000775303d0
.text   C:\Windows\Explorer.EXE[2268] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                         00000000773d0da0 5 bytes JMP 00000000775301f0
.text   C:\Windows\Explorer.EXE[2268] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                          00000000773d0db0 5 bytes JMP 0000000077530210
.text   C:\Windows\Explorer.EXE[2268] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                               00000000773d0e20 5 bytes JMP 0000000077530200
.text   C:\Windows\Explorer.EXE[2268] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                               00000000773d0e80 5 bytes JMP 00000000775303f0
.text   C:\Windows\Explorer.EXE[2268] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                00000000773d0e90 5 bytes JMP 0000000077530400
.text   C:\Windows\Explorer.EXE[2268] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                           00000000773d0ea0 5 bytes JMP 0000000077530220
.text   C:\Windows\Explorer.EXE[2268] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                   00000000773d0f80 5 bytes JMP 0000000077530280
.text   C:\Windows\Explorer.EXE[2268] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                        000000007705f1fd 1 byte [62]
.text   C:\Windows\System32\igfxtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                00000000773cf760 5 bytes JMP 0000000077530440
.text   C:\Windows\System32\igfxtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                         00000000773cf7b0 5 bytes JMP 0000000077530430
.text   C:\Windows\System32\igfxtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                              00000000773cf960 5 bytes JMP 0000000077530450
.text   C:\Windows\System32\igfxtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                    00000000773cf970 5 bytes JMP 00000000775303b0
.text   C:\Windows\System32\igfxtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                         00000000773cfa20 5 bytes JMP 0000000077530320
.text   C:\Windows\System32\igfxtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                  00000000773cfa50 5 bytes JMP 0000000077530380
.text   C:\Windows\System32\igfxtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                           00000000773cfab0 5 bytes JMP 00000000775302e0
.text   C:\Windows\System32\igfxtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                      00000000773cfb00 5 bytes JMP 0000000077530410
.text   C:\Windows\System32\igfxtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                         00000000773cfb30 5 bytes JMP 00000000775302d0
.text   C:\Windows\System32\igfxtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                       00000000773cfb50 5 bytes JMP 0000000077530310
.text   C:\Windows\System32\igfxtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                        00000000773cfb90 5 bytes JMP 0000000077530390
.text   C:\Windows\System32\igfxtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                     00000000773cfbe0 5 bytes JMP 00000000775303c0
.text   C:\Windows\System32\igfxtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                        00000000773cfd40 5 bytes JMP 0000000077530230
.text   C:\Windows\System32\igfxtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                             00000000773cff00 5 bytes JMP 0000000077530460
.text   C:\Windows\System32\igfxtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                            00000000773cff30 5 bytes JMP 0000000077530370
.text   C:\Windows\System32\igfxtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                     00000000773d0010 5 bytes JMP 00000000775302f0
.text   C:\Windows\System32\igfxtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                  00000000773d0020 5 bytes JMP 0000000077530350
.text   C:\Windows\System32\igfxtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                        00000000773d0080 5 bytes JMP 0000000077530290
.text   C:\Windows\System32\igfxtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                     00000000773d0110 5 bytes JMP 00000000775302b0
.text   C:\Windows\System32\igfxtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                      00000000773d0130 5 bytes JMP 00000000775303a0
.text   C:\Windows\System32\igfxtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                         00000000773d0140 5 bytes JMP 0000000077530330
.text   C:\Windows\System32\igfxtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                  00000000773d01b0 5 bytes JMP 00000000775303e0
.text   C:\Windows\System32\igfxtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                     00000000773d01e0 5 bytes JMP 0000000077530240
.text   C:\Windows\System32\igfxtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                          00000000773d04a0 5 bytes JMP 00000000775301e0
.text   C:\Windows\System32\igfxtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                     00000000773d0560 5 bytes JMP 0000000077530250
.text   C:\Windows\System32\igfxtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                     00000000773d0590 5 bytes JMP 0000000077530470
.text   C:\Windows\System32\igfxtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                            00000000773d05a0 5 bytes JMP 0000000077530480
.text   C:\Windows\System32\igfxtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                       00000000773d05d0 5 bytes JMP 0000000077530300
.text   C:\Windows\System32\igfxtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                    00000000773d05e0 5 bytes JMP 0000000077530360
.text   C:\Windows\System32\igfxtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                          00000000773d0640 5 bytes JMP 00000000775302a0
.text   C:\Windows\System32\igfxtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                       00000000773d0690 5 bytes JMP 00000000775302c0
.text   C:\Windows\System32\igfxtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                           00000000773d06d0 5 bytes JMP 0000000077530340
.text   C:\Windows\System32\igfxtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                    00000000773d09c0 5 bytes JMP 0000000077530420
.text   C:\Windows\System32\igfxtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                   00000000773d0bc0 5 bytes JMP 0000000077530260
.text   C:\Windows\System32\igfxtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                      00000000773d0bd0 5 bytes JMP 0000000077530270
.text   C:\Windows\System32\igfxtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                    00000000773d0be0 5 bytes JMP 00000000775303d0
.text   C:\Windows\System32\igfxtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                00000000773d0da0 5 bytes JMP 00000000775301f0
.text   C:\Windows\System32\igfxtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                 00000000773d0db0 5 bytes JMP 0000000077530210
.text   C:\Windows\System32\igfxtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                      00000000773d0e20 5 bytes JMP 0000000077530200
.text   C:\Windows\System32\igfxtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                      00000000773d0e80 5 bytes JMP 00000000775303f0
.text   C:\Windows\System32\igfxtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                       00000000773d0e90 5 bytes JMP 0000000077530400
.text   C:\Windows\System32\igfxtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                  00000000773d0ea0 5 bytes JMP 0000000077530220
.text   C:\Windows\System32\igfxtray.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                          00000000773d0f80 5 bytes JMP 0000000077530280
.text   C:\Windows\System32\hkcmd.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                   00000000773cf760 5 bytes JMP 0000000077530440
.text   C:\Windows\System32\hkcmd.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                            00000000773cf7b0 5 bytes JMP 0000000077530430
.text   C:\Windows\System32\hkcmd.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                 00000000773cf960 5 bytes JMP 0000000077530450
.text   C:\Windows\System32\hkcmd.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                       00000000773cf970 5 bytes JMP 00000000775303b0
.text   C:\Windows\System32\hkcmd.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                            00000000773cfa20 5 bytes JMP 0000000077530320
.text   C:\Windows\System32\hkcmd.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                     00000000773cfa50 5 bytes JMP 0000000077530380
.text   C:\Windows\System32\hkcmd.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                              00000000773cfab0 5 bytes JMP 00000000775302e0
.text   C:\Windows\System32\hkcmd.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                         00000000773cfb00 5 bytes JMP 0000000077530410
.text   C:\Windows\System32\hkcmd.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                            00000000773cfb30 5 bytes JMP 00000000775302d0
.text   C:\Windows\System32\hkcmd.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                          00000000773cfb50 5 bytes JMP 0000000077530310
.text   C:\Windows\System32\hkcmd.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                           00000000773cfb90 5 bytes JMP 0000000077530390
.text   C:\Windows\System32\hkcmd.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                        00000000773cfbe0 5 bytes JMP 00000000775303c0
.text   C:\Windows\System32\hkcmd.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                           00000000773cfd40 5 bytes JMP 0000000077530230
.text   C:\Windows\System32\hkcmd.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                00000000773cff00 5 bytes JMP 0000000077530460
.text   C:\Windows\System32\hkcmd.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                               00000000773cff30 5 bytes JMP 0000000077530370
.text   C:\Windows\System32\hkcmd.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                        00000000773d0010 5 bytes JMP 00000000775302f0
.text   C:\Windows\System32\hkcmd.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                     00000000773d0020 5 bytes JMP 0000000077530350
.text   C:\Windows\System32\hkcmd.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                           00000000773d0080 5 bytes JMP 0000000077530290
.text   C:\Windows\System32\hkcmd.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                        00000000773d0110 5 bytes JMP 00000000775302b0
.text   C:\Windows\System32\hkcmd.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                         00000000773d0130 5 bytes JMP 00000000775303a0
.text   C:\Windows\System32\hkcmd.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                            00000000773d0140 5 bytes JMP 0000000077530330
.text   C:\Windows\System32\hkcmd.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                     00000000773d01b0 5 bytes JMP 00000000775303e0
.text   C:\Windows\System32\hkcmd.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                        00000000773d01e0 5 bytes JMP 0000000077530240
.text   C:\Windows\System32\hkcmd.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                             00000000773d04a0 5 bytes JMP 00000000775301e0
.text   C:\Windows\System32\hkcmd.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                        00000000773d0560 5 bytes JMP 0000000077530250
.text   C:\Windows\System32\hkcmd.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                        00000000773d0590 5 bytes JMP 0000000077530470
.text   C:\Windows\System32\hkcmd.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                               00000000773d05a0 5 bytes JMP 0000000077530480
.text   C:\Windows\System32\hkcmd.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                          00000000773d05d0 5 bytes JMP 0000000077530300
.text   C:\Windows\System32\hkcmd.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                       00000000773d05e0 5 bytes JMP 0000000077530360
.text   C:\Windows\System32\hkcmd.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                             00000000773d0640 5 bytes JMP 00000000775302a0
.text   C:\Windows\System32\hkcmd.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                          00000000773d0690 5 bytes JMP 00000000775302c0
.text   C:\Windows\System32\hkcmd.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                              00000000773d06d0 5 bytes JMP 0000000077530340
.text   C:\Windows\System32\hkcmd.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                       00000000773d09c0 5 bytes JMP 0000000077530420
.text   C:\Windows\System32\hkcmd.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                      00000000773d0bc0 5 bytes JMP 0000000077530260
.text   C:\Windows\System32\hkcmd.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                         00000000773d0bd0 5 bytes JMP 0000000077530270
.text   C:\Windows\System32\hkcmd.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                       00000000773d0be0 5 bytes JMP 00000000775303d0
.text   C:\Windows\System32\hkcmd.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                   00000000773d0da0 5 bytes JMP 00000000775301f0
.text   C:\Windows\System32\hkcmd.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                    00000000773d0db0 5 bytes JMP 0000000077530210
.text   C:\Windows\System32\hkcmd.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                         00000000773d0e20 5 bytes JMP 0000000077530200
.text   C:\Windows\System32\hkcmd.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                         00000000773d0e80 5 bytes JMP 00000000775303f0
.text   C:\Windows\System32\hkcmd.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                          00000000773d0e90 5 bytes JMP 0000000077530400
.text   C:\Windows\System32\hkcmd.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                     00000000773d0ea0 5 bytes JMP 0000000077530220
.text   C:\Windows\System32\hkcmd.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                             00000000773d0f80 5 bytes JMP 0000000077530280
.text   C:\Windows\System32\hkcmd.exe[2392] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                  000000007705f1fd 1 byte [62]
.text   C:\Windows\System32\igfxpers.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                00000000773cf760 5 bytes JMP 0000000077530440
.text   C:\Windows\System32\igfxpers.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                         00000000773cf7b0 5 bytes JMP 0000000077530430
.text   C:\Windows\System32\igfxpers.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                              00000000773cf960 5 bytes JMP 0000000077530450
.text   C:\Windows\System32\igfxpers.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                    00000000773cf970 5 bytes JMP 00000000775303b0
.text   C:\Windows\System32\igfxpers.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                         00000000773cfa20 5 bytes JMP 0000000077530320
.text   C:\Windows\System32\igfxpers.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                  00000000773cfa50 5 bytes JMP 0000000077530380
.text   C:\Windows\System32\igfxpers.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                           00000000773cfab0 5 bytes JMP 00000000775302e0
.text   C:\Windows\System32\igfxpers.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                      00000000773cfb00 5 bytes JMP 0000000077530410
.text   C:\Windows\System32\igfxpers.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                         00000000773cfb30 5 bytes JMP 00000000775302d0
.text   C:\Windows\System32\igfxpers.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                       00000000773cfb50 5 bytes JMP 0000000077530310
.text   C:\Windows\System32\igfxpers.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                        00000000773cfb90 5 bytes JMP 0000000077530390
.text   C:\Windows\System32\igfxpers.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                     00000000773cfbe0 5 bytes JMP 00000000775303c0
.text   C:\Windows\System32\igfxpers.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                        00000000773cfd40 5 bytes JMP 0000000077530230
.text   C:\Windows\System32\igfxpers.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                             00000000773cff00 5 bytes JMP 0000000077530460
.text   C:\Windows\System32\igfxpers.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                            00000000773cff30 5 bytes JMP 0000000077530370
.text   C:\Windows\System32\igfxpers.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                     00000000773d0010 5 bytes JMP 00000000775302f0
.text   C:\Windows\System32\igfxpers.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                  00000000773d0020 5 bytes JMP 0000000077530350
.text   C:\Windows\System32\igfxpers.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                        00000000773d0080 5 bytes JMP 0000000077530290
.text   C:\Windows\System32\igfxpers.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                     00000000773d0110 5 bytes JMP 00000000775302b0
.text   C:\Windows\System32\igfxpers.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                      00000000773d0130 5 bytes JMP 00000000775303a0
.text   C:\Windows\System32\igfxpers.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                         00000000773d0140 5 bytes JMP 0000000077530330
.text   C:\Windows\System32\igfxpers.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                  00000000773d01b0 5 bytes JMP 00000000775303e0
.text   C:\Windows\System32\igfxpers.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                     00000000773d01e0 5 bytes JMP 0000000077530240
.text   C:\Windows\System32\igfxpers.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                          00000000773d04a0 5 bytes JMP 00000000775301e0
.text   C:\Windows\System32\igfxpers.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                     00000000773d0560 5 bytes JMP 0000000077530250
.text   C:\Windows\System32\igfxpers.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                     00000000773d0590 5 bytes JMP 0000000077530470
.text   C:\Windows\System32\igfxpers.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                            00000000773d05a0 5 bytes JMP 0000000077530480
.text   C:\Windows\System32\igfxpers.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                       00000000773d05d0 5 bytes JMP 0000000077530300
.text   C:\Windows\System32\igfxpers.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                    00000000773d05e0 5 bytes JMP 0000000077530360
.text   C:\Windows\System32\igfxpers.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                          00000000773d0640 5 bytes JMP 00000000775302a0
.text   C:\Windows\System32\igfxpers.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                       00000000773d0690 5 bytes JMP 00000000775302c0
.text   C:\Windows\System32\igfxpers.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                           00000000773d06d0 5 bytes JMP 0000000077530340
.text   C:\Windows\System32\igfxpers.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                    00000000773d09c0 5 bytes JMP 0000000077530420
.text   C:\Windows\System32\igfxpers.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                   00000000773d0bc0 5 bytes JMP 0000000077530260
.text   C:\Windows\System32\igfxpers.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                      00000000773d0bd0 5 bytes JMP 0000000077530270
.text   C:\Windows\System32\igfxpers.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                    00000000773d0be0 5 bytes JMP 00000000775303d0
.text   C:\Windows\System32\igfxpers.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                00000000773d0da0 5 bytes JMP 00000000775301f0
.text   C:\Windows\System32\igfxpers.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                 00000000773d0db0 5 bytes JMP 0000000077530210
.text   C:\Windows\System32\igfxpers.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                      00000000773d0e20 5 bytes JMP 0000000077530200
.text   C:\Windows\System32\igfxpers.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                      00000000773d0e80 5 bytes JMP 00000000775303f0
.text   C:\Windows\System32\igfxpers.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                       00000000773d0e90 5 bytes JMP 0000000077530400
.text   C:\Windows\System32\igfxpers.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                  00000000773d0ea0 5 bytes JMP 0000000077530220
.text   C:\Windows\System32\igfxpers.exe[2432] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                          00000000773d0f80 5 bytes JMP 0000000077530280
         

Alt 31.01.2013, 14:31   #7
LouCyphre
 
trojan.hijacker - win7 auch nach neuinstallation infiziert? rootkit? - Standard

trojan.hijacker - win7 auch nach neuinstallation infiziert? rootkit?



Code:
ATTFilter
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                   00000000773cf760 5 bytes JMP 0000000077530440
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                            00000000773cf7b0 5 bytes JMP 0000000077530430
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                 00000000773cf960 5 bytes JMP 0000000077530450
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                       00000000773cf970 5 bytes JMP 00000000775303b0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                            00000000773cfa20 5 bytes JMP 0000000077530320
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                     00000000773cfa50 5 bytes JMP 0000000077530380
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                              00000000773cfab0 5 bytes JMP 00000000775302e0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                         00000000773cfb00 5 bytes JMP 0000000077530410
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                            00000000773cfb30 5 bytes JMP 00000000775302d0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                          00000000773cfb50 5 bytes JMP 0000000077530310
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                           00000000773cfb90 5 bytes JMP 0000000077530390
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                        00000000773cfbe0 5 bytes JMP 00000000775303c0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                           00000000773cfd40 5 bytes JMP 0000000077530230
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                00000000773cff00 5 bytes JMP 0000000077530460
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                               00000000773cff30 5 bytes JMP 0000000077530370
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                        00000000773d0010 5 bytes JMP 00000000775302f0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                     00000000773d0020 5 bytes JMP 0000000077530350
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                           00000000773d0080 5 bytes JMP 0000000077530290
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                        00000000773d0110 5 bytes JMP 00000000775302b0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                         00000000773d0130 5 bytes JMP 00000000775303a0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                            00000000773d0140 5 bytes JMP 0000000077530330
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                     00000000773d01b0 5 bytes JMP 00000000775303e0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                        00000000773d01e0 5 bytes JMP 0000000077530240
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                             00000000773d04a0 5 bytes JMP 00000000775301e0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                        00000000773d0560 5 bytes JMP 0000000077530250
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                        00000000773d0590 5 bytes JMP 0000000077530470
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                               00000000773d05a0 5 bytes JMP 0000000077530480
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                          00000000773d05d0 5 bytes JMP 0000000077530300
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                       00000000773d05e0 5 bytes JMP 0000000077530360
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                             00000000773d0640 5 bytes JMP 00000000775302a0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                          00000000773d0690 5 bytes JMP 00000000775302c0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                              00000000773d06d0 5 bytes JMP 0000000077530340
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                       00000000773d09c0 5 bytes JMP 0000000077530420
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                      00000000773d0bc0 5 bytes JMP 0000000077530260
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                         00000000773d0bd0 5 bytes JMP 0000000077530270
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                       00000000773d0be0 5 bytes JMP 00000000775303d0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                   00000000773d0da0 5 bytes JMP 00000000775301f0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                    00000000773d0db0 5 bytes JMP 0000000077530210
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                         00000000773d0e20 5 bytes JMP 0000000077530200
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                         00000000773d0e80 5 bytes JMP 00000000775303f0
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                          00000000773d0e90 5 bytes JMP 0000000077530400
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                     00000000773d0ea0 5 bytes JMP 0000000077530220
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                             00000000773d0f80 5 bytes JMP 0000000077530280
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2460] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                  000000007705f1fd 1 byte [62]
.text   C:\Windows\system32\igfxsrvc.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                00000000773cf760 5 bytes JMP 0000000077530440
.text   C:\Windows\system32\igfxsrvc.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                         00000000773cf7b0 5 bytes JMP 0000000077530430
.text   C:\Windows\system32\igfxsrvc.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                              00000000773cf960 5 bytes JMP 0000000077530450
.text   C:\Windows\system32\igfxsrvc.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                    00000000773cf970 5 bytes JMP 00000000775303b0
.text   C:\Windows\system32\igfxsrvc.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                         00000000773cfa20 5 bytes JMP 0000000077530320
.text   C:\Windows\system32\igfxsrvc.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                  00000000773cfa50 5 bytes JMP 0000000077530380
.text   C:\Windows\system32\igfxsrvc.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                           00000000773cfab0 5 bytes JMP 00000000775302e0
.text   C:\Windows\system32\igfxsrvc.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                      00000000773cfb00 5 bytes JMP 0000000077530410
.text   C:\Windows\system32\igfxsrvc.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                         00000000773cfb30 5 bytes JMP 00000000775302d0
.text   C:\Windows\system32\igfxsrvc.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                       00000000773cfb50 5 bytes JMP 0000000077530310
.text   C:\Windows\system32\igfxsrvc.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                        00000000773cfb90 5 bytes JMP 0000000077530390
.text   C:\Windows\system32\igfxsrvc.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                     00000000773cfbe0 5 bytes JMP 00000000775303c0
.text   C:\Windows\system32\igfxsrvc.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                        00000000773cfd40 5 bytes JMP 0000000077530230
.text   C:\Windows\system32\igfxsrvc.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                             00000000773cff00 5 bytes JMP 0000000077530460
.text   C:\Windows\system32\igfxsrvc.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                            00000000773cff30 5 bytes JMP 0000000077530370
.text   C:\Windows\system32\igfxsrvc.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                     00000000773d0010 5 bytes JMP 00000000775302f0
.text   C:\Windows\system32\igfxsrvc.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                  00000000773d0020 5 bytes JMP 0000000077530350
.text   C:\Windows\system32\igfxsrvc.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                        00000000773d0080 5 bytes JMP 0000000077530290
.text   C:\Windows\system32\igfxsrvc.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                     00000000773d0110 5 bytes JMP 00000000775302b0
.text   C:\Windows\system32\igfxsrvc.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                      00000000773d0130 5 bytes JMP 00000000775303a0
.text   C:\Windows\system32\igfxsrvc.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                         00000000773d0140 5 bytes JMP 0000000077530330
.text   C:\Windows\system32\igfxsrvc.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                  00000000773d01b0 5 bytes JMP 00000000775303e0
.text   C:\Windows\system32\igfxsrvc.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                     00000000773d01e0 5 bytes JMP 0000000077530240
.text   C:\Windows\system32\igfxsrvc.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                          00000000773d04a0 5 bytes JMP 00000000775301e0
.text   C:\Windows\system32\igfxsrvc.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                     00000000773d0560 5 bytes JMP 0000000077530250
.text   C:\Windows\system32\igfxsrvc.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                     00000000773d0590 5 bytes JMP 0000000077530470
.text   C:\Windows\system32\igfxsrvc.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                            00000000773d05a0 5 bytes JMP 0000000077530480
.text   C:\Windows\system32\igfxsrvc.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                       00000000773d05d0 5 bytes JMP 0000000077530300
.text   C:\Windows\system32\igfxsrvc.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                    00000000773d05e0 5 bytes JMP 0000000077530360
.text   C:\Windows\system32\igfxsrvc.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                          00000000773d0640 5 bytes JMP 00000000775302a0
.text   C:\Windows\system32\igfxsrvc.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                       00000000773d0690 5 bytes JMP 00000000775302c0
.text   C:\Windows\system32\igfxsrvc.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                           00000000773d06d0 5 bytes JMP 0000000077530340
.text   C:\Windows\system32\igfxsrvc.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                    00000000773d09c0 5 bytes JMP 0000000077530420
.text   C:\Windows\system32\igfxsrvc.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                   00000000773d0bc0 5 bytes JMP 0000000077530260
.text   C:\Windows\system32\igfxsrvc.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                      00000000773d0bd0 5 bytes JMP 0000000077530270
.text   C:\Windows\system32\igfxsrvc.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                    00000000773d0be0 5 bytes JMP 00000000775303d0
.text   C:\Windows\system32\igfxsrvc.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                00000000773d0da0 5 bytes JMP 00000000775301f0
.text   C:\Windows\system32\igfxsrvc.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                 00000000773d0db0 5 bytes JMP 0000000077530210
.text   C:\Windows\system32\igfxsrvc.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                      00000000773d0e20 5 bytes JMP 0000000077530200
.text   C:\Windows\system32\igfxsrvc.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                      00000000773d0e80 5 bytes JMP 00000000775303f0
.text   C:\Windows\system32\igfxsrvc.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                       00000000773d0e90 5 bytes JMP 0000000077530400
.text   C:\Windows\system32\igfxsrvc.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                  00000000773d0ea0 5 bytes JMP 0000000077530220
.text   C:\Windows\system32\igfxsrvc.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                          00000000773d0f80 5 bytes JMP 0000000077530280
.text   C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                       00000000773cf760 5 bytes JMP 0000000077530440
.text   C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                00000000773cf7b0 5 bytes JMP 0000000077530430
.text   C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                     00000000773cf960 5 bytes JMP 0000000077530450
.text   C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                           00000000773cf970 5 bytes JMP 00000000775303b0
.text   C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                00000000773cfa20 5 bytes JMP 0000000077530320
.text   C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                         00000000773cfa50 5 bytes JMP 0000000077530380
.text   C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                  00000000773cfab0 5 bytes JMP 00000000775302e0
.text   C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                             00000000773cfb00 5 bytes JMP 0000000077530410
.text   C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                00000000773cfb30 5 bytes JMP 00000000775302d0
.text   C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                              00000000773cfb50 5 bytes JMP 0000000077530310
.text   C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                               00000000773cfb90 5 bytes JMP 0000000077530390
.text   C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                            00000000773cfbe0 5 bytes JMP 00000000775303c0
.text   C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                               00000000773cfd40 5 bytes JMP 0000000077530230
.text   C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                    00000000773cff00 5 bytes JMP 0000000077530460
.text   C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                   00000000773cff30 5 bytes JMP 0000000077530370
.text   C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                            00000000773d0010 5 bytes JMP 00000000775302f0
.text   C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                         00000000773d0020 5 bytes JMP 0000000077530350
.text   C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                               00000000773d0080 5 bytes JMP 0000000077530290
.text   C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                            00000000773d0110 5 bytes JMP 00000000775302b0
.text   C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                             00000000773d0130 5 bytes JMP 00000000775303a0
.text   C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                00000000773d0140 5 bytes JMP 0000000077530330
.text   C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                         00000000773d01b0 5 bytes JMP 00000000775303e0
.text   C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                            00000000773d01e0 5 bytes JMP 0000000077530240
.text   C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                 00000000773d04a0 5 bytes JMP 00000000775301e0
.text   C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                            00000000773d0560 5 bytes JMP 0000000077530250
.text   C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                            00000000773d0590 5 bytes JMP 0000000077530470
.text   C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                   00000000773d05a0 5 bytes JMP 0000000077530480
.text   C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                              00000000773d05d0 5 bytes JMP 0000000077530300
.text   C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                           00000000773d05e0 5 bytes JMP 0000000077530360
.text   C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                 00000000773d0640 5 bytes JMP 00000000775302a0
.text   C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                              00000000773d0690 5 bytes JMP 00000000775302c0
.text   C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                  00000000773d06d0 5 bytes JMP 0000000077530340
.text   C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                           00000000773d09c0 5 bytes JMP 0000000077530420
.text   C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                          00000000773d0bc0 5 bytes JMP 0000000077530260
.text   C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                             00000000773d0bd0 5 bytes JMP 0000000077530270
.text   C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                           00000000773d0be0 5 bytes JMP 00000000775303d0
.text   C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                       00000000773d0da0 5 bytes JMP 00000000775301f0
.text   C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                        00000000773d0db0 5 bytes JMP 0000000077530210
.text   C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                             00000000773d0e20 5 bytes JMP 0000000077530200
.text   C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                             00000000773d0e80 5 bytes JMP 00000000775303f0
.text   C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                              00000000773d0e90 5 bytes JMP 0000000077530400
.text   C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                         00000000773d0ea0 5 bytes JMP 0000000077530220
.text   C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                 00000000773d0f80 5 bytes JMP 0000000077530280
.text   C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                           00000000773cf760 5 bytes JMP 0000000077530440
.text   C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                    00000000773cf7b0 5 bytes JMP 0000000077530430
.text   C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                         00000000773cf960 5 bytes JMP 0000000077530450
.text   C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                               00000000773cf970 5 bytes JMP 00000000775303b0
.text   C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                    00000000773cfa20 5 bytes JMP 0000000077530320
.text   C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                             00000000773cfa50 5 bytes JMP 0000000077530380
.text   C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                      00000000773cfab0 5 bytes JMP 00000000775302e0
.text   C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                 00000000773cfb00 5 bytes JMP 0000000077530410
.text   C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                    00000000773cfb30 5 bytes JMP 00000000775302d0
.text   C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                  00000000773cfb50 5 bytes JMP 0000000077530310
.text   C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                   00000000773cfb90 5 bytes JMP 0000000077530390
.text   C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                00000000773cfbe0 5 bytes JMP 00000000775303c0
.text   C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                   00000000773cfd40 5 bytes JMP 0000000077530230
.text   C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                        00000000773cff00 5 bytes JMP 0000000077530460
.text   C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                       00000000773cff30 5 bytes JMP 0000000077530370
.text   C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                00000000773d0010 5 bytes JMP 00000000775302f0
.text   C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                             00000000773d0020 5 bytes JMP 0000000077530350
.text   C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                   00000000773d0080 5 bytes JMP 0000000077530290
.text   C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                00000000773d0110 5 bytes JMP 00000000775302b0
.text   C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                 00000000773d0130 5 bytes JMP 00000000775303a0
.text   C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                    00000000773d0140 5 bytes JMP 0000000077530330
.text   C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                             00000000773d01b0 5 bytes JMP 00000000775303e0
.text   C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                00000000773d01e0 5 bytes JMP 0000000077530240
.text   C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                     00000000773d04a0 5 bytes JMP 00000000775301e0
.text   C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                00000000773d0560 5 bytes JMP 0000000077530250
.text   C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                00000000773d0590 5 bytes JMP 0000000077530470
.text   C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                       00000000773d05a0 5 bytes JMP 0000000077530480
.text   C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                  00000000773d05d0 5 bytes JMP 0000000077530300
.text   C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                               00000000773d05e0 5 bytes JMP 0000000077530360
.text   C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                     00000000773d0640 5 bytes JMP 00000000775302a0
.text   C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                  00000000773d0690 5 bytes JMP 00000000775302c0
.text   C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                      00000000773d06d0 5 bytes JMP 0000000077530340
.text   C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                               00000000773d09c0 5 bytes JMP 0000000077530420
.text   C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                              00000000773d0bc0 5 bytes JMP 0000000077530260
.text   C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                 00000000773d0bd0 5 bytes JMP 0000000077530270
.text   C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                               00000000773d0be0 5 bytes JMP 00000000775303d0
.text   C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                           00000000773d0da0 5 bytes JMP 00000000775301f0
.text   C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                            00000000773d0db0 5 bytes JMP 0000000077530210
.text   C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                 00000000773d0e20 5 bytes JMP 0000000077530200
.text   C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                 00000000773d0e80 5 bytes JMP 00000000775303f0
.text   C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                  00000000773d0e90 5 bytes JMP 0000000077530400
.text   C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                             00000000773d0ea0 5 bytes JMP 0000000077530220
.text   C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                     00000000773d0f80 5 bytes JMP 0000000077530280
.text   C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe[2632] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                          000000007705f1fd 1 byte [62]
.text   C:\Program Files\Fujitsu\PSUtility\TrayManager.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                              00000000773cf760 5 bytes JMP 0000000077530440
.text   C:\Program Files\Fujitsu\PSUtility\TrayManager.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                       00000000773cf7b0 5 bytes JMP 0000000077530430
.text   C:\Program Files\Fujitsu\PSUtility\TrayManager.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                            00000000773cf960 5 bytes JMP 0000000077530450
.text   C:\Program Files\Fujitsu\PSUtility\TrayManager.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                  00000000773cf970 5 bytes JMP 00000000775303b0
.text   C:\Program Files\Fujitsu\PSUtility\TrayManager.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                       00000000773cfa20 5 bytes JMP 0000000077530320
.text   C:\Program Files\Fujitsu\PSUtility\TrayManager.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                00000000773cfa50 5 bytes JMP 0000000077530380
.text   C:\Program Files\Fujitsu\PSUtility\TrayManager.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                         00000000773cfab0 5 bytes JMP 00000000775302e0
.text   C:\Program Files\Fujitsu\PSUtility\TrayManager.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                    00000000773cfb00 5 bytes JMP 0000000077530410
.text   C:\Program Files\Fujitsu\PSUtility\TrayManager.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                       00000000773cfb30 5 bytes JMP 00000000775302d0
.text   C:\Program Files\Fujitsu\PSUtility\TrayManager.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                     00000000773cfb50 5 bytes JMP 0000000077530310
.text   C:\Program Files\Fujitsu\PSUtility\TrayManager.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                      00000000773cfb90 5 bytes JMP 0000000077530390
.text   C:\Program Files\Fujitsu\PSUtility\TrayManager.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                   00000000773cfbe0 5 bytes JMP 00000000775303c0
.text   C:\Program Files\Fujitsu\PSUtility\TrayManager.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                      00000000773cfd40 5 bytes JMP 0000000077530230
.text   C:\Program Files\Fujitsu\PSUtility\TrayManager.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                           00000000773cff00 5 bytes JMP 0000000077530460
.text   C:\Program Files\Fujitsu\PSUtility\TrayManager.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                          00000000773cff30 5 bytes JMP 0000000077530370
.text   C:\Program Files\Fujitsu\PSUtility\TrayManager.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                   00000000773d0010 5 bytes JMP 00000000775302f0
.text   C:\Program Files\Fujitsu\PSUtility\TrayManager.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                00000000773d0020 5 bytes JMP 0000000077530350
.text   C:\Program Files\Fujitsu\PSUtility\TrayManager.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                      00000000773d0080 5 bytes JMP 0000000077530290
.text   C:\Program Files\Fujitsu\PSUtility\TrayManager.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                   00000000773d0110 5 bytes JMP 00000000775302b0
.text   C:\Program Files\Fujitsu\PSUtility\TrayManager.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                    00000000773d0130 5 bytes JMP 00000000775303a0
.text   C:\Program Files\Fujitsu\PSUtility\TrayManager.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                       00000000773d0140 5 bytes JMP 0000000077530330
.text   C:\Program Files\Fujitsu\PSUtility\TrayManager.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                00000000773d01b0 5 bytes JMP 00000000775303e0
.text   C:\Program Files\Fujitsu\PSUtility\TrayManager.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                   00000000773d01e0 5 bytes JMP 0000000077530240
.text   C:\Program Files\Fujitsu\PSUtility\TrayManager.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                        00000000773d04a0 5 bytes JMP 00000000775301e0
.text   C:\Program Files\Fujitsu\PSUtility\TrayManager.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                   00000000773d0560 5 bytes JMP 0000000077530250
.text   C:\Program Files\Fujitsu\PSUtility\TrayManager.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                   00000000773d0590 5 bytes JMP 0000000077530470
.text   C:\Program Files\Fujitsu\PSUtility\TrayManager.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                          00000000773d05a0 5 bytes JMP 0000000077530480
.text   C:\Program Files\Fujitsu\PSUtility\TrayManager.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                     00000000773d05d0 5 bytes JMP 0000000077530300
.text   C:\Program Files\Fujitsu\PSUtility\TrayManager.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                  00000000773d05e0 5 bytes JMP 0000000077530360
.text   C:\Program Files\Fujitsu\PSUtility\TrayManager.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                        00000000773d0640 5 bytes JMP 00000000775302a0
.text   C:\Program Files\Fujitsu\PSUtility\TrayManager.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                     00000000773d0690 5 bytes JMP 00000000775302c0
.text   C:\Program Files\Fujitsu\PSUtility\TrayManager.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                         00000000773d06d0 5 bytes JMP 0000000077530340
.text   C:\Program Files\Fujitsu\PSUtility\TrayManager.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                  00000000773d09c0 5 bytes JMP 0000000077530420
.text   C:\Program Files\Fujitsu\PSUtility\TrayManager.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                 00000000773d0bc0 5 bytes JMP 0000000077530260
.text   C:\Program Files\Fujitsu\PSUtility\TrayManager.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                    00000000773d0bd0 5 bytes JMP 0000000077530270
.text   C:\Program Files\Fujitsu\PSUtility\TrayManager.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                  00000000773d0be0 5 bytes JMP 00000000775303d0
.text   C:\Program Files\Fujitsu\PSUtility\TrayManager.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                              00000000773d0da0 5 bytes JMP 00000000775301f0
.text   C:\Program Files\Fujitsu\PSUtility\TrayManager.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                               00000000773d0db0 5 bytes JMP 0000000077530210
.text   C:\Program Files\Fujitsu\PSUtility\TrayManager.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                    00000000773d0e20 5 bytes JMP 0000000077530200
.text   C:\Program Files\Fujitsu\PSUtility\TrayManager.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                    00000000773d0e80 5 bytes JMP 00000000775303f0
.text   C:\Program Files\Fujitsu\PSUtility\TrayManager.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                     00000000773d0e90 5 bytes JMP 0000000077530400
.text   C:\Program Files\Fujitsu\PSUtility\TrayManager.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                00000000773d0ea0 5 bytes JMP 0000000077530220
.text   C:\Program Files\Fujitsu\PSUtility\TrayManager.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                        00000000773d0f80 5 bytes JMP 0000000077530280
.text   C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                     00000000773cf760 5 bytes JMP 0000000077530440
.text   C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                              00000000773cf7b0 5 bytes JMP 0000000077530430
.text   C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                   00000000773cf960 5 bytes JMP 0000000077530450
.text   C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                         00000000773cf970 5 bytes JMP 00000000775303b0
.text   C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                              00000000773cfa20 5 bytes JMP 0000000077530320
.text   C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                       00000000773cfa50 5 bytes JMP 0000000077530380
.text   C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                00000000773cfab0 5 bytes JMP 00000000775302e0
.text   C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                           00000000773cfb00 5 bytes JMP 0000000077530410
.text   C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                              00000000773cfb30 5 bytes JMP 00000000775302d0
.text   C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                            00000000773cfb50 5 bytes JMP 0000000077530310
.text   C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                             00000000773cfb90 5 bytes JMP 0000000077530390
.text   C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                          00000000773cfbe0 5 bytes JMP 00000000775303c0
.text   C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                             00000000773cfd40 5 bytes JMP 0000000077530230
.text   C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                  00000000773cff00 5 bytes JMP 0000000077530460
.text   C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                 00000000773cff30 5 bytes JMP 0000000077530370
.text   C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                          00000000773d0010 5 bytes JMP 00000000775302f0
.text   C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                       00000000773d0020 5 bytes JMP 0000000077530350
.text   C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                             00000000773d0080 5 bytes JMP 0000000077530290
.text   C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                          00000000773d0110 5 bytes JMP 00000000775302b0
.text   C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                           00000000773d0130 5 bytes JMP 00000000775303a0
.text   C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                              00000000773d0140 5 bytes JMP 0000000077530330
.text   C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                       00000000773d01b0 5 bytes JMP 00000000775303e0
.text   C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                          00000000773d01e0 5 bytes JMP 0000000077530240
.text   C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                               00000000773d04a0 5 bytes JMP 00000000775301e0
.text   C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                          00000000773d0560 5 bytes JMP 0000000077530250
.text   C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                          00000000773d0590 5 bytes JMP 0000000077530470
.text   C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                 00000000773d05a0 5 bytes JMP 0000000077530480
.text   C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                            00000000773d05d0 5 bytes JMP 0000000077530300
.text   C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                         00000000773d05e0 5 bytes JMP 0000000077530360
.text   C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                               00000000773d0640 5 bytes JMP 00000000775302a0
.text   C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                            00000000773d0690 5 bytes JMP 00000000775302c0
.text   C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                00000000773d06d0 5 bytes JMP 0000000077530340
.text   C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                         00000000773d09c0 5 bytes JMP 0000000077530420
.text   C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                        00000000773d0bc0 5 bytes JMP 0000000077530260
.text   C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                           00000000773d0bd0 5 bytes JMP 0000000077530270
.text   C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                         00000000773d0be0 5 bytes JMP 00000000775303d0
.text   C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                     00000000773d0da0 5 bytes JMP 00000000775301f0
.text   C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                      00000000773d0db0 5 bytes JMP 0000000077530210
.text   C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                           00000000773d0e20 5 bytes JMP 0000000077530200
.text   C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                           00000000773d0e80 5 bytes JMP 00000000775303f0
.text   C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                            00000000773d0e90 5 bytes JMP 0000000077530400
.text   C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                       00000000773d0ea0 5 bytes JMP 0000000077530220
.text   C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                               00000000773d0f80 5 bytes JMP 0000000077530280
.text   C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe[2748] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                    000000007705f1fd 1 byte [62]
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                 00000000773cf760 5 bytes JMP 0000000077530440
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                          00000000773cf7b0 5 bytes JMP 0000000077530430
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                               00000000773cf960 5 bytes JMP 0000000077530450
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                     00000000773cf970 5 bytes JMP 00000000775303b0
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                          00000000773cfa20 5 bytes JMP 0000000077530320
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                   00000000773cfa50 5 bytes JMP 0000000077530380
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                            00000000773cfab0 5 bytes JMP 00000000775302e0
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                       00000000773cfb00 5 bytes JMP 0000000077530410
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                          00000000773cfb30 5 bytes JMP 00000000775302d0
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                        00000000773cfb50 5 bytes JMP 0000000077530310
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                         00000000773cfb90 5 bytes JMP 0000000077530390
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                      00000000773cfbe0 5 bytes JMP 00000000775303c0
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                         00000000773cfd40 5 bytes JMP 0000000077530230
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                              00000000773cff00 5 bytes JMP 0000000077530460
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                             00000000773cff30 5 bytes JMP 0000000077530370
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                      00000000773d0010 5 bytes JMP 00000000775302f0
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                   00000000773d0020 5 bytes JMP 0000000077530350
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                         00000000773d0080 5 bytes JMP 0000000077530290
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                      00000000773d0110 5 bytes JMP 00000000775302b0
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                       00000000773d0130 5 bytes JMP 00000000775303a0
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                          00000000773d0140 5 bytes JMP 0000000077530330
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                   00000000773d01b0 5 bytes JMP 00000000775303e0
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                      00000000773d01e0 5 bytes JMP 0000000077530240
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                           00000000773d04a0 5 bytes JMP 00000000775301e0
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                      00000000773d0560 5 bytes JMP 0000000077530250
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                      00000000773d0590 5 bytes JMP 0000000077530470
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                             00000000773d05a0 5 bytes JMP 0000000077530480
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                        00000000773d05d0 5 bytes JMP 0000000077530300
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                     00000000773d05e0 5 bytes JMP 0000000077530360
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                           00000000773d0640 5 bytes JMP 00000000775302a0
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                        00000000773d0690 5 bytes JMP 00000000775302c0
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                            00000000773d06d0 5 bytes JMP 0000000077530340
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                     00000000773d09c0 5 bytes JMP 0000000077530420
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                    00000000773d0bc0 5 bytes JMP 0000000077530260
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                       00000000773d0bd0 5 bytes JMP 0000000077530270
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                     00000000773d0be0 5 bytes JMP 00000000775303d0
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                 00000000773d0da0 5 bytes JMP 00000000775301f0
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                  00000000773d0db0 5 bytes JMP 0000000077530210
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                       00000000773d0e20 5 bytes JMP 0000000077530200
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                       00000000773d0e80 5 bytes JMP 00000000775303f0
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                        00000000773d0e90 5 bytes JMP 0000000077530400
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                   00000000773d0ea0 5 bytes JMP 0000000077530220
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                           00000000773d0f80 5 bytes JMP 0000000077530280
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2784] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                000000007705f1fd 1 byte [62]
.text   C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[3008] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112         00000000763bb0c5 1 byte [62]
.text   C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe[3020] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                             00000000763bb0c5 1 byte [62]
.text   C:\Program Files\AVAST Software\Avast\AvastUI.exe[3056] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                              00000000763bb0c5 1 byte [62]
.text   C:\Windows\system32\wbem\wmiprvse.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                           00000000773cf760 5 bytes JMP 0000000077530440
.text   C:\Windows\system32\wbem\wmiprvse.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                    00000000773cf7b0 5 bytes JMP 0000000077530430
.text   C:\Windows\system32\wbem\wmiprvse.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                         00000000773cf960 5 bytes JMP 0000000077530450
.text   C:\Windows\system32\wbem\wmiprvse.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                               00000000773cf970 5 bytes JMP 00000000775303b0
.text   C:\Windows\system32\wbem\wmiprvse.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                    00000000773cfa20 5 bytes JMP 0000000077530320
.text   C:\Windows\system32\wbem\wmiprvse.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                             00000000773cfa50 5 bytes JMP 0000000077530380
.text   C:\Windows\system32\wbem\wmiprvse.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                      00000000773cfab0 5 bytes JMP 00000000775302e0
.text   C:\Windows\system32\wbem\wmiprvse.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                 00000000773cfb00 5 bytes JMP 0000000077530410
.text   C:\Windows\system32\wbem\wmiprvse.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                    00000000773cfb30 5 bytes JMP 00000000775302d0
.text   C:\Windows\system32\wbem\wmiprvse.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                  00000000773cfb50 5 bytes JMP 0000000077530310
.text   C:\Windows\system32\wbem\wmiprvse.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                   00000000773cfb90 5 bytes JMP 0000000077530390
.text   C:\Windows\system32\wbem\wmiprvse.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                00000000773cfbe0 5 bytes JMP 00000000775303c0
.text   C:\Windows\system32\wbem\wmiprvse.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                   00000000773cfd40 5 bytes JMP 0000000077530230
.text   C:\Windows\system32\wbem\wmiprvse.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                        00000000773cff00 5 bytes JMP 0000000077530460
.text   C:\Windows\system32\wbem\wmiprvse.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                       00000000773cff30 5 bytes JMP 0000000077530370
.text   C:\Windows\system32\wbem\wmiprvse.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                00000000773d0010 5 bytes JMP 00000000775302f0
.text   C:\Windows\system32\wbem\wmiprvse.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                             00000000773d0020 5 bytes JMP 0000000077530350
.text   C:\Windows\system32\wbem\wmiprvse.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                   00000000773d0080 5 bytes JMP 0000000077530290
.text   C:\Windows\system32\wbem\wmiprvse.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                00000000773d0110 5 bytes JMP 00000000775302b0
.text   C:\Windows\system32\wbem\wmiprvse.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                 00000000773d0130 5 bytes JMP 00000000775303a0
.text   C:\Windows\system32\wbem\wmiprvse.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                    00000000773d0140 5 bytes JMP 0000000077530330
.text   C:\Windows\system32\wbem\wmiprvse.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                             00000000773d01b0 5 bytes JMP 00000000775303e0
.text   C:\Windows\system32\wbem\wmiprvse.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                00000000773d01e0 5 bytes JMP 0000000077530240
.text   C:\Windows\system32\wbem\wmiprvse.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                     00000000773d04a0 5 bytes JMP 00000000775301e0
.text   C:\Windows\system32\wbem\wmiprvse.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                00000000773d0560 5 bytes JMP 0000000077530250
.text   C:\Windows\system32\wbem\wmiprvse.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                00000000773d0590 5 bytes JMP 0000000077530470
.text   C:\Windows\system32\wbem\wmiprvse.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                       00000000773d05a0 5 bytes JMP 0000000077530480
.text   C:\Windows\system32\wbem\wmiprvse.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                  00000000773d05d0 5 bytes JMP 0000000077530300
.text   C:\Windows\system32\wbem\wmiprvse.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                               00000000773d05e0 5 bytes JMP 0000000077530360
.text   C:\Windows\system32\wbem\wmiprvse.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                     00000000773d0640 5 bytes JMP 00000000775302a0
.text   C:\Windows\system32\wbem\wmiprvse.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                  00000000773d0690 5 bytes JMP 00000000775302c0
.text   C:\Windows\system32\wbem\wmiprvse.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                      00000000773d06d0 5 bytes JMP 0000000077530340
.text   C:\Windows\system32\wbem\wmiprvse.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                               00000000773d09c0 5 bytes JMP 0000000077530420
.text   C:\Windows\system32\wbem\wmiprvse.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                              00000000773d0bc0 5 bytes JMP 0000000077530260
.text   C:\Windows\system32\wbem\wmiprvse.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                 00000000773d0bd0 5 bytes JMP 0000000077530270
.text   C:\Windows\system32\wbem\wmiprvse.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                               00000000773d0be0 5 bytes JMP 00000000775303d0
.text   C:\Windows\system32\wbem\wmiprvse.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                           00000000773d0da0 5 bytes JMP 00000000775301f0
.text   C:\Windows\system32\wbem\wmiprvse.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                            00000000773d0db0 5 bytes JMP 0000000077530210
.text   C:\Windows\system32\wbem\wmiprvse.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                 00000000773d0e20 5 bytes JMP 0000000077530200
.text   C:\Windows\system32\wbem\wmiprvse.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                 00000000773d0e80 5 bytes JMP 00000000775303f0
.text   C:\Windows\system32\wbem\wmiprvse.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                  00000000773d0e90 5 bytes JMP 0000000077530400
.text   C:\Windows\system32\wbem\wmiprvse.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                             00000000773d0ea0 5 bytes JMP 0000000077530220
.text   C:\Windows\system32\wbem\wmiprvse.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                     00000000773d0f80 5 bytes JMP 0000000077530280
.text   C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                        00000000773cf760 5 bytes JMP 0000000077530440
.text   C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                 00000000773cf7b0 5 bytes JMP 0000000077530430
.text   C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                      00000000773cf960 5 bytes JMP 0000000077530450
.text   C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                            00000000773cf970 5 bytes JMP 00000000775303b0
.text   C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                 00000000773cfa20 5 bytes JMP 0000000077530320
.text   C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                          00000000773cfa50 5 bytes JMP 0000000077530380
.text   C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                   00000000773cfab0 5 bytes JMP 00000000775302e0
.text   C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                              00000000773cfb00 5 bytes JMP 0000000077530410
.text   C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                 00000000773cfb30 5 bytes JMP 00000000775302d0
.text   C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                               00000000773cfb50 5 bytes JMP 0000000077530310
.text   C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                00000000773cfb90 5 bytes JMP 0000000077530390
.text   C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                             00000000773cfbe0 5 bytes JMP 00000000775303c0
.text   C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                00000000773cfd40 5 bytes JMP 0000000077530230
.text   C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                     00000000773cff00 5 bytes JMP 0000000077530460
.text   C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                    00000000773cff30 5 bytes JMP 0000000077530370
.text   C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                             00000000773d0010 5 bytes JMP 00000000775302f0
.text   C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                          00000000773d0020 5 bytes JMP 0000000077530350
.text   C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                00000000773d0080 5 bytes JMP 0000000077530290
.text   C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                             00000000773d0110 5 bytes JMP 00000000775302b0
.text   C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                              00000000773d0130 5 bytes JMP 00000000775303a0
.text   C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                 00000000773d0140 5 bytes JMP 0000000077530330
.text   C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                          00000000773d01b0 5 bytes JMP 00000000775303e0
.text   C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                             00000000773d01e0 5 bytes JMP 0000000077530240
.text   C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                  00000000773d04a0 5 bytes JMP 00000000775301e0
.text   C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                             00000000773d0560 5 bytes JMP 0000000077530250
.text   C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                             00000000773d0590 5 bytes JMP 0000000077530470
.text   C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                    00000000773d05a0 5 bytes JMP 0000000077530480
.text   C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                               00000000773d05d0 5 bytes JMP 0000000077530300
.text   C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                            00000000773d05e0 5 bytes JMP 0000000077530360
.text   C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                  00000000773d0640 5 bytes JMP 00000000775302a0
.text   C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                               00000000773d0690 5 bytes JMP 00000000775302c0
.text   C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                   00000000773d06d0 5 bytes JMP 0000000077530340
.text   C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                            00000000773d09c0 5 bytes JMP 0000000077530420
.text   C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                           00000000773d0bc0 5 bytes JMP 0000000077530260
.text   C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                              00000000773d0bd0 5 bytes JMP 0000000077530270
.text   C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                            00000000773d0be0 5 bytes JMP 00000000775303d0
.text   C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                        00000000773d0da0 5 bytes JMP 00000000775301f0
.text   C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                         00000000773d0db0 5 bytes JMP 0000000077530210
.text   C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                              00000000773d0e20 5 bytes JMP 0000000077530200
.text   C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                              00000000773d0e80 5 bytes JMP 00000000775303f0
.text   C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                               00000000773d0e90 5 bytes JMP 0000000077530400
.text   C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                          00000000773d0ea0 5 bytes JMP 0000000077530220
.text   C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                  00000000773d0f80 5 bytes JMP 0000000077530280
.text   C:\Windows\system32\SearchIndexer.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                            00000000773cf760 5 bytes JMP 0000000100070440
.text   C:\Windows\system32\SearchIndexer.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                     00000000773cf7b0 5 bytes JMP 0000000100070430
.text   C:\Windows\system32\SearchIndexer.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                          00000000773cf960 5 bytes JMP 0000000100070450
.text   C:\Windows\system32\SearchIndexer.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                00000000773cf970 5 bytes JMP 00000001000703b0
.text   C:\Windows\system32\SearchIndexer.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                     00000000773cfa20 5 bytes JMP 0000000100070320
.text   C:\Windows\system32\SearchIndexer.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                              00000000773cfa50 5 bytes JMP 0000000100070380
.text   C:\Windows\system32\SearchIndexer.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                       00000000773cfab0 5 bytes JMP 00000001000702e0
.text   C:\Windows\system32\SearchIndexer.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                  00000000773cfb00 5 bytes JMP 0000000100070410
.text   C:\Windows\system32\SearchIndexer.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                     00000000773cfb30 5 bytes JMP 00000001000702d0
.text   C:\Windows\system32\SearchIndexer.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                   00000000773cfb50 5 bytes JMP 0000000100070310
.text   C:\Windows\system32\SearchIndexer.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                    00000000773cfb90 5 bytes JMP 0000000100070390
.text   C:\Windows\system32\SearchIndexer.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                 00000000773cfbe0 5 bytes JMP 00000001000703c0
.text   C:\Windows\system32\SearchIndexer.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                    00000000773cfd40 5 bytes JMP 0000000100070230
.text   C:\Windows\system32\SearchIndexer.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                         00000000773cff00 5 bytes JMP 0000000100070460
.text   C:\Windows\system32\SearchIndexer.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                        00000000773cff30 5 bytes JMP 0000000100070370
.text   C:\Windows\system32\SearchIndexer.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                 00000000773d0010 5 bytes JMP 00000001000702f0
.text   C:\Windows\system32\SearchIndexer.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                              00000000773d0020 5 bytes JMP 0000000100070350
.text   C:\Windows\system32\SearchIndexer.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                    00000000773d0080 5 bytes JMP 0000000100070290
.text   C:\Windows\system32\SearchIndexer.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                 00000000773d0110 5 bytes JMP 00000001000702b0
.text   C:\Windows\system32\SearchIndexer.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                  00000000773d0130 5 bytes JMP 00000001000703a0
.text   C:\Windows\system32\SearchIndexer.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                     00000000773d0140 5 bytes JMP 0000000100070330
.text   C:\Windows\system32\SearchIndexer.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                              00000000773d01b0 5 bytes JMP 00000001000703e0
.text   C:\Windows\system32\SearchIndexer.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                 00000000773d01e0 5 bytes JMP 0000000100070240
.text   C:\Windows\system32\SearchIndexer.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                      00000000773d04a0 5 bytes JMP 00000001000701e0
.text   C:\Windows\system32\SearchIndexer.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                 00000000773d0560 5 bytes JMP 0000000100070250
.text   C:\Windows\system32\SearchIndexer.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                 00000000773d0590 5 bytes JMP 0000000100070470
.text   C:\Windows\system32\SearchIndexer.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                        00000000773d05a0 5 bytes JMP 0000000100070480
.text   C:\Windows\system32\SearchIndexer.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                   00000000773d05d0 5 bytes JMP 0000000100070300
.text   C:\Windows\system32\SearchIndexer.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                00000000773d05e0 5 bytes JMP 0000000100070360
.text   C:\Windows\system32\SearchIndexer.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                      00000000773d0640 5 bytes JMP 00000001000702a0
.text   C:\Windows\system32\SearchIndexer.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                   00000000773d0690 5 bytes JMP 00000001000702c0
.text   C:\Windows\system32\SearchIndexer.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                       00000000773d06d0 5 bytes JMP 0000000100070340
.text   C:\Windows\system32\SearchIndexer.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                00000000773d09c0 5 bytes JMP 0000000100070420
.text   C:\Windows\system32\SearchIndexer.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                               00000000773d0bc0 5 bytes JMP 0000000100070260
.text   C:\Windows\system32\SearchIndexer.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                  00000000773d0bd0 5 bytes JMP 0000000100070270
.text   C:\Windows\system32\SearchIndexer.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                00000000773d0be0 5 bytes JMP 00000001000703d0
.text   C:\Windows\system32\SearchIndexer.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                            00000000773d0da0 5 bytes JMP 00000001000701f0
.text   C:\Windows\system32\SearchIndexer.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                             00000000773d0db0 5 bytes JMP 0000000100070210
.text   C:\Windows\system32\SearchIndexer.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                  00000000773d0e20 5 bytes JMP 0000000100070200
.text   C:\Windows\system32\SearchIndexer.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                  00000000773d0e80 5 bytes JMP 00000001000703f0
.text   C:\Windows\system32\SearchIndexer.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                   00000000773d0e90 5 bytes JMP 0000000100070400
.text   C:\Windows\system32\SearchIndexer.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                              00000000773d0ea0 5 bytes JMP 0000000100070220
.text   C:\Windows\system32\SearchIndexer.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                      00000000773d0f80 5 bytes JMP 0000000100070280
.text   C:\Windows\system32\SearchIndexer.exe[516] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                           000000007705f1fd 1 byte [62]
         

Alt 31.01.2013, 14:32   #8
LouCyphre
 
trojan.hijacker - win7 auch nach neuinstallation infiziert? rootkit? - Standard

trojan.hijacker - win7 auch nach neuinstallation infiziert? rootkit?



Code:
ATTFilter


.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                00000000773cf760 5 bytes JMP 0000000077530440
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                         00000000773cf7b0 5 bytes JMP 0000000077530430
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                              00000000773cf960 5 bytes JMP 0000000077530450
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                    00000000773cf970 5 bytes JMP 00000000775303b0
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                         00000000773cfa20 5 bytes JMP 0000000077530320
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                  00000000773cfa50 5 bytes JMP 0000000077530380
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                           00000000773cfab0 5 bytes JMP 00000000775302e0
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                      00000000773cfb00 5 bytes JMP 0000000077530410
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                         00000000773cfb30 5 bytes JMP 00000000775302d0
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                       00000000773cfb50 5 bytes JMP 0000000077530310
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                        00000000773cfb90 5 bytes JMP 0000000077530390
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                     00000000773cfbe0 5 bytes JMP 00000000775303c0
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                        00000000773cfd40 5 bytes JMP 0000000077530230
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                             00000000773cff00 5 bytes JMP 0000000077530460
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                            00000000773cff30 5 bytes JMP 0000000077530370
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                     00000000773d0010 5 bytes JMP 00000000775302f0
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                  00000000773d0020 5 bytes JMP 0000000077530350
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                        00000000773d0080 5 bytes JMP 0000000077530290
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                     00000000773d0110 5 bytes JMP 00000000775302b0
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                      00000000773d0130 5 bytes JMP 00000000775303a0
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                         00000000773d0140 5 bytes JMP 0000000077530330
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                  00000000773d01b0 5 bytes JMP 00000000775303e0
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                     00000000773d01e0 5 bytes JMP 0000000077530240
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                          00000000773d04a0 5 bytes JMP 00000000775301e0
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                     00000000773d0560 5 bytes JMP 0000000077530250
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                     00000000773d0590 5 bytes JMP 0000000077530470
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                            00000000773d05a0 5 bytes JMP 0000000077530480
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                       00000000773d05d0 5 bytes JMP 0000000077530300
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                    00000000773d05e0 5 bytes JMP 0000000077530360
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                          00000000773d0640 5 bytes JMP 00000000775302a0
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                       00000000773d0690 5 bytes JMP 00000000775302c0
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                           00000000773d06d0 5 bytes JMP 0000000077530340
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                    00000000773d09c0 5 bytes JMP 0000000077530420
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                   00000000773d0bc0 5 bytes JMP 0000000077530260
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                      00000000773d0bd0 5 bytes JMP 0000000077530270
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                    00000000773d0be0 5 bytes JMP 00000000775303d0
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                00000000773d0da0 5 bytes JMP 00000000775301f0
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                 00000000773d0db0 5 bytes JMP 0000000077530210
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                      00000000773d0e20 5 bytes JMP 0000000077530200
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                      00000000773d0e80 5 bytes JMP 00000000775303f0
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                       00000000773d0e90 5 bytes JMP 0000000077530400
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                  00000000773d0ea0 5 bytes JMP 0000000077530220
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1272] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                          00000000773d0f80 5 bytes JMP 0000000077530280
.text   C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                 00000000773cf760 5 bytes JMP 0000000077530440
.text   C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                          00000000773cf7b0 5 bytes JMP 0000000077530430
.text   C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                               00000000773cf960 5 bytes JMP 0000000077530450
.text   C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                     00000000773cf970 5 bytes JMP 00000000775303b0
.text   C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                          00000000773cfa20 5 bytes JMP 0000000077530320
.text   C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                   00000000773cfa50 5 bytes JMP 0000000077530380
.text   C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                            00000000773cfab0 5 bytes JMP 00000000775302e0
.text   C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                       00000000773cfb00 5 bytes JMP 0000000077530410
.text   C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                          00000000773cfb30 5 bytes JMP 00000000775302d0
.text   C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                        00000000773cfb50 5 bytes JMP 0000000077530310
.text   C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                         00000000773cfb90 5 bytes JMP 0000000077530390
.text   C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                      00000000773cfbe0 5 bytes JMP 00000000775303c0
.text   C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                         00000000773cfd40 5 bytes JMP 0000000077530230
.text   C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                              00000000773cff00 5 bytes JMP 0000000077530460
.text   C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                             00000000773cff30 5 bytes JMP 0000000077530370
.text   C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                      00000000773d0010 5 bytes JMP 00000000775302f0
.text   C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                   00000000773d0020 5 bytes JMP 0000000077530350
.text   C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                         00000000773d0080 5 bytes JMP 0000000077530290
.text   C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                      00000000773d0110 5 bytes JMP 00000000775302b0
.text   C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                       00000000773d0130 5 bytes JMP 00000000775303a0
.text   C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                          00000000773d0140 5 bytes JMP 0000000077530330
.text   C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                   00000000773d01b0 5 bytes JMP 00000000775303e0
.text   C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                      00000000773d01e0 5 bytes JMP 0000000077530240
.text   C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                           00000000773d04a0 5 bytes JMP 00000000775301e0
.text   C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                      00000000773d0560 5 bytes JMP 0000000077530250
.text   C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                      00000000773d0590 5 bytes JMP 0000000077530470
.text   C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                             00000000773d05a0 5 bytes JMP 0000000077530480
.text   C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                        00000000773d05d0 5 bytes JMP 0000000077530300
.text   C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                     00000000773d05e0 5 bytes JMP 0000000077530360
.text   C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                           00000000773d0640 5 bytes JMP 00000000775302a0
.text   C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                        00000000773d0690 5 bytes JMP 00000000775302c0
.text   C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                            00000000773d06d0 5 bytes JMP 0000000077530340
.text   C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                     00000000773d09c0 5 bytes JMP 0000000077530420
.text   C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                    00000000773d0bc0 5 bytes JMP 0000000077530260
.text   C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                       00000000773d0bd0 5 bytes JMP 0000000077530270
.text   C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                     00000000773d0be0 5 bytes JMP 00000000775303d0
.text   C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                 00000000773d0da0 5 bytes JMP 00000000775301f0
.text   C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                  00000000773d0db0 5 bytes JMP 0000000077530210
.text   C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                       00000000773d0e20 5 bytes JMP 0000000077530200
.text   C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                       00000000773d0e80 5 bytes JMP 00000000775303f0
.text   C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                        00000000773d0e90 5 bytes JMP 0000000077530400
.text   C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                   00000000773d0ea0 5 bytes JMP 0000000077530220
.text   C:\Windows\system32\svchost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                           00000000773d0f80 5 bytes JMP 0000000077530280
.text   C:\Windows\system32\svchost.exe[2920] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                000000007705f1fd 1 byte [62]
.text   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort         00000000773cf760 5 bytes JMP 0000000077530440
.text   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                  00000000773cf7b0 5 bytes JMP 0000000077530430
.text   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx       00000000773cf960 5 bytes JMP 0000000077530450
.text   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess             00000000773cf970 5 bytes JMP 00000000775303b0
.text   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                  00000000773cfa20 5 bytes JMP 0000000077530320
.text   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory           00000000773cfa50 5 bytes JMP 0000000077530380
.text   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                    00000000773cfab0 5 bytes JMP 00000000775302e0
.text   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread               00000000773cfb00 5 bytes JMP 0000000077530410
.text   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                  00000000773cfb30 5 bytes JMP 00000000775302d0
.text   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                00000000773cfb50 5 bytes JMP 0000000077530310
.text   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                 00000000773cfb90 5 bytes JMP 0000000077530390
.text   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread              00000000773cfbe0 5 bytes JMP 00000000775303c0
.text   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                 00000000773cfd40 5 bytes JMP 0000000077530230
.text   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort      00000000773cff00 5 bytes JMP 0000000077530460
.text   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject     00000000773cff30 5 bytes JMP 0000000077530370
.text   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair              00000000773d0010 5 bytes JMP 00000000775302f0
.text   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion           00000000773d0020 5 bytes JMP 0000000077530350
.text   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                 00000000773d0080 5 bytes JMP 0000000077530290
.text   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore              00000000773d0110 5 bytes JMP 00000000775302b0
.text   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx               00000000773d0130 5 bytes JMP 00000000775303a0
.text   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                  00000000773d0140 5 bytes JMP 0000000077530330
.text   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess           00000000773d01b0 5 bytes JMP 00000000775303e0
.text   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry              00000000773d01e0 5 bytes JMP 0000000077530240
.text   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                   00000000773d04a0 5 bytes JMP 00000000775301e0
.text   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry              00000000773d0560 5 bytes JMP 0000000077530250
.text   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey              00000000773d0590 5 bytes JMP 0000000077530470
.text   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys     00000000773d05a0 5 bytes JMP 0000000077530480
.text   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                00000000773d05d0 5 bytes JMP 0000000077530300
.text   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion             00000000773d05e0 5 bytes JMP 0000000077530360
.text   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                   00000000773d0640 5 bytes JMP 00000000775302a0
.text   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                00000000773d0690 5 bytes JMP 00000000775302c0
.text   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                    00000000773d06d0 5 bytes JMP 0000000077530340
.text   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx             00000000773d09c0 5 bytes JMP 0000000077530420
.text   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder            00000000773d0bc0 5 bytes JMP 0000000077530260
.text   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions               00000000773d0bd0 5 bytes JMP 0000000077530270
.text   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread             00000000773d0be0 5 bytes JMP 00000000775303d0
.text   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation         00000000773d0da0 5 bytes JMP 00000000775301f0
.text   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState          00000000773d0db0 5 bytes JMP 0000000077530210
.text   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem               00000000773d0e20 5 bytes JMP 0000000077530200
.text   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess               00000000773d0e80 5 bytes JMP 00000000775303f0
.text   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                00000000773d0e90 5 bytes JMP 0000000077530400
.text   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl           00000000773d0ea0 5 bytes JMP 0000000077530220
.text   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                   00000000773d0f80 5 bytes JMP 0000000077530280
.text   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189        000000007705f1fd 1 byte [62]
.text   C:\Windows\system32\taskeng.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                 00000000773cf760 5 bytes JMP 0000000077530440
.text   C:\Windows\system32\taskeng.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                          00000000773cf7b0 5 bytes JMP 0000000077530430
.text   C:\Windows\system32\taskeng.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                               00000000773cf960 5 bytes JMP 0000000077530450
.text   C:\Windows\system32\taskeng.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                     00000000773cf970 5 bytes JMP 00000000775303b0
.text   C:\Windows\system32\taskeng.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                          00000000773cfa20 5 bytes JMP 0000000077530320
.text   C:\Windows\system32\taskeng.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                   00000000773cfa50 5 bytes JMP 0000000077530380
.text   C:\Windows\system32\taskeng.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                            00000000773cfab0 5 bytes JMP 00000000775302e0
.text   C:\Windows\system32\taskeng.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                       00000000773cfb00 5 bytes JMP 0000000077530410
.text   C:\Windows\system32\taskeng.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                          00000000773cfb30 5 bytes JMP 00000000775302d0
.text   C:\Windows\system32\taskeng.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                        00000000773cfb50 5 bytes JMP 0000000077530310
.text   C:\Windows\system32\taskeng.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                         00000000773cfb90 5 bytes JMP 0000000077530390
.text   C:\Windows\system32\taskeng.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                      00000000773cfbe0 5 bytes JMP 00000000775303c0
.text   C:\Windows\system32\taskeng.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                         00000000773cfd40 5 bytes JMP 0000000077530230
.text   C:\Windows\system32\taskeng.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                              00000000773cff00 5 bytes JMP 0000000077530460
.text   C:\Windows\system32\taskeng.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                             00000000773cff30 5 bytes JMP 0000000077530370
.text   C:\Windows\system32\taskeng.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                      00000000773d0010 5 bytes JMP 00000000775302f0
.text   C:\Windows\system32\taskeng.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                   00000000773d0020 5 bytes JMP 0000000077530350
.text   C:\Windows\system32\taskeng.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                         00000000773d0080 5 bytes JMP 0000000077530290
.text   C:\Windows\system32\taskeng.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                      00000000773d0110 5 bytes JMP 00000000775302b0
.text   C:\Windows\system32\taskeng.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                       00000000773d0130 5 bytes JMP 00000000775303a0
.text   C:\Windows\system32\taskeng.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                          00000000773d0140 5 bytes JMP 0000000077530330
.text   C:\Windows\system32\taskeng.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                   00000000773d01b0 5 bytes JMP 00000000775303e0
.text   C:\Windows\system32\taskeng.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                      00000000773d01e0 5 bytes JMP 0000000077530240
.text   C:\Windows\system32\taskeng.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                           00000000773d04a0 5 bytes JMP 00000000775301e0
.text   C:\Windows\system32\taskeng.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                      00000000773d0560 5 bytes JMP 0000000077530250
.text   C:\Windows\system32\taskeng.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                      00000000773d0590 5 bytes JMP 0000000077530470
.text   C:\Windows\system32\taskeng.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                             00000000773d05a0 5 bytes JMP 0000000077530480
.text   C:\Windows\system32\taskeng.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                        00000000773d05d0 5 bytes JMP 0000000077530300
.text   C:\Windows\system32\taskeng.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                     00000000773d05e0 5 bytes JMP 0000000077530360
.text   C:\Windows\system32\taskeng.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                           00000000773d0640 5 bytes JMP 00000000775302a0
.text   C:\Windows\system32\taskeng.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                        00000000773d0690 5 bytes JMP 00000000775302c0
.text   C:\Windows\system32\taskeng.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                            00000000773d06d0 5 bytes JMP 0000000077530340
.text   C:\Windows\system32\taskeng.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                     00000000773d09c0 5 bytes JMP 0000000077530420
.text   C:\Windows\system32\taskeng.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                    00000000773d0bc0 5 bytes JMP 0000000077530260
.text   C:\Windows\system32\taskeng.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                       00000000773d0bd0 5 bytes JMP 0000000077530270
.text   C:\Windows\system32\taskeng.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                     00000000773d0be0 5 bytes JMP 00000000775303d0
.text   C:\Windows\system32\taskeng.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                 00000000773d0da0 5 bytes JMP 00000000775301f0
.text   C:\Windows\system32\taskeng.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                  00000000773d0db0 5 bytes JMP 0000000077530210
.text   C:\Windows\system32\taskeng.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                       00000000773d0e20 5 bytes JMP 0000000077530200
.text   C:\Windows\system32\taskeng.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                       00000000773d0e80 5 bytes JMP 00000000775303f0
.text   C:\Windows\system32\taskeng.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                        00000000773d0e90 5 bytes JMP 0000000077530400
.text   C:\Windows\system32\taskeng.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                   00000000773d0ea0 5 bytes JMP 0000000077530220
.text   C:\Windows\system32\taskeng.exe[3572] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                           00000000773d0f80 5 bytes JMP 0000000077530280
.text   C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[2148] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                   000000007705f1fd 1 byte [62]
.text   C:\Windows\system32\sppsvc.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                  00000000773cf760 5 bytes JMP 0000000077530440
.text   C:\Windows\system32\sppsvc.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                           00000000773cf7b0 5 bytes JMP 0000000077530430
.text   C:\Windows\system32\sppsvc.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                00000000773cf960 5 bytes JMP 0000000077530450
.text   C:\Windows\system32\sppsvc.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                      00000000773cf970 5 bytes JMP 00000000775303b0
.text   C:\Windows\system32\sppsvc.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                           00000000773cfa20 5 bytes JMP 0000000077530320
.text   C:\Windows\system32\sppsvc.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                    00000000773cfa50 5 bytes JMP 0000000077530380
.text   C:\Windows\system32\sppsvc.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                             00000000773cfab0 5 bytes JMP 00000000775302e0
.text   C:\Windows\system32\sppsvc.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                        00000000773cfb00 5 bytes JMP 0000000077530410
.text   C:\Windows\system32\sppsvc.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                           00000000773cfb30 5 bytes JMP 00000000775302d0
.text   C:\Windows\system32\sppsvc.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                         00000000773cfb50 5 bytes JMP 0000000077530310
.text   C:\Windows\system32\sppsvc.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                          00000000773cfb90 5 bytes JMP 0000000077530390
.text   C:\Windows\system32\sppsvc.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                       00000000773cfbe0 5 bytes JMP 00000000775303c0
.text   C:\Windows\system32\sppsvc.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                          00000000773cfd40 5 bytes JMP 0000000077530230
.text   C:\Windows\system32\sppsvc.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                               00000000773cff00 5 bytes JMP 0000000077530460
.text   C:\Windows\system32\sppsvc.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                              00000000773cff30 5 bytes JMP 0000000077530370
.text   C:\Windows\system32\sppsvc.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                       00000000773d0010 5 bytes JMP 00000000775302f0
.text   C:\Windows\system32\sppsvc.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                    00000000773d0020 5 bytes JMP 0000000077530350
.text   C:\Windows\system32\sppsvc.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                          00000000773d0080 5 bytes JMP 0000000077530290
.text   C:\Windows\system32\sppsvc.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                       00000000773d0110 5 bytes JMP 00000000775302b0
.text   C:\Windows\system32\sppsvc.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                        00000000773d0130 5 bytes JMP 00000000775303a0
.text   C:\Windows\system32\sppsvc.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                           00000000773d0140 5 bytes JMP 0000000077530330
.text   C:\Windows\system32\sppsvc.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                    00000000773d01b0 5 bytes JMP 00000000775303e0
.text   C:\Windows\system32\sppsvc.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                       00000000773d01e0 5 bytes JMP 0000000077530240
.text   C:\Windows\system32\sppsvc.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                            00000000773d04a0 5 bytes JMP 00000000775301e0
.text   C:\Windows\system32\sppsvc.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                       00000000773d0560 5 bytes JMP 0000000077530250
.text   C:\Windows\system32\sppsvc.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                       00000000773d0590 5 bytes JMP 0000000077530470
.text   C:\Windows\system32\sppsvc.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                              00000000773d05a0 5 bytes JMP 0000000077530480
.text   C:\Windows\system32\sppsvc.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                         00000000773d05d0 5 bytes JMP 0000000077530300
.text   C:\Windows\system32\sppsvc.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                      00000000773d05e0 5 bytes JMP 0000000077530360
.text   C:\Windows\system32\sppsvc.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                            00000000773d0640 5 bytes JMP 00000000775302a0
.text   C:\Windows\system32\sppsvc.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                         00000000773d0690 5 bytes JMP 00000000775302c0
.text   C:\Windows\system32\sppsvc.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                             00000000773d06d0 5 bytes JMP 0000000077530340
.text   C:\Windows\system32\sppsvc.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                      00000000773d09c0 5 bytes JMP 0000000077530420
.text   C:\Windows\system32\sppsvc.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                     00000000773d0bc0 5 bytes JMP 0000000077530260
.text   C:\Windows\system32\sppsvc.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                        00000000773d0bd0 5 bytes JMP 0000000077530270
.text   C:\Windows\system32\sppsvc.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                      00000000773d0be0 5 bytes JMP 00000000775303d0
.text   C:\Windows\system32\sppsvc.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                  00000000773d0da0 5 bytes JMP 00000000775301f0
.text   C:\Windows\system32\sppsvc.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                   00000000773d0db0 5 bytes JMP 0000000077530210
.text   C:\Windows\system32\sppsvc.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                        00000000773d0e20 5 bytes JMP 0000000077530200
.text   C:\Windows\system32\sppsvc.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                        00000000773d0e80 5 bytes JMP 00000000775303f0
.text   C:\Windows\system32\sppsvc.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                         00000000773d0e90 5 bytes JMP 0000000077530400
.text   C:\Windows\system32\sppsvc.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                    00000000773d0ea0 5 bytes JMP 0000000077530220
.text   C:\Windows\system32\sppsvc.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                            00000000773d0f80 5 bytes JMP 0000000077530280
.text   C:\Windows\System32\svchost.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                 00000000773cf760 5 bytes JMP 0000000077530440
.text   C:\Windows\System32\svchost.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                          00000000773cf7b0 5 bytes JMP 0000000077530430
.text   C:\Windows\System32\svchost.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                               00000000773cf960 5 bytes JMP 0000000077530450
.text   C:\Windows\System32\svchost.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                     00000000773cf970 5 bytes JMP 00000000775303b0
.text   C:\Windows\System32\svchost.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                          00000000773cfa20 5 bytes JMP 0000000077530320
.text   C:\Windows\System32\svchost.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                   00000000773cfa50 5 bytes JMP 0000000077530380
.text   C:\Windows\System32\svchost.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                            00000000773cfab0 5 bytes JMP 00000000775302e0
.text   C:\Windows\System32\svchost.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                       00000000773cfb00 5 bytes JMP 0000000077530410
.text   C:\Windows\System32\svchost.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                          00000000773cfb30 5 bytes JMP 00000000775302d0
.text   C:\Windows\System32\svchost.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                        00000000773cfb50 5 bytes JMP 0000000077530310
.text   C:\Windows\System32\svchost.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                         00000000773cfb90 5 bytes JMP 0000000077530390
.text   C:\Windows\System32\svchost.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                      00000000773cfbe0 5 bytes JMP 00000000775303c0
.text   C:\Windows\System32\svchost.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                         00000000773cfd40 5 bytes JMP 0000000077530230
.text   C:\Windows\System32\svchost.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                              00000000773cff00 5 bytes JMP 0000000077530460
.text   C:\Windows\System32\svchost.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                             00000000773cff30 5 bytes JMP 0000000077530370
.text   C:\Windows\System32\svchost.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                      00000000773d0010 5 bytes JMP 00000000775302f0
.text   C:\Windows\System32\svchost.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                   00000000773d0020 5 bytes JMP 0000000077530350
.text   C:\Windows\System32\svchost.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                         00000000773d0080 5 bytes JMP 0000000077530290
.text   C:\Windows\System32\svchost.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                      00000000773d0110 5 bytes JMP 00000000775302b0
.text   C:\Windows\System32\svchost.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                       00000000773d0130 5 bytes JMP 00000000775303a0
.text   C:\Windows\System32\svchost.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                          00000000773d0140 5 bytes JMP 0000000077530330
.text   C:\Windows\System32\svchost.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                   00000000773d01b0 5 bytes JMP 00000000775303e0
.text   C:\Windows\System32\svchost.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                      00000000773d01e0 5 bytes JMP 0000000077530240
.text   C:\Windows\System32\svchost.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                           00000000773d04a0 5 bytes JMP 00000000775301e0
.text   C:\Windows\System32\svchost.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                      00000000773d0560 5 bytes JMP 0000000077530250
.text   C:\Windows\System32\svchost.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                      00000000773d0590 5 bytes JMP 0000000077530470
.text   C:\Windows\System32\svchost.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                             00000000773d05a0 5 bytes JMP 0000000077530480
.text   C:\Windows\System32\svchost.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                        00000000773d05d0 5 bytes JMP 0000000077530300
.text   C:\Windows\System32\svchost.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                     00000000773d05e0 5 bytes JMP 0000000077530360
.text   C:\Windows\System32\svchost.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                           00000000773d0640 5 bytes JMP 00000000775302a0
.text   C:\Windows\System32\svchost.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                        00000000773d0690 5 bytes JMP 00000000775302c0
.text   C:\Windows\System32\svchost.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                            00000000773d06d0 5 bytes JMP 0000000077530340
.text   C:\Windows\System32\svchost.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                     00000000773d09c0 5 bytes JMP 0000000077530420
.text   C:\Windows\System32\svchost.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                    00000000773d0bc0 5 bytes JMP 0000000077530260
.text   C:\Windows\System32\svchost.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                       00000000773d0bd0 5 bytes JMP 0000000077530270
.text   C:\Windows\System32\svchost.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                     00000000773d0be0 5 bytes JMP 00000000775303d0
.text   C:\Windows\System32\svchost.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                 00000000773d0da0 5 bytes JMP 00000000775301f0
.text   C:\Windows\System32\svchost.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                  00000000773d0db0 5 bytes JMP 0000000077530210
.text   C:\Windows\System32\svchost.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                       00000000773d0e20 5 bytes JMP 0000000077530200
.text   C:\Windows\System32\svchost.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                       00000000773d0e80 5 bytes JMP 00000000775303f0
.text   C:\Windows\System32\svchost.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                        00000000773d0e90 5 bytes JMP 0000000077530400
.text   C:\Windows\System32\svchost.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                   00000000773d0ea0 5 bytes JMP 0000000077530220
.text   C:\Windows\System32\svchost.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                           00000000773d0f80 5 bytes JMP 0000000077530280
.text   C:\Windows\System32\svchost.exe[3972] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                000000007705f1fd 1 byte [62]
.text   C:\Users\bla\Desktop\gmer_2.0.18454.exe[848] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                         00000000763bb0c5 1 byte [62]

---- Threads - GMER 2.0 ----

Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3500:3492]                                                                     00000000775b3e59
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3500:3584]                                                                     00000000775b3e59
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3500:3588]                                                                     0000000076c07587
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3500:3576]                                                                     0000000070000cb3
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3500:3904]                                                                     00000000775b2e3e
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3500:900]                                                                      00000000775b3e59

---- Registry - GMER 2.0 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4cedde8ad171                                                                
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4cedde8ad171 (not active ControlSet)                                            

---- EOF - GMER 2.0 ----
         

Alt 31.01.2013, 14:33   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
trojan.hijacker - win7 auch nach neuinstallation infiziert? rootkit? - Standard

trojan.hijacker - win7 auch nach neuinstallation infiziert? rootkit?



Denkst du noch an meine Frage zum TDSS-Killer?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 31.01.2013, 14:34   #10
LouCyphre
 
trojan.hijacker - win7 auch nach neuinstallation infiziert? rootkit? - Standard

trojan.hijacker - win7 auch nach neuinstallation infiziert? rootkit?



Ja ich war mir der Größe des Problems nicht bewusst. Hatte nicht vor irgendjemandem die Arbeit zu erschweren...

Habe noch ein paar andere anti-Rootkits laufen lassen, alle von chip.de, aber mit sonst keinem eine Aktion durchgeführt.

Alt 31.01.2013, 14:57   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
trojan.hijacker - win7 auch nach neuinstallation infiziert? rootkit? - Standard

trojan.hijacker - win7 auch nach neuinstallation infiziert? rootkit?



Könntest du dann netterweise auch die Logs zu diesen Tools posten?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 31.01.2013, 15:18   #12
LouCyphre
 
trojan.hijacker - win7 auch nach neuinstallation infiziert? rootkit? - Standard

trojan.hijacker - win7 auch nach neuinstallation infiziert? rootkit?



hatte ich grade vor
habe aber nur noch ein log vom tdsskiller weil das auf c lag. der rest war auf dem desktop und muss beim aufräumen draufgegangen sein...

Code:
ATTFilter
05:45:17.0069 2032  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
05:45:17.0069 2032  ============================================================
05:45:17.0069 2032  Current date / time: 2013/01/30 05:45:17.0069
05:45:17.0069 2032  SystemInfo:
05:45:17.0069 2032  
05:45:17.0069 2032  OS Version: 6.1.7600 ServicePack: 0.0
05:45:17.0069 2032  Product type: Workstation
05:45:17.0069 2032  ComputerName: BLA-PC
05:45:17.0069 2032  UserName: bla
05:45:17.0069 2032  Windows directory: C:\Windows
05:45:17.0069 2032  System windows directory: C:\Windows
05:45:17.0069 2032  Running under WOW64
05:45:17.0084 2032  Processor architecture: Intel x64
05:45:17.0084 2032  Number of processors: 4
05:45:17.0084 2032  Page size: 0x1000
05:45:17.0084 2032  Boot type: Normal boot
05:45:17.0084 2032  ============================================================
05:45:17.0084 2032  BG loaded
05:45:17.0443 2032  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
05:45:17.0443 2032  ============================================================
05:45:17.0443 2032  \Device\Harddisk0\DR0:
05:45:17.0443 2032  MBR partitions:
05:45:17.0443 2032  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
05:45:17.0443 2032  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xCBCF000
05:45:17.0443 2032  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xCC01800, BlocksNum 0x2D783800
05:45:17.0443 2032  ============================================================
05:45:17.0459 2032  C: <-> \Device\Harddisk0\DR0\Partition2
05:45:17.0505 2032  D: <-> \Device\Harddisk0\DR0\Partition3
05:45:17.0505 2032  ============================================================
05:45:17.0505 2032  Initialize success
05:45:17.0505 2032  ============================================================
05:45:28.0535 4044  ============================================================
05:45:28.0535 4044  Scan started
05:45:28.0535 4044  Mode: Manual; SigCheck; TDLFS; 
05:45:28.0535 4044  ============================================================
05:45:28.0800 4044  ================ Scan system memory ========================
05:45:28.0800 4044  System memory - ok
05:45:28.0800 4044  ================ Scan services =============================
05:45:29.0221 4044  [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
05:45:29.0315 4044  1394ohci - ok
05:45:29.0393 4044  [ F146E2BA475893DD77B2370DC1211FC6 ] 86738332        C:\Windows\system32\drivers\59560619.sys
05:45:29.0424 4044  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
05:45:29.0455 4044  ACPI - ok
05:45:29.0486 4044  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
05:45:29.0517 4044  AcpiPmi - ok
05:45:29.0549 4044  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
05:45:29.0564 4044  adp94xx - ok
05:45:29.0580 4044  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
05:45:29.0595 4044  adpahci - ok
05:45:29.0611 4044  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
05:45:29.0627 4044  adpu320 - ok
05:45:29.0658 4044  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
05:45:29.0705 4044  AeLookupSvc - ok
05:45:29.0751 4044  [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD             C:\Windows\system32\drivers\afd.sys
05:45:29.0798 4044  AFD - ok
05:45:29.0845 4044  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
05:45:29.0876 4044  agp440 - ok
05:45:29.0907 4044  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
05:45:29.0939 4044  ALG - ok
05:45:29.0985 4044  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
05:45:30.0017 4044  aliide - ok
05:45:30.0017 4044  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
05:45:30.0048 4044  amdide - ok
05:45:30.0048 4044  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
05:45:30.0079 4044  AmdK8 - ok
05:45:30.0079 4044  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
05:45:30.0095 4044  AmdPPM - ok
05:45:30.0141 4044  [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
05:45:30.0157 4044  amdsata - ok
05:45:30.0173 4044  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
05:45:30.0188 4044  amdsbs - ok
05:45:30.0219 4044  [ DB27766102C7BF7E95140A2AA81D042E ] amdxata         C:\Windows\system32\drivers\amdxata.sys
05:45:30.0235 4044  amdxata - ok
05:45:30.0313 4044  [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID           C:\Windows\system32\drivers\appid.sys
05:45:30.0344 4044  AppID - ok
05:45:30.0375 4044  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
05:45:30.0407 4044  AppIDSvc - ok
05:45:30.0438 4044  [ D065BE66822847B7F127D1F90158376E ] Appinfo         C:\Windows\System32\appinfo.dll
05:45:30.0453 4044  Appinfo - ok
05:45:30.0469 4044  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
05:45:30.0485 4044  arc - ok
05:45:30.0485 4044  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
05:45:30.0500 4044  arcsas - ok
05:45:30.0531 4044  [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
05:45:30.0563 4044  aswFsBlk - ok
05:45:30.0594 4044  [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
05:45:30.0594 4044  aswMonFlt - ok
05:45:30.0609 4044  [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
05:45:30.0625 4044  aswRdr - ok
05:45:30.0672 4044  [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
05:45:30.0703 4044  aswSnx - ok
05:45:30.0734 4044  [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
05:45:30.0781 4044  aswSP - ok
05:45:30.0797 4044  [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
05:45:30.0812 4044  aswTdi - ok
05:45:30.0843 4044  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
05:45:30.0890 4044  AsyncMac - ok
05:45:30.0921 4044  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
05:45:30.0921 4044  atapi - ok
05:45:30.0984 4044  [ D6CAD7E5B05055BB8226BDCB1644DA27 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
05:45:31.0031 4044  athr - ok
05:45:31.0093 4044  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
05:45:31.0171 4044  AudioEndpointBuilder - ok
05:45:31.0187 4044  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv        C:\Windows\System32\Audiosrv.dll
05:45:31.0233 4044  AudioSrv - ok
05:45:31.0374 4044  [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
05:45:31.0389 4044  avast! Antivirus - ok
05:45:31.0436 4044  [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
05:45:31.0483 4044  AxInstSV - ok
05:45:31.0514 4044  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
05:45:31.0530 4044  b06bdrv - ok
05:45:31.0592 4044  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
05:45:31.0623 4044  b57nd60a - ok
05:45:31.0686 4044  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
05:45:31.0717 4044  BDESVC - ok
05:45:31.0733 4044  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
05:45:31.0779 4044  Beep - ok
05:45:31.0811 4044  [ 4992C609A6315671463E30F6512BC022 ] BFE             C:\Windows\System32\bfe.dll
05:45:31.0857 4044  BFE - ok
05:45:31.0889 4044  [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS            C:\Windows\System32\qmgr.dll
05:45:31.0951 4044  BITS - ok
05:45:31.0967 4044  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
05:45:31.0982 4044  blbdrive - ok
05:45:32.0029 4044  [ 19D20159708E152267E53B66677A4995 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
05:45:32.0060 4044  bowser - ok
05:45:32.0076 4044  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
05:45:32.0107 4044  BrFiltLo - ok
05:45:32.0107 4044  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
05:45:32.0123 4044  BrFiltUp - ok
05:45:32.0169 4044  [ 6B054C67AAA87843504E8E3C09102009 ] Browser         C:\Windows\System32\browser.dll
05:45:32.0201 4044  Browser - ok
05:45:32.0232 4044  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
05:45:32.0247 4044  Brserid - ok
05:45:32.0247 4044  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
05:45:32.0279 4044  BrSerWdm - ok
05:45:32.0279 4044  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
05:45:32.0294 4044  BrUsbMdm - ok
05:45:32.0294 4044  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
05:45:32.0310 4044  BrUsbSer - ok
05:45:32.0357 4044  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
05:45:32.0372 4044  BthEnum - ok
05:45:32.0372 4044  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
05:45:32.0403 4044  BTHMODEM - ok
05:45:32.0419 4044  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
05:45:32.0450 4044  BthPan - ok
05:45:32.0497 4044  [ D59773C7FDD3D795D6FE402EEEA8D71E ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
05:45:32.0544 4044  BTHPORT - ok
05:45:32.0591 4044  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
05:45:32.0653 4044  bthserv - ok
05:45:32.0700 4044  [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
05:45:32.0731 4044  BTHUSB - ok
05:45:32.0762 4044  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
05:45:32.0809 4044  cdfs - ok
05:45:32.0840 4044  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
05:45:32.0856 4044  cdrom - ok
05:45:32.0903 4044  [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc     C:\Windows\System32\certprop.dll
05:45:32.0949 4044  CertPropSvc - ok
05:45:32.0965 4044  CFRMD - ok
05:45:32.0981 4044  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
05:45:32.0996 4044  circlass - ok
05:45:33.0027 4044  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
05:45:33.0043 4044  CLFS - ok
05:45:33.0215 4044  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
05:45:33.0246 4044  clr_optimization_v2.0.50727_32 - ok
05:45:33.0371 4044  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
05:45:33.0386 4044  clr_optimization_v2.0.50727_64 - ok
05:45:33.0558 4044  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
05:45:33.0589 4044  clr_optimization_v4.0.30319_32 - ok
05:45:33.0729 4044  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
05:45:33.0761 4044  clr_optimization_v4.0.30319_64 - ok
05:45:33.0792 4044  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
05:45:33.0807 4044  CmBatt - ok
05:45:33.0823 4044  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
05:45:33.0839 4044  cmdide - ok
05:45:33.0885 4044  [ CA7720B73446FDDEC5C69519C1174C98 ] CNG             C:\Windows\system32\Drivers\cng.sys
05:45:33.0932 4044  CNG - ok
05:45:33.0963 4044  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
05:45:33.0979 4044  Compbatt - ok
05:45:33.0995 4044  [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
05:45:34.0010 4044  CompositeBus - ok
05:45:34.0026 4044  COMSysApp - ok
05:45:34.0041 4044  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
05:45:34.0057 4044  crcdisk - ok
05:45:34.0088 4044  [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc        C:\Windows\system32\cryptsvc.dll
05:45:34.0104 4044  CryptSvc - ok
05:45:34.0151 4044  [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch      C:\Windows\system32\rpcss.dll
05:45:34.0229 4044  DcomLaunch - ok
05:45:34.0260 4044  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
05:45:34.0307 4044  defragsvc - ok
05:45:34.0322 4044  [ 9C253CE7311CA60FC11C774692A13208 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
05:45:34.0338 4044  DfsC - ok
05:45:34.0369 4044  [ CE3B9562D997F69B330D181A8875960F ] Dhcp            C:\Windows\system32\dhcpcore.dll
05:45:34.0400 4044  Dhcp - ok
05:45:34.0431 4044  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
05:45:34.0478 4044  discache - ok
05:45:34.0509 4044  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
05:45:34.0525 4044  Disk - ok
05:45:34.0556 4044  [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache        C:\Windows\System32\dnsrslvr.dll
05:45:34.0587 4044  Dnscache - ok
05:45:34.0619 4044  [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc         C:\Windows\System32\dot3svc.dll
05:45:34.0681 4044  dot3svc - ok
05:45:34.0728 4044  [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS             C:\Windows\system32\dps.dll
05:45:34.0775 4044  DPS - ok
05:45:34.0806 4044  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
05:45:34.0837 4044  drmkaud - ok
05:45:34.0868 4044  [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
05:45:34.0899 4044  DXGKrnl - ok
05:45:34.0931 4044  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
05:45:34.0977 4044  EapHost - ok
05:45:35.0071 4044  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
05:45:35.0118 4044  ebdrv - ok
05:45:35.0149 4044  [ 156F6159457D0AA7E59B62681B56EB90 ] EFS             C:\Windows\System32\lsass.exe
05:45:35.0165 4044  EFS - ok
05:45:35.0289 4044  [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
05:45:35.0336 4044  ehRecvr - ok
05:45:35.0352 4044  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
05:45:35.0367 4044  ehSched - ok
05:45:35.0414 4044  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
05:45:35.0445 4044  elxstor - ok
05:45:35.0445 4044  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
05:45:35.0461 4044  ErrDev - ok
05:45:35.0508 4044  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
05:45:35.0555 4044  EventSystem - ok
05:45:35.0555 4044  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
05:45:35.0601 4044  exfat - ok
05:45:35.0617 4044  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
05:45:35.0648 4044  fastfat - ok
05:45:35.0695 4044  [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax             C:\Windows\system32\fxssvc.exe
05:45:35.0742 4044  Fax - ok
05:45:35.0773 4044  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
05:45:35.0789 4044  fdc - ok
05:45:35.0804 4044  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
05:45:35.0851 4044  fdPHost - ok
05:45:35.0851 4044  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
05:45:35.0898 4044  FDResPub - ok
05:45:35.0929 4044  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
05:45:35.0929 4044  FileInfo - ok
05:45:35.0945 4044  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
05:45:35.0991 4044  Filetrace - ok
05:45:35.0991 4044  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
05:45:36.0007 4044  flpydisk - ok
05:45:36.0023 4044  [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
05:45:36.0038 4044  FltMgr - ok
05:45:36.0101 4044  [ BC00505CFDA789ED3BE95D2FF38C4875 ] FontCache       C:\Windows\system32\FntCache.dll
05:45:36.0147 4044  FontCache - ok
05:45:36.0194 4044  [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
05:45:36.0194 4044  FontCache3.0.0.0 - ok
05:45:36.0210 4044  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
05:45:36.0225 4044  FsDepends - ok
05:45:36.0272 4044  [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
05:45:36.0303 4044  Fs_Rec - ok
05:45:36.0350 4044  [ BA0C1FFDA496D8BCBCAC63F8D98D20E3 ] FUJ02B1         C:\Windows\system32\DRIVERS\FUJ02B1.sys
05:45:36.0366 4044  FUJ02B1 - ok
05:45:36.0381 4044  [ 7135030CBF87D724B6037BB023923730 ] FUJ02E3         C:\Windows\system32\DRIVERS\FUJ02E3.sys
05:45:36.0397 4044  FUJ02E3 - ok
05:45:36.0459 4044  [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
05:45:36.0475 4044  fvevol - ok
05:45:36.0506 4044  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
05:45:36.0522 4044  gagp30kx - ok
05:45:36.0553 4044  [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc           C:\Windows\System32\gpsvc.dll
05:45:36.0584 4044  gpsvc - ok
05:45:36.0600 4044  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
05:45:36.0615 4044  hcw85cir - ok
05:45:36.0662 4044  [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
05:45:36.0693 4044  HdAudAddService - ok
05:45:36.0709 4044  [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
05:45:36.0725 4044  HDAudBus - ok
05:45:36.0756 4044  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
05:45:36.0771 4044  HECIx64 - ok
05:45:36.0771 4044  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
05:45:36.0787 4044  HidBatt - ok
05:45:36.0803 4044  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
05:45:36.0818 4044  HidBth - ok
05:45:36.0834 4044  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
05:45:36.0849 4044  HidIr - ok
05:45:36.0881 4044  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
05:45:36.0927 4044  hidserv - ok
05:45:36.0927 4044  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
05:45:36.0943 4044  HidUsb - ok
05:45:36.0990 4044  [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc          C:\Windows\system32\kmsvc.dll
05:45:37.0052 4044  hkmsvc - ok
05:45:37.0083 4044  [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
05:45:37.0099 4044  HomeGroupListener - ok
05:45:37.0130 4044  [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
05:45:37.0146 4044  HomeGroupProvider - ok
05:45:37.0177 4044  [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
05:45:37.0193 4044  HpSAMD - ok
05:45:37.0224 4044  [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
05:45:37.0286 4044  HTTP - ok
05:45:37.0302 4044  [ F17766A19145F111856378DF337A5D79 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
05:45:37.0302 4044  hwpolicy - ok
05:45:37.0317 4044  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
05:45:37.0333 4044  i8042prt - ok
05:45:37.0364 4044  [ 2064090C9FAAD92C090D77E50E735B2E ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
05:45:37.0380 4044  iaStor - ok
05:45:37.0427 4044  [ B75E45C564E944A2657167D197AB29DA ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
05:45:37.0442 4044  iaStorV - ok
05:45:37.0520 4044  [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
05:45:37.0551 4044  idsvc - ok
05:45:37.0770 4044  [ 8E509DE232CFA4F8A5B34F01802F500E ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
05:45:37.0863 4044  igfx - ok
05:45:37.0910 4044  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
05:45:37.0926 4044  iirsp - ok
05:45:37.0973 4044  [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT          C:\Windows\System32\ikeext.dll
05:45:38.0019 4044  IKEEXT - ok
05:45:38.0066 4044  [ 36FDF367A1DABFF903E2214023D71368 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
05:45:38.0097 4044  Impcd - ok
05:45:38.0160 4044  [ 42943BB3AB7A405B30EFF7C8283CC129 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
05:45:38.0222 4044  IntcAzAudAddService - ok
05:45:38.0253 4044  [ D248AAE81C156C0D47A77CD61BC24CD4 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
05:45:38.0285 4044  IntcDAud - ok
05:45:38.0300 4044  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
05:45:38.0316 4044  intelide - ok
05:45:38.0316 4044  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
05:45:38.0331 4044  intelppm - ok
05:45:38.0347 4044  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
05:45:38.0394 4044  IPBusEnum - ok
05:45:38.0394 4044  [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
05:45:38.0441 4044  IpFilterDriver - ok
05:45:38.0487 4044  [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
05:45:38.0550 4044  iphlpsvc - ok
05:45:38.0550 4044  [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
05:45:38.0565 4044  IPMIDRV - ok
05:45:38.0581 4044  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
05:45:38.0612 4044  IPNAT - ok
05:45:38.0628 4044  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
05:45:38.0643 4044  IRENUM - ok
05:45:38.0659 4044  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
05:45:38.0675 4044  isapnp - ok
05:45:38.0706 4044  [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
05:45:38.0721 4044  iScsiPrt - ok
05:45:38.0721 4044  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
05:45:38.0737 4044  kbdclass - ok
05:45:38.0737 4044  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
05:45:38.0753 4044  kbdhid - ok
05:45:38.0768 4044  [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso          C:\Windows\system32\lsass.exe
05:45:38.0815 4044  KeyIso - ok
05:45:38.0815 4044  [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
05:45:38.0831 4044  KSecDD - ok
05:45:38.0862 4044  [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
05:45:38.0877 4044  KSecPkg - ok
05:45:38.0893 4044  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
05:45:38.0940 4044  ksthunk - ok
05:45:38.0955 4044  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
05:45:39.0002 4044  KtmRm - ok
05:45:39.0049 4044  [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer    C:\Windows\system32\srvsvc.dll
05:45:39.0065 4044  LanmanServer - ok
05:45:39.0096 4044  [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
05:45:39.0143 4044  LanmanWorkstation - ok
05:45:39.0189 4044  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
05:45:39.0252 4044  lltdio - ok
05:45:39.0283 4044  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
05:45:39.0330 4044  lltdsvc - ok
05:45:39.0361 4044  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
05:45:39.0408 4044  lmhosts - ok
05:45:39.0517 4044  [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
05:45:39.0533 4044  LMS ( UnsignedFile.Multi.Generic ) - warning
05:45:39.0533 4044  LMS - detected UnsignedFile.Multi.Generic (1)
05:45:39.0579 4044  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
05:45:39.0611 4044  LSI_FC - ok
05:45:39.0611 4044  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
05:45:39.0626 4044  LSI_SAS - ok
05:45:39.0626 4044  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
05:45:39.0642 4044  LSI_SAS2 - ok
05:45:39.0657 4044  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
05:45:39.0673 4044  LSI_SCSI - ok
05:45:39.0673 4044  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
05:45:39.0720 4044  luafv - ok
05:45:39.0735 4044  [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
05:45:39.0751 4044  Mcx2Svc - ok
05:45:39.0767 4044  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
05:45:39.0782 4044  megasas - ok
05:45:39.0782 4044  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
05:45:39.0798 4044  MegaSR - ok
05:45:39.0829 4044  [ 1595FECFFBE9EA2417E06D5FD0BFA4C4 ] MEMSWEEP2       C:\Windows\system32\ED2E.tmp
05:45:39.0829 4044  MEMSWEEP2 ( UnsignedFile.Multi.Generic ) - warning
05:45:39.0829 4044  MEMSWEEP2 - detected UnsignedFile.Multi.Generic (1)
05:45:39.0860 4044  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
05:45:39.0907 4044  MMCSS - ok
05:45:39.0923 4044  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
05:45:39.0969 4044  Modem - ok
05:45:39.0985 4044  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
05:45:40.0001 4044  monitor - ok
05:45:40.0016 4044  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
05:45:40.0032 4044  mouclass - ok
05:45:40.0047 4044  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
05:45:40.0063 4044  mouhid - ok
05:45:40.0063 4044  [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
05:45:40.0079 4044  mountmgr - ok
05:45:40.0079 4044  [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
05:45:40.0094 4044  mpio - ok
05:45:40.0110 4044  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
05:45:40.0157 4044  mpsdrv - ok
05:45:40.0188 4044  [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc          C:\Windows\system32\mpssvc.dll
05:45:40.0266 4044  MpsSvc - ok
05:45:40.0266 4044  [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
05:45:40.0281 4044  MRxDAV - ok
05:45:40.0328 4044  [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
05:45:40.0344 4044  mrxsmb - ok
05:45:40.0375 4044  [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
05:45:40.0391 4044  mrxsmb10 - ok
05:45:40.0406 4044  [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
05:45:40.0422 4044  mrxsmb20 - ok
05:45:40.0453 4044  [ 5C37497276E3B3A5488B23A326A754B7 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
05:45:40.0469 4044  msahci - ok
05:45:40.0484 4044  [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
05:45:40.0500 4044  msdsm - ok
05:45:40.0515 4044  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
05:45:40.0547 4044  MSDTC - ok
05:45:40.0562 4044  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
05:45:40.0593 4044  Msfs - ok
05:45:40.0609 4044  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
05:45:40.0640 4044  mshidkmdf - ok
05:45:40.0656 4044  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
05:45:40.0656 4044  msisadrv - ok
05:45:40.0703 4044  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
05:45:40.0765 4044  MSiSCSI - ok
05:45:40.0765 4044  msiserver - ok
05:45:40.0812 4044  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
05:45:40.0874 4044  MSKSSRV - ok
05:45:40.0890 4044  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
05:45:40.0937 4044  MSPCLOCK - ok
05:45:40.0952 4044  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
05:45:40.0983 4044  MSPQM - ok
05:45:41.0015 4044  [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
05:45:41.0030 4044  MsRPC - ok
05:45:41.0030 4044  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
05:45:41.0046 4044  mssmbios - ok
05:45:41.0046 4044  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
05:45:41.0093 4044  MSTEE - ok
05:45:41.0093 4044  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
05:45:41.0108 4044  MTConfig - ok
05:45:41.0124 4044  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
05:45:41.0124 4044  Mup - ok
05:45:41.0155 4044  [ 4987E079A4530FA737A128BE54B63B12 ] napagent        C:\Windows\system32\qagentRT.dll
05:45:41.0202 4044  napagent - ok
05:45:41.0249 4044  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
05:45:41.0295 4044  NativeWifiP - ok
05:45:41.0327 4044  [ CAD515DBD07D082BB317D9928CE8962C ] NDIS            C:\Windows\system32\drivers\ndis.sys
05:45:41.0358 4044  NDIS - ok
05:45:41.0358 4044  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
05:45:41.0405 4044  NdisCap - ok
05:45:41.0420 4044  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
05:45:41.0467 4044  NdisTapi - ok
05:45:41.0483 4044  [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
05:45:41.0514 4044  Ndisuio - ok
05:45:41.0529 4044  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
05:45:41.0561 4044  NdisWan - ok
05:45:41.0576 4044  [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
05:45:41.0607 4044  NDProxy - ok
05:45:41.0607 4044  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
05:45:41.0654 4044  NetBIOS - ok
05:45:41.0654 4044  [ 9162B273A44AB9DCE5B44362731D062A ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
05:45:41.0701 4044  NetBT - ok
05:45:41.0717 4044  [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon        C:\Windows\system32\lsass.exe
05:45:41.0732 4044  Netlogon - ok
05:45:41.0779 4044  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
05:45:41.0826 4044  Netman - ok
05:45:41.0841 4044  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
05:45:41.0888 4044  netprofm - ok
05:45:41.0919 4044  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
05:45:41.0919 4044  NetTcpPortSharing - ok
05:45:41.0966 4044  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
05:45:41.0982 4044  nfrd960 - ok
05:45:42.0013 4044  [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
05:45:42.0060 4044  NlaSvc - ok
05:45:42.0075 4044  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
05:45:42.0122 4044  Npfs - ok
05:45:42.0138 4044  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
05:45:42.0185 4044  nsi - ok
05:45:42.0185 4044  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
05:45:42.0216 4044  nsiproxy - ok
05:45:42.0294 4044  [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
05:45:42.0341 4044  Ntfs - ok
05:45:42.0341 4044  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
05:45:42.0387 4044  Null - ok
05:45:42.0419 4044  [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
05:45:42.0434 4044  nvraid - ok
05:45:42.0481 4044  [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
05:45:42.0512 4044  nvstor - ok
05:45:42.0543 4044  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
05:45:42.0559 4044  nv_agp - ok
05:45:42.0575 4044  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
05:45:42.0590 4044  ohci1394 - ok
05:45:42.0621 4044  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
05:45:42.0637 4044  p2pimsvc - ok
05:45:42.0653 4044  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
05:45:42.0684 4044  p2psvc - ok
05:45:42.0699 4044  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
05:45:42.0715 4044  Parport - ok
05:45:42.0746 4044  [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
05:45:42.0762 4044  partmgr - ok
05:45:42.0777 4044  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
05:45:42.0809 4044  PcaSvc - ok
05:45:42.0809 4044  [ F36F6504009F2FB0DFD1B17A116AD74B ] pci             C:\Windows\system32\DRIVERS\pci.sys
05:45:42.0824 4044  pci - ok
05:45:42.0840 4044  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
05:45:42.0855 4044  pciide - ok
05:45:42.0887 4044  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
05:45:42.0902 4044  pcmcia - ok
05:45:42.0902 4044  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
05:45:42.0918 4044  pcw - ok
05:45:42.0933 4044  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
05:45:42.0980 4044  PEAUTH - ok
05:45:43.0183 4044  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
05:45:43.0230 4044  PerfHost - ok
05:45:43.0277 4044  [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla             C:\Windows\system32\pla.dll
05:45:43.0339 4044  pla - ok
05:45:43.0386 4044  [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
05:45:43.0433 4044  PlugPlay - ok
05:45:43.0433 4044  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
05:45:43.0448 4044  PNRPAutoReg - ok
05:45:43.0479 4044  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
05:45:43.0495 4044  PNRPsvc - ok
05:45:43.0526 4044  [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
05:45:43.0573 4044  PolicyAgent - ok
05:45:43.0604 4044  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
05:45:43.0651 4044  Power - ok
05:45:43.0776 4044  [ 843BA5F09A391D52AC1F8486C5FC3D4F ] PowerSavingUtilityService C:\Program Files\Fujitsu\PSUtility\PSUService.exe
05:45:43.0807 4044  PowerSavingUtilityService - ok
05:45:43.0854 4044  [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
05:45:43.0916 4044  PptpMiniport - ok
05:45:43.0947 4044  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
05:45:43.0963 4044  Processor - ok
05:45:44.0010 4044  [ 97293447431311C06703368AD0F6C4BE ] ProfSvc         C:\Windows\system32\profsvc.dll
05:45:44.0041 4044  ProfSvc - ok
05:45:44.0057 4044  [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
05:45:44.0088 4044  ProtectedStorage - ok
05:45:44.0119 4044  [ EE992183BD8EAEFD9973F352E587A299 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
05:45:44.0197 4044  Psched - ok
05:45:44.0228 4044  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
05:45:44.0275 4044  ql2300 - ok
05:45:44.0291 4044  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
05:45:44.0306 4044  ql40xx - ok
05:45:44.0337 4044  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
05:45:44.0353 4044  QWAVE - ok
05:45:44.0369 4044  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
05:45:44.0384 4044  QWAVEdrv - ok
05:45:44.0384 4044  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
05:45:44.0431 4044  RasAcd - ok
05:45:44.0462 4044  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
05:45:44.0493 4044  RasAgileVpn - ok
05:45:44.0509 4044  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
05:45:44.0556 4044  RasAuto - ok
05:45:44.0587 4044  [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
05:45:44.0634 4044  Rasl2tp - ok
05:45:44.0649 4044  [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan          C:\Windows\System32\rasmans.dll
05:45:44.0696 4044  RasMan - ok
05:45:44.0712 4044  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
05:45:44.0743 4044  RasPppoe - ok
05:45:44.0759 4044  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
05:45:44.0790 4044  RasSstp - ok
05:45:44.0805 4044  [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
05:45:44.0852 4044  rdbss - ok
05:45:44.0852 4044  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
05:45:44.0868 4044  rdpbus - ok
05:45:44.0883 4044  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
05:45:44.0930 4044  RDPCDD - ok
05:45:44.0930 4044  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
05:45:44.0977 4044  RDPENCDD - ok
05:45:44.0993 4044  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
05:45:45.0024 4044  RDPREFMP - ok
05:45:45.0055 4044  [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
05:45:45.0071 4044  RDPWD - ok
05:45:45.0102 4044  [ 634B9A2181D98F15941236886164EC8B ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
05:45:45.0117 4044  rdyboost - ok
05:45:45.0149 4044  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
05:45:45.0195 4044  RemoteAccess - ok
05:45:45.0227 4044  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
05:45:45.0273 4044  RemoteRegistry - ok
05:45:45.0305 4044  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
05:45:45.0320 4044  RFCOMM - ok
05:45:45.0351 4044  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
05:45:45.0398 4044  RpcEptMapper - ok
05:45:45.0414 4044  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
05:45:45.0429 4044  RpcLocator - ok
05:45:45.0461 4044  [ 7266972E86890E2B30C0C322E906B027 ] RpcSs           C:\Windows\system32\rpcss.dll
05:45:45.0507 4044  RpcSs - ok
05:45:45.0539 4044  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
05:45:45.0585 4044  rspndr - ok
05:45:45.0601 4044  RSUSBSTOR - ok
05:45:45.0648 4044  [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
05:45:45.0663 4044  RTL8167 - ok
05:45:45.0679 4044  RtsUIR - ok
05:45:45.0710 4044  [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs           C:\Windows\system32\lsass.exe
05:45:45.0726 4044  SamSs - ok
05:45:45.0757 4044  [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
05:45:45.0773 4044  sbp2port - ok
05:45:45.0804 4044  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
05:45:45.0882 4044  SCardSvr - ok
05:45:45.0882 4044  [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
05:45:45.0929 4044  scfilter - ok
05:45:45.0975 4044  [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule        C:\Windows\system32\schedsvc.dll
05:45:46.0007 4044  Schedule - ok
05:45:46.0038 4044  [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc     C:\Windows\System32\certprop.dll
05:45:46.0085 4044  SCPolicySvc - ok
05:45:46.0100 4044  [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
05:45:46.0116 4044  SDRSVC - ok
05:45:46.0131 4044  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
05:45:46.0178 4044  secdrv - ok
05:45:46.0194 4044  [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon        C:\Windows\system32\seclogon.dll
05:45:46.0241 4044  seclogon - ok
05:45:46.0256 4044  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
05:45:46.0287 4044  SENS - ok
05:45:46.0303 4044  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
05:45:46.0319 4044  SensrSvc - ok
05:45:46.0334 4044  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
05:45:46.0350 4044  Serenum - ok
05:45:46.0350 4044  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
05:45:46.0365 4044  Serial - ok
05:45:46.0381 4044  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
05:45:46.0397 4044  sermouse - ok
05:45:46.0397 4044  [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv      C:\Windows\system32\sessenv.dll
05:45:46.0443 4044  SessionEnv - ok
05:45:46.0459 4044  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
05:45:46.0475 4044  sffdisk - ok
05:45:46.0490 4044  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
05:45:46.0506 4044  sffp_mmc - ok
05:45:46.0521 4044  [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
05:45:46.0537 4044  sffp_sd - ok
05:45:46.0584 4044  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
05:45:46.0599 4044  sfloppy - ok
05:45:46.0615 4044  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
05:45:46.0662 4044  SharedAccess - ok
05:45:46.0677 4044  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
05:45:46.0709 4044  ShellHWDetection - ok
05:45:46.0724 4044  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
05:45:46.0724 4044  SiSRaid2 - ok
05:45:46.0740 4044  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
05:45:46.0755 4044  SiSRaid4 - ok
05:45:46.0771 4044  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
05:45:46.0802 4044  Smb - ok
05:45:46.0833 4044  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
05:45:46.0849 4044  SNMPTRAP - ok
05:45:46.0849 4044  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
05:45:46.0865 4044  spldr - ok
05:45:46.0911 4044  [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler         C:\Windows\System32\spoolsv.exe
05:45:46.0927 4044  Spooler - ok
05:45:47.0036 4044  [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc          C:\Windows\system32\sppsvc.exe
05:45:47.0083 4044  sppsvc - ok
05:45:47.0099 4044  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
05:45:47.0145 4044  sppuinotify - ok
05:45:47.0192 4044  [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
05:45:47.0223 4044  srv - ok
05:45:47.0239 4044  [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
05:45:47.0255 4044  srv2 - ok
05:45:47.0270 4044  [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
05:45:47.0286 4044  srvnet - ok
05:45:47.0317 4044  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
05:45:47.0364 4044  SSDPSRV - ok
05:45:47.0364 4044  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
05:45:47.0411 4044  SstpSvc - ok
05:45:47.0426 4044  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
05:45:47.0442 4044  stexstor - ok
05:45:47.0473 4044  [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc          C:\Windows\System32\wiaservc.dll
05:45:47.0504 4044  stisvc - ok
05:45:47.0520 4044  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
05:45:47.0535 4044  swenum - ok
05:45:47.0582 4044  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
05:45:47.0645 4044  swprv - ok
05:45:47.0707 4044  [ 2F827BB08CC7F1A17DF2EAD7B424D731 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
05:45:47.0738 4044  SynTP - ok
05:45:47.0832 4044  [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain         C:\Windows\system32\sysmain.dll
05:45:47.0879 4044  SysMain - ok
05:45:47.0894 4044  [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
05:45:47.0925 4044  TabletInputService - ok
05:45:47.0941 4044  [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
05:45:47.0988 4044  TapiSrv - ok
05:45:48.0003 4044  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
05:45:48.0050 4044  TBS - ok
05:45:48.0144 4044  [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
05:45:48.0191 4044  Tcpip - ok
05:45:48.0253 4044  [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
05:45:48.0315 4044  TCPIP6 - ok
05:45:48.0347 4044  [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
05:45:48.0393 4044  tcpipreg - ok
05:45:48.0393 4044  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
05:45:48.0409 4044  TDPIPE - ok
05:45:48.0425 4044  [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
05:45:48.0440 4044  TDTCP - ok
05:45:48.0456 4044  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
05:45:48.0487 4044  tdx - ok
05:45:48.0503 4044  [ C448651339196C0E869A355171875522 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
05:45:48.0518 4044  TermDD - ok
05:45:48.0565 4044  [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService     C:\Windows\System32\termsrv.dll
05:45:48.0627 4044  TermService - ok
05:45:48.0627 4044  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
05:45:48.0659 4044  Themes - ok
05:45:48.0659 4044  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
05:45:48.0705 4044  THREADORDER - ok
05:45:48.0721 4044  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
05:45:48.0768 4044  TrkWks - ok
05:45:48.0815 4044  [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
05:45:48.0846 4044  TrustedInstaller - ok
05:45:48.0861 4044  [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
05:45:48.0924 4044  tssecsrv - ok
05:45:48.0939 4044  [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
05:45:48.0986 4044  tunnel - ok
05:45:48.0986 4044  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
05:45:49.0002 4044  uagp35 - ok
05:45:49.0017 4044  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
05:45:49.0064 4044  udfs - ok
05:45:49.0095 4044  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
05:45:49.0142 4044  UI0Detect - ok
05:45:49.0142 4044  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
05:45:49.0158 4044  uliagpkx - ok
05:45:49.0173 4044  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
05:45:49.0189 4044  umbus - ok
05:45:49.0189 4044  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
05:45:49.0205 4044  UmPass - ok
05:45:49.0298 4044  [ 41118D920B2B268C0ADC36421248CDCF ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
05:45:49.0329 4044  UNS ( UnsignedFile.Multi.Generic ) - warning
05:45:49.0329 4044  UNS - detected UnsignedFile.Multi.Generic (1)
05:45:49.0376 4044  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
05:45:49.0439 4044  upnphost - ok
05:45:49.0470 4044  [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
05:45:49.0485 4044  usbccgp - ok
05:45:49.0501 4044  USBCCID - ok
05:45:49.0517 4044  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
05:45:49.0532 4044  usbcir - ok
05:45:49.0563 4044  [ 92969BA5AC44E229C55A332864F79677 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
05:45:49.0579 4044  usbehci - ok
05:45:49.0610 4044  [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
05:45:49.0626 4044  usbhub - ok
05:45:49.0641 4044  [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci         C:\Windows\system32\drivers\usbohci.sys
05:45:49.0657 4044  usbohci - ok
05:45:49.0673 4044  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
05:45:49.0688 4044  usbprint - ok
05:45:49.0704 4044  [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR         C:\Windows\system32\drivers\USBSTOR.SYS
05:45:49.0719 4044  USBSTOR - ok
05:45:49.0735 4044  [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
05:45:49.0751 4044  usbuhci - ok
05:45:49.0813 4044  [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
05:45:49.0844 4044  usbvideo - ok
05:45:49.0875 4044  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
05:45:49.0907 4044  UxSms - ok
05:45:49.0938 4044  [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc        C:\Windows\system32\lsass.exe
05:45:49.0953 4044  VaultSvc - ok
05:45:49.0985 4044  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
05:45:49.0985 4044  vdrvroot - ok
05:45:50.0016 4044  [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds             C:\Windows\System32\vds.exe
05:45:50.0031 4044  vds - ok
05:45:50.0094 4044  [ D9656445499625B0ED88C0B203F3C16F ] VFPRadioSupportService C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
05:45:50.0125 4044  VFPRadioSupportService - ok
05:45:50.0172 4044  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
05:45:50.0203 4044  vga - ok
05:45:50.0219 4044  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
05:45:50.0265 4044  VgaSave - ok
05:45:50.0281 4044  [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
05:45:50.0297 4044  vhdmp - ok
05:45:50.0297 4044  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
05:45:50.0312 4044  viaide - ok
05:45:50.0312 4044  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
05:45:50.0328 4044  volmgr - ok
05:45:50.0343 4044  [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
05:45:50.0359 4044  volmgrx - ok
05:45:50.0406 4044  [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
05:45:50.0437 4044  volsnap - ok
05:45:50.0468 4044  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
05:45:50.0484 4044  vsmraid - ok
05:45:50.0531 4044  [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS             C:\Windows\system32\vssvc.exe
05:45:50.0577 4044  VSS - ok
05:45:50.0593 4044  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
05:45:50.0624 4044  vwifibus - ok
05:45:50.0624 4044  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
05:45:50.0640 4044  vwififlt - ok
05:45:50.0687 4044  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
05:45:50.0733 4044  W32Time - ok
05:45:50.0733 4044  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
05:45:50.0749 4044  WacomPen - ok
05:45:50.0765 4044  [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
05:45:50.0811 4044  WANARP - ok
05:45:50.0827 4044  [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
05:45:50.0874 4044  Wanarpv6 - ok
05:45:50.0905 4044  [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine        C:\Windows\system32\wbengine.exe
05:45:50.0936 4044  wbengine - ok
05:45:50.0952 4044  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
05:45:50.0967 4044  WbioSrvc - ok
05:45:51.0014 4044  [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
05:45:51.0030 4044  wcncsvc - ok
05:45:51.0045 4044  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
05:45:51.0077 4044  WcsPlugInService - ok
05:45:51.0092 4044  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
05:45:51.0108 4044  Wd - ok
05:45:51.0139 4044  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
05:45:51.0170 4044  Wdf01000 - ok
05:45:51.0201 4044  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
05:45:51.0233 4044  WdiServiceHost - ok
05:45:51.0248 4044  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
05:45:51.0264 4044  WdiSystemHost - ok
05:45:51.0295 4044  [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient       C:\Windows\System32\webclnt.dll
05:45:51.0326 4044  WebClient - ok
05:45:51.0342 4044  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
05:45:51.0389 4044  Wecsvc - ok
05:45:51.0404 4044  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
05:45:51.0451 4044  wercplsupport - ok
05:45:51.0467 4044  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
05:45:51.0498 4044  WerSvc - ok
05:45:51.0529 4044  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
05:45:51.0560 4044  WfpLwf - ok
05:45:51.0576 4044  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
05:45:51.0576 4044  WIMMount - ok
05:45:51.0607 4044  WinDefend - ok
05:45:51.0607 4044  WinHttpAutoProxySvc - ok
05:45:51.0732 4044  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
05:45:51.0794 4044  Winmgmt - ok
05:45:51.0872 4044  [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM           C:\Windows\system32\WsmSvc.dll
05:45:51.0935 4044  WinRM - ok
05:45:51.0981 4044  [ C2208229A0761B05E874E10FFB341A64 ] WirelessSelectorService C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe
05:45:51.0981 4044  WirelessSelectorService - ok
05:45:52.0044 4044  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
05:45:52.0075 4044  Wlansvc - ok
05:45:52.0106 4044  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
05:45:52.0122 4044  WmiAcpi - ok
05:45:52.0153 4044  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
05:45:52.0169 4044  wmiApSrv - ok
05:45:52.0184 4044  WMPNetworkSvc - ok
05:45:52.0215 4044  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
05:45:52.0231 4044  WPCSvc - ok
05:45:52.0247 4044  [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
05:45:52.0262 4044  WPDBusEnum - ok
05:45:52.0278 4044  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
05:45:52.0325 4044  ws2ifsl - ok
05:45:52.0340 4044  [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc          C:\Windows\System32\wscsvc.dll
05:45:52.0371 4044  wscsvc - ok
05:45:52.0371 4044  WSearch - ok
05:45:52.0449 4044  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
05:45:52.0512 4044  wuauserv - ok
05:45:52.0543 4044  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
05:45:52.0559 4044  WudfPf - ok
05:45:52.0605 4044  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
05:45:52.0652 4044  wudfsvc - ok
05:45:52.0683 4044  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
05:45:52.0715 4044  WwanSvc - ok
05:45:52.0730 4044  ================ Scan global ===============================
05:45:52.0746 4044  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
05:45:52.0777 4044  [ C4C551E6AB333C0EB812A3A4672E89DB ] C:\Windows\system32\winsrv.dll
05:45:52.0808 4044  [ C4C551E6AB333C0EB812A3A4672E89DB ] C:\Windows\system32\winsrv.dll
05:45:52.0855 4044  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
05:45:52.0886 4044  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
05:45:52.0886 4044  [Global] - ok
05:45:52.0886 4044  ================ Scan MBR ==================================
05:45:52.0902 4044  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
05:45:53.0370 4044  \Device\Harddisk0\DR0 - ok
05:45:53.0370 4044  ================ Scan VBR ==================================
05:45:53.0401 4044  [ CB77F4BBAA5F0E79AB5D22A9D058164B ] \Device\Harddisk0\DR0\Partition1
05:45:53.0401 4044  \Device\Harddisk0\DR0\Partition1 - ok
05:45:53.0417 4044  [ BDA1525428854C3D782C3505E1762740 ] \Device\Harddisk0\DR0\Partition2
05:45:53.0432 4044  \Device\Harddisk0\DR0\Partition2 - ok
05:45:53.0448 4044  [ 2673D6D1A9BB12C6503895D9F5670454 ] \Device\Harddisk0\DR0\Partition3
05:45:53.0448 4044  \Device\Harddisk0\DR0\Partition3 - ok
05:45:53.0448 4044  ================ Scan active images ========================
05:45:53.0448 4044  [ 3E588B60EC061686BA05D33574A344C6 ] C:\Windows\System32\drivers\crashdmp.sys
05:45:53.0448 4044  C:\Windows\System32\drivers\crashdmp.sys - ok
05:45:53.0463 4044  [ 814DB88F2641691575A455CF25354098 ] C:\Windows\System32\drivers\dumpfve.sys
05:45:53.0463 4044  C:\Windows\System32\drivers\dumpfve.sys - ok
05:45:53.0463 4044  [ 2064090C9FAAD92C090D77E50E735B2E ] C:\Windows\System32\drivers\iaStor.sys
05:45:53.0463 4044  C:\Windows\System32\drivers\iaStor.sys - ok
05:45:53.0463 4044  [ 83D2D75E1EFB81B3450C18131443F7DB ] C:\Windows\System32\drivers\cdrom.sys
05:45:53.0463 4044  C:\Windows\System32\drivers\cdrom.sys - ok
05:45:53.0479 4044  [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] C:\Windows\System32\drivers\aswSnx.sys
05:45:53.0479 4044  C:\Windows\System32\drivers\aswSnx.sys - ok
05:45:53.0479 4044  [ 16A47CE2DECC9B099349A5F840654746 ] C:\Windows\System32\drivers\beep.sys
05:45:53.0479 4044  C:\Windows\System32\drivers\beep.sys - ok
05:45:53.0495 4044  [ 9899284589F75FA8724FF3D16AED75C1 ] C:\Windows\System32\drivers\null.sys
05:45:53.0495 4044  C:\Windows\System32\drivers\null.sys - ok
05:45:53.0495 4044  [ CEA6CC257FC9B7715F1C2B4849286D24 ] C:\Windows\System32\drivers\RDPCDD.sys
05:45:53.0495 4044  C:\Windows\System32\drivers\RDPCDD.sys - ok
05:45:53.0495 4044  [ 53E92A310193CB3C03BEA963DE7D9CFC ] C:\Windows\System32\drivers\vga.sys
05:45:53.0495 4044  C:\Windows\System32\drivers\vga.sys - ok
05:45:53.0495 4044  [ E7353D59C9842BC7299FAEB7E7E09340 ] C:\Windows\System32\drivers\videoprt.sys
05:45:53.0495 4044  C:\Windows\System32\drivers\videoprt.sys - ok
05:45:53.0510 4044  [ FC438D1430B28618E2D0C7C332A710AD ] C:\Windows\System32\drivers\watchdog.sys
05:45:53.0510 4044  C:\Windows\System32\drivers\watchdog.sys - ok
05:45:53.0510 4044  [ BB5971A4F00659529A5C44831AF22365 ] C:\Windows\System32\drivers\RDPENCDD.sys
05:45:53.0510 4044  C:\Windows\System32\drivers\RDPENCDD.sys - ok
05:45:53.0510 4044  [ 216F3FA57533D98E1F74DED70113177A ] C:\Windows\System32\drivers\RDPREFMP.sys
05:45:53.0510 4044  C:\Windows\System32\drivers\RDPREFMP.sys - ok
05:45:53.0510 4044  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] C:\Windows\System32\drivers\msfs.sys
05:45:53.0510 4044  C:\Windows\System32\drivers\msfs.sys - ok
05:45:53.0526 4044  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] C:\Windows\System32\drivers\npfs.sys
05:45:53.0526 4044  C:\Windows\System32\drivers\npfs.sys - ok
05:45:53.0526 4044  [ 0CA6FE26ACC7FFEE1BD0463F40835F32 ] C:\Windows\System32\drivers\tdi.sys
05:45:53.0526 4044  C:\Windows\System32\drivers\tdi.sys - ok
05:45:53.0526 4044  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] C:\Windows\System32\drivers\tdx.sys
05:45:53.0526 4044  C:\Windows\System32\drivers\tdx.sys - ok
05:45:53.0526 4044  [ DB9D6C6B2CD95A9CA414D045B627422E ] C:\Windows\System32\drivers\afd.sys
05:45:53.0526 4044  C:\Windows\System32\drivers\afd.sys - ok
05:45:53.0541 4044  [ 6EDC79D73745FD44C41B55B2D13D0B70 ] C:\Windows\System32\drivers\aswTdi.sys
05:45:53.0541 4044  C:\Windows\System32\drivers\aswTdi.sys - ok
05:45:53.0541 4044  [ 57768C7DB4681F2510F247F82EF31D4F ] C:\Windows\System32\drivers\aswRdr2.sys
05:45:53.0541 4044  C:\Windows\System32\drivers\aswRdr2.sys - ok
05:45:53.0541 4044  [ 9162B273A44AB9DCE5B44362731D062A ] C:\Windows\System32\drivers\netbt.sys
05:45:53.0541 4044  C:\Windows\System32\drivers\netbt.sys - ok
05:45:53.0541 4044  [ 611B23304BF067451A9FDEE01FBDD725 ] C:\Windows\System32\drivers\wfplwf.sys
05:45:53.0541 4044  C:\Windows\System32\drivers\wfplwf.sys - ok
05:45:53.0557 4044  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] C:\Windows\System32\drivers\mssmbios.sys
05:45:53.0557 4044  C:\Windows\System32\drivers\mssmbios.sys - ok
05:45:53.0557 4044  [ 86743D9F5D2B1048062B14B1D84501C4 ] C:\Windows\System32\drivers\netbios.sys
05:45:53.0557 4044  C:\Windows\System32\drivers\netbios.sys - ok
05:45:53.0557 4044  [ E7F5AE18AF4168178A642A9247C63001 ] C:\Windows\System32\drivers\nsiproxy.sys
05:45:53.0557 4044  C:\Windows\System32\drivers\nsiproxy.sys - ok
05:45:53.0557 4044  [ EE992183BD8EAEFD9973F352E587A299 ] C:\Windows\System32\drivers\pacer.sys
05:45:53.0557 4044  C:\Windows\System32\drivers\pacer.sys - ok
05:45:53.0557 4044  [ 3BAC8142102C15D59A87757C1D41DCE5 ] C:\Windows\System32\drivers\rdbss.sys
05:45:53.0557 4044  C:\Windows\System32\drivers\rdbss.sys - ok
05:45:53.0573 4044  [ C448651339196C0E869A355171875522 ] C:\Windows\System32\drivers\termdd.sys
05:45:53.0573 4044  C:\Windows\System32\drivers\termdd.sys - ok
05:45:53.0573 4044  [ 6A3D66263414FF0D6FA754C646612F3F ] C:\Windows\System32\drivers\vwififlt.sys
05:45:53.0573 4044  C:\Windows\System32\drivers\vwififlt.sys - ok
05:45:53.0573 4044  [ 47CA49400643EFFD3F1C9A27E1D69324 ] C:\Windows\System32\drivers\wanarp.sys
05:45:53.0573 4044  C:\Windows\System32\drivers\wanarp.sys - ok
05:45:53.0573 4044  [ 61583EE3C3A17003C4ACD0475646B4D3 ] C:\Windows\System32\drivers\blbdrive.sys
05:45:53.0573 4044  C:\Windows\System32\drivers\blbdrive.sys - ok
05:45:53.0588 4044  [ 9C253CE7311CA60FC11C774692A13208 ] C:\Windows\System32\drivers\dfsc.sys
05:45:53.0588 4044  C:\Windows\System32\drivers\dfsc.sys - ok
05:45:53.0588 4044  [ 13096B05847EC78F0977F2C0F79E9AB3 ] C:\Windows\System32\drivers\discache.sys
05:45:53.0588 4044  C:\Windows\System32\drivers\discache.sys - ok
05:45:53.0588 4044  [ 538A32E2C99BF073D4CA76C30BEDAA60 ] C:\Windows\System32\drivers\aswSP.sys
05:45:53.0588 4044  C:\Windows\System32\drivers\aswSP.sys - ok
05:45:53.0588 4044  [ 3836171A2CDF3AF8EF10856DB9835A70 ] C:\Windows\System32\drivers\tunnel.sys
05:45:53.0588 4044  C:\Windows\System32\drivers\tunnel.sys - ok
05:45:53.0604 4044  [ 1911A3356FA3F77CCC825CCBAC038C2A ] C:\Windows\System32\smss.exe
05:45:53.0604 4044  C:\Windows\System32\smss.exe - ok
05:45:53.0604 4044  [ 68DB778AC4FD7896CE2F153353BA15C8 ] C:\Windows\System32\ntdll.dll
05:45:53.0604 4044  C:\Windows\System32\ntdll.dll - ok
05:45:53.0604 4044  [ 8B7F8E882A649D81CEA1EDE9BBB68FFF ] C:\Windows\System32\autochk.exe
05:45:53.0604 4044  C:\Windows\System32\autochk.exe - ok
05:45:53.0604 4044  [ 8E509DE232CFA4F8A5B34F01802F500E ] C:\Windows\System32\drivers\igdkmd64.sys
05:45:53.0604 4044  C:\Windows\System32\drivers\igdkmd64.sys - ok
05:45:53.0604 4044  [ 1633B9ABF52784A1331476397A48CBEF ] C:\Windows\System32\drivers\dxgkrnl.sys
05:45:53.0604 4044  C:\Windows\System32\drivers\dxgkrnl.sys - ok
05:45:53.0619 4044  [ 3238B9078E0766AB5E62DC737A809ADB ] C:\Windows\System32\drivers\dxgmms1.sys
05:45:53.0619 4044  C:\Windows\System32\drivers\dxgmms1.sys - ok
05:45:53.0619 4044  [ B6AC71AAA2B10848F57FC49D55A651AF ] C:\Windows\System32\drivers\HECIx64.sys
05:45:53.0619 4044  C:\Windows\System32\drivers\HECIx64.sys - ok
05:45:53.0619 4044  [ E5CBF5F8623BBD1DB7B8148A66F6EBA4 ] C:\Windows\System32\Wldap32.dll
05:45:53.0619 4044  C:\Windows\System32\Wldap32.dll - ok
05:45:53.0619 4044  [ 15BDC173EB5FA4F92B67D9FFB269A6EA ] C:\Windows\System32\shlwapi.dll
05:45:53.0619 4044  C:\Windows\System32\shlwapi.dll - ok
05:45:53.0635 4044  [ 2A46451EE42BCD2C842D8AA4923FAC16 ] C:\Windows\System32\oleaut32.dll
05:45:53.0635 4044  C:\Windows\System32\oleaut32.dll - ok
05:45:53.0635 4044  [ A0F52880DDD164F968BE903C1FECD27E ] C:\Windows\System32\iertutil.dll
05:45:53.0635 4044  C:\Windows\System32\iertutil.dll - ok
05:45:53.0635 4044  [ 044FE45FFD6AD40E3BBBE60B7F41BABE ] C:\Windows\System32\nsi.dll
05:45:53.0635 4044  C:\Windows\System32\nsi.dll - ok
05:45:53.0635 4044  [ 7083F463788CB34FCC42F565D56F89E8 ] C:\Windows\System32\ws2_32.dll
05:45:53.0635 4044  C:\Windows\System32\ws2_32.dll - ok
05:45:53.0651 4044  [ F94B8644F3AFE040EC6E1B6FBC9EFAA9 ] C:\Windows\System32\comdlg32.dll
05:45:53.0651 4044  C:\Windows\System32\comdlg32.dll - ok
05:45:53.0651 4044  [ C431EAF5CAA1C82CAC2534A2EAB348A3 ] C:\Windows\System32\msctf.dll
05:45:53.0651 4044  C:\Windows\System32\msctf.dll - ok
05:45:53.0651 4044  [ 579F6AFC6A6561951FA2202EFC3FE485 ] C:\Windows\System32\msvcrt.dll
05:45:53.0651 4044  C:\Windows\System32\msvcrt.dll - ok
05:45:53.0651 4044  [ 28C0B5024F5C5A438E78B188CFC81B7F ] C:\Windows\System32\normaliz.dll
05:45:53.0651 4044  C:\Windows\System32\normaliz.dll - ok
05:45:53.0651 4044  [ 72D7B3EA16946E8F0CF7458150031CC6 ] C:\Windows\System32\user32.dll
05:45:53.0651 4044  C:\Windows\System32\user32.dll - ok
05:45:53.0666 4044  [ BBF36EB7117F6B976975C9D8D877DF18 ] C:\Windows\System32\drivers\usbport.sys
05:45:53.0666 4044  C:\Windows\System32\drivers\usbport.sys - ok
05:45:53.0666 4044  [ 0A49913402747A0B67DE940FB42CBDBB ] C:\Windows\System32\drivers\hdaudbus.sys
05:45:53.0666 4044  C:\Windows\System32\drivers\hdaudbus.sys - ok
05:45:53.0666 4044  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] C:\Windows\System32\drivers\i8042prt.sys
05:45:53.0666 4044  C:\Windows\System32\drivers\i8042prt.sys - ok
05:45:53.0666 4044  [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A ] C:\Windows\System32\drivers\Rt64win7.sys
05:45:53.0666 4044  C:\Windows\System32\drivers\Rt64win7.sys - ok
05:45:53.0682 4044  [ 92969BA5AC44E229C55A332864F79677 ] C:\Windows\System32\drivers\usbehci.sys
05:45:53.0682 4044  C:\Windows\System32\drivers\usbehci.sys - ok
05:45:53.0682 4044  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] C:\Windows\System32\drivers\kbdclass.sys
05:45:53.0682 4044  C:\Windows\System32\drivers\kbdclass.sys - ok
05:45:53.0682 4044  [ 7D27EA49F3C1F687D357E77A470AEA99 ] C:\Windows\System32\drivers\mouclass.sys
05:45:53.0682 4044  C:\Windows\System32\drivers\mouclass.sys - ok
05:45:53.0682 4044  [ 2F827BB08CC7F1A17DF2EAD7B424D731 ] C:\Windows\System32\drivers\SynTP.sys
05:45:53.0682 4044  C:\Windows\System32\drivers\SynTP.sys - ok
05:45:53.0697 4044  [ 70B5A5A7E0DDD5EBAF6E35B7257A6B9D ] C:\Windows\System32\drivers\usbd.sys
05:45:53.0697 4044  C:\Windows\System32\drivers\usbd.sys - ok
05:45:53.0697 4044  [ 36FDF367A1DABFF903E2214023D71368 ] C:\Windows\System32\drivers\Impcd.sys
05:45:53.0697 4044  C:\Windows\System32\drivers\Impcd.sys - ok
05:45:53.0697 4044  [ ADA036632C664CAA754079041CF1F8C1 ] C:\Windows\System32\drivers\intelppm.sys
05:45:53.0697 4044  C:\Windows\System32\drivers\intelppm.sys - ok
05:45:53.0697 4044  [ 0840155D0BDDF1190F84A663C284BD33 ] C:\Windows\System32\drivers\CmBatt.sys
05:45:53.0697 4044  C:\Windows\System32\drivers\CmBatt.sys - ok
05:45:53.0713 4044  [ BA0C1FFDA496D8BCBCAC63F8D98D20E3 ] C:\Windows\System32\drivers\fuj02b1.sys
05:45:53.0713 4044  C:\Windows\System32\drivers\fuj02b1.sys - ok
05:45:53.0713 4044  [ 7135030CBF87D724B6037BB023923730 ] C:\Windows\System32\drivers\fuj02e3.sys
05:45:53.0713 4044  C:\Windows\System32\drivers\fuj02e3.sys - ok
05:45:53.0713 4044  [ 7ECFF9B22276B73F43A99A15A6094E90 ] C:\Windows\System32\drivers\agilevpn.sys
05:45:53.0713 4044  C:\Windows\System32\drivers\agilevpn.sys - ok
05:45:53.0713 4044  [ F26B3A86F6FA87CA360B879581AB4123 ] C:\Windows\System32\drivers\CompositeBus.sys
05:45:53.0713 4044  C:\Windows\System32\drivers\CompositeBus.sys - ok
05:45:53.0729 4044  [ 30639C932D9FEF22B31268FE25A1B6E5 ] C:\Windows\System32\drivers\ndistapi.sys
05:45:53.0729 4044  C:\Windows\System32\drivers\ndistapi.sys - ok
05:45:53.0729 4044  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] C:\Windows\System32\drivers\ndiswan.sys
05:45:53.0729 4044  C:\Windows\System32\drivers\ndiswan.sys - ok
05:45:53.0729 4044  [ 87A6E852A22991580D6D39ADC4790463 ] C:\Windows\System32\drivers\rasl2tp.sys
05:45:53.0729 4044  C:\Windows\System32\drivers\rasl2tp.sys - ok
05:45:53.0729 4044  [ 5C7AF4A20F5BF67042B2E613D123D111 ] C:\Windows\System32\drivers\ks.sys
05:45:53.0729 4044  C:\Windows\System32\drivers\ks.sys - ok
05:45:53.0729 4044  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] C:\Windows\System32\drivers\raspppoe.sys
05:45:53.0729 4044  C:\Windows\System32\drivers\raspppoe.sys - ok
05:45:53.0744 4044  [ 27CC19E81BA5E3403C48302127BDA717 ] C:\Windows\System32\drivers\raspptp.sys
05:45:53.0744 4044  C:\Windows\System32\drivers\raspptp.sys - ok
05:45:53.0744 4044  [ E8B1E447B008D07FF47D016C2B0EEECB ] C:\Windows\System32\drivers\rassstp.sys
05:45:53.0744 4044  C:\Windows\System32\drivers\rassstp.sys - ok
05:45:53.0744 4044  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] C:\Windows\System32\drivers\swenum.sys
05:45:53.0744 4044  C:\Windows\System32\drivers\swenum.sys - ok
05:45:53.0744 4044  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] C:\Windows\System32\drivers\umbus.sys
05:45:53.0744 4044  C:\Windows\System32\drivers\umbus.sys - ok
05:45:53.0760 4044  [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] C:\Windows\System32\drivers\usbhub.sys
05:45:53.0760 4044  C:\Windows\System32\drivers\usbhub.sys - ok
05:45:53.0760 4044  [ 83404DCBCE4925B6A5A77C5170F46D86 ] C:\Windows\System32\sechost.dll
05:45:53.0760 4044  C:\Windows\System32\sechost.dll - ok
05:45:53.0760 4044  [ 5121DB613E10A46A3C5085B479026AA7 ] C:\Windows\System32\wininet.dll
05:45:53.0760 4044  C:\Windows\System32\wininet.dll - ok
05:45:53.0760 4044  [ 1DBA462CF92D890D8F8E6472E7E8B4B4 ] C:\Windows\System32\urlmon.dll
05:45:53.0760 4044  C:\Windows\System32\urlmon.dll - ok
05:45:53.0760 4044  [ E3BC37881D92EB59EE0BA3B854A54D1E ] C:\Windows\System32\kernel32.dll
05:45:53.0760 4044  C:\Windows\System32\kernel32.dll - ok
05:45:53.0775 4044  [ 6DF46D2BD74E3DA1B45F08F10D172732 ] C:\Windows\System32\advapi32.dll
05:45:53.0775 4044  C:\Windows\System32\advapi32.dll - ok
05:45:53.0775 4044  [ 15A54626213EBF003F7D4C9D8380A656 ] C:\Windows\System32\imagehlp.dll
05:45:53.0775 4044  C:\Windows\System32\imagehlp.dll - ok
05:45:53.0775 4044  [ F7CE0C81C545364020ED8203CF0A633E ] C:\Windows\System32\difxapi.dll
05:45:53.0775 4044  C:\Windows\System32\difxapi.dll - ok
05:45:53.0775 4044  [ D202223587518B13D72D68937B7E3F70 ] C:\Windows\System32\lpk.dll
05:45:53.0775 4044  C:\Windows\System32\lpk.dll - ok
05:45:53.0791 4044  [ D87E1E59C73C1F98D5DED5B3850C40F5 ] C:\Windows\System32\psapi.dll
05:45:53.0791 4044  C:\Windows\System32\psapi.dll - ok
05:45:53.0791 4044  [ 48CC125A6AB6C72A13E3D3E9C39AD9D9 ] C:\Windows\System32\shell32.dll
05:45:53.0791 4044  C:\Windows\System32\shell32.dll - ok
05:45:53.0791 4044  [ 659B74FB74B86228D6338D643CD3E3CF ] C:\Windows\System32\drivers\ndproxy.sys
05:45:53.0791 4044  C:\Windows\System32\drivers\ndproxy.sys - ok
05:45:53.0791 4044  [ 25983DE69B57142039AC8D95E71CD9C9 ] C:\Windows\System32\clbcatq.dll
05:45:53.0791 4044  C:\Windows\System32\clbcatq.dll - ok
05:45:53.0791 4044  [ E1B1255D3A4B3367FE4E9C71E62E3B5A ] C:\Windows\System32\gdi32.dll
05:45:53.0791 4044  C:\Windows\System32\gdi32.dll - ok
05:45:53.0807 4044  [ AC8F79017C5C1FB316930EDEAD0AF517 ] C:\Windows\System32\ole32.dll
05:45:53.0807 4044  C:\Windows\System32\ole32.dll - ok
05:45:53.0807 4044  [ 21D26064AEDB4988F785BB4A3A2C051E ] C:\Windows\System32\drivers\drmk.sys
05:45:53.0807 4044  C:\Windows\System32\drivers\drmk.sys - ok
05:45:53.0807 4044  [ 32E11315B5126921FFD9074840EF13D3 ] C:\Windows\System32\drivers\portcls.sys
05:45:53.0807 4044  C:\Windows\System32\drivers\portcls.sys - ok
05:45:53.0807 4044  [ 6869281E78CB31A43E969F06B57347C4 ] C:\Windows\System32\drivers\ksthunk.sys
05:45:53.0807 4044  C:\Windows\System32\drivers\ksthunk.sys - ok
05:45:53.0822 4044  [ 42943BB3AB7A405B30EFF7C8283CC129 ] C:\Windows\System32\drivers\RTKVHD64.sys
05:45:53.0822 4044  C:\Windows\System32\drivers\RTKVHD64.sys - ok
05:45:53.0822 4044  [ D248AAE81C156C0D47A77CD61BC24CD4 ] C:\Windows\System32\drivers\IntcDAud.sys
05:45:53.0822 4044  C:\Windows\System32\drivers\IntcDAud.sys - ok
05:45:53.0822 4044  [ BD5153969C41F697E23B9A43EF9228CE ] C:\Windows\System32\usp10.dll
05:45:53.0822 4044  C:\Windows\System32\usp10.dll - ok
05:45:53.0822 4044  [ 6A4EA4C29FBF78112AE20013FB71E9C1 ] C:\Windows\System32\setupapi.dll
05:45:53.0822 4044  C:\Windows\System32\setupapi.dll - ok
05:45:53.0838 4044  [ AA2C08CE85653B1A0D2E4AB407FA176C ] C:\Windows\System32\imm32.dll
05:45:53.0838 4044  C:\Windows\System32\imm32.dll - ok
05:45:53.0838 4044  [ 48C903068B6BDAB5EF650B9CBEE85295 ] C:\Windows\System32\rpcrt4.dll
05:45:53.0838 4044  C:\Windows\System32\rpcrt4.dll - ok
05:45:53.0838 4044  [ 987508ED06FC097E754A91BA8A8AAD0E ] C:\Windows\System32\wintrust.dll
05:45:53.0838 4044  C:\Windows\System32\wintrust.dll - ok
05:45:53.0838 4044  [ BC052EFAD10ACA1AD69545B629F50D99 ] C:\Windows\System32\comctl32.dll
05:45:53.0838 4044  C:\Windows\System32\comctl32.dll - ok
05:45:53.0838 4044  [ 6657128E165146058C94E33FB497BB50 ] C:\Windows\System32\KernelBase.dll
05:45:53.0838 4044  C:\Windows\System32\KernelBase.dll - ok
05:45:53.0853 4044  [ 06FEC9E8117103BB1141A560E98077DA ] C:\Windows\System32\devobj.dll
05:45:53.0853 4044  C:\Windows\System32\devobj.dll - ok
05:45:53.0853 4044  [ D256EB74BF77026FC9A3D7193861C7AD ] C:\Windows\System32\crypt32.dll
05:45:53.0853 4044  C:\Windows\System32\crypt32.dll - ok
05:45:53.0853 4044  [ D05E03C1B2824236531F5E37334B6A8A ] C:\Windows\System32\cfgmgr32.dll
05:45:53.0853 4044  C:\Windows\System32\cfgmgr32.dll - ok
05:45:53.0853 4044  [ 98FB7DD3B28A92E3C0E5B4BD9D63EF01 ] C:\Windows\System32\msasn1.dll
05:45:53.0853 4044  C:\Windows\System32\msasn1.dll - ok
05:45:53.0869 4044  [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\SysWOW64\normaliz.dll
05:45:53.0869 4044  C:\Windows\SysWOW64\normaliz.dll - ok
05:45:53.0869 4044  [ BF24D6F2ED97FE830BFD52B246F98E67 ] C:\Windows\System32\drivers\dxapi.sys
05:45:53.0869 4044  C:\Windows\System32\drivers\dxapi.sys - ok
05:45:53.0869 4044  [ 298CC3E47CB19627639BFA84F424BDD4 ] C:\Windows\System32\win32k.sys
05:45:53.0869 4044  C:\Windows\System32\win32k.sys - ok
05:45:53.0869 4044  [ 60C2862B4BF0FD9F582EF344C2B1EC72 ] C:\Windows\System32\csrss.exe
05:45:53.0869 4044  C:\Windows\System32\csrss.exe - ok
05:45:53.0885 4044  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\System32\basesrv.dll
05:45:53.0885 4044  C:\Windows\System32\basesrv.dll - ok
05:45:53.0885 4044  [ E730EADB8F176DB06A378435BEB2E823 ] C:\Windows\System32\csrsrv.dll
         

Alt 31.01.2013, 15:20   #13
LouCyphre
 
trojan.hijacker - win7 auch nach neuinstallation infiziert? rootkit? - Standard

trojan.hijacker - win7 auch nach neuinstallation infiziert? rootkit?



Code:
ATTFilter
05:45:53.0885 4044  C:\Windows\System32\csrsrv.dll - ok
05:45:53.0885 4044  [ C4C551E6AB333C0EB812A3A4672E89DB ] C:\Windows\System32\winsrv.dll
05:45:53.0885 4044  C:\Windows\System32\winsrv.dll - ok
05:45:53.0885 4044  [ 7B6A127C93EE590E4D79A5F2A76FE46F ] C:\Windows\System32\drivers\usbccgp.sys
05:45:53.0885 4044  C:\Windows\System32\drivers\usbccgp.sys - ok
05:45:53.0885 4044  [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] C:\Windows\System32\drivers\usbvideo.sys
05:45:53.0885 4044  C:\Windows\System32\drivers\usbvideo.sys - ok
05:45:53.0900 4044  [ B03D591DC7DA45ECE20B3B467E6AADAA ] C:\Windows\System32\drivers\monitor.sys
05:45:53.0900 4044  C:\Windows\System32\drivers\monitor.sys - ok
05:45:53.0900 4044  [ F29FE765E1448EF371CFE05BFAC74ADB ] C:\Windows\System32\tsddd.dll
05:45:53.0900 4044  C:\Windows\System32\tsddd.dll - ok
05:45:53.0900 4044  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\System32\sxssrv.dll
05:45:53.0900 4044  C:\Windows\System32\sxssrv.dll - ok
05:45:53.0900 4044  [ 94355C28C1970635A31B3FE52EB7CEBA ] C:\Windows\System32\wininit.exe
05:45:53.0900 4044  C:\Windows\System32\wininit.exe - ok
05:45:53.0916 4044  [ 100BDF2F89D6056CEE900BB6156DA737 ] C:\Windows\System32\cdd.dll
05:45:53.0916 4044  C:\Windows\System32\cdd.dll - ok
05:45:53.0916 4044  [ 2C942733A5983DD4502219FF37C7EBC7 ] C:\Windows\System32\profapi.dll
05:45:53.0916 4044  C:\Windows\System32\profapi.dll - ok
05:45:53.0916 4044  [ E38D1691B68FCB6224D69B4D4E25EBF3 ] C:\Windows\System32\KBDGR.DLL
05:45:53.0916 4044  C:\Windows\System32\KBDGR.DLL - ok
05:45:53.0916 4044  [ F4389DA7DBDA2E7D292D360CF8E400C7 ] C:\Windows\System32\RpcRtRemote.dll
05:45:53.0916 4044  C:\Windows\System32\RpcRtRemote.dll - ok
05:45:53.0931 4044  [ B9A047D231D32FDF5AF2F281E4326A9D ] C:\Windows\System32\KBDUS.DLL
05:45:53.0931 4044  C:\Windows\System32\KBDUS.DLL - ok
05:45:53.0931 4044  [ 456C92A9D8DB51B9938A6234BBC65FC9 ] C:\Windows\System32\sxs.dll
05:45:53.0931 4044  C:\Windows\System32\sxs.dll - ok
05:45:53.0931 4044  [ B26B1801356760841C3BC69F9F91537F ] C:\Windows\System32\WlS0WndH.dll
05:45:53.0931 4044  C:\Windows\System32\WlS0WndH.dll - ok
05:45:53.0931 4044  [ 784FA3DF338E2E8F5F0389D6FAC428AF ] C:\Windows\System32\cryptbase.dll
05:45:53.0931 4044  C:\Windows\System32\cryptbase.dll - ok
05:45:53.0931 4044  [ 01A465AC251BCCF6037DF2EF28AA4292 ] C:\Windows\System32\apphelp.dll
05:45:53.0931 4044  C:\Windows\System32\apphelp.dll - ok
05:45:53.0947 4044  [ BFA69408620587AFDEC2E8C12CA60492 ] C:\Windows\System32\lsasrv.dll
05:45:53.0947 4044  C:\Windows\System32\lsasrv.dll - ok
05:45:53.0947 4044  [ 156F6159457D0AA7E59B62681B56EB90 ] C:\Windows\System32\lsass.exe
05:45:53.0947 4044  C:\Windows\System32\lsass.exe - ok
05:45:53.0947 4044  [ 04FCA22B77A2E37332CC8226187AF87B ] C:\Windows\System32\lsm.exe
05:45:53.0947 4044  C:\Windows\System32\lsm.exe - ok
05:45:53.0947 4044  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\System32\services.exe
05:45:53.0947 4044  C:\Windows\System32\services.exe - ok
05:45:53.0963 4044  [ 68EA2513CA68AD8F741FF4F5B8D8590C ] C:\Windows\System32\sspisrv.dll
05:45:53.0963 4044  C:\Windows\System32\sspisrv.dll - ok
05:45:53.0963 4044  [ 1F582C6C84D5243692F9C3E04D0A663F ] C:\Windows\System32\sspicli.dll
05:45:53.0963 4044  C:\Windows\System32\sspicli.dll - ok
05:45:53.0963 4044  [ B160ADAEFC76031D92C4FBAC0918B033 ] C:\Windows\System32\samsrv.dll
05:45:53.0963 4044  C:\Windows\System32\samsrv.dll - ok
05:45:53.0963 4044  [ 941AF3C8B0DE1B359BE22DD3288A8C8E ] C:\Windows\System32\scesrv.dll
05:45:53.0963 4044  C:\Windows\System32\scesrv.dll - ok
05:45:53.0963 4044  [ E914A50A151DFFE63D3935226DB5E2C1 ] C:\Windows\System32\scext.dll
05:45:53.0963 4044  C:\Windows\System32\scext.dll - ok
05:45:53.0978 4044  [ 74A0871810BF0F2AA3EB6681E9BECDD3 ] C:\Windows\System32\secur32.dll
05:45:53.0978 4044  C:\Windows\System32\secur32.dll - ok
05:45:53.0978 4044  [ D23371AB9607651937C7641A38CD52BC ] C:\Windows\System32\srvcli.dll
05:45:53.0978 4044  C:\Windows\System32\srvcli.dll - ok
05:45:53.0978 4044  [ 68083118797CAF30FB2EA3E71494D67E ] C:\Windows\System32\sysntfy.dll
05:45:53.0978 4044  C:\Windows\System32\sysntfy.dll - ok
05:45:53.0978 4044  [ DEE7267C5D232A3B816866872CE199E6 ] C:\Windows\System32\wmsgapi.dll
05:45:53.0978 4044  C:\Windows\System32\wmsgapi.dll - ok
05:45:53.0994 4044  [ 3A061472B38233BAFF9CFEFF2E49C46B ] C:\Windows\System32\cryptdll.dll
05:45:53.0994 4044  C:\Windows\System32\cryptdll.dll - ok
05:45:53.0994 4044  [ 3C073B0C596A0AF84933E7406766B040 ] C:\Windows\System32\wevtapi.dll
05:45:53.0994 4044  C:\Windows\System32\wevtapi.dll - ok
05:45:53.0994 4044  [ 7FBEBD2229EA5FD48D41B199EC2D541C ] C:\Windows\System32\authz.dll
05:45:53.0994 4044  C:\Windows\System32\authz.dll - ok
05:45:53.0994 4044  [ 86FE1B1F8FD42CD0DB641AB1CDB13093 ] C:\Windows\System32\cngaudit.dll
05:45:53.0994 4044  C:\Windows\System32\cngaudit.dll - ok
05:45:53.0994 4044  [ B9A95365E52F421A20E1501935FADDA5 ] C:\Windows\System32\bcrypt.dll
05:45:53.0994 4044  C:\Windows\System32\bcrypt.dll - ok
05:45:54.0009 4044  [ E2D60E901428A72BB47931C938A1ED95 ] C:\Windows\System32\ncrypt.dll
05:45:54.0009 4044  C:\Windows\System32\ncrypt.dll - ok
05:45:54.0009 4044  [ 02B64609F865A39365FF88580DF11738 ] C:\Windows\System32\msprivs.dll
05:45:54.0009 4044  C:\Windows\System32\msprivs.dll - ok
05:45:54.0009 4044  [ B561B451320B0B40908A8BFD81705262 ] C:\Windows\System32\netjoin.dll
05:45:54.0009 4044  C:\Windows\System32\netjoin.dll - ok
05:45:54.0009 4044  [ 50532FCD7ECF02DD169CE5C485F02534 ] C:\Windows\System32\negoexts.dll
05:45:54.0009 4044  C:\Windows\System32\negoexts.dll - ok
05:45:54.0025 4044  [ 00B40A10E3DB79E4D3E127B9C2233A6B ] C:\Windows\System32\kerberos.dll
05:45:54.0025 4044  C:\Windows\System32\kerberos.dll - ok
05:45:54.0025 4044  [ D0C2FBB6D97416B0166478FC7AE2B212 ] C:\Windows\System32\cryptsp.dll
05:45:54.0025 4044  C:\Windows\System32\cryptsp.dll - ok
05:45:54.0025 4044  [ FC76FE3C1E1FDB761244D4F74EF560FD ] C:\Windows\System32\mswsock.dll
05:45:54.0025 4044  C:\Windows\System32\mswsock.dll - ok
05:45:54.0025 4044  [ FA4DB05923DDDEDE3196ABD09AE0F1E9 ] C:\Windows\System32\msv1_0.dll
05:45:54.0025 4044  C:\Windows\System32\msv1_0.dll - ok
05:45:54.0025 4044  [ EC7CBFF96B05ECF3D366355B3C64ADCF ] C:\Windows\System32\wship6.dll
05:45:54.0025 4044  C:\Windows\System32\wship6.dll - ok
05:45:54.0041 4044  [ 956D030D375F207B22FB111E06EF9C35 ] C:\Windows\System32\netlogon.dll
05:45:54.0041 4044  C:\Windows\System32\netlogon.dll - ok
05:45:54.0041 4044  [ E247E7DEB20C0CF0801A8AC39E9CE1DF ] C:\Windows\System32\dnsapi.dll
05:45:54.0041 4044  C:\Windows\System32\dnsapi.dll - ok
05:45:54.0041 4044  [ 8CE22E63F08613036DF8C7B00FBDF36B ] C:\Windows\System32\logoncli.dll
05:45:54.0041 4044  C:\Windows\System32\logoncli.dll - ok
05:45:54.0041 4044  [ 90B780886BD813882CB382FF3E90E092 ] C:\Windows\System32\schannel.dll
05:45:54.0041 4044  C:\Windows\System32\schannel.dll - ok
05:45:54.0056 4044  [ 95FB6CA4374E343DDD653FCC43F9D26B ] C:\Windows\System32\wdigest.dll
05:45:54.0056 4044  C:\Windows\System32\wdigest.dll - ok
05:45:54.0056 4044  [ E08088A97F95345E181C3DFCE2C615EF ] C:\Windows\System32\pku2u.dll
05:45:54.0056 4044  C:\Windows\System32\pku2u.dll - ok
05:45:54.0056 4044  [ 5D8874A8C11DDDDE29E12DE0E2013493 ] C:\Windows\System32\rsaenh.dll
05:45:54.0056 4044  C:\Windows\System32\rsaenh.dll - ok
05:45:54.0056 4044  [ 0DEFD5FBF801DD8F83BC0ED09861A8EC ] C:\Windows\System32\TSpkg.dll
05:45:54.0056 4044  C:\Windows\System32\TSpkg.dll - ok
05:45:54.0072 4044  [ DA090E97E57DCB48888015B5D3C749CD ] C:\Windows\System32\bcryptprimitives.dll
05:45:54.0072 4044  C:\Windows\System32\bcryptprimitives.dll - ok
05:45:54.0072 4044  [ 9301B8810B2DA4EB6AD55DB75FC1E339 ] C:\Windows\System32\credssp.dll
05:45:54.0072 4044  C:\Windows\System32\credssp.dll - ok
05:45:54.0072 4044  [ 90BDEFC5DF334E5100EAA781D798DE1A ] C:\Windows\System32\efslsaext.dll
05:45:54.0072 4044  C:\Windows\System32\efslsaext.dll - ok
05:45:54.0072 4044  [ 398712DDDAEFB85EDF61DF6A07B65C79 ] C:\Windows\System32\scecli.dll
05:45:54.0072 4044  C:\Windows\System32\scecli.dll - ok
05:45:54.0072 4044  [ 7CC7DF5B654DA579613F811D8C637E29 ] C:\Windows\System32\ubpm.dll
05:45:54.0072 4044  C:\Windows\System32\ubpm.dll - ok
05:45:54.0087 4044  [ D8C88512BA9544AE1CC2034F50ECFA12 ] C:\Windows\System32\winsta.dll
05:45:54.0087 4044  C:\Windows\System32\winsta.dll - ok
05:45:54.0087 4044  [ C78655BC80301D76ED4FEF1C1EA40A7D ] C:\Windows\System32\svchost.exe
05:45:54.0087 4044  C:\Windows\System32\svchost.exe - ok
05:45:54.0087 4044  [ 98B1721B8718164293B9701B98C52D77 ] C:\Windows\System32\umpnpmgr.dll
05:45:54.0087 4044  C:\Windows\System32\umpnpmgr.dll - ok
05:45:54.0087 4044  [ E6EB44ABAAF1F330119F854856C53EBE ] C:\Windows\System32\SPInf.dll
05:45:54.0087 4044  C:\Windows\System32\SPInf.dll - ok
05:45:54.0103 4044  [ CD1B5AD07E5F7FEF30E055DCC9E96180 ] C:\Windows\System32\devrtl.dll
05:45:54.0103 4044  C:\Windows\System32\devrtl.dll - ok
05:45:54.0103 4044  [ 0776CF79590BDEF0A2728B0B9A813B96 ] C:\Windows\System32\userenv.dll
05:45:54.0103 4044  C:\Windows\System32\userenv.dll - ok
05:45:54.0103 4044  [ 9C9307C95671AC962F3D6EB3A4A89BAE ] C:\Windows\System32\gpapi.dll
05:45:54.0103 4044  C:\Windows\System32\gpapi.dll - ok
05:45:54.0103 4044  [ F6C011B46FAEEF33536B2E80F48B5CBE ] C:\Windows\System32\pcwum.dll
05:45:54.0103 4044  C:\Windows\System32\pcwum.dll - ok
05:45:54.0119 4044  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] C:\Windows\System32\umpo.dll
05:45:54.0119 4044  C:\Windows\System32\umpo.dll - ok
05:45:54.0119 4044  [ 716175021BDA290504CE434273F666BC ] C:\Windows\System32\powrprof.dll
05:45:54.0119 4044  C:\Windows\System32\powrprof.dll - ok
05:45:54.0119 4044  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] C:\Windows\System32\drivers\luafv.sys
05:45:54.0119 4044  C:\Windows\System32\drivers\luafv.sys - ok
05:45:54.0119 4044  [ B50CDD87772D6A11CB90924AAD399DF8 ] C:\Windows\System32\drivers\aswMonFlt.sys
05:45:54.0119 4044  C:\Windows\System32\drivers\aswMonFlt.sys - ok
05:45:54.0119 4044  [ 4FCAEF0C5BE7629AEB878998E0FE959B ] C:\Windows\System32\drivers\aswFsBlk.sys
05:45:54.0119 4044  C:\Windows\System32\drivers\aswFsBlk.sys - ok
05:45:54.0134 4044  [ 7266972E86890E2B30C0C322E906B027 ] C:\Windows\System32\rpcss.dll
05:45:54.0134 4044  C:\Windows\System32\rpcss.dll - ok
05:45:54.0134 4044  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] C:\Windows\System32\RpcEpMap.dll
05:45:54.0134 4044  C:\Windows\System32\RpcEpMap.dll - ok
05:45:54.0134 4044  [ 31559F3244C6BC00A52030CAA83B6B91 ] C:\Windows\System32\WSHTCPIP.DLL
05:45:54.0134 4044  C:\Windows\System32\WSHTCPIP.DLL - ok
05:45:54.0134 4044  [ 16E964ABF6D1E0F0CC7822FCA9BA754D ] C:\Windows\System32\wshqos.dll
05:45:54.0134 4044  C:\Windows\System32\wshqos.dll - ok
05:45:54.0150 4044  [ DA3E2A6FA9660CC75B471530CE88453A ] C:\Windows\System32\winlogon.exe
05:45:54.0150 4044  C:\Windows\System32\winlogon.exe - ok
05:45:54.0150 4044  [ 9AD9E06F8656F296D91FAE8EE5B95A27 ] C:\Windows\System32\FirewallAPI.dll
05:45:54.0150 4044  C:\Windows\System32\FirewallAPI.dll - ok
05:45:54.0150 4044  [ 94E026870A55AAEAFF7853C1754091E9 ] C:\Windows\System32\version.dll
05:45:54.0150 4044  C:\Windows\System32\version.dll - ok
05:45:54.0150 4044  [ 99ABDA9C92EC76CBAF52F00239D909C9 ] C:\Windows\System32\wevtsvc.dll
05:45:54.0150 4044  C:\Windows\System32\wevtsvc.dll - ok
05:45:54.0150 4044  [ BCF0A980D21711E47D0803BDB0E99CAD ] C:\Windows\System32\authui.dll
05:45:54.0165 4044  C:\Windows\System32\authui.dll - ok
05:45:54.0165 4044  [ 93E6A39B1DB898F7C949FA5567E774CF ] C:\Windows\System32\LogonUI.exe
05:45:54.0165 4044  C:\Windows\System32\LogonUI.exe - ok
05:45:54.0165 4044  [ 07721A77180EDD4D39CCB865BF63C7FD ] C:\Windows\System32\audiosrv.dll
05:45:54.0165 4044  C:\Windows\System32\audiosrv.dll - ok
05:45:54.0165 4044  [ 78A1E65207484B7F8D3217507745F47C ] C:\Windows\System32\avrt.dll
05:45:54.0165 4044  C:\Windows\System32\avrt.dll - ok
05:45:54.0165 4044  [ E40E80D0304A73E8D269F7141D77250B ] C:\Windows\System32\mmcss.dll
05:45:54.0165 4044  C:\Windows\System32\mmcss.dll - ok
05:45:54.0181 4044  [ DBA90306A721FB922FDACED9E9728C28 ] C:\Windows\System32\cryptui.dll
05:45:54.0181 4044  C:\Windows\System32\cryptui.dll - ok
05:45:54.0181 4044  [ 227E2C382A1E02F8D4965E664D3BBE43 ] C:\Windows\System32\MMDevAPI.dll
05:45:54.0181 4044  C:\Windows\System32\MMDevAPI.dll - ok
05:45:54.0181 4044  [ B27EA141A7E748B607600A8551A44D5A ] C:\Windows\System32\propsys.dll
05:45:54.0181 4044  C:\Windows\System32\propsys.dll - ok
05:45:54.0181 4044  [ 113921FC4A80A3DDF646852998B836D0 ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7\comctl32.dll
05:45:54.0181 4044  C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7\comctl32.dll - ok
05:45:54.0197 4044  [ D152EBC32A23069F8AA1D1F24B15E3F9 ] C:\Windows\System32\audiodg.exe
05:45:54.0197 4044  C:\Windows\System32\audiodg.exe - ok
05:45:54.0197 4044  [ 5B3EBFC3DA142324B388DDCC4465E1FF ] C:\Windows\System32\samlib.dll
05:45:54.0197 4044  C:\Windows\System32\samlib.dll - ok
05:45:54.0197 4044  [ 84F8C8B9FB1F12532999D25F5DD7E77C ] C:\Windows\System32\shacct.dll
05:45:54.0197 4044  C:\Windows\System32\shacct.dll - ok
05:45:54.0197 4044  [ D29E998E8277666982B4F0303BF4E7AF ] C:\Windows\System32\uxtheme.dll
05:45:54.0197 4044  C:\Windows\System32\uxtheme.dll - ok
05:45:54.0212 4044  [ DD0701DE0AAA010E6EBD0F53B672DCEE ] C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_2b47185a719d6182\GdiPlus.dll
05:45:54.0212 4044  C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_2b47185a719d6182\GdiPlus.dll - ok
05:45:54.0212 4044  [ 3CB6A7286422C72C34DAB54A5DFF1A34 ] C:\Windows\System32\dui70.dll
05:45:54.0212 4044  C:\Windows\System32\dui70.dll - ok
05:45:54.0212 4044  [ 8CCDE014A4CDF84564E03ACE064CA753 ] C:\Windows\System32\duser.dll
05:45:54.0212 4044  C:\Windows\System32\duser.dll - ok
05:45:54.0212 4044  [ B2E3D4BB3389817FB5E4CD9378BC8791 ] C:\Windows\System32\SndVolSSO.dll
05:45:54.0212 4044  C:\Windows\System32\SndVolSSO.dll - ok
05:45:54.0212 4044  [ 896F15A6434D93EDB42519D5E18E6B50 ] C:\Windows\System32\hid.dll
05:45:54.0212 4044  C:\Windows\System32\hid.dll - ok
05:45:54.0228 4044  [ DA1B7075260F3872585BFCDD668C648B ] C:\Windows\System32\dwmapi.dll
05:45:54.0228 4044  C:\Windows\System32\dwmapi.dll - ok
05:45:54.0228 4044  [ 39F91A948E6017B732C4A0B3086A8E32 ] C:\Windows\System32\xmllite.dll
05:45:54.0228 4044  C:\Windows\System32\xmllite.dll - ok
05:45:54.0228 4044  [ EA99F234843BBDDA1ABD2767111ADE25 ] C:\Windows\System32\WindowsCodecs.dll
05:45:54.0228 4044  C:\Windows\System32\WindowsCodecs.dll - ok
05:45:54.0228 4044  [ 1F4492FE41767CDB8B89D17655847CDD ] C:\Windows\System32\ntmarta.dll
05:45:54.0228 4044  C:\Windows\System32\ntmarta.dll - ok
05:45:54.0243 4044  [ FE5AB4525BC2EC68B9119A6E5D40128B ] C:\Windows\System32\gpsvc.dll
05:45:54.0243 4044  C:\Windows\System32\gpsvc.dll - ok
05:45:54.0243 4044  [ 86E3822A34D454032D8E88C72AE8CF2D ] C:\Windows\System32\nlaapi.dll
05:45:54.0243 4044  C:\Windows\System32\nlaapi.dll - ok
05:45:54.0243 4044  [ 97293447431311C06703368AD0F6C4BE ] C:\Windows\System32\profsvc.dll
05:45:54.0243 4044  C:\Windows\System32\profsvc.dll - ok
05:45:54.0243 4044  [ 58775492FFD419248B08325E583C527F ] C:\Windows\System32\atl.dll
05:45:54.0243 4044  C:\Windows\System32\atl.dll - ok
05:45:54.0243 4044  [ F0344071948D1A1FA732231785A0664C ] C:\Windows\System32\themeservice.dll
05:45:54.0243 4044  C:\Windows\System32\themeservice.dll - ok
05:45:54.0259 4044  [ A77BE7CB3222B4FB0AC6C71D1C2698D4 ] C:\Windows\System32\dsrole.dll
05:45:54.0259 4044  C:\Windows\System32\dsrole.dll - ok
05:45:54.0259 4044  [ 4166F82BE4D24938977DD1746BE9B8A0 ] C:\Windows\System32\es.dll
05:45:54.0259 4044  C:\Windows\System32\es.dll - ok
05:45:54.0259 4044  [ BE097F5BB10F9079FCEB2DC4E7E20F02 ] C:\Windows\System32\slc.dll
05:45:54.0259 4044  C:\Windows\System32\slc.dll - ok
05:45:54.0259 4044  [ 1A47D52E303B7543E4E6026595B95422 ] C:\Windows\System32\comres.dll
05:45:54.0259 4044  C:\Windows\System32\comres.dll - ok
05:45:54.0259 4044  [ C32AB8FA018EF34C0F113BD501436D21 ] C:\Windows\System32\Sens.dll
05:45:54.0259 4044  C:\Windows\System32\Sens.dll - ok
05:45:54.0275 4044  [ 1538831CF8AD2979A04C423779465827 ] C:\Windows\System32\drivers\lltdio.sys
05:45:54.0275 4044  C:\Windows\System32\drivers\lltdio.sys - ok
05:45:54.0275 4044  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] C:\Windows\System32\uxsms.dll
05:45:54.0275 4044  C:\Windows\System32\uxsms.dll - ok
05:45:54.0275 4044  [ BD3674BE7FC9D8D3732C83E8499576ED ] C:\Windows\System32\wtsapi32.dll
05:45:54.0275 4044  C:\Windows\System32\wtsapi32.dll - ok
05:45:54.0275 4044  [ F105BA1E22BF1F2EE8F005D4305E4BEC ] C:\Windows\System32\drivers\ndisuio.sys
05:45:54.0275 4044  C:\Windows\System32\drivers\ndisuio.sys - ok
05:45:54.0290 4044  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] C:\Windows\System32\drivers\nwifi.sys
05:45:54.0290 4044  C:\Windows\System32\drivers\nwifi.sys - ok
05:45:54.0290 4044  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] C:\Windows\System32\wlansvc.dll
05:45:54.0290 4044  C:\Windows\System32\wlansvc.dll - ok
05:45:54.0290 4044  [ DDC86E4F8E7456261E637E3552E804FF ] C:\Windows\System32\drivers\rspndr.sys
05:45:54.0290 4044  C:\Windows\System32\drivers\rspndr.sys - ok
05:45:54.0290 4044  [ EF2AE43BCD46ABB13FC3E5B2B1935C73 ] C:\Windows\System32\winmm.dll
05:45:54.0290 4044  C:\Windows\System32\winmm.dll - ok
05:45:54.0306 4044  [ 8560FFFC8EB3A806DCD4F82252CFC8C6 ] C:\Windows\System32\ksuser.dll
05:45:54.0306 4044  C:\Windows\System32\ksuser.dll - ok
05:45:54.0306 4044  [ 30F9BACA07F8251D7DD1805A9E919CE0 ] C:\Windows\System32\wdmaud.drv
05:45:54.0306 4044  C:\Windows\System32\wdmaud.drv - ok
05:45:54.0306 4044  [ 9F2BACD5E1776A4BB7CC0EC3C3A4F96D ] C:\Windows\System32\winbrand.dll
05:45:54.0306 4044  C:\Windows\System32\winbrand.dll - ok
05:45:54.0306 4044  [ 2A381A9740165D7A1405148B6DFB3E38 ] C:\Windows\System32\SmartcardCredentialProvider.dll
05:45:54.0306 4044  C:\Windows\System32\SmartcardCredentialProvider.dll - ok
05:45:54.0306 4044  [ C2762A57DF0EE85E63CE4893C5215313 ] C:\Windows\System32\VaultCredProvider.dll
05:45:54.0306 4044  C:\Windows\System32\VaultCredProvider.dll - ok
05:45:54.0321 4044  [ BF352E73615F5461AA6884472435A544 ] C:\Windows\System32\BioCredProv.dll
05:45:54.0321 4044  C:\Windows\System32\BioCredProv.dll - ok
05:45:54.0321 4044  [ 796B8123A7859AFD3A4AE10514DBAEB5 ] C:\Windows\System32\winbio.dll
05:45:54.0321 4044  C:\Windows\System32\winbio.dll - ok
05:45:54.0321 4044  [ 97D38371502AA797DB14EB1FA5FCE4CD ] C:\Windows\System32\credui.dll
05:45:54.0321 4044  C:\Windows\System32\credui.dll - ok
05:45:54.0321 4044  [ 3C27B50BC43D5FED43081A784DD17190 ] C:\Windows\System32\netapi32.dll
05:45:54.0321 4044  C:\Windows\System32\netapi32.dll - ok
05:45:54.0337 4044  [ 44B9C66177651F3F53C87B665D58D17A ] C:\Windows\System32\vaultcli.dll
05:45:54.0337 4044  C:\Windows\System32\vaultcli.dll - ok
05:45:54.0337 4044  [ 4C8C2F987FC397DCE98874D6C9C0736A ] C:\Windows\System32\netutils.dll
05:45:54.0337 4044  C:\Windows\System32\netutils.dll - ok
05:45:54.0337 4044  [ B33CBD1A8C2A33121321D0FEBD7DD870 ] C:\Windows\System32\wkscli.dll
05:45:54.0337 4044  C:\Windows\System32\wkscli.dll - ok
05:45:54.0337 4044  [ A87205FE194B239D8D96E4972B779CC1 ] C:\Windows\System32\samcli.dll
05:45:54.0337 4044  C:\Windows\System32\samcli.dll - ok
05:45:54.0353 4044  [ 972C3301DB3DA91AE06A95F6B4160B1B ] C:\Windows\System32\certCredProvider.dll
05:45:54.0353 4044  C:\Windows\System32\certCredProvider.dll - ok
05:45:54.0353 4044  [ 87FA0C48C3B2E9FEE518818FE26B15B5 ] C:\Windows\System32\rasplap.dll
05:45:54.0353 4044  C:\Windows\System32\rasplap.dll - ok
05:45:54.0353 4044  [ 019CD868461B646E09BDF04474C19341 ] C:\Windows\System32\rasapi32.dll
05:45:54.0353 4044  C:\Windows\System32\rasapi32.dll - ok
05:45:54.0353 4044  [ B28DEEC597C8DEB70C744C7CF9210E3E ] C:\Windows\System32\rasman.dll
05:45:54.0353 4044  C:\Windows\System32\rasman.dll - ok
05:45:54.0353 4044  [ F5A61F0A0030C80DF319B0C14A4C8885 ] C:\Windows\System32\rtutils.dll
05:45:54.0353 4044  C:\Windows\System32\rtutils.dll - ok
05:45:54.0368 4044  [ 9BC8610C32C96A2983A65DC21CAFA921 ] C:\Windows\System32\UXInit.dll
05:45:54.0368 4044  C:\Windows\System32\UXInit.dll - ok
05:45:54.0368 4044  [ AF28348ED585539C4A33A4341FF23696 ] C:\Windows\System32\oleacc.dll
05:45:54.0368 4044  C:\Windows\System32\oleacc.dll - ok
05:45:54.0368 4044  [ 019BDD35DE269CB98B22DE8923C2AA3B ] C:\Windows\System32\UIAutomationCore.dll
05:45:54.0368 4044  C:\Windows\System32\UIAutomationCore.dll - ok
05:45:54.0368 4044  [ E424B3EF666B184CEE0B6871AAA8C9F6 ] C:\Windows\System32\msimg32.dll
05:45:54.0368 4044  C:\Windows\System32\msimg32.dll - ok
05:45:54.0384 4044  [ 5AA945234E9D4CCE4F715276B9AA712C ] C:\Windows\System32\imageres.dll
05:45:54.0384 4044  C:\Windows\System32\imageres.dll - ok
05:45:54.0384 4044  [ 57FE2CFC2F25C200499D5D934EA24EB5 ] C:\Windows\System32\IPHLPAPI.DLL
05:45:54.0384 4044  C:\Windows\System32\IPHLPAPI.DLL - ok
05:45:54.0384 4044  [ F993A32249B66C9D622EA5592A8B76B8 ] C:\Windows\System32\lmhsvc.dll
05:45:54.0384 4044  C:\Windows\System32\lmhsvc.dll - ok
05:45:54.0384 4044  [ D54BFDF3E0C953F823B3D0BFE4732528 ] C:\Windows\System32\nsisvc.dll
05:45:54.0384 4044  C:\Windows\System32\nsisvc.dll - ok
05:45:54.0399 4044  [ 81D64E8D70E5FBF9F7ABF2D41154F54D ] C:\Windows\System32\AudioSes.dll
05:45:54.0399 4044  C:\Windows\System32\AudioSes.dll - ok
05:45:54.0399 4044  [ CE3B9562D997F69B330D181A8875960F ] C:\Windows\System32\dhcpcore.dll
05:45:54.0399 4044  C:\Windows\System32\dhcpcore.dll - ok
05:45:54.0399 4044  [ FD5BA198F7190DFE9BE1947EB8710396 ] C:\Windows\System32\nrpsrv.dll
05:45:54.0399 4044  C:\Windows\System32\nrpsrv.dll - ok
05:45:54.0399 4044  [ 4C9210E8F4E052F6A4EB87716DA0C24C ] C:\Windows\System32\winnsi.dll
05:45:54.0399 4044  C:\Windows\System32\winnsi.dll - ok
05:45:54.0399 4044  [ 85CF424C74A1D5EC33533E1DBFF9920A ] C:\Windows\System32\dnsrslvr.dll
05:45:54.0399 4044  C:\Windows\System32\dnsrslvr.dll - ok
05:45:54.0415 4044  [ 982F5395AD181179320083A4FA7E7CA8 ] C:\Windows\System32\eapphost.dll
05:45:54.0415 4044  C:\Windows\System32\eapphost.dll - ok
05:45:54.0415 4044  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] C:\Windows\System32\eapsvc.dll
05:45:54.0415 4044  C:\Windows\System32\eapsvc.dll - ok
05:45:54.0415 4044  [ F9EC845C5EECF20E9A67F9F805F2EF1F ] C:\Windows\System32\keyiso.dll
05:45:54.0415 4044  C:\Windows\System32\keyiso.dll - ok
05:45:54.0415 4044  [ 2017BFE87CAB3D7EF632CFD2AA08D3F0 ] C:\Windows\System32\umb.dll
05:45:54.0415 4044  C:\Windows\System32\umb.dll - ok
05:45:54.0431 4044  [ 48A31B7CF046702059A86836DC21D786 ] C:\Windows\System32\wlanmsm.dll
05:45:54.0431 4044  C:\Windows\System32\wlanmsm.dll - ok
05:45:54.0431 4044  [ 71C7B65B6557B75B99907E76956AE4B8 ] C:\Windows\System32\dhcpcore6.dll
05:45:54.0431 4044  C:\Windows\System32\dhcpcore6.dll - ok
05:45:54.0431 4044  [ 50544D04AD845C43130B70212EC05CCD ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
05:45:54.0431 4044  C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
05:45:54.0431 4044  [ 10AC5CE9F78DC281A1BBD9B8CC587B8A ] C:\Windows\System32\msacm32.dll
05:45:54.0431 4044  C:\Windows\System32\msacm32.dll - ok
05:45:54.0446 4044  [ 1B7C3A37362C7B2890168C5FC61C8D9B ] C:\Windows\System32\msacm32.drv
05:45:54.0446 4044  C:\Windows\System32\msacm32.drv - ok
05:45:54.0446 4044  [ CA2A0750ED830678997695FF61B04C30 ] C:\Windows\System32\midimap.dll
05:45:54.0446 4044  C:\Windows\System32\midimap.dll - ok
05:45:54.0446 4044  [ 588CD0C78A7FAAE4186B5EEA0AF3ED67 ] C:\Windows\System32\adtschema.dll
05:45:54.0446 4044  C:\Windows\System32\adtschema.dll - ok
05:45:54.0446 4044  [ 0040C486584A8E582C861CFB57AB5387 ] C:\Windows\System32\FWPUCLNT.DLL
05:45:54.0446 4044  C:\Windows\System32\FWPUCLNT.DLL - ok
05:45:54.0446 4044  [ F7866AF72ABBAF84B1FA5AA195378C59 ] C:\Windows\System32\drivers\fltMgr.sys
05:45:54.0446 4044  C:\Windows\System32\drivers\fltMgr.sys - ok
05:45:54.0462 4044  [ F568F7C08458D69E4FCD8675BBB107E4 ] C:\Windows\System32\dhcpcsvc.dll
05:45:54.0462 4044  C:\Windows\System32\dhcpcsvc.dll - ok
05:45:54.0462 4044  [ 885D0942E0F28DB90919BE3129ECF279 ] C:\Windows\System32\dnsext.dll
05:45:54.0462 4044  C:\Windows\System32\dnsext.dll - ok
05:45:54.0462 4044  [ A3DB3C17EE6CAE65D53602B4E80BCCBC ] C:\Windows\System32\PSHED.DLL
05:45:54.0462 4044  C:\Windows\System32\PSHED.DLL - ok
05:45:54.0462 4044  [ 5EDBB34736DD7AC1A73CF8792A835E10 ] C:\Windows\System32\AudioEng.dll
05:45:54.0462 4044  C:\Windows\System32\AudioEng.dll - ok
05:45:54.0477 4044  [ 4CBCC37856EA2039C27A2FB661DDA0E5 ] C:\Windows\System32\dhcpcsvc6.dll
05:45:54.0477 4044  C:\Windows\System32\dhcpcsvc6.dll - ok
05:45:54.0477 4044  [ B0945E538CF906BBDDC5A11C8EE868CC ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
05:45:54.0477 4044  C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok
05:45:54.0477 4044  [ C1395286B822E306B4FE1568A8A77813 ] C:\Windows\System32\AUDIOKSE.dll
05:45:54.0477 4044  C:\Windows\System32\AUDIOKSE.dll - ok
05:45:54.0477 4044  [ 7445397B52E81157324A0C99CCAE052C ] C:\Windows\System32\RtkAPO64.dll
05:45:54.0477 4044  C:\Windows\System32\RtkAPO64.dll - ok
05:45:54.0493 4044  [ 6F3C559B82F2912354BE5B098744CC8C ] C:\Windows\System32\WMALFXGFXDSP.dll
05:45:54.0493 4044  C:\Windows\System32\WMALFXGFXDSP.dll - ok
05:45:54.0493 4044  [ 54B5DCD55B223BC5DF50B82E1E9E86B1 ] C:\Windows\System32\mfplat.dll
05:45:54.0493 4044  C:\Windows\System32\mfplat.dll - ok
05:45:54.0493 4044  [ 06A1386B6E3A0CBC368665C1840906F4 ] C:\Windows\System32\wlansec.dll
05:45:54.0493 4044  C:\Windows\System32\wlansec.dll - ok
05:45:54.0493 4044  [ D2B0D1C2BE5ECA80387F7CB8626DCAFE ] C:\Windows\System32\onex.dll
05:45:54.0493 4044  C:\Windows\System32\onex.dll - ok
05:45:54.0493 4044  [ 0D753307D274F3688BD21C377B616700 ] C:\Windows\System32\eappcfg.dll
05:45:54.0493 4044  C:\Windows\System32\eappcfg.dll - ok
05:45:54.0509 4044  [ 65522E77A1360DBC8D199DA3BF5EFFE4 ] C:\Windows\System32\eappprxy.dll
05:45:54.0509 4044  C:\Windows\System32\eappprxy.dll - ok
05:45:54.0509 4044  [ 97E43F324BE1503CB2FFB058534688DA ] C:\Windows\System32\l2gpstore.dll
05:45:54.0509 4044  C:\Windows\System32\l2gpstore.dll - ok
05:45:54.0509 4044  [ 730BF204A595D5B6D7DC57A247CC741C ] C:\Windows\System32\wlgpclnt.dll
05:45:54.0509 4044  C:\Windows\System32\wlgpclnt.dll - ok
05:45:54.0509 4044  [ 22E7431E7DAE8463AF94A79A054276E5 ] C:\Windows\System32\WinSCard.dll
05:45:54.0509 4044  C:\Windows\System32\WinSCard.dll - ok
05:45:54.0524 4044  [ 7F1B4C6FF3B85F9ADF74055187B8A22C ] C:\Windows\System32\wlanutil.dll
05:45:54.0524 4044  C:\Windows\System32\wlanutil.dll - ok
05:45:54.0524 4044  [ 7C02AD2F4BEF1D5C51CB9B402AB3603F ] C:\Windows\System32\msxml6.dll
05:45:54.0524 4044  C:\Windows\System32\msxml6.dll - ok
05:45:54.0524 4044  [ 8FA553E9AE69808D99C164733A0F9590 ] C:\Program Files\AVAST Software\Avast\AvastSvc.exe
05:45:54.0524 4044  C:\Program Files\AVAST Software\Avast\AvastSvc.exe - ok
05:45:54.0524 4044  [ DB6DD54A93522CA3572D04B56C5DB890 ] C:\Windows\SysWOW64\ntdll.dll
05:45:54.0524 4044  C:\Windows\SysWOW64\ntdll.dll - ok
05:45:54.0540 4044  [ 24BF2F4DD2D23A682967AD364D6AE967 ] C:\Windows\System32\wow64.dll
05:45:54.0540 4044  C:\Windows\System32\wow64.dll - ok
05:45:54.0540 4044  [ 6E52A8EADB1A931D39475800166FC32D ] C:\Windows\System32\wow64win.dll
05:45:54.0540 4044  C:\Windows\System32\wow64win.dll - ok
05:45:54.0540 4044  [ E9FCC0F9BC1F4FBEDAE00BBABA3679E4 ] C:\Windows\System32\wow64cpu.dll
05:45:54.0540 4044  C:\Windows\System32\wow64cpu.dll - ok
05:45:54.0540 4044  [ C95793F4BE3471AEED92F5BF367BE69E ] C:\Windows\SysWOW64\kernel32.dll
05:45:54.0540 4044  C:\Windows\SysWOW64\kernel32.dll - ok
05:45:54.0540 4044  [ D5487F73F2B1FB0A4CCB96AE653A489B ] C:\Windows\SysWOW64\KernelBase.dll
05:45:54.0540 4044  C:\Windows\SysWOW64\KernelBase.dll - ok
05:45:54.0555 4044  [ DAAE8A9B8C0ACC7F858454132553C30D ] C:\Windows\SysWOW64\ws2_32.dll
05:45:54.0555 4044  C:\Windows\SysWOW64\ws2_32.dll - ok
05:45:54.0555 4044  [ F8A61B2E713309B4616D107919BDAB6E ] C:\Windows\SysWOW64\msvcrt.dll
05:45:54.0555 4044  C:\Windows\SysWOW64\msvcrt.dll - ok
05:45:54.0555 4044  [ 90385551B6B3793E949DF310A11D64E7 ] C:\Windows\SysWOW64\rpcrt4.dll
05:45:54.0555 4044  C:\Windows\SysWOW64\rpcrt4.dll - ok
05:45:54.0555 4044  [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\SysWOW64\cryptbase.dll
05:45:54.0555 4044  C:\Windows\SysWOW64\cryptbase.dll - ok
05:45:54.0571 4044  [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\SysWOW64\sechost.dll
05:45:54.0571 4044  C:\Windows\SysWOW64\sechost.dll - ok
05:45:54.0571 4044  [ 351F62085F1D007533B4BB159C9EFDE3 ] C:\Windows\SysWOW64\sspicli.dll
05:45:54.0571 4044  C:\Windows\SysWOW64\sspicli.dll - ok
05:45:54.0571 4044  [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\SysWOW64\nsi.dll
05:45:54.0571 4044  C:\Windows\SysWOW64\nsi.dll - ok
05:45:54.0571 4044  [ EB398DED91CFF2F425610EAA2CCF2A23 ] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll
05:45:54.0571 4044  C:\Program Files\AVAST Software\Avast\aswCmnBS.dll - ok
05:45:54.0587 4044  [ 178B51198B7B46CD3C5E744474459A63 ] C:\Program Files\AVAST Software\Avast\aswCmnOS.dll
05:45:54.0587 4044  C:\Program Files\AVAST Software\Avast\aswCmnOS.dll - ok
05:45:54.0587 4044  [ BABE99A18A382A5E2F99B48E0BC3E0D4 ] C:\Program Files\AVAST Software\Avast\aswCmnIS.dll
05:45:54.0587 4044  C:\Program Files\AVAST Software\Avast\aswCmnIS.dll - ok
05:45:54.0587 4044  [ 93F0FFD46BA1EE3AEECD07678DD8E510 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcr90.dll
05:45:54.0587 4044  C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcr90.dll - ok
05:45:54.0587 4044  [ E8B0FFC209E504CB7E79FC24E6C085F0 ] C:\Windows\SysWOW64\user32.dll
05:45:54.0587 4044  C:\Windows\SysWOW64\user32.dll - ok
05:45:54.0587 4044  [ FBE1E0B9EF53B5BB7C36763AA6A685CF ] C:\Windows\SysWOW64\gdi32.dll
05:45:54.0587 4044  C:\Windows\SysWOW64\gdi32.dll - ok
05:45:54.0602 4044  [ 384721EF4024890092625E20CADFAF85 ] C:\Windows\SysWOW64\lpk.dll
05:45:54.0602 4044  C:\Windows\SysWOW64\lpk.dll - ok
05:45:54.0602 4044  [ 011B7A81E28C748D7631CF3D72323DD2 ] C:\Windows\SysWOW64\usp10.dll
05:45:54.0602 4044  C:\Windows\SysWOW64\usp10.dll - ok
05:45:54.0602 4044  [ 0C65FA8214D6F8378D1D3BA1CA46AF0A ] C:\Windows\SysWOW64\advapi32.dll
05:45:54.0602 4044  C:\Windows\SysWOW64\advapi32.dll - ok
05:45:54.0602 4044  [ 105319E3D66D6E1BAD22AADEC1E9E0DA ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcp90.dll
05:45:54.0602 4044  C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcp90.dll - ok
05:45:54.0618 4044  [ 55AFA63F5F2A6CED0C09E2AFE57ECA8D ] C:\Program Files\AVAST Software\Avast\ashBase.dll
05:45:54.0618 4044  C:\Program Files\AVAST Software\Avast\ashBase.dll - ok
05:45:54.0618 4044  [ DF13A51A5C591887D2EC6AE64CEED0FA ] C:\Windows\SysWOW64\wsock32.dll
05:45:54.0618 4044  C:\Windows\SysWOW64\wsock32.dll - ok
05:45:54.0618 4044  [ 702254574E7E52052DE39408457B7149 ] C:\Windows\SysWOW64\version.dll
05:45:54.0618 4044  C:\Windows\SysWOW64\version.dll - ok
05:45:54.0618 4044  [ C515CAEC6B3C6970007954C0250A124C ] C:\Program Files\AVAST Software\Avast\aswEngLdr.dll
05:45:54.0618 4044  C:\Program Files\AVAST Software\Avast\aswEngLdr.dll - ok
05:45:54.0633 4044  [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\SysWOW64\psapi.dll
05:45:54.0633 4044  C:\Windows\SysWOW64\psapi.dll - ok
05:45:54.0633 4044  [ 7FA3A810F383588D46220967DE8B64FF ] C:\Windows\SysWOW64\wininet.dll
05:45:54.0633 4044  C:\Windows\SysWOW64\wininet.dll - ok
05:45:54.0633 4044  [ F037DB14CF6165C62F4A64D12A25B07C ] C:\Windows\SysWOW64\shlwapi.dll
05:45:54.0633 4044  C:\Windows\SysWOW64\shlwapi.dll - ok
05:45:54.0633 4044  [ 780E80E5502015EDAEC91DC0A0C96A79 ] C:\Windows\SysWOW64\iertutil.dll
05:45:54.0633 4044  C:\Windows\SysWOW64\iertutil.dll - ok
05:45:54.0649 4044  [ 4266A3230981DD4434C55957F6DD497D ] C:\Windows\SysWOW64\urlmon.dll
05:45:54.0649 4044  C:\Windows\SysWOW64\urlmon.dll - ok
05:45:54.0649 4044  [ E2C2D8C982316C8ABF800C6CE3F28FAB ] C:\Windows\SysWOW64\ole32.dll
05:45:54.0649 4044  C:\Windows\SysWOW64\ole32.dll - ok
05:45:54.0649 4044  [ 705C210EFC5564BE49EB026BD7AFF27A ] C:\Windows\SysWOW64\oleaut32.dll
05:45:54.0649 4044  C:\Windows\SysWOW64\oleaut32.dll - ok
05:45:54.0649 4044  [ 0DE3069D6E09BA262856EF31C941BEFE ] C:\Windows\SysWOW64\imm32.dll
05:45:54.0649 4044  C:\Windows\SysWOW64\imm32.dll - ok
05:45:54.0649 4044  [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\SysWOW64\msctf.dll
05:45:54.0649 4044  C:\Windows\SysWOW64\msctf.dll - ok
05:45:54.0665 4044  [ 79C7CFAEA6879A8C1A1E8B5FFE8983AA ] C:\Windows\SysWOW64\dbghelp.dll
05:45:54.0665 4044  C:\Windows\SysWOW64\dbghelp.dll - ok
05:45:54.0665 4044  [ F900B5C221885618DB81FE49F3C3E823 ] C:\Program Files\AVAST Software\Avast\1031\Base.dll
05:45:54.0665 4044  C:\Program Files\AVAST Software\Avast\1031\Base.dll - ok
05:45:54.0665 4044  [ 5DE691884C240227B733CC18BBFCA3D8 ] C:\Windows\SysWOW64\netapi32.dll
05:45:54.0665 4044  C:\Windows\SysWOW64\netapi32.dll - ok
05:45:54.0665 4044  [ C6BB27D9A8AC13D4A44486F528B5C884 ] C:\Windows\SysWOW64\netutils.dll
05:45:54.0665 4044  C:\Windows\SysWOW64\netutils.dll - ok
05:45:54.0680 4044  [ 89D840773C9C4358A5031DCC860449EC ] C:\Windows\SysWOW64\srvcli.dll
05:45:54.0680 4044  C:\Windows\SysWOW64\srvcli.dll - ok
05:45:54.0680 4044  [ 7AD12703039056D2A0815F85960E1FA1 ] C:\Windows\SysWOW64\wkscli.dll
05:45:54.0680 4044  C:\Windows\SysWOW64\wkscli.dll - ok
05:45:54.0680 4044  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] C:\Windows\System32\shsvcs.dll
05:45:54.0680 4044  C:\Windows\System32\shsvcs.dll - ok
05:45:54.0680 4044  [ ADD9D33D685DFADDFAD5AFB42CF31A70 ] C:\Windows\SysWOW64\cscapi.dll
05:45:54.0680 4044  C:\Windows\SysWOW64\cscapi.dll - ok
05:45:54.0680 4044  [ 977C54291BFA6FEE7FF865630E51757B ] C:\Program Files\AVAST Software\Avast\ashServ.dll
05:45:54.0680 4044  C:\Program Files\AVAST Software\Avast\ashServ.dll - ok
05:45:54.0696 4044  [ 045EE3DC56B12B404DC07848D8597C66 ] C:\Program Files\AVAST Software\Avast\aswAux.dll
05:45:54.0696 4044  C:\Program Files\AVAST Software\Avast\aswAux.dll - ok
05:45:54.0696 4044  [ 16CE3ED063923253905341C9AF850FE7 ] C:\Program Files\AVAST Software\Avast\ashTask.dll
05:45:54.0696 4044  C:\Program Files\AVAST Software\Avast\ashTask.dll - ok
05:45:54.0696 4044  [ 4FF19AC422B7709D786DE58B385C9647 ] C:\Program Files\AVAST Software\Avast\ashTaskEx.dll
05:45:54.0696 4044  C:\Program Files\AVAST Software\Avast\ashTaskEx.dll - ok
05:45:54.0696 4044  [ 1B38A0F123FCF1546FACEAF1EFAFAA00 ] C:\Windows\System32\fveapi.dll
05:45:54.0696 4044  C:\Windows\System32\fveapi.dll - ok
05:45:54.0711 4044  [ FCA9CC8611654B790DD6242BF862B7F5 ] C:\Program Files\AVAST Software\Avast\aswLog.dll
05:45:54.0711 4044  C:\Program Files\AVAST Software\Avast\aswLog.dll - ok
05:45:54.0711 4044  [ 891ECFD08E2C538B7948CBC45106D697 ] C:\Windows\System32\fvecerts.dll
05:45:54.0711 4044  C:\Windows\System32\fvecerts.dll - ok
05:45:54.0711 4044  [ 694865362F0965779F92BCFE97712323 ] C:\Windows\System32\tbs.dll
05:45:54.0711 4044  C:\Windows\System32\tbs.dll - ok
05:45:54.0711 4044  [ F186897E0A3B9D0784041221D0265069 ] C:\Program Files\AVAST Software\Avast\aswSqLt.dll
05:45:54.0711 4044  C:\Program Files\AVAST Software\Avast\aswSqLt.dll - ok
05:45:54.0727 4044  [ 8269210DAF3B12BC8300631B28A2A442 ] C:\Windows\System32\wiarpc.dll
05:45:54.0727 4044  C:\Windows\System32\wiarpc.dll - ok
05:45:54.0727 4044  [ 12B9869E74F9E698F550F04F8989C591 ] C:\Program Files\AVAST Software\Avast\aswProperty.dll
05:45:54.0727 4044  C:\Program Files\AVAST Software\Avast\aswProperty.dll - ok
05:45:54.0727 4044  [ 6F367A9B88CFDD46F42C1D11E5CB7964 ] C:\Program Files\AVAST Software\Avast\Aavm4h.dll
05:45:54.0727 4044  C:\Program Files\AVAST Software\Avast\Aavm4h.dll - ok
05:45:54.0727 4044  [ C2434DEA392826C1687D9BD7FA4845BC ] C:\Program Files\AVAST Software\Avast\AavmRpch.dll
05:45:54.0727 4044  C:\Program Files\AVAST Software\Avast\AavmRpch.dll - ok
05:45:54.0727 4044  [ 902F670F58193A2BC30AA342B11B2C7B ] C:\Program Files\AVAST Software\Avast\aswIdle.dll
05:45:54.0727 4044  C:\Program Files\AVAST Software\Avast\aswIdle.dll - ok
05:45:54.0743 4044  [ 264B5D8F4C70A26749FF2CEDDE06BA30 ] C:\Program Files\AVAST Software\Avast\aswDld.dll
05:45:54.0743 4044  C:\Program Files\AVAST Software\Avast\aswDld.dll - ok
05:45:54.0743 4044  [ 273FD83FC8C4E12F8C55381674F92A44 ] C:\Program Files\AVAST Software\Avast\aswStrm.dll
05:45:54.0743 4044  C:\Program Files\AVAST Software\Avast\aswStrm.dll - ok
05:45:54.0743 4044  [ E30E5BB0DBA49EFE5BBBAFEA440CFBD9 ] C:\Windows\SysWOW64\wtsapi32.dll
05:45:54.0743 4044  C:\Windows\SysWOW64\wtsapi32.dll - ok
05:45:54.0743 4044  [ E702ED19C332C1F12C1403D100E2F4F3 ] C:\Windows\SysWOW64\cfgmgr32.dll
05:45:54.0743 4044  C:\Windows\SysWOW64\cfgmgr32.dll - ok
05:45:54.0758 4044  [ 624D0F5FF99428BB90A5B8A4123E918E ] C:\Windows\System32\schedsvc.dll
05:45:54.0758 4044  C:\Windows\System32\schedsvc.dll - ok
05:45:54.0758 4044  [ BC414631876B2F28B8DAB08E849C12C5 ] C:\Windows\System32\ktmw32.dll
05:45:54.0758 4044  C:\Windows\System32\ktmw32.dll - ok
05:45:54.0758 4044  [ 6C0BD9D59C7E97DEE2FB3407D17BF697 ] C:\Windows\SysWOW64\RpcRtRemote.dll
05:45:54.0758 4044  C:\Windows\SysWOW64\RpcRtRemote.dll - ok
05:45:54.0758 4044  [ 8258362DDB18B644A82D8B5061AD9426 ] C:\Windows\SysWOW64\wscisvif.dll
05:45:54.0758 4044  C:\Windows\SysWOW64\wscisvif.dll - ok
05:45:54.0774 4044  [ 374B26395852A9092BDE2E4C8D4D0C8D ] C:\Windows\SysWOW64\wscapi.dll
05:45:54.0774 4044  C:\Windows\SysWOW64\wscapi.dll - ok
05:45:54.0774 4044  [ 21F92A16AF4ED9CD09216CEE2F85F0A0 ] C:\Program Files\AVAST Software\Avast\defs\13012903\aswEngin.dll
05:45:54.0774 4044  C:\Program Files\AVAST Software\Avast\defs\13012903\aswEngin.dll - ok
05:45:54.0774 4044  [ E895E417F04339B583A90A1959054BEA ] C:\Program Files\AVAST Software\Avast\defs\13012903\aswCmnOS.dll
05:45:54.0774 4044  C:\Program Files\AVAST Software\Avast\defs\13012903\aswCmnOS.dll - ok
05:45:54.0774 4044  [ 3AE814769FD59498E9AF30A1B86417DF ] C:\Program Files\AVAST Software\Avast\defs\13012903\aswCmnIS.dll
05:45:54.0774 4044  C:\Program Files\AVAST Software\Avast\defs\13012903\aswCmnIS.dll - ok
05:45:54.0789 4044  [ 9F8ACDB49A8AEFBFF100B5488EB9D01D ] C:\Program Files\AVAST Software\Avast\defs\13012903\aswCmnBS.dll
05:45:54.0789 4044  C:\Program Files\AVAST Software\Avast\defs\13012903\aswCmnBS.dll - ok
05:45:54.0789 4044  [ 10DFDA4DF80A0D273B142E2FD4AA2994 ] C:\Program Files\AVAST Software\Avast\defs\13012903\aswScan.dll
05:45:54.0789 4044  C:\Program Files\AVAST Software\Avast\defs\13012903\aswScan.dll - ok
05:45:54.0789 4044  [ 9113108930BBA90DED86DC3B6CACE5D7 ] C:\Program Files\AVAST Software\Avast\defs\13012903\aswRep.dll
05:45:54.0789 4044  C:\Program Files\AVAST Software\Avast\defs\13012903\aswRep.dll - ok
05:45:54.0789 4044  [ C1F048B33A1BD8F5B05AF76469252F55 ] C:\Program Files\AVAST Software\Avast\defs\13012903\aswFiDb.dll
05:45:54.0789 4044  C:\Program Files\AVAST Software\Avast\defs\13012903\aswFiDb.dll - ok
05:45:54.0789 4044  [ CF2C061CDC56FCB26BF012BB8B2ADC18 ] C:\Program Files\AVAST Software\Avast\defs\13012903\algo.dll
05:45:54.0805 4044  C:\Program Files\AVAST Software\Avast\defs\13012903\algo.dll - ok
05:45:54.0805 4044  [ D025E95247353BA8ADB53CFF3A4E5BBB ] C:\Program Files\AVAST Software\Avast\Setup\setiface.dll
05:45:54.0805 4044  C:\Program Files\AVAST Software\Avast\Setup\setiface.dll - ok
05:45:54.0805 4044  [ 2CBC35E872BA9B46474890135B56DD66 ] C:\Windows\SysWOW64\shell32.dll
05:45:54.0805 4044  C:\Windows\SysWOW64\shell32.dll - ok
05:45:54.0805 4044  [ 6CC10D9FD128069DBFE476222F097616 ] C:\Windows\SysWOW64\secur32.dll
05:45:54.0805 4044  C:\Windows\SysWOW64\secur32.dll - ok
05:45:54.0805 4044  [ 1EBE9524683C7C4EED8B8BC93FB6FBCC ] C:\Windows\SysWOW64\fltLib.dll
05:45:54.0805 4044  C:\Windows\SysWOW64\fltLib.dll - ok
05:45:54.0821 4044  [ AE5FF948400A51B040F999BF04290373 ] C:\Windows\SysWOW64\winsta.dll
05:45:54.0821 4044  C:\Windows\SysWOW64\winsta.dll - ok
05:45:54.0821 4044  [ 9C09AF87AC7351985AB5FFBA3FC52575 ] C:\Program Files\AVAST Software\Avast\AhResBhv.dll
05:45:54.0821 4044  C:\Program Files\AVAST Software\Avast\AhResBhv.dll - ok
05:45:54.0821 4044  [ E844C96552989FA1ECA95778583A904C ] C:\Program Files\AVAST Software\Avast\AhResJs.dll
05:45:54.0821 4044  C:\Program Files\AVAST Software\Avast\AhResJs.dll - ok
05:45:54.0821 4044  [ 17F5861A03516864A5F4CC04C7324278 ] C:\Program Files\AVAST Software\Avast\AhResMai.dll
05:45:54.0821 4044  C:\Program Files\AVAST Software\Avast\AhResMai.dll - ok
05:45:54.0836 4044  [ 8BEC10C53E927CD5E442FE332804F1AC ] C:\Program Files\AVAST Software\Avast\AhResMes.dll
05:45:54.0836 4044  C:\Program Files\AVAST Software\Avast\AhResMes.dll - ok
05:45:54.0836 4044  [ 9B2F20ECF609EDF54FEC43E792028261 ] C:\Program Files\AVAST Software\Avast\AhResNS.dll
05:45:54.0836 4044  C:\Program Files\AVAST Software\Avast\AhResNS.dll - ok
05:45:54.0836 4044  [ 857661F2E5A677CFB6D3B2CF6E428227 ] C:\Program Files\AVAST Software\Avast\AhResP2P.dll
05:45:54.0836 4044  C:\Program Files\AVAST Software\Avast\AhResP2P.dll - ok
05:45:54.0836 4044  [ 2466ED58B8EFB3320BCA73ACF8179D24 ] C:\Program Files\AVAST Software\Avast\AhResStd.dll
05:45:54.0836 4044  C:\Program Files\AVAST Software\Avast\AhResStd.dll - ok
05:45:54.0852 4044  [ 5D9550E02D981B92B133E5F8F7BDF8D2 ] C:\Program Files\AVAST Software\Avast\AhResWS.dll
05:45:54.0852 4044  C:\Program Files\AVAST Software\Avast\AhResWS.dll - ok
05:45:54.0852 4044  [ 1B547066D0A6CD40EB3BAAC6A9C7E7A9 ] C:\Windows\System32\taskcomp.dll
05:45:54.0852 4044  C:\Windows\System32\taskcomp.dll - ok
05:45:54.0852 4044  [ 11A41F17527ED75D6B758FDD7F4FD00D ] C:\Windows\SysWOW64\mswsock.dll
05:45:54.0852 4044  C:\Windows\SysWOW64\mswsock.dll - ok
05:45:54.0852 4044  [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\SysWOW64\WSHTCPIP.DLL
05:45:54.0852 4044  C:\Windows\SysWOW64\WSHTCPIP.DLL - ok
05:45:54.0852 4044  [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] C:\Windows\System32\drivers\http.sys
05:45:54.0867 4044  C:\Windows\System32\drivers\http.sys - ok
05:45:54.0867 4044  [ 567977DC43CC13C4C35ED7084C0B84D5 ] C:\Windows\System32\spoolsv.exe
05:45:54.0867 4044  C:\Windows\System32\spoolsv.exe - ok
05:45:54.0867 4044  [ 62390F4ACE9E2B63E3CA26B7F7497897 ] C:\Windows\SysWOW64\dnsapi.dll
05:45:54.0867 4044  C:\Windows\SysWOW64\dnsapi.dll - ok
05:45:54.0867 4044  [ 045DB4EAB4FBD23210E85ECC3F464A2E ] C:\Windows\SysWOW64\nlaapi.dll
05:45:54.0867 4044  C:\Windows\SysWOW64\nlaapi.dll - ok
05:45:54.0867 4044  [ 5DF5D8CFD9B9573FA3B2C89D9061A240 ] C:\Windows\SysWOW64\winrnr.dll
05:45:54.0867 4044  C:\Windows\SysWOW64\winrnr.dll - ok
05:45:54.0883 4044  [ 4992C609A6315671463E30F6512BC022 ] C:\Windows\System32\BFE.DLL
05:45:54.0883 4044  C:\Windows\System32\BFE.DLL - ok
05:45:54.0883 4044  [ 0B7E85364CB878E2AD531DB7B601A9E5 ] C:\Windows\SysWOW64\NapiNSP.dll
05:45:54.0883 4044  C:\Windows\SysWOW64\NapiNSP.dll - ok
05:45:54.0883 4044  [ 5CF640EDDB1E40A5AB1BB743BCDEC610 ] C:\Windows\SysWOW64\pnrpnsp.dll
05:45:54.0883 4044  C:\Windows\SysWOW64\pnrpnsp.dll - ok
05:45:54.0883 4044  [ A8EDB86FC2A4D6D1285E4C70384AC35A ] C:\Windows\System32\dllhost.exe
05:45:54.0883 4044  C:\Windows\System32\dllhost.exe - ok
05:45:54.0899 4044  [ 6095266CAAF5E75F394CFD4844CC4C25 ] C:\Windows\SysWOW64\IPHLPAPI.DLL
05:45:54.0899 4044  C:\Windows\SysWOW64\IPHLPAPI.DLL - ok
05:45:54.0899 4044  [ 3A2BB97D54A2189C9900A735C0531B59 ] C:\Windows\SysWOW64\wshbth.dll
05:45:54.0899 4044  C:\Windows\SysWOW64\wshbth.dll - ok
05:45:54.0899 4044  [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\SysWOW64\winnsi.dll
05:45:54.0899 4044  C:\Windows\SysWOW64\winnsi.dll - ok
05:45:54.0899 4044  [ 19D20159708E152267E53B66677A4995 ] C:\Windows\System32\drivers\bowser.sys
05:45:54.0899 4044  C:\Windows\System32\drivers\bowser.sys - ok
05:45:54.0899 4044  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] C:\Windows\System32\drivers\mpsdrv.sys
05:45:54.0899 4044  C:\Windows\System32\drivers\mpsdrv.sys - ok
05:45:54.0914 4044  [ AECAB449567D1846DAD63ECE49E893E3 ] C:\Windows\System32\MPSSVC.dll
05:45:54.0914 4044  C:\Windows\System32\MPSSVC.dll - ok
05:45:54.0914 4044  [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\SysWOW64\wship6.dll
05:45:54.0914 4044  C:\Windows\SysWOW64\wship6.dll - ok
05:45:54.0914 4044  [ 040D62A9D8AD28922632137ACDD984F2 ] C:\Windows\System32\drivers\mrxsmb.sys
05:45:54.0914 4044  C:\Windows\System32\drivers\mrxsmb.sys - ok
05:45:54.0914 4044  [ F0067552F8F9B33D7C59403AB808A3CB ] C:\Windows\System32\drivers\mrxsmb10.sys
05:45:54.0914 4044  C:\Windows\System32\drivers\mrxsmb10.sys - ok
05:45:54.0930 4044  [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\SysWOW64\rasadhlp.dll
05:45:54.0930 4044  C:\Windows\SysWOW64\rasadhlp.dll - ok
05:45:54.0930 4044  [ BC052EFAD10ACA1AD69545B629F50D99 ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_a44e1fc257f685f6\comctl32.dll
05:45:54.0930 4044  C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_a44e1fc257f685f6\comctl32.dll - ok
05:45:54.0930 4044  [ 3C142D31DE9F2F193218A53FE2632051 ] C:\Windows\System32\drivers\mrxsmb20.sys
05:45:54.0930 4044  C:\Windows\System32\drivers\mrxsmb20.sys - ok
05:45:54.0930 4044  [ 1683774D357D5CFFCDC871493E19F58F ] C:\Program Files\AVAST Software\Avast\defs\13012903\aswAR.dll
05:45:54.0930 4044  C:\Program Files\AVAST Software\Avast\defs\13012903\aswAR.dll - ok
05:45:54.0945 4044  [ BFBFAFFC60EBB5754F37868CAA876BF1 ] C:\Program Files\AVAST Software\Avast\defs\13012903\aswRawFS.dll
05:45:54.0945 4044  C:\Program Files\AVAST Software\Avast\defs\13012903\aswRawFS.dll - ok
05:45:54.0945 4044  [ 27026EAC8818E8A6C00A1CAD2F11D29A ] C:\Windows\System32\wkssvc.dll
05:45:54.0945 4044  C:\Windows\System32\wkssvc.dll - ok
05:45:54.0945 4044  [ A0A2C1D812C231C9BFE119FDC68E341B ] C:\Windows\System32\IDStore.dll
05:45:54.0945 4044  C:\Windows\System32\IDStore.dll - ok
05:45:54.0945 4044  [ 88351B29B622B30962D2FEB6CA8D860B ] C:\Windows\System32\rasadhlp.dll
05:45:54.0945 4044  C:\Windows\System32\rasadhlp.dll - ok
05:45:54.0945 4044  [ C67F8A962B2534224D5908D16D2AD3CE ] C:\Windows\System32\wfapigp.dll
05:45:54.0945 4044  C:\Windows\System32\wfapigp.dll - ok
05:45:54.0961 4044  [ A1C148801B4AF64847AEB9F3AD9594EF ] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
05:45:54.0961 4044  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe - ok
05:45:54.0961 4044  [ 95F9C2976059462CBBF227F7AAB10DE9 ] C:\Windows\System32\bthserv.dll
05:45:54.0961 4044  C:\Windows\System32\bthserv.dll - ok
05:45:54.0961 4044  [ BAF19B633933A9FB4883D27D66C39E9A ] C:\Windows\System32\cryptsvc.dll
05:45:54.0961 4044  C:\Windows\System32\cryptsvc.dll - ok
05:45:54.0961 4044  [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] C:\Windows\System32\dps.dll
05:45:54.0961 4044  C:\Windows\System32\dps.dll - ok
05:45:54.0977 4044  [ CDAD3376DFF3D9AC7FDCBE2B94B0D3C8 ] C:\Windows\System32\shfolder.dll
05:45:54.0977 4044  C:\Windows\System32\shfolder.dll - ok
05:45:54.0977 4044  [ DC57BAF15064ECB79F6D2CCF352E1D88 ] C:\Windows\System32\taskschd.dll
05:45:54.0977 4044  C:\Windows\System32\taskschd.dll - ok
05:45:54.0977 4044  [ 41323AB614A2B66AD77B1121D24AC895 ] C:\Windows\SysWOW64\setupapi.dll
05:45:54.0977 4044  C:\Windows\SysWOW64\setupapi.dll - ok
05:45:54.0977 4044  [ 7DA089C75B1E92032D0CBE4ADE7C32BC ] C:\Windows\SysWOW64\crypt32.dll
05:45:54.0977 4044  C:\Windows\SysWOW64\crypt32.dll - ok
05:45:54.0992 4044  [ 6C9C05D5344B9AB80E9180FC859BC45A ] C:\Windows\SysWOW64\devobj.dll
05:45:54.0992 4044  C:\Windows\SysWOW64\devobj.dll - ok
05:45:54.0992 4044  [ 4C04900AA8C323F5D4C316A89E976849 ] C:\Windows\SysWOW64\msasn1.dll
05:45:54.0992 4044  C:\Windows\SysWOW64\msasn1.dll - ok
05:45:54.0992 4044  [ 6CEF7856A3EFAC59470F6208F0F585CE ] C:\Windows\System32\mpr.dll
05:45:54.0992 4044  C:\Windows\System32\mpr.dll - ok
05:45:54.0992 4044  [ 3EEFB971D61EF9638FD21F14C703CA11 ] C:\Windows\System32\taskhost.exe
05:45:54.0992 4044  C:\Windows\System32\taskhost.exe - ok
05:45:55.0008 4044  [ 4FAC55936209B4F3EB78532181C9ED5E ] C:\Windows\System32\cryptnet.dll
05:45:55.0008 4044  C:\Windows\System32\cryptnet.dll - ok
05:45:55.0008 4044  [ 961036B3C6282C646B9ADBC8BB32C983 ] C:\Windows\System32\mscms.dll
05:45:55.0008 4044  C:\Windows\System32\mscms.dll - ok
05:45:55.0008 4044  [ 6F8F1376A13114CC10C0E69274F5A4DE ] C:\Windows\System32\userinit.exe
05:45:55.0008 4044  C:\Windows\System32\userinit.exe - ok
05:45:55.0008 4044  [ A261AD1FDC6D6A658A82B81AF81B215F ] C:\Windows\System32\vssapi.dll
05:45:55.0008 4044  C:\Windows\System32\vssapi.dll - ok
05:45:55.0023 4044  [ F162D5F5E845B9DC352DD1BAD8CEF1BC ] C:\Windows\System32\dwm.exe
05:45:55.0023 4044  C:\Windows\System32\dwm.exe - ok
05:45:55.0023 4044  [ 7F37322A489E285CFBCC02F6A53B3F1B ] C:\Windows\System32\HotStartUserAgent.dll
05:45:55.0023 4044  C:\Windows\System32\HotStartUserAgent.dll - ok
05:45:55.0023 4044  [ 3AEAA8B561E63452C655DC0584922257 ] C:\Windows\System32\pcasvc.dll
05:45:55.0023 4044  C:\Windows\System32\pcasvc.dll - ok
05:45:55.0023 4044  [ 94EEAC26F57811BD1AEFC164412F7FCE ] C:\Windows\System32\PlaySndSrv.dll
05:45:55.0023 4044  C:\Windows\System32\PlaySndSrv.dll - ok
05:45:55.0023 4044  [ 6313F223E817CC09AA41811DAA7F541D ] C:\Windows\System32\snmptrap.exe
05:45:55.0023 4044  C:\Windows\System32\snmptrap.exe - ok
05:45:55.0039 4044  [ 287923557447D7E4BDD7E65B1F0F5428 ] C:\Windows\System32\vsstrace.dll
05:45:55.0039 4044  C:\Windows\System32\vsstrace.dll - ok
05:45:55.0039 4044  [ 1F1CA9E99DD5BF918BE0BF30B5A42FDA ] C:\Windows\System32\MsCtfMonitor.dll
05:45:55.0039 4044  C:\Windows\System32\MsCtfMonitor.dll - ok
05:45:55.0039 4044  [ F09A9A1AD21FE618C4C8B0A0D830C886 ] C:\Windows\System32\msutb.dll
05:45:55.0039 4044  C:\Windows\System32\msutb.dll - ok
05:45:55.0039 4044  [ 06A7422224D9865A5613710A089987DF ] C:\Windows\System32\provsvc.dll
05:45:55.0039 4044  C:\Windows\System32\provsvc.dll - ok
05:45:55.0055 4044  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] C:\Windows\System32\sstpsvc.dll
05:45:55.0055 4044  C:\Windows\System32\sstpsvc.dll - ok
05:45:55.0055 4044  [ 0862495E0C825893DB75EF44FAEA8E93 ] C:\Windows\explorer.exe
05:45:55.0055 4044  C:\Windows\explorer.exe - ok
05:45:55.0055 4044  [ 1727B2A2F379A32B864C096FA794AADC ] C:\Windows\System32\aepic.dll
05:45:55.0055 4044  C:\Windows\System32\aepic.dll - ok
05:45:55.0055 4044  [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] C:\Windows\System32\nlasvc.dll
05:45:55.0055 4044  C:\Windows\System32\nlasvc.dll - ok
05:45:55.0055 4044  [ 334A663962618F7A136FA1F80F773C5F ] C:\Windows\SysWOW64\wintrust.dll
05:45:55.0055 4044  C:\Windows\SysWOW64\wintrust.dll - ok
05:45:55.0070 4044  [ 68769C3356B3BE5D1C732C97B9A80D6E ] C:\Windows\System32\drivers\PEAuth.sys
05:45:55.0070 4044  C:\Windows\System32\drivers\PEAuth.sys - ok
05:45:55.0070 4044  [ 843BA5F09A391D52AC1F8486C5FC3D4F ] C:\Program Files\Fujitsu\PSUtility\PSUService.exe
05:45:55.0070 4044  C:\Program Files\Fujitsu\PSUtility\PSUService.exe - ok
05:45:55.0070 4044  [ 107F279517E2A04DB4AC1B1FAF1D573B ] C:\Windows\System32\ncsi.dll
05:45:55.0070 4044  C:\Windows\System32\ncsi.dll - ok
05:45:55.0086 4044  [ C6DCD1D11ED6827F05C00773C3E7053C ] C:\Windows\System32\sfc.dll
05:45:55.0086 4044  C:\Windows\System32\sfc.dll - ok
05:45:55.0086 4044  [ 895C9AB0A855547445C4181195230757 ] C:\Windows\System32\sfc_os.dll
05:45:55.0086 4044  C:\Windows\System32\sfc_os.dll - ok
05:45:55.0086 4044  [ 9B6A087317C4F5AFBF5CC8472F599BFB ] C:\Program Files\Fujitsu\PSUtility\PSUWNP.dll
05:45:55.0086 4044  C:\Program Files\Fujitsu\PSUtility\PSUWNP.dll - ok
05:45:55.0086 4044  [ 3EA8A16169C26AFBEB544E0E48421186 ] C:\Windows\System32\drivers\secdrv.sys
05:45:55.0086 4044  C:\Windows\System32\drivers\secdrv.sys - ok
05:45:55.0101 4044  [ 0BF0C2A72F2CB0BA4382C392D3E331AF ] C:\Windows\System32\winhttp.dll
05:45:55.0101 4044  C:\Windows\System32\winhttp.dll - ok
05:45:55.0101 4044  [ 0AF6E19D39C70844C5CAA8FB0183C36E ] C:\Windows\System32\drivers\srvnet.sys
05:45:55.0101 4044  C:\Windows\System32\drivers\srvnet.sys - ok
05:45:55.0101 4044  [ 76D078AF6F587B162D50210F761EB9ED ] C:\Windows\System32\drivers\tcpipreg.sys
05:45:55.0101 4044  C:\Windows\System32\drivers\tcpipreg.sys - ok
05:45:55.0101 4044  [ 3C1284516A62078FB68F768DE4F1A7BE ] C:\Windows\System32\sysmain.dll
05:45:55.0101 4044  C:\Windows\System32\sysmain.dll - ok
05:45:55.0101 4044  [ 2196CDBFA4B99BEEDAE300FA21DFE718 ] C:\Windows\System32\webio.dll
05:45:55.0101 4044  C:\Windows\System32\webio.dll - ok
05:45:55.0117 4044  [ 2BBF3FDB70B8965DFA0258CBAB41ECCE ] C:\Windows\System32\ssdpapi.dll
05:45:55.0117 4044  C:\Windows\System32\ssdpapi.dll - ok
05:45:55.0117 4044  [ D9656445499625B0ED88C0B203F3C16F ] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
05:45:55.0117 4044  C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe - ok
05:45:55.0117 4044  [ 7E7AFD841694F6AC397E99D75CEAD49D ] C:\Windows\System32\trkwks.dll
05:45:55.0117 4044  C:\Windows\System32\trkwks.dll - ok
05:45:55.0117 4044  [ 92AAF75C3EB344A098DC026BC9DDF42A ] C:\Windows\System32\bthprops.cpl
05:45:55.0117 4044  C:\Windows\System32\bthprops.cpl - ok
05:45:55.0133 4044  [ C2208229A0761B05E874E10FFB341A64 ] C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe
05:45:55.0133 4044  C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe - ok
05:45:55.0133 4044  [ 19B07E7E8915D701225DA41CB3877306 ] C:\Windows\System32\wbem\WMIsvc.dll
05:45:55.0133 4044  C:\Windows\System32\wbem\WMIsvc.dll - ok
05:45:55.0133 4044  [ 491C7F9C71915B72BFBB0D271095D4C2 ] C:\Program Files\Fujitsu\WirelessSelector\FJWSWNP.dll
05:45:55.0133 4044  C:\Program Files\Fujitsu\WirelessSelector\FJWSWNP.dll - ok
05:45:55.0133 4044  [ 76548F7B818881B47D8D1AE1BE9C11F8 ] C:\Windows\System32\drivers\srv2.sys
05:45:55.0133 4044  C:\Windows\System32\drivers\srv2.sys - ok
05:45:55.0148 4044  [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] C:\Windows\System32\drivers\srv.sys
05:45:55.0148 4044  C:\Windows\System32\drivers\srv.sys - ok
05:45:55.0148 4044  [ FAF9BA81FB0543CB4B7EFFD24CFA815F ] C:\Windows\System32\wbemcomn.dll
05:45:55.0148 4044  C:\Windows\System32\wbemcomn.dll - ok
05:45:55.0148 4044  [ F8E058D17363EC580E4B7232778B6CB5 ] C:\Windows\System32\iphlpsvc.dll
05:45:55.0148 4044  C:\Windows\System32\iphlpsvc.dll - ok
05:45:55.0148 4044  [ A7582A70802D5B9F28ED3940F6A3E9ED ] C:\Windows\System32\wbem\WmiDcPrv.dll
05:45:55.0148 4044  C:\Windows\System32\wbem\WmiDcPrv.dll - ok
05:45:55.0164 4044  [ A3F5E8EC1316C3E2562B82694A251C9E ] C:\Windows\System32\wbem\fastprox.dll
05:45:55.0164 4044  C:\Windows\System32\wbem\fastprox.dll - ok
05:45:55.0164 4044  [ 48A6CA43A5C921C465F70D9B42B3EF1A ] C:\Windows\System32\sqmapi.dll
05:45:55.0164 4044  C:\Windows\System32\sqmapi.dll - ok
05:45:55.0164 4044  [ 7B38D7916A7CD058C16A0A6CA5077901 ] C:\Windows\System32\wdscore.dll
05:45:55.0164 4044  C:\Windows\System32\wdscore.dll - ok
05:45:55.0164 4044  [ 81F1D04D4D0E433099365127375FD501 ] C:\Windows\System32\srvsvc.dll
05:45:55.0164 4044  C:\Windows\System32\srvsvc.dll - ok
05:45:55.0164 4044  [ 6B054C67AAA87843504E8E3C09102009 ] C:\Windows\System32\browser.dll
05:45:55.0164 4044  C:\Windows\System32\browser.dll - ok
05:45:55.0179 4044  [ EE26D130808D16C0E417BBBED0451B34 ] C:\Windows\System32\ntdsapi.dll
05:45:55.0179 4044  C:\Windows\System32\ntdsapi.dll - ok
05:45:55.0179 4044  [ CFEFA40DDE34659BE5211966EAD86437 ] C:\Windows\System32\netmsg.dll
05:45:55.0179 4044  C:\Windows\System32\netmsg.dll - ok
05:45:55.0179 4044  [ 0255C22D99602534F15CBB8D9B6F152F ] C:\Windows\System32\wbem\WinMgmtR.dll
05:45:55.0179 4044  C:\Windows\System32\wbem\WinMgmtR.dll - ok
05:45:55.0179 4044  [ 4EAE37133B78A26A84EA1649D9B21A1E ] C:\Windows\System32\clusapi.dll
05:45:55.0179 4044  C:\Windows\System32\clusapi.dll - ok
05:45:55.0195 4044  [ 836892094209E5D9CF403B4CF2829B5C ] C:\Windows\System32\sscore.dll
05:45:55.0195 4044  C:\Windows\System32\sscore.dll - ok
05:45:55.0195 4044  [ 666A60F6F5E719856FF6254E0966EFF7 ] C:\Windows\System32\wbem\wbemprox.dll
05:45:55.0195 4044  C:\Windows\System32\wbem\wbemprox.dll - ok
05:45:55.0195 4044  [ 344FCC9850C3A8A3B4D3C65151AF8E4C ] C:\Windows\System32\resutils.dll
05:45:55.0195 4044  C:\Windows\System32\resutils.dll - ok
05:45:55.0195 4044  [ 210FCACAF902B2CD47CF9FD17D846146 ] C:\Windows\System32\aeevts.dll
05:45:55.0195 4044  C:\Windows\System32\aeevts.dll - ok
05:45:55.0195 4044  [ 8F6D9A20F1FB06F0602A7D5A82840DBF ] C:\Windows\System32\netcfgx.dll
05:45:55.0195 4044  C:\Windows\System32\netcfgx.dll - ok
05:45:55.0211 4044  [ 3B367397320C26DBA890B260F80D1B1B ] C:\Windows\System32\hnetcfg.dll
05:45:55.0211 4044  C:\Windows\System32\hnetcfg.dll - ok
05:45:55.0211 4044  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] C:\Windows\System32\netprofm.dll
05:45:55.0211 4044  C:\Windows\System32\netprofm.dll - ok
05:45:55.0211 4044  [ 6E03C9E362389A768E6C240933352D11 ] C:\Windows\System32\nci.dll
05:45:55.0211 4044  C:\Windows\System32\nci.dll - ok
05:45:55.0211 4044  [ 3B9665D4B8C587A6014B9B8DFF5974A0 ] C:\Windows\System32\wbem\wbemcore.dll
05:45:55.0211 4044  C:\Windows\System32\wbem\wbemcore.dll - ok
05:45:55.0226 4044  [ 087D8668C71634A3A3761135ABF16EEE ] C:\Windows\System32\wbem\esscli.dll
05:45:55.0226 4044  C:\Windows\System32\wbem\esscli.dll - ok
05:45:55.0226 4044  [ 718B6F51AB7F6FE2988A36868F9AD3AB ] C:\Windows\System32\wbem\wbemsvc.dll
05:45:55.0226 4044  C:\Windows\System32\wbem\wbemsvc.dll - ok
05:45:55.0226 4044  [ 0143DB80DACFB7C2B5B7009ED9063353 ] C:\Windows\System32\wbem\wmiutils.dll
05:45:55.0226 4044  C:\Windows\System32\wbem\wmiutils.dll - ok
05:45:55.0226 4044  [ 0AB34456654C283DAA13B8D2BA21439B ] C:\Windows\System32\wbem\repdrvfs.dll
05:45:55.0226 4044  C:\Windows\System32\wbem\repdrvfs.dll - ok
05:45:55.0242 4044  [ 79AFFC7FEEA9CD2FEFEA5EF3B631A02C ] C:\Windows\System32\ndiscapCfg.dll
05:45:55.0242 4044  C:\Windows\System32\ndiscapCfg.dll - ok
05:45:55.0242 4044  [ 82BC97E5793DEF69691AAD5AB953A200 ] C:\Windows\System32\wbem\WmiPrvSD.dll
05:45:55.0242 4044  C:\Windows\System32\wbem\WmiPrvSD.dll - ok
05:45:55.0242 4044  [ D41FEBD098234F02485A4EA98D4730A4 ] C:\Windows\System32\ncobjapi.dll
05:45:55.0242 4044  C:\Windows\System32\ncobjapi.dll - ok
05:45:55.0242 4044  [ 114429A77D935053E13A9BF98A8B8CA1 ] C:\Windows\System32\mprapi.dll
05:45:55.0242 4044  C:\Windows\System32\mprapi.dll - ok
05:45:55.0242 4044  [ 3D6AF45673C4B31CDECD7F80AF09D443 ] C:\Windows\System32\rascfg.dll
05:45:55.0242 4044  C:\Windows\System32\rascfg.dll - ok
05:45:55.0257 4044  [ 1CF21800E337F4039AAD4C94B4280EE4 ] C:\Windows\System32\mprmsg.dll
05:45:55.0257 4044  C:\Windows\System32\mprmsg.dll - ok
05:45:55.0257 4044  [ 1FCD619D8542A248D4E1FF72FFB0E56B ] C:\Windows\System32\tcpipcfg.dll
05:45:55.0257 4044  C:\Windows\System32\tcpipcfg.dll - ok
05:45:55.0257 4044  [ 6F40D6FB05E0C1E5402812B426971AF0 ] C:\Windows\System32\wbem\wbemess.dll
05:45:55.0257 4044  C:\Windows\System32\wbem\wbemess.dll - ok
05:45:55.0257 4044  [ BF1FC3F79B863C914687A737C2F3D681 ] C:\Windows\System32\wdi.dll
05:45:55.0257 4044  C:\Windows\System32\wdi.dll - ok
05:45:55.0273 4044  [ 2E57DDF2880A7E52E76F41C7E96D327B ] C:\Windows\System32\wpdbusenum.dll
05:45:55.0273 4044  C:\Windows\System32\wpdbusenum.dll - ok
05:45:55.0273 4044  [ E1B22739C933BE33F53DB58C5393ADD3 ] C:\Windows\System32\Apphlpdm.dll
05:45:55.0273 4044  C:\Windows\System32\Apphlpdm.dll - ok
05:45:55.0273 4044  [ D891293880F2F00AB7BA959910300EF7 ] C:\Windows\System32\diagperf.dll
05:45:55.0273 4044  C:\Windows\System32\diagperf.dll - ok
05:45:55.0273 4044  [ BF4AC709BE5BF64F331F5D67773A0C82 ] C:\Windows\System32\perftrack.dll
05:45:55.0273 4044  C:\Windows\System32\perftrack.dll - ok
05:45:55.0289 4044  [ 9689A9C7F7C2A1A423CDA2C3B43FFF65 ] C:\Windows\System32\wer.dll
05:45:55.0289 4044  C:\Windows\System32\wer.dll - ok
05:45:55.0289 4044  [ 5DA7D8934F7AB0884A6A8FC02E8B2AA7 ] C:\Windows\System32\PortableDeviceApi.dll
05:45:55.0289 4044  C:\Windows\System32\PortableDeviceApi.dll - ok
05:45:55.0289 4044  [ 9719E3D834F5C8C43F56A93DFA497023 ] C:\Windows\System32\pnpts.dll
05:45:55.0289 4044  C:\Windows\System32\pnpts.dll - ok
05:45:55.0289 4044  [ 46863C4CC5B68EB09EA2D5EEF0F1193A ] C:\Windows\System32\radardt.dll
05:45:55.0289 4044  C:\Windows\System32\radardt.dll - ok
05:45:55.0289 4044  [ 65AF044B5570D355124DCD1E099AA98F ] C:\Windows\System32\wdiasqmmodule.dll
05:45:55.0289 4044  C:\Windows\System32\wdiasqmmodule.dll - ok
05:45:55.0304 4044  [ AFA79C343F9D1555F7E5D5FA70BB2A14 ] C:\Windows\System32\PortableDeviceConnectApi.dll
05:45:55.0304 4044  C:\Windows\System32\PortableDeviceConnectApi.dll - ok
05:45:55.0304 4044  [ F7073C962C4FB7C415565DDE109DE49F ] C:\Windows\System32\npmproxy.dll
05:45:55.0304 4044  C:\Windows\System32\npmproxy.dll - ok
05:45:55.0304 4044  [ 8CFACC72081C21519676BF4AAA1A88A9 ] C:\Windows\System32\localspl.dll
05:45:55.0304 4044  C:\Windows\System32\localspl.dll - ok
05:45:55.0304 4044  [ 3285481F5C12305CA104A6C493CA5A0B ] C:\Windows\System32\spoolss.dll
05:45:55.0304 4044  C:\Windows\System32\spoolss.dll - ok
05:45:55.0320 4044  [ 02CDEB5D8B3DD5F6770DEFFBBC0CFAD0 ] C:\Windows\System32\winspool.drv
05:45:55.0320 4044  C:\Windows\System32\winspool.drv - ok
05:45:55.0320 4044  [ 33CC7FFA41F6157592E1578BD253F30E ] C:\Windows\System32\PrintIsolationProxy.dll
05:45:55.0320 4044  C:\Windows\System32\PrintIsolationProxy.dll - ok
05:45:55.0320 4044  [ 20BEB8C403C6E28C9B13644787F5177D ] C:\Windows\System32\FXSMON.dll
05:45:55.0320 4044  C:\Windows\System32\FXSMON.dll - ok
05:45:55.0320 4044  [ 32A3C8600AF124CBAAD845F13CFAE3CB ] C:\Windows\System32\tcpmon.dll
05:45:55.0320 4044  C:\Windows\System32\tcpmon.dll - ok
05:45:55.0335 4044  [ 93518C6EDE0B61BCBD02BDB02BD05FEE ] C:\Windows\System32\snmpapi.dll
05:45:55.0335 4044  C:\Windows\System32\snmpapi.dll - ok
05:45:55.0335 4044  [ AD7C70077D4C81558E909D34EF6B995E ] C:\Windows\System32\wsnmp32.dll
05:45:55.0335 4044  C:\Windows\System32\wsnmp32.dll - ok
05:45:55.0335 4044  [ DF72A9936D0C3F517083119648814B09 ] C:\Windows\System32\usbmon.dll
05:45:55.0335 4044  C:\Windows\System32\usbmon.dll - ok
05:45:55.0335 4044  [ E3E2E9A96E6BA95D0CF0F026C7B18654 ] C:\Windows\System32\wshbth.dll
05:45:55.0335 4044  C:\Windows\System32\wshbth.dll - ok
05:45:55.0335 4044  [ A1D7E3ADCDB07DDB6F423862DCB1A52B ] C:\Windows\System32\WSDMon.dll
05:45:55.0335 4044  C:\Windows\System32\WSDMon.dll - ok
05:45:55.0351 4044  [ 05FE4A30177E858B51F5E1E970FE9925 ] C:\Windows\System32\WSDApi.dll
05:45:55.0351 4044  C:\Windows\System32\WSDApi.dll - ok
05:45:55.0351 4044  [ A3EA403D2B74C5F71B7E8B3DAE92DE1E ] C:\Windows\System32\webservices.dll
05:45:55.0351 4044  C:\Windows\System32\webservices.dll - ok
05:45:55.0351 4044  [ B5055B51BAA0FD0A736A88653DA3C1C0 ] C:\Windows\System32\fundisc.dll
05:45:55.0351 4044  C:\Windows\System32\fundisc.dll - ok
05:45:55.0351 4044  [ 4581716B4BF76ACFD8E167EB0B26D82A ] C:\Windows\System32\fdPnp.dll
05:45:55.0351 4044  C:\Windows\System32\fdPnp.dll - ok
05:45:55.0367 4044  [ 7EDB2BF840ECB14D6E6B11C035708719 ] C:\Windows\System32\spool\prtprocs\x64\winprint.dll
05:45:55.0367 4044  C:\Windows\System32\spool\prtprocs\x64\winprint.dll - ok
05:45:55.0367 4044  [ ABB515748212F8B5D3A9B07041E97B32 ] C:\Windows\System32\win32spl.dll
05:45:55.0367 4044  C:\Windows\System32\win32spl.dll - ok
05:45:55.0367 4044  [ 17EAB1AEA937EFFCD107EFBA94FEDB34 ] C:\Windows\System32\inetpp.dll
05:45:55.0367 4044  C:\Windows\System32\inetpp.dll - ok
05:45:55.0367 4044  [ BFEBE1E4B301F44CEA7C1B4021BD0264 ] C:\Windows\System32\cscapi.dll
05:45:55.0367 4044  C:\Windows\System32\cscapi.dll - ok
05:45:55.0382 4044  [ EF184066A851E7838D5BF8C8FAE66CC4 ] C:\Windows\System32\dwmredir.dll
05:45:55.0382 4044  C:\Windows\System32\dwmredir.dll - ok
05:45:55.0382 4044  [ 9D8AB964CE511AF81207DF0E1205184C ] C:\Windows\System32\dwmcore.dll
05:45:55.0382 4044  C:\Windows\System32\dwmcore.dll - ok
05:45:55.0382 4044  [ 58A0C212ED2ABE462B3A9626F5B96261 ] C:\Windows\System32\d3d10_1.dll
05:45:55.0382 4044  C:\Windows\System32\d3d10_1.dll - ok
05:45:55.0382 4044  [ AFBBC34687FA48A4928B99AF097C1EC0 ] C:\Windows\System32\d3d10_1core.dll
05:45:55.0382 4044  C:\Windows\System32\d3d10_1core.dll - ok
05:45:55.0382 4044  [ D95DB5C915C001F78709C17285109BDC ] C:\Windows\System32\dxgi.dll
05:45:55.0382 4044  C:\Windows\System32\dxgi.dll - ok
05:45:55.0398 4044  [ F83BA684F183E8F9066D3BE6B9009F2C ] C:\Windows\System32\igd10umd64.dll
05:45:55.0398 4044  C:\Windows\System32\igd10umd64.dll - ok
05:45:55.0398 4044  [ 1C27E145EC99F20BC1B13FD98165A83F ] C:\Windows\System32\ExplorerFrame.dll
05:45:55.0398 4044  C:\Windows\System32\ExplorerFrame.dll - ok
05:45:55.0398 4044  [ 867C93CE4B4CCFCDE65CE48A769CD227 ] C:\Program Files\AVAST Software\Avast\ashShA64.dll
05:45:55.0398 4044  C:\Program Files\AVAST Software\Avast\ashShA64.dll - ok
05:45:55.0398 4044  [ 49E5753D923F1AC63B22D3DCB0B47E00 ] C:\Windows\System32\uDWM.dll
05:45:55.0398 4044  C:\Windows\System32\uDWM.dll - ok
05:45:55.0413 4044  [ 599EBE6C7EA52B5FF9603F203E8EC080 ] C:\Windows\System32\msi.dll
05:45:55.0413 4044  C:\Windows\System32\msi.dll - ok
05:45:55.0413 4044  [ 024352FEEC9042260BB4CFB4D79A206B ] C:\Windows\System32\EhStorShell.dll
05:45:55.0413 4044  C:\Windows\System32\EhStorShell.dll - ok
05:45:55.0413 4044  [ 5F917AEEEA363B8A5DC8624795CB1D60 ] C:\Windows\System32\ntshrui.dll
05:45:55.0413 4044  C:\Windows\System32\ntshrui.dll - ok
05:45:55.0413 4044  [ 1D63F4366288B8A7595397E27010FD44 ] C:\Windows\System32\IconCodecService.dll
05:45:55.0413 4044  C:\Windows\System32\IconCodecService.dll - ok
05:45:55.0413 4044  [ D065BE66822847B7F127D1F90158376E ] C:\Windows\System32\appinfo.dll
05:45:55.0413 4044  C:\Windows\System32\appinfo.dll - ok
05:45:55.0429 4044  [ 6AB6D4DF10EC784CF4A66CBFAF417A11 ] C:\Windows\System32\runonce.exe
05:45:55.0429 4044  C:\Windows\System32\runonce.exe - ok
05:45:55.0429 4044  [ 158117F3CF278F01C6F24E89E2141E81 ] C:\Windows\SysWOW64\FWPUCLNT.DLL
05:45:55.0429 4044  C:\Windows\SysWOW64\FWPUCLNT.DLL - ok
05:45:55.0429 4044  [ 169F916EFEAA44487E65305B7D2D754B ] C:\Windows\SysWOW64\runonce.exe
05:45:55.0429 4044  C:\Windows\SysWOW64\runonce.exe - ok
05:45:55.0429 4044  [ 4B8DD8541C0E26602005DD0137333615 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
05:45:55.0429 4044  C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll - ok
05:45:55.0445 4044  [ 43964FA89CCF97BA6BE34D69455AC65F ] C:\Windows\SysWOW64\uxtheme.dll
05:45:55.0445 4044  C:\Windows\SysWOW64\uxtheme.dll - ok
05:45:55.0445 4044  [ FF5688D309347F2720911D8796912834 ] C:\Windows\SysWOW64\clbcatq.dll
05:45:55.0445 4044  C:\Windows\SysWOW64\clbcatq.dll - ok
05:45:55.0445 4044  [ 26EAEE08CAF82AA7F03C5020F51DA541 ] C:\Windows\SysWOW64\propsys.dll
05:45:55.0445 4044  C:\Windows\SysWOW64\propsys.dll - ok
05:45:55.0445 4044  [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\SysWOW64\ntmarta.dll
05:45:55.0445 4044  C:\Windows\SysWOW64\ntmarta.dll - ok
05:45:55.0460 4044  [ BFA70A99AD1434263F2DFBBA103BDEF8 ] C:\Windows\SysWOW64\Wldap32.dll
05:45:55.0460 4044  C:\Windows\SysWOW64\Wldap32.dll - ok
05:45:55.0460 4044  [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\SysWOW64\profapi.dll
05:45:55.0460 4044  C:\Windows\SysWOW64\profapi.dll - ok
05:45:55.0460 4044  [ C02E3CE20E7776C922B5C8938350B5F1 ] C:\Windows\SysWOW64\apphelp.dll
05:45:55.0460 4044  C:\Windows\SysWOW64\apphelp.dll - ok
05:45:55.0460 4044  [ 8AE6DD9A6D246004DA047F704F0CC487 ] C:\Windows\SysWOW64\cmd.exe
05:45:55.0460 4044  C:\Windows\SysWOW64\cmd.exe - ok
05:45:55.0476 4044  [ 4B78B431F225FD8624C5655CB1DE7B61 ] C:\Windows\System32\aelupsvc.dll
05:45:55.0476 4044  C:\Windows\System32\aelupsvc.dll - ok
05:45:55.0476 4044  [ C6FEF8C40D6F9A3766FDBE31CB3F6640 ] C:\Windows\System32\conhost.exe
05:45:55.0476 4044  C:\Windows\System32\conhost.exe - ok
05:45:55.0476 4044  [ 326C7F76A29897A892AA7726E91C1C67 ] C:\Windows\SysWOW64\winbrand.dll
05:45:55.0476 4044  C:\Windows\SysWOW64\winbrand.dll - ok
05:45:55.0476 4044  [ 5466DCAEF5A648E04D1B6580F2C901B5 ] C:\Windows\SysWOW64\ieframe.dll
05:45:55.0476 4044  C:\Windows\SysWOW64\ieframe.dll - ok
05:45:55.0476 4044  [ 4D59A5B6EF0AF6F9FDF3D157534380AF ] C:\Windows\SysWOW64\oleacc.dll
05:45:55.0476 4044  C:\Windows\SysWOW64\oleacc.dll - ok
05:45:55.0491 4044  [ E07B77C3BDC82A024E294FB67ABFEDA0 ] C:\Windows\SysWOW64\shdocvw.dll
05:45:55.0491 4044  C:\Windows\SysWOW64\shdocvw.dll - ok
05:45:55.0491 4044  [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\Users\bla\AppData\Local\Temp\0E5912C7-9D44-41D6-B302-655BD8CE09DF.exe
05:45:55.0491 4044  C:\Users\bla\AppData\Local\Temp\0E5912C7-9D44-41D6-B302-655BD8CE09DF.exe - ok
05:45:55.0491 4044  [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\SysWOW64\cryptsp.dll
05:45:55.0491 4044  C:\Windows\SysWOW64\cryptsp.dll - ok
05:45:55.0491 4044  [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\SysWOW64\rsaenh.dll
05:45:55.0491 4044  C:\Windows\SysWOW64\rsaenh.dll - ok
05:45:55.0507 4044  [ 97CCB4D737B426B200E5EF90C877DF32 ] C:\Windows\SysWOW64\imagehlp.dll
05:45:55.0507 4044  C:\Windows\SysWOW64\imagehlp.dll - ok
05:45:55.0507 4044  [ 5BBF32865EB3D66988C6E06834EC2675 ] C:\Windows\SysWOW64\ncrypt.dll
05:45:55.0507 4044  C:\Windows\SysWOW64\ncrypt.dll - ok
05:45:55.0507 4044  [ CE71B9119A258EDD0A05B37D7B0F92E3 ] C:\Windows\SysWOW64\bcrypt.dll
05:45:55.0507 4044  C:\Windows\SysWOW64\bcrypt.dll - ok
05:45:55.0507 4044  [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\SysWOW64\bcryptprimitives.dll
05:45:55.0507 4044  C:\Windows\SysWOW64\bcryptprimitives.dll - ok
05:45:55.0523 4044  [ 9C0DC1DAAD14D443DD5A0D1EE78D775E ] C:\Windows\SysWOW64\userenv.dll
05:45:55.0523 4044  C:\Windows\SysWOW64\userenv.dll - ok
05:45:55.0523 4044  [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\SysWOW64\gpapi.dll
05:45:55.0523 4044  C:\Windows\SysWOW64\gpapi.dll - ok
05:45:55.0523 4044  [ 1F778C34C751E1B585E4FC66659BA904 ] C:\Windows\SysWOW64\cryptnet.dll
05:45:55.0523 4044  C:\Windows\SysWOW64\cryptnet.dll - ok
05:45:55.0523 4044  [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\SysWOW64\SensApi.dll
05:45:55.0523 4044  C:\Windows\SysWOW64\SensApi.dll - ok
05:45:55.0523 4044  [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\SysWOW64\dwmapi.dll
05:45:55.0523 4044  C:\Windows\SysWOW64\dwmapi.dll - ok
05:45:55.0538 4044  [ 691C8DFB208227F0CBB5C0897C742ACE ] C:\Windows\SysWOW64\WindowsCodecs.dll
05:45:55.0538 4044  C:\Windows\SysWOW64\WindowsCodecs.dll - ok
05:45:55.0538 4044  [ 846D0E4DB261CFAF363902E41498E961 ] C:\Windows\SysWOW64\EhStorShell.dll
05:45:55.0538 4044  C:\Windows\SysWOW64\EhStorShell.dll - ok
05:45:55.0538 4044  [ 9141FE8D904CE682A3BDCFAE96BB04EF ] C:\Windows\SysWOW64\ntshrui.dll
05:45:55.0538 4044  C:\Windows\SysWOW64\ntshrui.dll - ok
05:45:55.0538 4044  [ 8B74CEC6980D4816B0037AE9A27E538F ] C:\Windows\SysWOW64\slc.dll
05:45:55.0538 4044  C:\Windows\SysWOW64\slc.dll - ok
05:45:55.0554 4044  [ 827CB0D6C3F8057EA037FF271F8E9795 ] C:\Windows\SysWOW64\imageres.dll
05:45:55.0554 4044  C:\Windows\SysWOW64\imageres.dll - ok
05:45:55.0554 4044  [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9 ] C:\Windows\SysWOW64\sfc.dll
05:45:55.0554 4044  C:\Windows\SysWOW64\sfc.dll - ok
05:45:55.0554 4044  [ 84799328D87B3091A3BDD251E1AD31F9 ] C:\Windows\SysWOW64\sfc_os.dll
05:45:55.0554 4044  C:\Windows\SysWOW64\sfc_os.dll - ok
05:45:55.0554 4044  [ 11CDF138552BFEC115B60ED6DC3ACEB6 ] C:\Windows\SysWOW64\devrtl.dll
05:45:55.0554 4044  C:\Windows\SysWOW64\devrtl.dll - ok
05:45:55.0554 4044  [ B9A8CBCFCD3EC9D2EA4740AF347BF108 ] C:\Windows\SysWOW64\mpr.dll
05:45:55.0554 4044  C:\Windows\SysWOW64\mpr.dll - ok
05:45:55.0569 4044  [ CC9BBCFC715FBEDF7AE476106FE653E9 ] C:\Windows\SysWOW64\winhttp.dll
05:45:55.0569 4044  C:\Windows\SysWOW64\winhttp.dll - ok
05:45:55.0569 4044  [ A86A1C5DF1C662D1C75815BF4794F16D ] C:\Windows\SysWOW64\webio.dll
05:45:55.0569 4044  C:\Windows\SysWOW64\webio.dll - ok
05:45:55.0569 4044  [ B519848DFA30AE2B306576B51321D102 ] C:\Windows\System32\ie4uinit.exe
05:45:55.0569 4044  C:\Windows\System32\ie4uinit.exe - ok
05:45:55.0569 4044  [ C3E98C42EDF7EF237A4BAB91FEAC7426 ] C:\Windows\System32\iedkcs32.dll
05:45:55.0569 4044  C:\Windows\System32\iedkcs32.dll - ok
05:45:55.0585 4044  [ 18245DC72B65D488A8B2D75A8FE088EA ] C:\Windows\System32\timedate.cpl
05:45:55.0585 4044  C:\Windows\System32\timedate.cpl - ok
05:45:55.0585 4044  [ 1E4BDDBD5A63059A97063339B4F8986F ] C:\Windows\System32\actxprxy.dll
05:45:55.0585 4044  C:\Windows\System32\actxprxy.dll - ok
05:45:55.0585 4044  [ BF591B5C2CC38314518467E883AE37C5 ] C:\Windows\SysWOW64\credssp.dll
05:45:55.0585 4044  C:\Windows\SysWOW64\credssp.dll - ok
05:45:55.0585 4044  [ FBE8EBF528DC49B3DEB186CA9545D97E ] C:\Windows\System32\shdocvw.dll
05:45:55.0585 4044  C:\Windows\System32\shdocvw.dll - ok
05:45:55.0601 4044  [ A0A65D306A5490D2EB8E7DE66898ECFD ] C:\Windows\System32\linkinfo.dll
05:45:55.0601 4044  C:\Windows\System32\linkinfo.dll - ok
05:45:55.0601 4044  [ C91FABAA63C489C874B97A19906E901C ] C:\Windows\System32\gameux.dll
05:45:55.0601 4044  C:\Windows\System32\gameux.dll - ok
05:45:55.0601 4044  [ 46EDD0A6B42BA5D2044FA0909BE4BE95 ] C:\Windows\System32\msftedit.dll
05:45:55.0601 4044  C:\Windows\System32\msftedit.dll - ok
05:45:55.0601 4044  [ 7FCAB194F01E3403C300EB034E480B36 ] C:\Windows\System32\msls31.dll
05:45:55.0601 4044  C:\Windows\System32\msls31.dll - ok
05:45:55.0601 4044  [ 17A7998CB5DA92020A291B85FF7B3681 ] C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll
05:45:55.0601 4044  C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll - ok
05:45:55.0616 4044  [ DD76912E8D165C68659D9875256710A3 ] C:\Windows\System32\DeviceCenter.dll
05:45:55.0616 4044  C:\Windows\System32\DeviceCenter.dll - ok
05:45:55.0616 4044  [ 8BBB636178AFEDAECBED7307D601FCBD ] C:\Windows\System32\igfxtray.exe
05:45:55.0616 4044  C:\Windows\System32\igfxtray.exe - ok
05:45:55.0616 4044  [ 2444375D743573D9AEB1EAA68A2A9195 ] C:\Windows\System32\hccutils.dll
05:45:55.0616 4044  C:\Windows\System32\hccutils.dll - ok
         

Alt 31.01.2013, 15:21   #14
LouCyphre
 
trojan.hijacker - win7 auch nach neuinstallation infiziert? rootkit? - Standard

trojan.hijacker - win7 auch nach neuinstallation infiziert? rootkit?



Code:
ATTFilter
05:45:55.0616 4044  [ 7248A2EF6E21DFE7D85E2361D48AB5EE ] C:\Windows\System32\igfxsrvc.exe
05:45:55.0616 4044  C:\Windows\System32\igfxsrvc.exe - ok
05:45:55.0632 4044  [ 04102D060FC5445B668C0BC1896E15FA ] C:\Windows\System32\hkcmd.exe
05:45:55.0632 4044  C:\Windows\System32\hkcmd.exe - ok
05:45:55.0632 4044  [ 0D7CF635D9888072015EBE3B232DFB99 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
05:45:55.0632 4044  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe - ok
05:45:55.0632 4044  [ D47E038BDEC04492AC3494591AE29F9A ] C:\Windows\System32\igfxpers.exe
05:45:55.0632 4044  C:\Windows\System32\igfxpers.exe - ok
05:45:55.0632 4044  [ F468C806267D46B68DB7EB32FBF0A103 ] C:\Windows\System32\thumbcache.dll
05:45:55.0632 4044  C:\Windows\System32\thumbcache.dll - ok
05:45:55.0647 4044  [ D0DFF56775121371045B96A9A72B706F ] C:\Windows\System32\igfxdev.dll
05:45:55.0647 4044  C:\Windows\System32\igfxdev.dll - ok
05:45:55.0647 4044  [ FC53860DADD0FF2B29878A0F3B7ADB62 ] C:\Windows\System32\igfxsrvc.dll
05:45:55.0647 4044  C:\Windows\System32\igfxsrvc.dll - ok
05:45:55.0647 4044  [ E1CBFB852B7CD5091075F940A8685CA8 ] C:\Windows\System32\igfxrdeu.lrc
05:45:55.0647 4044  C:\Windows\System32\igfxrdeu.lrc - ok
05:45:55.0647 4044  [ A80EC6237D78811FE791B6D36BF50DDB ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
05:45:55.0647 4044  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - ok
05:45:55.0647 4044  [ DF808A60C0D1CDE231AFC90C53A80B9E ] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
05:45:55.0647 4044  C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe - ok
05:45:55.0663 4044  [ 7F432A24FE9B5FA7747ADCDA4BCEFA94 ] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
05:45:55.0663 4044  C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe - ok
05:45:55.0663 4044  [ 4AB21A2CCC2100B27960E812CA6D5E19 ] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
05:45:55.0663 4044  C:\Program Files\Fujitsu\PSUtility\TrayManager.exe - ok
05:45:55.0663 4044  [ C71E7ABB1A34E56CE73AE117C8DD566F ] C:\Windows\System32\ieframe.dll
05:45:55.0663 4044  C:\Windows\System32\ieframe.dll - ok
05:45:55.0663 4044  [ A93F6D00702900137E4C97C17B01A600 ] C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
05:45:55.0663 4044  C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe - ok
05:45:55.0679 4044  [ 6ADE8B2F40F10B26EEED5E90ECB24CAC ] C:\Program Files\Fujitsu\PSUtility\ODDEg.dll
05:45:55.0679 4044  C:\Program Files\Fujitsu\PSUtility\ODDEg.dll - ok
05:45:55.0679 4044  [ 00570173EA8D081ECF403F15D934FA05 ] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.dll
05:45:55.0679 4044  C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.dll - ok
05:45:55.0679 4044  [ 5FF7D057E48DA861BDBB47D314B6DA7D ] C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_08e1a05ba83fe554\msvcr90.dll
05:45:55.0679 4044  C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_08e1a05ba83fe554\msvcr90.dll - ok
05:45:55.0679 4044  [ 2D4717DC5B392C1D3948CB93146319D7 ] C:\Windows\System32\SynCOM.dll
05:45:55.0679 4044  C:\Windows\System32\SynCOM.dll - ok
05:45:55.0694 4044  [ 3BFF9166862DD2C265C09A4682146415 ] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
05:45:55.0694 4044  C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe - ok
05:45:55.0694 4044  [ DE31541FEB4E355CBA7BCB182DB88F7D ] C:\Windows\System32\igfxress.dll
05:45:55.0694 4044  C:\Windows\System32\igfxress.dll - ok
05:45:55.0694 4044  [ DF74F19DDA37BA0A63CAA12CE48B172A ] C:\Windows\System32\SynTPAPI.dll
05:45:55.0694 4044  C:\Windows\System32\SynTPAPI.dll - ok
05:45:55.0694 4044  [ 9F6BB4EFA615E41542C84BF2706DE73B ] C:\Program Files\Fujitsu\Application Panel\BtnHnd.dll
05:45:55.0694 4044  C:\Program Files\Fujitsu\Application Panel\BtnHnd.dll - ok
05:45:55.0694 4044  [ 166F443B3539E90836675F3E9FC974F0 ] C:\Program Files\Fujitsu\PSUtility\AudioEg4.dll
05:45:55.0694 4044  C:\Program Files\Fujitsu\PSUtility\AudioEg4.dll - ok
05:45:55.0710 4044  [ 8602E6D9DAB2277CC1F899567FE70DF9 ] C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe
05:45:55.0710 4044  C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe - ok
05:45:55.0710 4044  [ D32EE82DA63D39D337D5AEEA2928B1DE ] C:\Windows\System32\consent.exe
05:45:55.0710 4044  C:\Windows\System32\consent.exe - ok
05:45:55.0710 4044  [ 3A387E0E973D45469A08A703407F2E6F ] C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_08e1a05ba83fe554\msvcp90.dll
05:45:55.0710 4044  C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_08e1a05ba83fe554\msvcp90.dll - ok
05:45:55.0710 4044  [ 718997A35B0E7E6289468F84C1F61F22 ] C:\Program Files\Fujitsu\PSUtility\AudioEg5.dll
05:45:55.0710 4044  C:\Program Files\Fujitsu\PSUtility\AudioEg5.dll - ok
05:45:55.0725 4044  [ 86E5BAD9BD1D96ADD3EE76F87968138B ] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe
05:45:55.0725 4044  C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe - ok
05:45:55.0725 4044  [ 76293467035272E94E3EACAF0733216D ] C:\Program Files\Fujitsu\PSUtility\PccMemEg.dll
05:45:55.0725 4044  C:\Program Files\Fujitsu\PSUtility\PccMemEg.dll - ok
05:45:55.0725 4044  [ B837D1528CE2E3CB79F09496BC08DDC6 ] C:\Windows\System32\SensApi.dll
05:45:55.0725 4044  C:\Windows\System32\SensApi.dll - ok
05:45:55.0725 4044  [ F9DC81DB5E2883B8058BEDB0C38D9144 ] C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
05:45:55.0725 4044  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe - ok
05:45:55.0741 4044  [ 36DEAF955CF8C1EEDF6C29605D1CA1AD ] C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.dll
05:45:55.0741 4044  C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.dll - ok
05:45:55.0741 4044  [ 70F24C7F3A4157B00162153D2B60F307 ] C:\Program Files\Fujitsu\PSUtility\LanEg.dll
05:45:55.0741 4044  C:\Program Files\Fujitsu\PSUtility\LanEg.dll - ok
05:45:55.0741 4044  [ 8BC7AE7E16458355508ECF5EC3A04E72 ] C:\Windows\System32\networkexplorer.dll
05:45:55.0741 4044  C:\Windows\System32\networkexplorer.dll - ok
05:45:55.0741 4044  [ 30DBD9CB0156FBC5EE9D76E32FCE769D ] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
05:45:55.0741 4044  C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe - ok
05:45:55.0757 4044  [ 7BB22EED9CFBBADFBC5E27BF8965D10A ] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
05:45:55.0757 4044  C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe - ok
05:45:55.0757 4044  [ 3E950E5100C1466F4276F8053B3FBD7C ] C:\Program Files\Fujitsu\PSUtility\ModemVNEg.dll
05:45:55.0757 4044  C:\Program Files\Fujitsu\PSUtility\ModemVNEg.dll - ok
05:45:55.0757 4044  [ 04440D61505341566554E5C585E2BA8D ] C:\Program Files\Fujitsu\PSUtility\1394Eg.dll
05:45:55.0757 4044  C:\Program Files\Fujitsu\PSUtility\1394Eg.dll - ok
05:45:55.0757 4044  [ D3EAD1CF16BA729A7F7C9A5D94AA7C05 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\comctl32.dll
05:45:55.0757 4044  C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\comctl32.dll - ok
05:45:55.0772 4044  [ 8974CB278E234C772AC4C443BB41D2BE ] C:\Program Files\Fujitsu\PSUtility\LcdTpcEg.dll
05:45:55.0772 4044  C:\Program Files\Fujitsu\PSUtility\LcdTpcEg.dll - ok
05:45:55.0772 4044  [ CC32D2531B80F193786CD962617172B7 ] C:\Program Files\Fujitsu\PSUtility\LcdEg.dll
05:45:55.0772 4044  C:\Program Files\Fujitsu\PSUtility\LcdEg.dll - ok
05:45:55.0772 4044  [ 9A8FFEA0381F4A2AE1D12094E72408BD ] C:\Program Files\Fujitsu\PSUtility\RefrateEg.dll
05:45:55.0772 4044  C:\Program Files\Fujitsu\PSUtility\RefrateEg.dll - ok
05:45:55.0772 4044  [ FA7394FFB7DDCE0E74EF2A3964518ABB ] C:\Program Files\Fujitsu\PSUtility\RefrateEg2.dll
05:45:55.0772 4044  C:\Program Files\Fujitsu\PSUtility\RefrateEg2.dll - ok
05:45:55.0788 4044  [ 083649EF692A066880C9326020915AFE ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
05:45:55.0788 4044  C:\Program Files\AVAST Software\Avast\AvastUI.exe - ok
05:45:55.0788 4044  [ 87DAA0B379E2F061C373FA698CC05F13 ] C:\Windows\System32\igfxext.exe
05:45:55.0788 4044  C:\Windows\System32\igfxext.exe - ok
05:45:55.0788 4044  [ E58454F553DA9FD3A115EA7DBD3C7452 ] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IUVOLCL.dll
05:45:55.0788 4044  C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IUVOLCL.dll - ok
05:45:55.0788 4044  [ 4FCDE47462B31F54A8B94362860572FA ] C:\Windows\System32\igfxexps.dll
05:45:55.0788 4044  C:\Windows\System32\igfxexps.dll - ok
05:45:55.0803 4044  [ D6D9D05BAA8F0F3B6ACD9743A7D11708 ] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\VFuj02b1.dll
05:45:55.0803 4044  C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\VFuj02b1.dll - ok
05:45:55.0803 4044  [ 77AC824F1393D17141BA177AF69DF446 ] C:\Program Files\Fujitsu\PSUtility\HddEg.dll
05:45:55.0803 4044  C:\Program Files\Fujitsu\PSUtility\HddEg.dll - ok
05:45:55.0803 4044  [ 96F3F676B4D0DF4DA9C4081358C4662F ] C:\Windows\SysWOW64\wbemcomn.dll
05:45:55.0803 4044  C:\Windows\SysWOW64\wbemcomn.dll - ok
05:45:55.0803 4044  [ C5B0324DB461559ADD070E632A6919FA ] C:\Windows\SysWOW64\wbem\wbemprox.dll
05:45:55.0803 4044  C:\Windows\SysWOW64\wbem\wbemprox.dll - ok
05:45:55.0819 4044  [ 9110FFAD124283F37D38771BB60556AF ] C:\Windows\System32\dsound.dll
05:45:55.0819 4044  C:\Windows\System32\dsound.dll - ok
05:45:55.0819 4044  [ 1CEDFE91F527858CACA1B08B04666BC0 ] C:\Windows\SysWOW64\wbem\fastprox.dll
05:45:55.0819 4044  C:\Windows\SysWOW64\wbem\fastprox.dll - ok
05:45:55.0819 4044  [ 776AE0564F8B1C282E331FD95A1BDC5F ] C:\Windows\SysWOW64\wbem\wbemsvc.dll
05:45:55.0819 4044  C:\Windows\SysWOW64\wbem\wbemsvc.dll - ok
05:45:55.0819 4044  [ 263E9A047D17CD50BAA9D3C02910D18D ] C:\Windows\System32\oledlg.dll
05:45:55.0819 4044  C:\Windows\System32\oledlg.dll - ok
05:45:55.0819 4044  [ 45EB63BEC50D0945312A2B6B0B94168F ] C:\Windows\System32\RtkCfg64.dll
05:45:55.0819 4044  C:\Windows\System32\RtkCfg64.dll - ok
05:45:55.0835 4044  [ E3E811471DE781900FF21C1FD84E941E ] C:\Windows\SysWOW64\ntdsapi.dll
05:45:55.0835 4044  C:\Windows\SysWOW64\ntdsapi.dll - ok
05:45:55.0835 4044  [ 64D757051B5B273E55C93E4503EA4F3E ] C:\Windows\System32\wbem\WmiPrvSE.exe
05:45:55.0835 4044  C:\Windows\System32\wbem\WmiPrvSE.exe - ok
05:45:55.0835 4044  [ 031C6782F2D50336FC2C72F8D14A4C13 ] C:\Windows\System32\wbem\wmiprov.dll
05:45:55.0835 4044  C:\Windows\System32\wbem\wmiprov.dll - ok
05:45:55.0835 4044  [ CB3E879E6110EBBCB1B5DD373E9B5DCB ] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\BrightMgr.dll
05:45:55.0835 4044  C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\BrightMgr.dll - ok
05:45:55.0850 4044  [ 9BEF7CC2CC39916B5EA7FDC5FDC43BF4 ] C:\Program Files\Fujitsu\FDM7\FdmCom.exe
05:45:55.0850 4044  C:\Program Files\Fujitsu\FDM7\FdmCom.exe - ok
05:45:55.0850 4044  [ F146E2BA475893DD77B2370DC1211FC6 ] C:\Windows\System32\drivers\50394363.sys
05:45:55.0850 4044  C:\Windows\System32\drivers\50394363.sys - ok
05:45:55.0850 4044  [ 85CCAB6C017779A48A90359C4D2936FB ] C:\Program Files\Fujitsu\FDM7\EngineWin7Com.dll
05:45:55.0850 4044  C:\Program Files\Fujitsu\FDM7\EngineWin7Com.dll - ok
05:45:55.0850 4044  [ 2D8914187BB8DCD1A0CA7B6611E07D61 ] C:\Windows\System32\GfxUI.exe
05:45:55.0850 4044  C:\Windows\System32\GfxUI.exe - ok
05:45:55.0866 4044  [ F1317678AC2FBA9F640279290B2E2988 ] C:\Windows\SysWOW64\msi.dll
05:45:55.0866 4044  C:\Windows\SysWOW64\msi.dll - ok
05:45:55.0866 4044  [ 179EED57FED3C7422A559633641032BA ] C:\Program Files\AVAST Software\Avast\aswUtil.dll
05:45:55.0866 4044  C:\Program Files\AVAST Software\Avast\aswUtil.dll - ok
05:45:55.0866 4044  [ 60CC15392FF14DCB9C29C69B3233741B ] C:\Windows\System32\stobject.dll
05:45:55.0866 4044  C:\Windows\System32\stobject.dll - ok
05:45:55.0866 4044  [ 86B6AC0FD2881B3D20B80F51C7152AE0 ] C:\Windows\System32\batmeter.dll
05:45:55.0866 4044  C:\Windows\System32\batmeter.dll - ok
05:45:55.0881 4044  [ 423069307FB726E51E2A66F1C3F738FE ] C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7\mfc90u.dll
05:45:55.0881 4044  C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7\mfc90u.dll - ok
05:45:55.0881 4044  [ 72AB6633E9B39EC7FEBEDF083A9061E5 ] C:\Windows\System32\mscoree.dll
05:45:55.0881 4044  C:\Windows\System32\mscoree.dll - ok
05:45:55.0881 4044  [ 651F169718CC46C8A9264880C538D5FF ] C:\Windows\System32\prnfldr.dll
05:45:55.0881 4044  C:\Windows\System32\prnfldr.dll - ok
05:45:55.0881 4044  [ AA794B099F776B37ACCDEAD00E0FBFC9 ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
05:45:55.0881 4044  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll - ok
05:45:55.0881 4044  [ B701CD6DC1659244DE8C1A4C70758F61 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
05:45:55.0881 4044  C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll - ok
05:45:55.0897 4044  [ 913C2E4A03201644FC986EDEB5F8A390 ] C:\Windows\System32\DXP.dll
05:45:55.0897 4044  C:\Windows\System32\DXP.dll - ok
05:45:55.0897 4044  [ 2BC7C9FD0A9F2C9AFC373F3AD1EE3891 ] C:\Windows\System32\Syncreg.dll
05:45:55.0897 4044  C:\Windows\System32\Syncreg.dll - ok
05:45:55.0897 4044  [ C836175870E00ACC546066632E15BD10 ] C:\Windows\ehome\ehSSO.dll
05:45:55.0897 4044  C:\Windows\ehome\ehSSO.dll - ok
05:45:55.0897 4044  [ 66920354B984D4A3848A84B4E66745EA ] C:\Windows\System32\netshell.dll
05:45:55.0897 4044  C:\Windows\System32\netshell.dll - ok
05:45:55.0913 4044  [ A223CF703E28CBD7E9E7982141FA403C ] C:\Windows\SysWOW64\comdlg32.dll
05:45:55.0913 4044  C:\Windows\SysWOW64\comdlg32.dll - ok
05:45:55.0913 4044  [ 18AB2E5A40064ED5F7791AC5946A90F3 ] C:\Windows\SysWOW64\msimg32.dll
05:45:55.0913 4044  C:\Windows\SysWOW64\msimg32.dll - ok
05:45:55.0913 4044  [ 26A634B2E0FD87F23541AD13A503CA72 ] C:\Windows\SysWOW64\winmm.dll
05:45:55.0913 4044  C:\Windows\SysWOW64\winmm.dll - ok
05:45:55.0913 4044  [ 7B8F7848D3C65DD9589A4898CFF3757D ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_88dce9872fb18caf\msvcr80.dll
05:45:55.0913 4044  C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_88dce9872fb18caf\msvcr80.dll - ok
05:45:55.0928 4044  [ 255742E72E7A4C331620F9601C29344E ] C:\Windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90DEU.DLL
05:45:55.0928 4044  C:\Windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90DEU.DLL - ok
05:45:55.0928 4044  [ E7368F0A8D19445EAF5C5D0DBB8B8DAB ] C:\Windows\System32\AltTab.dll
05:45:55.0928 4044  C:\Windows\System32\AltTab.dll - ok
05:45:55.0928 4044  [ FD4F95ABDE5603478C929B6CB0BDCFFF ] C:\Windows\System32\pnidui.dll
05:45:55.0928 4044  C:\Windows\System32\pnidui.dll - ok
05:45:55.0928 4044  [ A79EF857E15F3D4A405228EB967F1B0D ] C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
05:45:55.0928 4044  C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll - ok
05:45:55.0944 4044  [ 13790C4FB6311ECE6D6763A7EC2313FB ] C:\Program Files\AVAST Software\Avast\aswAra.dll
05:45:55.0944 4044  C:\Program Files\AVAST Software\Avast\aswAra.dll - ok
05:45:55.0944 4044  [ BD03C64C4B1F34D1F330BF6C4AC8113D ] C:\Windows\System32\QUTIL.DLL
05:45:55.0944 4044  C:\Windows\System32\QUTIL.DLL - ok
05:45:55.0944 4044  [ AB01C36BCC34CCFE5B0BB5FFB2605135 ] C:\Windows\System32\WPDShServiceObj.dll
05:45:55.0944 4044  C:\Windows\System32\WPDShServiceObj.dll - ok
05:45:55.0944 4044  [ 4F3CD1C59EA71401E155C432BCECE180 ] C:\Windows\System32\PortableDeviceTypes.dll
05:45:55.0944 4044  C:\Windows\System32\PortableDeviceTypes.dll - ok
05:45:55.0944 4044  [ 8BC00C736E67A75D936E5B440917359B ] C:\Windows\System32\ActionCenter.dll
05:45:55.0944 4044  C:\Windows\System32\ActionCenter.dll - ok
05:45:55.0959 4044  [ 2C5B8A680A90E96B1EC0D6DA0505E685 ] C:\Windows\System32\srchadmin.dll
05:45:55.0959 4044  C:\Windows\System32\srchadmin.dll - ok
05:45:55.0959 4044  [ F0E7DEC6F7A3610949BDED0CA8CCB3EA ] C:\Program Files\AVAST Software\Avast\aswData.dll
05:45:55.0959 4044  C:\Program Files\AVAST Software\Avast\aswData.dll - ok
05:45:55.0959 4044  [ 8CD2A697B18069A62A035E756E51E934 ] C:\Windows\System32\SearchIndexer.exe
05:45:55.0959 4044  C:\Windows\System32\SearchIndexer.exe - ok
05:45:55.0959 4044  [ BB6EB57E3C9AE6E5BB99D2640CBE5591 ] C:\Program Files\AVAST Software\Avast\1031\uiLangRes.dll
05:45:55.0959 4044  C:\Program Files\AVAST Software\Avast\1031\uiLangRes.dll - ok
05:45:55.0975 4044  [ F8F532C7509C3238C9827BAE861A48D7 ] C:\Windows\System32\tquery.dll
05:45:55.0975 4044  C:\Windows\System32\tquery.dll - ok
05:45:55.0975 4044  [ 9AEEEF46F7BD01A7B52CDFEB9993BBFF ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
05:45:55.0975 4044  C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll - ok
05:45:55.0975 4044  [ AB04C6CE5DF23819B914F822E9AA0EDF ] C:\Program Files\AVAST Software\Avast\CommonRes.dll
05:45:55.0975 4044  C:\Program Files\AVAST Software\Avast\CommonRes.dll - ok
05:45:55.0975 4044  [ BA4A19DE93FBDFE6DB5F0EBC99732A06 ] C:\Windows\System32\mssrch.dll
05:45:55.0975 4044  C:\Windows\System32\mssrch.dll - ok
05:45:55.0991 4044  [ 6EC594AB7EFA45EACDE65FD4040F53D9 ] C:\Windows\SysWOW64\riched20.dll
05:45:55.0991 4044  C:\Windows\SysWOW64\riched20.dll - ok
05:45:55.0991 4044  [ 8898C95862D03D16B2A06DB4DB6BB6B2 ] C:\Windows\SysWOW64\ExplorerFrame.dll
05:45:55.0991 4044  C:\Windows\SysWOW64\ExplorerFrame.dll - ok
05:45:55.0991 4044  [ 2C64AF297F12582BD95D7D94C18E464C ] C:\Windows\System32\esent.dll
05:45:55.0991 4044  C:\Windows\System32\esent.dll - ok
05:45:55.0991 4044  [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\SysWOW64\duser.dll
05:45:55.0991 4044  C:\Windows\SysWOW64\duser.dll - ok
05:45:55.0991 4044  [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\SysWOW64\dui70.dll
05:45:55.0991 4044  C:\Windows\SysWOW64\dui70.dll - ok
05:45:56.0006 4044  [ 3819AD4329303EAC88480CA16A650735 ] C:\Windows\System32\UIAnimation.dll
05:45:56.0006 4044  C:\Windows\System32\UIAnimation.dll - ok
05:45:56.0006 4044  [ 3121A79D13A61562BE9CC902CD46B542 ] C:\Windows\System32\msidle.dll
05:45:56.0006 4044  C:\Windows\System32\msidle.dll - ok
05:45:56.0006 4044  [ 847D3AE376C0817161A14A82C8922A9E ] C:\Windows\System32\netman.dll
05:45:56.0006 4044  C:\Windows\System32\netman.dll - ok
05:45:56.0006 4044  [ 81E9339611B22ACE2E2D7B42F76C0F34 ] C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
05:45:56.0006 4044  C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll - ok
05:45:56.0022 4044  [ ACE1BB07E0377E37A2C514CD2EC119B1 ] C:\Windows\System32\mssprxy.dll
05:45:56.0022 4044  C:\Windows\System32\mssprxy.dll - ok
05:45:56.0022 4044  [ D2155709E336C3BC15729EB87FEC6064 ] C:\Windows\System32\rasdlg.dll
05:45:56.0022 4044  C:\Windows\System32\rasdlg.dll - ok
05:45:56.0022 4044  [ C9FB9038B15036CA28CF0B4BE2BED9BD ] C:\Windows\System32\en-US\tquery.dll.mui
05:45:56.0022 4044  C:\Windows\System32\en-US\tquery.dll.mui - ok
05:45:56.0022 4044  [ BB68579E181956E37EB11F9083C01CF3 ] C:\Windows\System32\dot3api.dll
05:45:56.0022 4044  C:\Windows\System32\dot3api.dll - ok
05:45:56.0037 4044  [ 357BE883C5236BFC7341CB9E82308908 ] C:\Windows\System32\wlanapi.dll
05:45:56.0037 4044  C:\Windows\System32\wlanapi.dll - ok
05:45:56.0037 4044  [ E4FCA0F99A41E460C84016DEFD31E6EF ] C:\Windows\System32\wlanhlp.dll
05:45:56.0037 4044  C:\Windows\System32\wlanhlp.dll - ok
05:45:56.0037 4044  [ 5DA219F57A9076FB6FBD3C9C3713A672 ] C:\Windows\System32\WWanAPI.dll
05:45:56.0037 4044  C:\Windows\System32\WWanAPI.dll - ok
05:45:56.0037 4044  [ 62C7AACC746C9723468A8F2169ED3E85 ] C:\Windows\System32\wwapi.dll
05:45:56.0037 4044  C:\Windows\System32\wwapi.dll - ok
05:45:56.0037 4044  [ 0B9F7D42D745038437FAE70D97F9AD5A ] C:\Windows\System32\QAGENT.DLL
05:45:56.0037 4044  C:\Windows\System32\QAGENT.DLL - ok
05:45:56.0053 4044  [ C746F3BF98E92FB137B5BD2B8B5925BD ] C:\Windows\System32\FXSST.dll
05:45:56.0053 4044  C:\Windows\System32\FXSST.dll - ok
05:45:56.0053 4044  [ 34E6D8C67E7FD7C917BECFECA326B168 ] C:\Windows\System32\FXSAPI.dll
05:45:56.0053 4044  C:\Windows\System32\FXSAPI.dll - ok
05:45:56.0053 4044  [ 35A75C922D5827944CBD0F013186F0EF ] C:\Program Files\AVAST Software\Avast\defs\13012903\uiext.dll
05:45:56.0053 4044  C:\Program Files\AVAST Software\Avast\defs\13012903\uiext.dll - ok
05:45:56.0053 4044  [ C8E8B8239FCF17BEA10E751BE5854631 ] C:\Windows\System32\FXSRESM.dll
05:45:56.0053 4044  C:\Windows\System32\FXSRESM.dll - ok
05:45:56.0069 4044  [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] C:\Windows\System32\FXSSVC.exe
05:45:56.0069 4044  C:\Windows\System32\FXSSVC.exe - ok
05:45:56.0069 4044  [ BDDCD13F341CBA21775FF66A5C27F59E ] C:\Windows\System32\SearchProtocolHost.exe
05:45:56.0069 4044  C:\Windows\System32\SearchProtocolHost.exe - ok
05:45:56.0069 4044  [ D7CEAEDD5F75D2C8A2E80887D7C114CE ] C:\Windows\System32\webcheck.dll
05:45:56.0069 4044  C:\Windows\System32\webcheck.dll - ok
05:45:56.0069 4044  [ 8494E126F0B10180F3293AF861CE1F7A ] C:\Windows\System32\mlang.dll
05:45:56.0069 4044  C:\Windows\System32\mlang.dll - ok
05:45:56.0084 4044  [ D2A5B2B09F2AF5ED13BF494508B09788 ] C:\Windows\System32\msshooks.dll
05:45:56.0084 4044  C:\Windows\System32\msshooks.dll - ok
05:45:56.0084 4044  [ F024058C391B99397EC3CCF6F77B7189 ] C:\Windows\System32\SearchFilterHost.exe
05:45:56.0084 4044  C:\Windows\System32\SearchFilterHost.exe - ok
05:45:56.0084 4044  [ E6F66F31422C44EDC00D9C9329E7DF60 ] C:\Windows\System32\SyncCenter.dll
05:45:56.0084 4044  C:\Windows\System32\SyncCenter.dll - ok
05:45:56.0084 4044  [ 58FAE29A82984E817BBA70D0144E52ED ] C:\Windows\System32\mssph.dll
05:45:56.0084 4044  C:\Windows\System32\mssph.dll - ok
05:45:56.0084 4044  [ 2A556E2D703DED03186C596B90AC6869 ] C:\Windows\System32\mapi32.dll
05:45:56.0084 4044  C:\Windows\System32\mapi32.dll - ok
05:45:56.0100 4044  [ 8B886A0AC14EAA8599142887991A5A2E ] C:\Windows\System32\imapi2.dll
05:45:56.0100 4044  C:\Windows\System32\imapi2.dll - ok
05:45:56.0100 4044  [ 27AB587E5F0696590EF8B83A52952B7B ] C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\wpfgfx_v0300.dll
05:45:56.0100 4044  C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\wpfgfx_v0300.dll - ok
05:45:56.0100 4044  [ F0AAB2A76A7AF04C70A818E96BAF3E64 ] C:\Windows\System32\hgcpl.dll
05:45:56.0100 4044  C:\Windows\System32\hgcpl.dll - ok
05:45:56.0100 4044  [ BA7EC41CA58730A485270820F310CD4E ] C:\Windows\System32\NaturalLanguage6.dll
05:45:56.0100 4044  C:\Windows\System32\NaturalLanguage6.dll - ok
05:45:56.0115 4044  [ 164647BBD819458CE5AA8A8C097B83AC ] C:\Windows\System32\NlsData0007.dll
05:45:56.0115 4044  C:\Windows\System32\NlsData0007.dll - ok
05:45:56.0115 4044  [ 37A2FBCBD0AF846BEF609CBEB61EEA68 ] C:\Windows\System32\NlsLexicons0007.dll
05:45:56.0115 4044  C:\Windows\System32\NlsLexicons0007.dll - ok
05:45:56.0115 4044  [ D64D99EC088B54FFE8EE67A480386C20 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll
05:45:56.0115 4044  C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll - ok
05:45:56.0115 4044  [ 8D89E3131C27FDD6932189CB785E1B7A ] C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
05:45:56.0115 4044  C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe - ok
05:45:56.0131 4044  [ 640D5C0D76F90225391662C08C7ED013 ] C:\Windows\System32\gfxSrvc.dll
05:45:56.0131 4044  C:\Windows\System32\gfxSrvc.dll - ok
05:45:56.0131 4044  [ D3EBA8BF5C618EE0AF379132DB36B0BB ] C:\Windows\System32\IGFXDEVLib.dll
05:45:56.0131 4044  C:\Windows\System32\IGFXDEVLib.dll - ok
05:45:56.0131 4044  [ 318285F1590C4484E3253BA2B189D2DF ] C:\Windows\System32\d3d9.dll
05:45:56.0131 4044  C:\Windows\System32\d3d9.dll - ok
05:45:56.0131 4044  [ 3044D07ABDF4BBEA27E2EE7B1E0C0C65 ] C:\Windows\System32\d3d8thk.dll
05:45:56.0131 4044  C:\Windows\System32\d3d8thk.dll - ok
05:45:56.0131 4044  [ FACAB787D0BB4ED6F08D6B7269DF607D ] C:\Windows\System32\igdumd64.dll
05:45:56.0131 4044  C:\Windows\System32\igdumd64.dll - ok
05:45:56.0147 4044  [ 80C834BA6B844C4B717F2465C4E8EC0F ] C:\Windows\System32\WindowsCodecsExt.dll
05:45:56.0147 4044  C:\Windows\System32\WindowsCodecsExt.dll - ok
05:45:56.0147 4044  [ 1D296F090ED401967B30BD2B970DC306 ] C:\Windows\System32\icm32.dll
05:45:56.0147 4044  C:\Windows\System32\icm32.dll - ok
05:45:56.0147 4044  [ 220159496484D34009DE71CA1A68E0D4 ] C:\Windows\System32\wbem\NCProv.dll
05:45:56.0147 4044  C:\Windows\System32\wbem\NCProv.dll - ok
05:45:56.0147 4044  [ 2898035F522BA2989BBA8B9CFB020FD2 ] C:\Program Files\AVAST Software\Avast\defs\13012903\aspColl.dll
05:45:56.0147 4044  C:\Program Files\AVAST Software\Avast\defs\13012903\aspColl.dll - ok
05:45:56.0162 4044  [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
05:45:56.0162 4044  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
05:45:56.0162 4044  [ E5F7C30EDF0892667933BE879F067D67 ] C:\Windows\SysWOW64\msvcr100_clr0400.dll
05:45:56.0162 4044  C:\Windows\SysWOW64\msvcr100_clr0400.dll - ok
05:45:56.0162 4044  [ 128DD9AF8640DBCC711940903C8B554F ] C:\Windows\SysWOW64\mscoree.dll
05:45:56.0162 4044  C:\Windows\SysWOW64\mscoree.dll - ok
05:45:56.0162 4044  [ AB690CD34CF4B4E3DDF78FD4FBCF88C3 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll
05:45:56.0162 4044  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll - ok
05:45:56.0178 4044  [ 6C69EA6A0C308A0FB81992CAC9F39C59 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.dll
05:45:56.0178 4044  C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.dll - ok
05:45:56.0178 4044  [ F5DF6846F30E9F54EA60CCAEB3FB2055 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
05:45:56.0178 4044  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok
05:45:56.0178 4044  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
05:45:56.0178 4044  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe - ok
05:45:56.0178 4044  [ 81600E2E27ED61427AAD865B9BCDDB9D ] C:\Windows\SysWOW64\msidle.dll
05:45:56.0178 4044  C:\Windows\SysWOW64\msidle.dll - ok
05:45:56.0193 4044  [ CB21CD39637AC13F3455454B2F648257 ] C:\Windows\System32\msvcr100_clr0400.dll
05:45:56.0193 4044  C:\Windows\System32\msvcr100_clr0400.dll - ok
05:45:56.0193 4044  [ 08DFDBD2FD4EA951DC46B1C7661ED35A ] C:\Windows\SysWOW64\powrprof.dll
05:45:56.0193 4044  C:\Windows\SysWOW64\powrprof.dll - ok
05:45:56.0193 4044  [ C3BE0751879BDBE9652E4688B1B3BF3D ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll
05:45:56.0193 4044  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll - ok
05:45:56.0193 4044  [ 3DA5C13008F62D1F4FD2CB539F426331 ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\fusion.dll
05:45:56.0193 4044  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\fusion.dll - ok
05:45:56.0209 4044  [ BC00505CFDA789ED3BE95D2FF38C4875 ] C:\Windows\System32\FntCache.dll
05:45:56.0209 4044  C:\Windows\System32\FntCache.dll - ok
05:45:56.0209 4044  [ 913D843498553A1BC8F8DBAD6358E49F ] C:\Windows\System32\sppsvc.exe
05:45:56.0209 4044  C:\Windows\System32\sppsvc.exe - ok
05:45:56.0209 4044  [ FFF95479C7AB1550F0750A5D01744211 ] C:\Windows\System32\drivers\spsys.sys
05:45:56.0209 4044  C:\Windows\System32\drivers\spsys.sys - ok
05:45:56.0209 4044  [ 41118D920B2B268C0ADC36421248CDCF ] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
05:45:56.0209 4044  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe - ok
05:45:56.0209 4044  [ B7BDBEBC74105E68A3093073C30E3498 ] C:\Windows\System32\sppwinob.dll
05:45:56.0225 4044  C:\Windows\System32\sppwinob.dll - ok
05:45:56.0225 4044  [ D480C9220BFE667DE65A46CDE80EA7E9 ] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\StatusStrings.dll
05:45:56.0225 4044  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\StatusStrings.dll - ok
05:45:56.0225 4044  [ 122F89E0905FC656D56F65CD7A2E9B4D ] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\xerces-c_2_7.dll
05:45:56.0225 4044  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\xerces-c_2_7.dll - ok
05:45:56.0225 4044  [ 1CBAD5EEE017FAFEA2BF75E82330783D ] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\DTMessageLib.dll
05:45:56.0225 4044  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\DTMessageLib.dll - ok
05:45:56.0225 4044  [ 2F530C1448D4984F2A3F995895F2D532 ] C:\Windows\System32\sppobjs.dll
05:45:56.0225 4044  C:\Windows\System32\sppobjs.dll - ok
05:45:56.0240 4044  [ CF318F60A84F15AF352439465A8D05F4 ] C:\Program Files\Windows Defender\MpSvc.dll
05:45:56.0240 4044  C:\Program Files\Windows Defender\MpSvc.dll - ok
05:45:56.0240 4044  [ ADF3E771F429940E762AC097F5A54EAF ] C:\Program Files\Windows Defender\MpClient.dll
05:45:56.0240 4044  C:\Program Files\Windows Defender\MpClient.dll - ok
05:45:56.0240 4044  [ 8F9F3969933C02DA96EB0F84576DB43E ] C:\Windows\System32\wscsvc.dll
05:45:56.0240 4044  C:\Windows\System32\wscsvc.dll - ok
05:45:56.0240 4044  [ A74316B5C28D94AF0825267D8715549F ] C:\Windows\System32\dbghelp.dll
05:45:56.0240 4044  C:\Windows\System32\dbghelp.dll - ok
05:45:56.0256 4044  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] C:\Windows\System32\wuaueng.dll
05:45:56.0256 4044  C:\Windows\System32\wuaueng.dll - ok
05:45:56.0256 4044  [ 64E6A44177ACF348D68255A37F4723DA ] C:\Windows\System32\cabinet.dll
05:45:56.0256 4044  C:\Windows\System32\cabinet.dll - ok
05:45:56.0256 4044  [ 92E0508D924512F63FFEEFE498CBD11F ] C:\Windows\System32\p2pcollab.dll
05:45:56.0256 4044  C:\Windows\System32\p2pcollab.dll - ok
05:45:56.0256 4044  [ 4987E079A4530FA737A128BE54B63B12 ] C:\Windows\System32\QAGENTRT.DLL
05:45:56.0256 4044  C:\Windows\System32\QAGENTRT.DLL - ok
05:45:56.0271 4044  [ 617F6EC0AC677C685479C1D0D1E76C6F ] C:\Windows\System32\mspatcha.dll
05:45:56.0271 4044  C:\Windows\System32\mspatcha.dll - ok
05:45:56.0271 4044  [ 506A83A3BEEE9FCA09F0170DE9FC7D1B ] C:\Windows\System32\fveui.dll
05:45:56.0271 4044  C:\Windows\System32\fveui.dll - ok
05:45:56.0271 4044  [ C47F35CC6FA4F1BDBEF8F87AC1A46537 ] C:\Windows\System32\wuapi.dll
05:45:56.0271 4044  C:\Windows\System32\wuapi.dll - ok
05:45:56.0271 4044  [ E746ED90132C6B6313CE9179F56BD31D ] C:\Windows\System32\wups.dll
05:45:56.0271 4044  C:\Windows\System32\wups.dll - ok
05:45:56.0287 4044  [ FE05D03B73000CFF476E1D29109F3A84 ] C:\Program Files\Windows Defender\MpEvMsg.dll
05:45:56.0287 4044  C:\Program Files\Windows Defender\MpEvMsg.dll - ok
05:45:56.0287 4044  [ 7FE0D0C8F53735EA17C9AE93EFE7AD5A ] C:\Windows\System32\wups2.dll
05:45:56.0287 4044  C:\Windows\System32\wups2.dll - ok
05:45:56.0287 4044  [ 4FDFA3F219692D17011BF1B428857C1E ] C:\Program Files\Windows Defender\MpRTP.dll
05:45:56.0287 4044  C:\Program Files\Windows Defender\MpRTP.dll - ok
05:45:56.0287 4044  [ FBD879D17B26D49DD7A48FF58062FAE6 ] C:\Windows\System32\tdh.dll
05:45:56.0287 4044  C:\Windows\System32\tdh.dll - ok
05:45:56.0287 4044  [ 30042487E83BF3B518DD9B92A2F52F42 ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{11163FA2-0E46-4F8F-909C-D3E33DE118E8}\mpengine.dll
05:45:56.0287 4044  C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{11163FA2-0E46-4F8F-909C-D3E33DE118E8}\mpengine.dll - ok
05:45:56.0303 4044  [ 4C1A82E9362DF1282355FBA3037DF0C4 ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{11163FA2-0E46-4F8F-909C-D3E33DE118E8}\mpasbase.vdm
05:45:56.0303 4044  C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{11163FA2-0E46-4F8F-909C-D3E33DE118E8}\mpasbase.vdm - ok
05:45:56.0303 4044  [ 2F1596828FA9FEA36D52328CA0B50441 ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{11163FA2-0E46-4F8F-909C-D3E33DE118E8}\mpasdlta.vdm
05:45:56.0303 4044  C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{11163FA2-0E46-4F8F-909C-D3E33DE118E8}\mpasdlta.vdm - ok
05:45:56.0303 4044  [ 93BB66044FA76734E882C6F3E8EE1900 ] C:\Program Files\Windows Defender\MsMpLics.dll
05:45:56.0303 4044  C:\Program Files\Windows Defender\MsMpLics.dll - ok
05:45:56.0303 4044  [ 85409DCE247D97E4D6958B7C5916BE4A ] C:\Windows\System32\wscapi.dll
05:45:56.0303 4044  C:\Windows\System32\wscapi.dll - ok
05:45:56.0318 4044  [ B84E2D174DC84916A536572BB8F691A8 ] C:\Windows\System32\wscisvif.dll
05:45:56.0318 4044  C:\Windows\System32\wscisvif.dll - ok
05:45:56.0318 4044  [ 6C1E3C43B35268C17833244C8ED96430 ] C:\Windows\System32\wscproxystub.dll
05:45:56.0318 4044  C:\Windows\System32\wscproxystub.dll - ok
05:45:56.0318 4044  [ 81252AA3B13743020BCF2089A5A0D911 ] C:\Windows\System32\wscinterop.dll
05:45:56.0318 4044  C:\Windows\System32\wscinterop.dll - ok
05:45:56.0318 4044  [ DF50DAE4C547285E4997A0C61063B632 ] C:\Windows\System32\wscui.cpl
05:45:56.0318 4044  C:\Windows\System32\wscui.cpl - ok
05:45:56.0334 4044  [ C3626E674990EF003B6C94807E82B501 ] C:\Windows\System32\werconcpl.dll
05:45:56.0334 4044  C:\Windows\System32\werconcpl.dll - ok
05:45:56.0334 4044  [ 5D89D063A4CB036C258685C8E057E768 ] C:\Windows\System32\framedynos.dll
05:45:56.0334 4044  C:\Windows\System32\framedynos.dll - ok
05:45:56.0334 4044  [ 7E591867422DC788B9E5BD337A669A08 ] C:\Windows\System32\wercplsupport.dll
05:45:56.0334 4044  C:\Windows\System32\wercplsupport.dll - ok
05:45:56.0334 4044  [ 809AE7D4ACE06BBCF621E5C504BF6FC8 ] C:\Windows\System32\hcproviders.dll
05:45:56.0334 4044  C:\Windows\System32\hcproviders.dll - ok
05:45:56.0334 4044  [ C1D0691BE5DDB0C230D8370BD96BBE8B ] C:\Program Files\Internet Explorer\ieproxy.dll
05:45:56.0334 4044  C:\Program Files\Internet Explorer\ieproxy.dll - ok
05:45:56.0349 4044  [ 61B2873C02ECBF86CD6455A40F24CE33 ] C:\Windows\System32\msxml3.dll
05:45:56.0349 4044  C:\Windows\System32\msxml3.dll - ok
05:45:56.0349 4044  [ F11A57E91FDAECFB41A5CB21EB1EBC8E ] C:\Windows\System32\dssenh.dll
05:45:56.0349 4044  C:\Windows\System32\dssenh.dll - ok
05:45:56.0349 4044  [ 840F7FB849F5887A49BA18C13B2DA920 ] C:\Windows\servicing\TrustedInstaller.exe
05:45:56.0349 4044  C:\Windows\servicing\TrustedInstaller.exe - ok
05:45:56.0349 4044  [ 288ADDED26C80FDC135CAB4340161686 ] C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\CbsCore.dll
05:45:56.0349 4044  C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\CbsCore.dll - ok
05:45:56.0365 4044  [ 387F2728BFCF50066F7F3219197918EB ] C:\Windows\System32\makecab.exe
05:45:56.0365 4044  C:\Windows\System32\makecab.exe - ok
05:45:56.0365 4044  [ CFF2D779B7068D39FA444A3D54FAE6F9 ] C:\Windows\System32\dpx.dll
05:45:56.0365 4044  C:\Windows\System32\dpx.dll - ok
05:45:56.0365 4044  [ 7957A194B8421BC070FABBF1C55DB68B ] C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\wcp.dll
05:45:56.0365 4044  C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\wcp.dll - ok
05:45:56.0365 4044  [ 9297F004FCE79FB7B26DAC6968FB5FEB ] C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\DrUpdate.dll
05:45:56.0365 4044  C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\DrUpdate.dll - ok
05:45:56.0381 4044  [ FC6C5D860CDB82411DA626821201BDF0 ] C:\Windows\System32\srclient.dll
05:45:56.0381 4044  C:\Windows\System32\srclient.dll - ok
05:45:56.0381 4044  [ 57193858CCEA03BD038FCFE7E396AEC4 ] C:\Windows\System32\spp.dll
05:45:56.0381 4044  C:\Windows\System32\spp.dll - ok
05:45:56.0381 4044  [ 943F48CC3A59169E52A054946C2F59B8 ] C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\wrpint.dll
05:45:56.0381 4044  C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\wrpint.dll - ok
05:45:56.0381 4044  [ 6685DD5CC357D45EEE30FD089E8A111A ] C:\Windows\System32\sxsstore.dll
05:45:56.0381 4044  C:\Windows\System32\sxsstore.dll - ok
05:45:56.0381 4044  [ D485D1BE97777617B186FC8095F58421 ] C:\Windows\servicing\CbsApi.dll
05:45:56.0381 4044  C:\Windows\servicing\CbsApi.dll - ok
05:45:56.0396 4044  [ EE24C42561D40F7AD7C2A7A460287090 ] C:\Windows\System32\wbem\cimwin32.dll
05:45:56.0396 4044  C:\Windows\System32\wbem\cimwin32.dll - ok
05:45:56.0396 4044  [ 0D893F8D145D3B125B0226727C243A69 ] C:\Windows\System32\security.dll
05:45:56.0396 4044  C:\Windows\System32\security.dll - ok
05:45:56.0396 4044  [ 14C6A59904D397C6D85DADA9ACBB6FAB ] C:\Windows\System32\browcli.dll
05:45:56.0396 4044  C:\Windows\System32\browcli.dll - ok
05:45:56.0396 4044  [ 28142AAF1565736CE0E5D7EFCE3CC0F8 ] C:\Windows\System32\schedcli.dll
05:45:56.0396 4044  C:\Windows\System32\schedcli.dll - ok
05:45:56.0412 4044  [ 5EA9A0950F322BFA382AF277801C0307 ] C:\Windows\System32\wbem\wmipcima.dll
05:45:56.0412 4044  C:\Windows\System32\wbem\wmipcima.dll - ok
05:45:56.0412 4044  [ 76DC9F4FE66BC3867615F142766B4C50 ] C:\Windows\System32\wmi.dll
05:45:56.0412 4044  C:\Windows\System32\wmi.dll - ok
05:45:56.0412 4044  [ B7213E92B270761B88B313B62BA0E13B ] C:\Windows\System32\slwga.dll
05:45:56.0412 4044  C:\Windows\System32\slwga.dll - ok
05:45:56.0412 4044  [ 64856DFE10FC7B429E6999380BC3BB62 ] C:\Windows\System32\sppc.dll
05:45:56.0412 4044  C:\Windows\System32\sppc.dll - ok
05:45:56.0412 4044  [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] C:\Windows\System32\qmgr.dll
05:45:56.0412 4044  C:\Windows\System32\qmgr.dll - ok
05:45:56.0427 4044  [ 4E75477E8BFA55C6F1F2688FB553F0C5 ] C:\Windows\System32\bitsperf.dll
05:45:56.0427 4044  C:\Windows\System32\bitsperf.dll - ok
05:45:56.0427 4044  [ D9431DCF90B0253773F51FDEFE7FD42F ] C:\Windows\System32\bitsigd.dll
05:45:56.0427 4044  C:\Windows\System32\bitsigd.dll - ok
05:45:56.0427 4044  [ 9E29BC11A70165635CC10D42E64CFEE1 ] C:\Windows\System32\upnp.dll
05:45:56.0427 4044  C:\Windows\System32\upnp.dll - ok
05:45:56.0427 4044  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] C:\Windows\System32\ssdpsrv.dll
05:45:56.0427 4044  C:\Windows\System32\ssdpsrv.dll - ok
05:45:56.0443 4044  [ AC5DF873913B00E554D8F553459BC431 ] C:\Windows\System32\qmgrprxy.dll
05:45:56.0443 4044  C:\Windows\System32\qmgrprxy.dll - ok
05:45:56.0443 4044  [ 4927DF280CBD35B8C8C7B9FD80638643 ] C:\Windows\System32\bitsprx3.dll
05:45:56.0443 4044  C:\Windows\System32\bitsprx3.dll - ok
05:45:56.0443 4044  [ DF2B70963BF48DC6ADF774894EF74C38 ] C:\Windows\System32\bitsprx2.dll
05:45:56.0443 4044  C:\Windows\System32\bitsprx2.dll - ok
05:45:56.0443 4044  [ C1C03EA437EDDA8A7D4D8786E5AE6751 ] C:\Windows\System32\wuauclt.exe
05:45:56.0443 4044  C:\Windows\System32\wuauclt.exe - ok
05:45:56.0459 4044  [ 50EBD31C3527366FAFA468BD609F7352 ] C:\Windows\System32\wucltux.dll
05:45:56.0459 4044  C:\Windows\System32\wucltux.dll - ok
05:45:56.0459 4044  [ 5FBD7BEC6CD3DCAA6A87A7F70CE8AF44 ] C:\Windows\System32\advpack.dll
05:45:56.0459 4044  C:\Windows\System32\advpack.dll - ok
05:45:56.0459 4044  [ 76D86E65FF7D10292886A1F2DB93A911 ] C:\Windows\System32\ELSCore.dll
05:45:56.0459 4044  C:\Windows\System32\ELSCore.dll - ok
05:45:56.0459 4044  [ B526181E3F6B9F5136B6B7F776B7468B ] C:\Windows\System32\elsTrans.dll
05:45:56.0459 4044  C:\Windows\System32\elsTrans.dll - ok
05:45:56.0474 4044  [ AEE087CF7423BA44CC2DE03CC565E399 ] C:\Windows\System32\elslad.dll
05:45:56.0474 4044  C:\Windows\System32\elslad.dll - ok
05:45:56.0474 4044  [ 701D9F5F3F21580936638D5C5F86B460 ] C:\Windows\System32\NlsData0009.dll
05:45:56.0474 4044  C:\Windows\System32\NlsData0009.dll - ok
05:45:56.0474 4044  [ 148A733B93A2AC104280495DA09D3CC2 ] C:\Windows\System32\NlsLexicons0009.dll
05:45:56.0474 4044  C:\Windows\System32\NlsLexicons0009.dll - ok
05:45:56.0474 4044  [ 4A826F98E1B0860840FE227D1A4FFC05 ] C:\Program Files\Windows Journal\Journal.exe
05:45:56.0474 4044  C:\Program Files\Windows Journal\Journal.exe - ok
05:45:56.0474 4044  [ 11542EC1F1C53EDB3CCF5AADF4C9972F ] C:\Windows\System32\NlsData0000.dll
05:45:56.0474 4044  C:\Windows\System32\NlsData0000.dll - ok
05:45:56.0490 4044  [ 51272A935F4F482A70F2A7D1C3A67AEE ] C:\Windows\System32\NlsData000c.dll
05:45:56.0490 4044  C:\Windows\System32\NlsData000c.dll - ok
05:45:56.0490 4044  [ C2142407A2BE3462247500849B3FF8C7 ] C:\Windows\System32\NlsLexicons000c.dll
05:45:56.0490 4044  C:\Windows\System32\NlsLexicons000c.dll - ok
05:45:56.0490 4044  [ DC3E0DFB43ED05FF8290B38E3F94C0DE ] C:\Windows\ehome\ehepgres.dll
05:45:56.0490 4044  C:\Windows\ehome\ehepgres.dll - ok
05:45:56.0490 4044  [ A094DF70FC58677D79B1E8F045AC2883 ] C:\Windows\System32\NlsData0416.dll
05:45:56.0490 4044  C:\Windows\System32\NlsData0416.dll - ok
05:45:56.0505 4044  [ 371821A1C47A2B80275A23483FA36BB2 ] C:\Windows\System32\NlsLexicons0416.dll
05:45:56.0505 4044  C:\Windows\System32\NlsLexicons0416.dll - ok
05:45:56.0505 4044  [ 55934080B2ED262D13455578DD5E50C9 ] C:\Program Files\Common Files\System\wab32res.dll
05:45:56.0505 4044  C:\Program Files\Common Files\System\wab32res.dll - ok
05:45:56.0505 4044  [ C0CCBA2DDADBB8B068F50D1A832F07EC ] C:\Windows\System32\Query.dll
05:45:56.0505 4044  C:\Windows\System32\Query.dll - ok
05:45:56.0505 4044  [ 2B0605ABC47532155FFBFDC1693317D8 ] C:\Windows\System32\NlsData0010.dll
05:45:56.0505 4044  C:\Windows\System32\NlsData0010.dll - ok
05:45:56.0521 4044  [ 362ACF8F7476637A5F76BE5953F4F258 ] C:\Windows\System32\NlsLexicons0010.dll
05:45:56.0521 4044  C:\Windows\System32\NlsLexicons0010.dll - ok
05:45:56.0521 4044  [ 7FD58BA8562948EE374E2513C6771EF9 ] C:\Windows\System32\mf.dll
05:45:56.0521 4044  C:\Windows\System32\mf.dll - ok
05:45:56.0521 4044  [ 64B328D52DFC8CDA123093E3F6E4C37C ] C:\Windows\System32\unregmp2.exe
05:45:56.0521 4044  C:\Windows\System32\unregmp2.exe - ok
05:45:56.0521 4044  [ 234C6332DE002EE43A08C46B5B988EB2 ] C:\Windows\System32\SampleRes.dll
05:45:56.0521 4044  C:\Windows\System32\SampleRes.dll - ok
05:45:56.0537 4044  [ 005247E3057BC5D5C3F8C6F886FFC10C ] C:\Windows\System32\wbem\WMIADAP.exe
05:45:56.0537 4044  C:\Windows\System32\wbem\WMIADAP.exe - ok
05:45:56.0537 4044  [ 9FE3ED67345F0FF829A4A53B90E09672 ] C:\Windows\System32\loadperf.dll
05:45:56.0537 4044  C:\Windows\System32\loadperf.dll - ok
05:45:56.0537 4044  [ FC3001B4B9DF50B61F3CCA615759EFE7 ] C:\Windows\System32\PhotoMetadataHandler.dll
05:45:56.0537 4044  C:\Windows\System32\PhotoMetadataHandler.dll - ok
05:45:56.0537 4044  [ 40EB9112B6CF178AA099B5B2BD0B76AA ] C:\Program Files\Common Files\System\wab32.dll
05:45:56.0537 4044  C:\Program Files\Common Files\System\wab32.dll - ok
05:45:56.0537 4044  [ 0C468376C80AEBF7BB6E19E118C88204 ] C:\Windows\System32\cryptdlg.dll
05:45:56.0537 4044  C:\Windows\System32\cryptdlg.dll - ok
05:45:56.0552 4044  [ 82D2C191740D13DCBD2A6EF5F209FB3A ] C:\Windows\System32\msoert2.dll
05:45:56.0552 4044  C:\Windows\System32\msoert2.dll - ok
05:45:56.0552 4044  [ D2CB14499799E196CB034448BDD898DD ] C:\Windows\System32\SearchFolder.dll
05:45:56.0552 4044  C:\Windows\System32\SearchFolder.dll - ok
05:45:56.0552 4044  [ A42FBC61385A5F5F444209EE94D89F27 ] C:\Windows\System32\NlsData0021.dll
05:45:56.0552 4044  C:\Windows\System32\NlsData0021.dll - ok
05:45:56.0552 4044  [ E5283AFD7590ECC37F8D62C4D6F1FB48 ] C:\Windows\System32\NlsLexicons0021.dll
05:45:56.0552 4044  C:\Windows\System32\NlsLexicons0021.dll - ok
05:45:56.0568 4044  [ 916DB4FEB392BC58239D1C5825E33EA3 ] C:\Windows\System32\NlsData001b.dll
05:45:56.0568 4044  C:\Windows\System32\NlsData001b.dll - ok
05:45:56.0568 4044  [ EE44FD66D54E14694E7DD21C4E1E6599 ] C:\Windows\System32\NlsLexicons001b.dll
05:45:56.0568 4044  C:\Windows\System32\NlsLexicons001b.dll - ok
05:45:56.0568 4044  [ 41E4E0E91C84421891F13BE8D4947ECD ] C:\Windows\System32\sbe.dll
05:45:56.0568 4044  C:\Windows\System32\sbe.dll - ok
05:45:56.0568 4044  [ 4D842C5081F06E61BFF461CF87D13525 ] C:\Windows\ehome\ehtrace.dll
05:45:56.0568 4044  C:\Windows\ehome\ehtrace.dll - ok
05:45:56.0568 4044  [ 511FA6794F901C60A4458C2F693AF7A3 ] C:\Windows\System32\sberes.dll
05:45:56.0568 4044  C:\Windows\System32\sberes.dll - ok
05:45:56.0583 4044  [ F76074CE653E49AC6BDFE19289691AA6 ] C:\Windows\System32\NlsData0013.dll
05:45:56.0583 4044  C:\Windows\System32\NlsData0013.dll - ok
05:45:56.0583 4044  [ AE9300B1F0D6095597F64F03E1C38BB4 ] C:\Windows\System32\NlsLexicons0013.dll
05:45:56.0583 4044  C:\Windows\System32\NlsLexicons0013.dll - ok
05:45:56.0583 4044  [ F121FF27B30D62EB148E928C4769328B ] C:\Windows\System32\Speech\SpeechUX\sapi.cpl
05:45:56.0583 4044  C:\Windows\System32\Speech\SpeechUX\sapi.cpl - ok
05:45:56.0583 4044  [ BE5C7690D94F9DAB63BEED73D8FFABBE ] C:\Windows\System32\wbem\WmiApRes.dll
05:45:56.0583 4044  C:\Windows\System32\wbem\WmiApRes.dll - ok
05:45:56.0599 4044  [ 2B7AAA05D43988BEC320F965F6384E67 ] C:\Windows\System32\migwiz\wet.dll
05:45:56.0599 4044  C:\Windows\System32\migwiz\wet.dll - ok
05:45:56.0599 4044  [ 51D186B582C905E49D84B70322F70B21 ] C:\Windows\System32\miguiresource.dll
05:45:56.0599 4044  C:\Windows\System32\miguiresource.dll - ok
05:45:56.0599 4044  [ B9D2FAF624031311CA3E45CC60EDDDE7 ] C:\Windows\System32\rstrui.exe
05:45:56.0599 4044  C:\Windows\System32\rstrui.exe - ok
05:45:56.0599 4044  [ 7D7677D3E17614F69B27B9EB9A8EFE5E ] C:\Windows\System32\msinfo32.exe
05:45:56.0599 4044  C:\Windows\System32\msinfo32.exe - ok
05:45:56.0615 4044  [ AF36C246EB34999281A4CB34EA14915F ] C:\Windows\System32\wdc.dll
05:45:56.0615 4044  C:\Windows\System32\wdc.dll - ok
05:45:56.0615 4044  [ 3B1864AE25C30F7385FE69495DF772D1 ] C:\Windows\System32\dfrgui.exe
05:45:56.0615 4044  C:\Windows\System32\dfrgui.exe - ok
05:45:56.0615 4044  [ 9D9C0DD19ED1D36E1FAB8805EA5CE1AF ] C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe
05:45:56.0615 4044  C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe - ok
05:45:56.0615 4044  [ 852D67A27E454BD389FA7F02A8CBE23F ] C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
05:45:56.0615 4044  C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe - ok
05:45:56.0615 4044  [ 1FF8939ABF6B9CF81F22BD768E5449BD ] C:\Windows\System32\OobeFldr.dll
05:45:56.0615 4044  C:\Windows\System32\OobeFldr.dll - ok
05:45:56.0630 4044  [ 0A8BEC706DBC33BEA9A919BEDA137A2D ] C:\Windows\System32\SNTSearch.dll
05:45:56.0630 4044  C:\Windows\System32\SNTSearch.dll - ok
05:45:56.0630 4044  [ 47F0F526AD4982806C54B845B3289DE1 ] C:\Windows\System32\SoundRecorder.exe
05:45:56.0630 4044  C:\Windows\System32\SoundRecorder.exe - ok
05:45:56.0630 4044  [ 7633F554EEAFDE7F144B41C2FCAF5F63 ] C:\Windows\System32\SnippingTool.exe
05:45:56.0630 4044  C:\Windows\System32\SnippingTool.exe - ok
05:45:56.0630 4044  [ 5E115854DA4767CF8071F76211DDAC06 ] C:\Windows\System32\mstsc.exe
05:45:56.0630 4044  C:\Windows\System32\mstsc.exe - ok
05:45:56.0646 4044  [ 823BD5F4D89FEDCD90809B8C53D167CC ] C:\Windows\System32\mblctr.exe
05:45:56.0646 4044  C:\Windows\System32\mblctr.exe - ok
05:45:56.0646 4044  [ 9FCA314E02437C35C4A8571EAE8B3421 ] C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe
05:45:56.0646 4044  C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe - ok
05:45:56.0646 4044  [ B795E6138E29A37508285FC31E92BD78 ] C:\Windows\System32\DisplaySwitch.exe
05:45:56.0646 4044  C:\Windows\System32\DisplaySwitch.exe - ok
05:45:56.0646 4044  [ ABB425B7C6AD956BFCABDF5F59541AD5 ] C:\Windows\System32\fsquirt.exe
05:45:56.0646 4044  C:\Windows\System32\fsquirt.exe - ok
05:45:56.0661 4044  [ 11F174ED2050121C394C17B4F7B69983 ] C:\Windows\System32\AuthFWGP.dll
05:45:56.0661 4044  C:\Windows\System32\AuthFWGP.dll - ok
05:45:56.0661 4044  [ A7253C6B106DAAEBB5499FC7AEF68BAB ] C:\Windows\System32\msconfig.exe
05:45:56.0661 4044  C:\Windows\System32\msconfig.exe - ok
05:45:56.0661 4044  [ DE038C40F3033EDA732655FA42DCBD18 ] C:\Windows\System32\filemgmt.dll
05:45:56.0661 4044  C:\Windows\System32\filemgmt.dll - ok
05:45:56.0661 4044  [ A8F0E356CE2A84B31A7D1043CDE31F07 ] C:\Windows\System32\MdSched.exe
05:45:56.0661 4044  C:\Windows\System32\MdSched.exe - ok
05:45:56.0661 4044  [ B9CE8CF2FF2D5EAFFDBAA340E7B385A5 ] C:\Windows\System32\iscsicpl.dll
05:45:56.0661 4044  C:\Windows\System32\iscsicpl.dll - ok
05:45:56.0677 4044  [ 3E466073C3B1033FF92ADE9031E3D4A2 ] C:\Windows\System32\odbcint.dll
05:45:56.0677 4044  C:\Windows\System32\odbcint.dll - ok
05:45:56.0677 4044  [ 06A6FE79BD96C7FEF7322AFE5B45FFFF ] C:\Windows\System32\mycomput.dll
05:45:56.0677 4044  C:\Windows\System32\mycomput.dll - ok
05:45:56.0677 4044  [ 770DF05455820D51C2BF08E92AA1834E ] C:\Windows\System32\Wpc.dll
05:45:56.0677 4044  C:\Windows\System32\Wpc.dll - ok
05:45:56.0677 4044  [ 53534F0BC0BEFFD60FC13864B3034984 ] C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
05:45:56.0677 4044  C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe - ok
05:45:56.0693 4044  [ 5BACFD51D926774C8DD8028BEC9B4374 ] C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe
05:45:56.0693 4044  C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe - ok
05:45:56.0693 4044  [ EB596E72F63B7C31BE8DF75FA8829B3F ] C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe
05:45:56.0693 4044  C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe - ok
05:45:56.0693 4044  [ E015E57CFB39A10923A191060809865A ] C:\Program Files\Microsoft Games\More Games\MoreGames.dll
05:45:56.0693 4044  C:\Program Files\Microsoft Games\More Games\MoreGames.dll - ok
05:45:56.0693 4044  [ B3EE7BD189C5925D4C0D2BBFCA00FDD1 ] C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe
05:45:56.0693 4044  C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe - ok
05:45:56.0708 4044  [ 9AAADE86A4659A69CF5AA298C8AEEC22 ] C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe
05:45:56.0708 4044  C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe - ok
05:45:56.0708 4044  [ 89F37FFA37B28807B1E7628BE13664C5 ] C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe
05:45:56.0708 4044  C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe - ok
05:45:56.0708 4044  [ 061A78FEFA0457FD64F62DF791939466 ] C:\Windows\System32\NlsData000a.dll
05:45:56.0708 4044  C:\Windows\System32\NlsData000a.dll - ok
05:45:56.0708 4044  [ CDDF26D22DF0C095BC3DF44BBCDC426C ] C:\Windows\System32\NlsLexicons000a.dll
05:45:56.0708 4044  C:\Windows\System32\NlsLexicons000a.dll - ok
05:45:56.0724 4044  [ AB0A8849029B4CE1109BA4E86481AB4F ] C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe
05:45:56.0724 4044  C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe - ok
05:45:56.0724 4044  [ 1C9289324B5558AA5A59FB98359B3FD7 ] C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe
05:45:56.0724 4044  C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe - ok
05:45:56.0724 4044  [ A8524F6C3AFF774911BCA26AB8322602 ] C:\Program Files\Microsoft Games\Hearts\Hearts.exe
05:45:56.0724 4044  C:\Program Files\Microsoft Games\Hearts\Hearts.exe - ok
05:45:56.0724 4044  [ BEF8BE93965EC65C51D70030B9B6B058 ] C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe
05:45:56.0724 4044  C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe - ok
05:45:56.0739 4044  [ 07DD9DCD1CC2840751A1F8772F3C0195 ] C:\Program Files\Microsoft Games\Chess\Chess.exe
05:45:56.0739 4044  C:\Program Files\Microsoft Games\Chess\Chess.exe - ok
05:45:56.0739 4044  [ E79DF53BAD587E24B3CF965A5746C7B6 ] C:\Windows\System32\msra.exe
05:45:56.0739 4044  C:\Windows\System32\msra.exe - ok
05:45:56.0739 4044  [ CDE81C3D7B325B33D8E0EA1AD7E93655 ] C:\Windows\System32\recdisc.exe
05:45:56.0739 4044  C:\Windows\System32\recdisc.exe - ok
05:45:56.0739 4044  [ 4A7A076EA3B1FE59CF4303F6B0BB2C6F ] C:\Windows\System32\sdcpl.dll
05:45:56.0739 4044  C:\Windows\System32\sdcpl.dll - ok
05:45:56.0739 4044  [ 492CB6A624D5DAD73EE0294B5DB37DD6 ] C:\Windows\System32\xpsrchvw.exe
05:45:56.0739 4044  C:\Windows\System32\xpsrchvw.exe - ok
05:45:56.0755 4044  [ E83D2495D5867E224FBF42EF40D8856C ] C:\Program Files\DVD Maker\DVDMaker.exe
05:45:56.0755 4044  C:\Program Files\DVD Maker\DVDMaker.exe - ok
05:45:56.0755 4044  [ FDA49D1D0C201F6C76BD2593F562BF80 ] C:\Windows\System32\WindowsAnytimeUpgradeui.exe
05:45:56.0755 4044  C:\Windows\System32\WindowsAnytimeUpgradeui.exe - ok
05:45:56.0755 4044  [ 8FC6C4EE0A2D3EBAA70FA38F99141BCE ] C:\Program Files\Windows Sidebar\sidebar.exe
05:45:56.0755 4044  C:\Program Files\Windows Sidebar\sidebar.exe - ok
05:45:56.0755 4044  [ E5DE3FFD785B6730291AD98E491D58BA ] C:\Windows\ehome\ehres.dll
05:45:56.0755 4044  C:\Windows\ehome\ehres.dll - ok
05:45:56.0771 4044  [ B915928816C34CB9E680ACA9356F8AD0 ] C:\Windows\System32\sud.dll
05:45:56.0771 4044  C:\Windows\System32\sud.dll - ok
05:45:56.0771 4044  [ 92B9267DC61E2556966565E1E03E7DCF ] C:\Users\bla\Desktop\RootAlyzer.exe
05:45:56.0771 4044  C:\Users\bla\Desktop\RootAlyzer.exe - ok
05:45:56.0771 4044  [ EF33F6DD121B7F546F36112B8B73C609 ] C:\Windows\System32\zipfldr.dll
05:45:56.0771 4044  C:\Windows\System32\zipfldr.dll - ok
05:45:56.0771 4044  [ FD126186C7434D5214093A4A87A0D63F ] C:\Windows\System32\inetcpl.cpl
05:45:56.0771 4044  C:\Windows\System32\inetcpl.cpl - ok
05:45:56.0786 4044  [ 0464F91951FF74105B13921AFCE40413 ] C:\Windows\System32\StructuredQuery.dll
05:45:56.0786 4044  C:\Windows\System32\StructuredQuery.dll - ok
05:45:56.0786 4044  [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\Users\bla\Desktop\tdsskiller\TDSSKiller.exe
05:45:56.0786 4044  C:\Users\bla\Desktop\tdsskiller\TDSSKiller.exe - ok
05:45:56.0786 4044  ============================================================
05:45:56.0786 4044  Scan finished
05:45:56.0786 4044  ============================================================
05:45:56.0786 3944  Detected object count: 3
05:45:56.0786 3944  Actual detected object count: 3
05:46:21.0668 3944  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe - copied to quarantine
05:46:21.0668 3944  HKLM\SYSTEM\ControlSet001\services\LMS - will be deleted on reboot
05:46:21.0700 3944  HKLM\SYSTEM\ControlSet002\services\LMS - will be deleted on reboot
05:46:21.0887 3944  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe - will be deleted on reboot
05:46:21.0887 3944  LMS ( UnsignedFile.Multi.Generic ) - User select action: Delete 
05:46:21.0934 3944  C:\Windows\system32\ED2E.tmp - copied to quarantine
05:46:21.0934 3944  HKLM\SYSTEM\ControlSet001\services\MEMSWEEP2 - will be deleted on reboot
05:46:21.0934 3944  HKLM\SYSTEM\ControlSet002\services\MEMSWEEP2 - will be deleted on reboot
05:46:21.0934 3944  C:\Windows\system32\ED2E.tmp - will be deleted on reboot
05:46:21.0934 3944  MEMSWEEP2 ( UnsignedFile.Multi.Generic ) - User select action: Delete 
05:46:22.0012 3944  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe - copied to quarantine
05:46:22.0012 3944  HKLM\SYSTEM\ControlSet001\services\UNS - will be deleted on reboot
05:46:22.0027 3944  HKLM\SYSTEM\ControlSet002\services\UNS - will be deleted on reboot
05:46:22.0027 3944  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe - will be deleted on reboot
05:46:22.0027 3944  UNS ( UnsignedFile.Multi.Generic ) - User select action: Delete 
05:46:25.0631 1972  Deinitialize success
         
Tut mir wirklich Leid, wenn ich dir damit mehr Arbeit als nötig gemacht habe!

Alt 31.01.2013, 15:26   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
trojan.hijacker - win7 auch nach neuinstallation infiziert? rootkit? - Standard

trojan.hijacker - win7 auch nach neuinstallation infiziert? rootkit?



Zitat:
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe - will be deleted on reboot
Siehste, genau deswegen ist das planlose Ausführen von solchen Spezialtools wie TDSS-Killer kontraproduktiv und gefährlich
Du hast damit eine Softwarekomponente von Intel gelöscht

Malwarebytes Anti-Rootkit

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu trojan.hijacker - win7 auch nach neuinstallation infiziert? rootkit?
anderen, anderes, dienst, externe festplatte, festplatte, folge, folgendes, infiziert, infiziert?, keine verbindung, langsam, log-file, löschen, network attached storage, neuinstallation, neustart, nicht mehr, platte, problem, rechner, rootkit, system, system neu, trojan.hijacker, verbindung, verschiedene, win, win 7, win7, windows




Ähnliche Themen: trojan.hijacker - win7 auch nach neuinstallation infiziert? rootkit?


  1. Permanente CPU-Last von 100% auch nach Neuinstallation
    Plagegeister aller Art und deren Bekämpfung - 15.10.2015 (9)
  2. Avira Free Antivirus stürzt bei Systemscan ab - auch nach Neuinstallation
    Plagegeister aller Art und deren Bekämpfung - 04.09.2015 (17)
  3. WIN XP home - TR/Rogue.8240432 A0000018.exe - auch nach Neuinstallation nicht weg
    Log-Analyse und Auswertung - 07.09.2014 (5)
  4. - Rootkit entdeckt ! Win7 - Anti-Rootkit o. Neuinstallation ?
    Plagegeister aller Art und deren Bekämpfung - 15.02.2014 (13)
  5. Win7 64bit hängt sich nach neuinstallation auf
    Alles rund um Windows - 10.12.2013 (1)
  6. BOO/Tdss.O auch nach Windows7-Neuinstallation noch vorhanden
    Plagegeister aller Art und deren Bekämpfung - 04.11.2013 (14)
  7. GMER Log nach neuinstallation von windows 7 (Rootkit)
    Log-Analyse und Auswertung - 02.11.2013 (11)
  8. Windows XP nach Rootkit und Fremdzugriff noch Infiziert?
    Plagegeister aller Art und deren Bekämpfung - 29.10.2013 (29)
  9. 2te Festplatte wird nach WIN7 Neuinstallation nicht angezeigt
    Netzwerk und Hardware - 05.08.2013 (1)
  10. Neuinstallation WIN7 nach Trojaner mit ISO Datei
    Plagegeister aller Art und deren Bekämpfung - 06.11.2012 (3)
  11. Laptop Läuft nur noch im Abgesicherten Modus, auch nach Windows Neuinstallation !
    Alles rund um Windows - 09.05.2011 (5)
  12. Neuinstallation nach TR/Cryptet.xpack.gen2 und Rootkit Viren, Schädlinge immer noch vorhanden
    Plagegeister aller Art und deren Bekämpfung - 18.01.2011 (13)
  13. Trojan.Generic.2861923 nach Neuinstallation
    Log-Analyse und Auswertung - 04.06.2010 (15)
  14. Trojan Agent nach windows neuinstallation!
    Plagegeister aller Art und deren Bekämpfung - 31.03.2010 (4)
  15. vista: opera stürzt auch nach neuinstallation wiederholt ab
    Alles rund um Windows - 14.11.2009 (6)
  16. Trojaner auch nach Formatierung und Neuinstallation des Computers vorhanden! Was nun?
    Plagegeister aller Art und deren Bekämpfung - 11.02.2009 (2)
  17. Probleme auch nach XP Neuinstallation
    Log-Analyse und Auswertung - 15.11.2006 (8)

Zum Thema trojan.hijacker - win7 auch nach neuinstallation infiziert? rootkit? - Hallo lieber Helfender, habe folgendes Problem: Auf meinem Win7 x64 wurde der Trojan.Hijacker lokalisiert, welchen ich vom AV-Programm löschen ließ. Nach einem Neustart war Windows nicht mehr bootfähig und ging - trojan.hijacker - win7 auch nach neuinstallation infiziert? rootkit?...
Archiv
Du betrachtest: trojan.hijacker - win7 auch nach neuinstallation infiziert? rootkit? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.