| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows 7 64Bit+ Avast, Win32:Maleware.genWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.01.2014, 12:12
| #1 |
 |  Windows 7 64Bit+ Avast, Win32:Maleware.gen Hallo Trojaner-Board, nach langer Zeit und Benutzung diesen Laptops(private Nutzung) habe ich ein hoffentlich "kleines" Problem, mit wenig Schadensausmaßen. Mein Problem besteht darin, dass mir vor ca. 3 Tagen, mein Antivierenprogramm Avast (Avast Free 2014) eine Fehlermeldung zeigte die auf irgendeine URL mit einer Suchmaschine führte. Diese URL wollte sich vom IE und vom Firefox aus öffnen und wurde blockiert. Nach ausführlichem Scan wurde mir aber keine Viren, Malware angezeigt. Da ich mir nicht sicher war ob doch vielleicht was auf dem Laptop ist, habe ich eine Startzeit-Überprüfung gemacht. Hier wurden mir 2 Meldungen wiedergegeben, welche automatisch entfernt wurden. Nach der Startzeit-Überprüfung wurde das System neu gestartet. Daraufhin meldete sich Avast wieder. Immer noch mit dieser URL. Habe mir daraufhin F-Secure Rescue Disk (hxxp://download.f-secure.com/estore/rescue-cd-3.16-63801.iso) runtergeladen, CD gebootet und Virendatenbank geupdatet. Nach erfolgreichem Update habe ich diesen Scanner gestartet. Meldung waren 6 infizierte Dateien. Das Programm habe die Daten gelöscht und der Rechner wurde neu gebootet. Nochmals Avast durchlaufen lassen und wieder eine Fehlermeldung. So langsam bin ich ratlos und hoffe hier auf schnelle Hilfe. Ich habe mir schon mal die Programme: defogger, FRST64 und GMER runtergeladen. Logs im Anhang: |
|
13.01.2014, 13:00
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7 64Bit+ Avast, Win32:Maleware.gen Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
13.01.2014, 13:58
| #3 |
| | Windows 7 64Bit+ Avast, Win32:Maleware.gen DEFOGGER:
__________________Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:17 on 13/01/2014 (User)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed
Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-01-2014 01
Ran by User (administrator) on NOTEBOOK-MEDION on 13-01-2014 10:33:39
Running from C:\Users\User\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(VMware, Inc.) D:\VM Ware\Installation\vmware-authd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
() C:\Program Files (x86)\PHotkey\PVDesktop.exe
() C:\Program Files (x86)\PHotkey\PVDAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
() C:\Program Files (x86)\PHotkey\POsd.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(VMware, Inc.) D:\VM Ware\Installation\vmware-tray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
() C:\Program Files (x86)\PHotkey\GPMTray.exe
(Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() D:\VM Ware\Installation\vmware-hostd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2930488 2013-06-11] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2013-06-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2013-06-11] (Realtek Semiconductor)
HKLM\...\Run: [IntelPROSet] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4791024 2013-04-18] (Intel(R) Corporation)
HKLM\...\Run: [Cm106Sound] - C:\Windows\Syswow64\cm106.dll [8151040 2010-07-01] (C-Media Corporation)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508144 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2013-12-20] (AVAST Software)
HKLM-x32\...\Run: [vmware-tray.exe] - D:\VM Ware\Installation\vmware-tray.exe [111696 2013-10-18] (VMware, Inc.)
HKLM-x32\...\Run: [YouCam Service] - C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [247016 2011-09-09] (CyberLink Corp.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [PHotkey] - C:\Program Files (x86)\PHotkey\PHotkey.exe [2215424 2012-11-27] ()
HKCU\...\Run: [PVDesktop] - C:\Program Files (x86)\PHotkey\PVDesktop.exe [552960 2012-01-12] ()
MountPoints2: {8276f340-e81f-11e2-b94c-806e6f6e6963} - F:\setup.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [168616 2013-12-19] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [141336 2013-12-19] (NVIDIA Corporation)
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\acrun.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\acstart.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\adobe air application installer.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\ccleaner64.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\dtlite.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\extendscript toolkit.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\pdf24-editor.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\pdf24-fax.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\photostudio.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\rgsclauncher.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\sptdinst-x64.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO\uninst.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://thebestgamesonlinefree.com
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Plus-HD-1.3 - {11111111-1111-1111-1111-110311121157} - C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-bho.dll (Plus HD)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.45.2.1
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\svwllwce.default
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\svwllwce.default\user.js
FF Homepage: https://www.google.de/
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll (Zylom)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: YouTube Unblocker - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\svwllwce.default\Extensions\youtubeunblocker@unblocker.yt [2013-11-01]
FF Extension: WOT - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\svwllwce.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-27]
FF Extension: StratusClient 1.0.2 Class - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\svwllwce.default\Extensions\{A8142D35-967D-B1F6-794B-9F783F09E315} [2014-01-11]
FF Extension: Flash Video Downloader - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\svwllwce.default\Extensions\artur.dubovoy@gmail.com.xpi [2013-07-14]
FF Extension: AutoPager - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\svwllwce.default\Extensions\autopager@mozilla.org.xpi [2013-07-09]
FF Extension: Facebook Blocker - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\svwllwce.default\Extensions\info@skymeissner.com.xpi [2013-07-13]
FF Extension: Secure Login - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\svwllwce.default\Extensions\secureLogin@blueimp.net.xpi [2013-07-09]
FF Extension: {636c2988-0364-4a61-99cb-869518ea61b7} - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\svwllwce.default\Extensions\{636c2988-0364-4a61-99cb-869518ea61b7}.xpi [2013-11-01]
FF Extension: NoScript - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\svwllwce.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-07-09]
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\svwllwce.default\Extensions\{891f0410-aaa2-11e0-9f1c-0800200c9a66}.xpi [2013-07-13]
FF Extension: Update Scanner - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\svwllwce.default\Extensions\{c07d1a49-9894-49ff-a594-38960ede8fb9}.xpi [2013-12-23]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\svwllwce.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-09]
FF Extension: Download Statusbar - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\svwllwce.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2013-07-09]
FF Extension: Skype Helper Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\svwllwce.default\Extensions\{fc797631-7bf8-4112-b4fd-9fb9f3f9f0aa}.xpi [2013-11-05]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-07-08]
Chrome:
=======
CHR HomePage: hxxp://www.google.de/intl/de/chrome/browser/thankyou.html?oneclickinstalled=1
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 [2013-12-24]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 [2013-12-24]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 [2013-12-24]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 [2013-12-24]
CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0 [2013-12-31]
CHR Extension: (avast! Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2011.70_0 [2013-12-25]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 [2013-12-24]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 [2013-12-24]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-10-22]
==================== Services (Whitelisted) =================
S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-20] (AVAST Software)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [805888 2012-11-29] ()
R2 HPSLPSVC; C:\Users\User\AppData\Local\Temp\7zS2CC0\hpslpsvc64.dll [1039360 2013-02-06] (Hewlett-Packard Co.)
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [107912 2008-10-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2013-06-11] (Intel Corporation)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-18] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [18360 2013-10-23] (Overwolf Ltd)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-05] ()
S4 TomTomHOMEService; D:\Tom Tom Home\TomTom HOME 2\TomTomHOMEService.exe [93072 2013-08-27] (TomTom)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143552 2012-04-05] (TuneUp Software)
R2 VMAuthdService; D:\VM Ware\Installation\vmware-authd.exe [86096 2013-10-18] (VMware, Inc.)
R2 VMwareHostd; D:\VM Ware\Installation\vmware-hostd.exe [14405200 2013-10-18] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3388144 2013-04-18] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2013-12-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-10-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2013-12-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2013-12-20] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2013-12-20] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-20] ()
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-11-04] (Disc Soft Ltd)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-07-18] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
S3 INIDVD; C:\Windows\System32\DRIVERS\inidvd.sys [18456 2010-10-26] (Initio Corporation)
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [165504 2013-07-08] (ITE )
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44344 2013-06-11] (Synaptics Incorporated)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2013-10-29] (Duplex Secure Ltd.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-03-29] (TuneUp Software)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
S3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1307648 2009-10-01] (C-Media Electronics Inc)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.)
R3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-13 10:33 - 2014-01-13 10:34 - 00025048 _____ C:\Users\User\Downloads\FRST.txt
2014-01-13 10:33 - 2014-01-13 10:33 - 00000000 ____D C:\FRST
2014-01-13 10:29 - 2014-01-13 10:30 - 02075648 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-01-13 10:17 - 2014-01-13 10:17 - 00050477 _____ C:\Users\User\Downloads\Defogger.exe
2014-01-13 10:17 - 2014-01-13 10:17 - 00000648 _____ C:\Users\User\Desktop\defogger_disable.log
2014-01-13 10:17 - 2014-01-13 10:17 - 00000594 _____ C:\Users\User\defogger_reenable
2014-01-12 22:16 - 2014-01-12 22:16 - 00000000 ____D C:\Users\User\AppData\Roaming\NVIDIA Corporation
2014-01-12 02:21 - 2014-01-12 02:21 - 00000000 ____D C:\Users\Public\Documents\Cyberlink
2014-01-12 02:21 - 2014-01-12 02:21 - 00000000 ____D C:\Users\User\Documents\Avatar
2014-01-12 02:18 - 2014-01-13 10:21 - 00000000 ____D C:\Users\User\Documents\Youcam
2014-01-12 02:18 - 2014-01-12 19:56 - 00000000 ____D C:\Users\User\AppData\Local\CyberLink
2014-01-12 02:18 - 2014-01-12 02:18 - 00001355 _____ C:\Users\Public\Desktop\CyberLink YouCam 5.lnk
2014-01-12 02:18 - 2011-04-14 04:47 - 00031216 _____ (CyberLink Corporation) C:\Windows\system32\Drivers\clwvd.sys
2014-01-12 02:06 - 2014-01-12 02:10 - 00000000 ____D C:\Users\User\Downloads\YouCam 5 v5.0.0909 PreActivated
2014-01-11 19:02 - 2014-01-11 19:02 - 00000990 _____ C:\Windows\DirectX.log
2014-01-11 19:00 - 2014-01-11 19:10 - 100793648 _____ ( ) C:\Users\User\Downloads\Power2Go_133215(8.0.0)_HDPI_LE_HideMPEGAudio_LE_P2G130815-01.exe
2014-01-11 18:58 - 2014-01-11 18:58 - 00000000 ____D C:\Program Files\NVIDIA GPU Computing Toolkit
2014-01-11 18:54 - 2014-01-13 10:19 - 00001167 _____ C:\Windows\setupact.log
2014-01-11 18:54 - 2014-01-11 18:54 - 00000000 _____ C:\Windows\setuperr.log
2014-01-11 18:50 - 2014-01-11 18:57 - 142546944 _____ C:\Users\User\Downloads\rescue-cd-3.16-63801.iso
2014-01-11 18:47 - 2014-01-11 18:47 - 00001812 _____ C:\Windows\SysWOW64\readme.txt
2014-01-11 18:47 - 2014-01-11 18:47 - 00000000 ____D C:\Users\User\AppData\Roaming\f-secure
2014-01-11 18:46 - 2014-01-11 18:47 - 00000000 ____D C:\ProgramData\F-Secure
2014-01-11 18:46 - 2014-01-11 18:46 - 00000000 ____D C:\ProgramData\boost_interprocess
2014-01-11 10:33 - 2014-01-11 10:34 - 00000000 ____D C:\Users\User\AppData\Local\Edwtion
2014-01-10 22:57 - 2014-01-11 00:18 - 00000000 ____D C:\Users\User\Downloads\hobbit.2.dvdscr.ld.xvid-thsc.mp4
2014-01-10 14:58 - 2014-01-10 15:45 - 00002754 _____ C:\Users\User\Desktop\Witz.txt
2014-01-10 14:53 - 2014-01-10 14:53 - 00000049 _____ C:\Users\User\Desktop\Forum Dota.txt
2014-01-10 11:45 - 2014-01-10 11:45 - 27923456 _____ C:\Users\User\Downloads\PhysX-9.13.0725-SystemSoftware.msi
2014-01-10 11:39 - 2014-01-10 11:39 - 00000000 ____D C:\Windows\SysWOW64\NV
2014-01-10 11:39 - 2014-01-10 11:39 - 00000000 ____D C:\Windows\system32\NV
2014-01-10 11:37 - 2013-12-10 03:15 - 00982232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-01-10 11:37 - 2013-12-10 03:14 - 01100248 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-01-10 11:34 - 2013-12-19 19:53 - 06671648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-01-10 11:34 - 2013-12-19 19:53 - 03490080 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-01-10 11:34 - 2013-12-19 19:53 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-01-10 11:34 - 2013-12-19 19:53 - 01065248 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2014-01-10 11:34 - 2013-12-19 19:53 - 00922912 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-01-10 11:34 - 2013-12-19 19:53 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-01-10 11:34 - 2013-12-19 19:53 - 00067072 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2014-01-10 11:34 - 2013-12-19 19:53 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-01-10 11:34 - 2013-12-19 06:01 - 03539040 _____ C:\Windows\system32\nvcoproc.bin
2014-01-10 11:20 - 2013-12-19 21:33 - 30372640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-01-10 11:20 - 2013-12-19 21:33 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-01-10 11:20 - 2013-12-19 21:33 - 22960416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-01-10 11:20 - 2013-12-19 21:33 - 18310112 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-01-10 11:20 - 2013-12-19 21:33 - 18222008 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-01-10 11:20 - 2013-12-19 21:33 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-01-10 11:20 - 2013-12-19 21:33 - 15877216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-01-10 11:20 - 2013-12-19 21:33 - 15230352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-01-10 11:20 - 2013-12-19 21:33 - 12645664 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-01-10 11:20 - 2013-12-19 21:33 - 11605752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-01-10 11:20 - 2013-12-19 21:33 - 11554264 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-01-10 11:20 - 2013-12-19 21:33 - 09700224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-01-10 11:20 - 2013-12-19 21:33 - 09657464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-01-10 11:20 - 2013-12-19 21:33 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-01-10 11:20 - 2013-12-19 21:33 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-01-10 11:20 - 2013-12-19 21:33 - 03071656 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-01-10 11:20 - 2013-12-19 21:33 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-01-10 11:20 - 2013-12-19 21:33 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-01-10 11:20 - 2013-12-19 21:33 - 02698272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-01-10 11:20 - 2013-12-19 21:33 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433221.dll
2014-01-10 11:20 - 2013-12-19 21:33 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433221.dll
2014-01-10 11:20 - 2013-12-19 21:33 - 01436528 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-01-10 11:20 - 2013-12-19 21:33 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-01-10 11:20 - 2013-12-19 21:33 - 00882464 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-01-10 11:20 - 2013-12-19 21:33 - 00879392 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-01-10 11:20 - 2013-12-19 21:33 - 00852768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-01-10 11:20 - 2013-12-19 21:33 - 00847648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-01-10 11:20 - 2013-12-19 21:33 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-01-10 11:20 - 2013-12-19 21:33 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-01-10 11:20 - 2013-12-19 21:33 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-01-10 11:20 - 2013-12-19 21:33 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-01-10 11:20 - 2013-12-19 21:33 - 00032544 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2014-01-10 11:20 - 2013-12-19 21:33 - 00023754 _____ C:\Windows\system32\nvinfo.pb
2014-01-10 11:20 - 2013-12-05 09:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-01-10 11:20 - 2013-12-05 09:42 - 00035104 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2014-01-10 11:20 - 2013-12-05 09:42 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-01-10 10:47 - 2014-01-10 11:13 - 895645440 _____ (NVIDIA Corporation) C:\Users\User\Downloads\cuda_5.5.20_winvista_win7_win8_notebook_64.exe
2014-01-10 10:47 - 2014-01-10 10:58 - 266633424 _____ (NVIDIA Corporation) C:\Users\User\Downloads\332.21-notebook-win8-win7-64bit-international-whql.exe
2014-01-08 13:13 - 2014-01-08 13:53 - 74947032 _____ C:\Users\User\Downloads\Feel The Power Gaming Music Mix (Low).flv
2014-01-07 16:42 - 2014-01-07 16:42 - 00000000 ____D C:\Users\User\Downloads\KMS 8.1
2014-01-07 14:34 - 2014-01-07 21:29 - 00000000 ____D C:\Users\User\Downloads\Sailor Moon Staffel-001
2014-01-07 11:36 - 2014-01-08 11:58 - 00000000 ____D C:\Users\User\AppData\Roaming\VMware
2014-01-07 11:36 - 2014-01-08 11:58 - 00000000 ____D C:\Users\User\AppData\Local\VMware
2014-01-07 06:47 - 2014-01-07 06:52 - 69814913 _____ C:\Users\User\Downloads\Bei dem Anbllick deines Schwanzes fange ich an zu sabbern.flv
2014-01-07 06:25 - 2013-10-08 18:21 - 00073296 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2014-01-07 06:25 - 2013-10-08 18:21 - 00067664 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2014-01-07 06:25 - 2013-10-08 18:21 - 00063568 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2014-01-07 06:24 - 2013-10-18 12:46 - 00064080 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2014-01-07 06:24 - 2013-10-18 12:45 - 00930384 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2014-01-07 06:24 - 2013-10-18 12:45 - 00437328 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2014-01-07 06:24 - 2013-10-18 12:45 - 00358480 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2014-01-07 06:24 - 2013-10-18 12:45 - 00030800 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2014-01-07 06:24 - 2013-10-18 12:44 - 00032848 _____ (VMware, Inc.) C:\Windows\system32\Drivers\VMkbd.sys
2014-01-07 06:23 - 2014-01-07 06:23 - 00001655 _____ C:\Users\Public\Desktop\VMware Workstation.lnk
2014-01-07 06:23 - 2014-01-07 06:23 - 00001024 _____ C:\Windows\SysWOW64\%TMP%
2014-01-07 06:23 - 2014-01-07 06:23 - 00000000 ____D C:\Program Files\Common Files\VMware
2014-01-07 06:23 - 2013-10-09 08:04 - 00053816 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2014-01-07 06:22 - 2014-01-13 10:20 - 00000000 ____D C:\ProgramData\VMware
2014-01-07 06:22 - 2014-01-07 06:22 - 00000000 ____D C:\Program Files (x86)\VMware
2014-01-07 05:50 - 2014-01-07 05:50 - 00000000 ____D C:\Users\User\Downloads\VMware Workstation 10.0.1 Build 1379776
2014-01-06 20:23 - 2014-01-06 20:23 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2014-01-06 15:31 - 2014-01-06 15:31 - 00000000 ___SD C:\Users\User\Documents\Meine Datenquellen
2014-01-06 12:39 - 2014-01-07 10:23 - 408436736 _____ C:\Users\User\Downloads\Windows 8 AIO 16 in 1 RTM.iso
2014-01-06 12:36 - 2014-01-06 13:37 - 00000000 ____D C:\Users\User\AppData\Local\Lollipop
2014-01-06 01:16 - 2014-01-11 10:55 - 00000000 ____D C:\Users\User\Desktop\Musik neu
2014-01-05 22:51 - 2014-01-05 22:51 - 00000000 ____D C:\ProgramData\TomTom
2014-01-04 19:57 - 2014-01-04 19:58 - 00000000 ____D C:\Users\User\AppData\Local\dxhr
2014-01-04 19:17 - 2014-01-04 19:17 - 00000000 ____D C:\Users\User\AppData\Local\238010
2014-01-04 13:39 - 2014-01-06 11:39 - 00001090 _____ C:\Users\User\Desktop\left4uncut.exe - Verknüpfung.lnk
2014-01-04 13:36 - 2014-01-03 21:07 - 00567253 _____ C:\Users\User\Desktop\left4uncut_ver21.zip
2014-01-04 09:34 - 2014-01-05 13:36 - 00000000 ____D C:\Users\User\AppData\Local\Arma 3
2014-01-04 09:34 - 2014-01-04 21:34 - 00000000 ____D C:\Users\User\Documents\Arma 3
2014-01-04 09:34 - 2014-01-04 09:34 - 00000000 ____D C:\ProgramData\Bohemia Interactive
2014-01-02 23:17 - 2014-01-04 15:33 - 00000000 ____D C:\Users\User\AppData\Local\ArmA 2 OA
2014-01-02 23:17 - 2014-01-04 13:02 - 00000000 ____D C:\Users\User\Documents\ArmA 2
2014-01-02 21:13 - 2014-01-02 21:14 - 00000000 ____D C:\Users\User\Downloads\ALT
2013-12-31 14:24 - 2013-12-31 14:52 - 00000000 ____D C:\Users\User\Documents\Freemake
2013-12-31 14:24 - 2013-12-31 14:24 - 00001320 _____ C:\Users\Public\Desktop\Freemake Video Converter.lnk
2013-12-31 14:24 - 2013-12-31 14:24 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2013-12-31 14:23 - 2013-12-31 14:52 - 00000000 ____D C:\ProgramData\Freemake
2013-12-31 14:22 - 2013-12-31 14:24 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-12-31 12:12 - 2013-12-31 12:14 - 00000000 ____D C:\Users\User\AppData\Roaming\FreeFLVConverter
2013-12-31 12:12 - 2013-10-31 02:26 - 00397312 _____ (Koyote-Lab Inc) C:\Windows\SysWOW64\TubeFinder.exe
2013-12-31 12:12 - 2011-09-28 09:18 - 00364544 _____ C:\Windows\SysWOW64\PropertyGrid.ocx
2013-12-31 12:12 - 2011-09-28 09:18 - 00208500 _____ C:\Windows\SysWOW64\ReyXpBasics.tlb
2013-12-31 12:12 - 2011-09-28 09:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCFR.DLL
2013-12-31 12:12 - 2011-09-28 09:18 - 00119568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6FR.DLL
2013-12-31 12:12 - 2011-09-28 09:18 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6STKIT.DLL
2013-12-31 12:12 - 2011-09-28 09:18 - 00084512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PICCLP32.OCX
2013-12-31 12:12 - 2011-09-28 09:18 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CMDLGFR.DLL
2013-12-31 12:12 - 2011-09-28 09:18 - 00024576 _____ C:\Windows\SysWOW64\ControlSubX.ocx
2013-12-31 12:12 - 2011-09-28 09:18 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCCLPFR.DLL
2013-12-31 12:11 - 2014-01-01 20:50 - 00000000 ____D C:\Program Files (x86)\Free FLV Converter
2013-12-30 15:09 - 2013-12-30 15:09 - 00085645 _____ C:\Users\User\Desktop\Fritzbox Blacklist Filter.txt
2013-12-29 20:44 - 2013-12-29 20:45 - 00000765 _____ C:\Users\User\Desktop\Lets plays.txt
2013-12-28 13:29 - 2013-12-28 13:29 - 00000000 ____D C:\ProgramData\Solidshield
2013-12-27 23:05 - 2013-12-27 23:05 - 00000000 ____D C:\Users\User\AppData\Roaming\27396
2013-12-27 23:00 - 2013-12-27 23:00 - 00000000 ____D C:\Users\User\Documents\DVDFab9
2013-12-27 22:16 - 2013-12-27 22:16 - 00000000 ____D C:\Program Files (x86)\ffdshow
2013-12-27 22:16 - 2011-05-26 16:30 - 00073216 _____ C:\Windows\SysWOW64\ff_vfw.dll
2013-12-27 22:14 - 2013-12-27 22:14 - 00000000 ____D C:\Users\User\AppData\Roaming\Stereoscopic Player
2013-12-27 20:48 - 2013-12-27 20:48 - 00000000 ____D C:\Download
2013-12-27 20:48 - 2013-12-27 20:48 - 00000000 ____D C:\AllShare
2013-12-26 16:14 - 2013-12-26 16:14 - 00000063 _____ C:\Users\User\Desktop\Sat-Receiver.txt
2013-12-22 14:19 - 2013-12-22 14:19 - 00000000 ____D C:\Users\User\AppData\Local\Electronic Arts
2013-12-22 13:50 - 2013-12-22 13:50 - 00000000 ____D C:\Users\User\Documents\Electronic Arts
2013-12-21 16:08 - 2013-12-21 16:19 - 2120024064 _____ C:\Users\User\Desktop\FS13 Titanium.iso
2013-12-21 12:43 - 2013-12-21 12:43 - 00103002 _____ C:\Users\User\Documents\cc_20131221_124335.reg
2013-12-21 12:43 - 2013-12-21 12:43 - 00001078 _____ C:\Users\User\Documents\cc_20131221_124352.reg
2013-12-21 12:37 - 2014-01-11 18:22 - 00000000 ____D C:\Users\User\AppData\Roaming\newnext.me
2013-12-21 12:37 - 2013-12-21 12:45 - 00000000 ____D C:\Users\User\AppData\Local\Mobogenie
2013-12-21 12:37 - 2013-12-21 12:38 - 00000000 ____D C:\Users\User\AppData\Local\cache
2013-12-21 12:37 - 2013-12-21 12:37 - 00000000 ____D C:\Users\User\Documents\Mobogenie
2013-12-21 12:37 - 2013-12-21 12:37 - 00000000 ____D C:\Users\User\AppData\Local\genienext
2013-12-21 12:37 - 2013-12-21 12:37 - 00000000 ____D C:\Users\User\.android
2013-12-21 12:37 - 2013-12-21 12:37 - 00000000 _____ C:\Users\User\daemonprocess.txt
2013-12-21 12:36 - 2013-12-21 12:45 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2013-12-21 01:28 - 2013-12-21 01:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-20 14:40 - 2013-12-20 14:40 - 00000000 ____D C:\Users\User\AppData\Roaming\Nokia
2013-12-20 14:39 - 2013-12-20 14:41 - 00000000 ____D C:\Users\User\AppData\Roaming\MarkSpace
2013-12-20 14:39 - 2013-12-20 14:40 - 00000000 ____D C:\Program Files (x86)\MarkSpace
2013-12-20 14:03 - 2013-12-20 14:03 - 00000000 ___RD C:\Users\User\Podcasts
2013-12-20 12:46 - 2013-12-20 12:46 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2013-12-20 12:44 - 2013-12-20 12:44 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2013-12-20 12:36 - 2013-12-20 15:09 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2013-12-19 17:33 - 2013-12-19 17:33 - 00000000 ____D C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2013-12-19 12:20 - 2013-12-19 12:20 - 00590112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-12-15 20:12 - 2013-12-15 20:12 - 00015412 _____ C:\Windows\SysWOW64\BReWErS.dll
2013-12-14 17:06 - 2013-12-14 17:06 - 00000000 ____D C:\Crash
==================== One Month Modified Files and Folders =======
2014-01-13 10:34 - 2014-01-13 10:33 - 00025048 _____ C:\Users\User\Downloads\FRST.txt
2014-01-13 10:33 - 2014-01-13 10:33 - 00000000 ____D C:\FRST
2014-01-13 10:30 - 2014-01-13 10:29 - 02075648 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-01-13 10:29 - 2009-07-14 05:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-13 10:29 - 2009-07-14 05:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-13 10:25 - 2013-07-08 15:49 - 01647584 _____ C:\Windows\WindowsUpdate.log
2014-01-13 10:24 - 2009-07-14 18:58 - 00706952 _____ C:\Windows\system32\perfh007.dat
2014-01-13 10:24 - 2009-07-14 18:58 - 00152584 _____ C:\Windows\system32\perfc007.dat
2014-01-13 10:24 - 2009-07-14 06:13 - 01641048 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-13 10:21 - 2014-01-12 02:18 - 00000000 ____D C:\Users\User\Documents\Youcam
2014-01-13 10:21 - 2013-07-22 08:25 - 00000000 ____D C:\Users\User\AppData\Roaming\Dropbox
2014-01-13 10:20 - 2014-01-07 06:22 - 00000000 ____D C:\ProgramData\VMware
2014-01-13 10:19 - 2014-01-11 18:54 - 00001167 _____ C:\Windows\setupact.log
2014-01-13 10:19 - 2013-07-08 16:24 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-13 10:19 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-13 10:17 - 2014-01-13 10:17 - 00050477 _____ C:\Users\User\Downloads\Defogger.exe
2014-01-13 10:17 - 2014-01-13 10:17 - 00000648 _____ C:\Users\User\Desktop\defogger_disable.log
2014-01-13 10:17 - 2014-01-13 10:17 - 00000594 _____ C:\Users\User\defogger_reenable
2014-01-13 10:17 - 2013-07-08 15:53 - 00000000 ____D C:\Users\User
2014-01-13 10:14 - 2013-11-21 12:50 - 00000000 ____D C:\Users\User\AppData\Roaming\.minecraft
2014-01-13 09:16 - 2013-07-08 15:55 - 00000000 ___RD C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-13 09:15 - 2013-07-08 20:41 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-12 22:24 - 2013-07-08 23:39 - 00000000 ___RD C:\Users\User\Desktop\Icons
2014-01-12 22:24 - 2013-07-08 23:38 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc
2014-01-12 22:18 - 2013-07-22 23:12 - 00000000 ____D C:\Users\User\Documents\Outlook-Dateien
2014-01-12 22:16 - 2014-01-12 22:16 - 00000000 ____D C:\Users\User\AppData\Roaming\NVIDIA Corporation
2014-01-12 20:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2014-01-12 19:56 - 2014-01-12 02:18 - 00000000 ____D C:\Users\User\AppData\Local\CyberLink
2014-01-12 19:41 - 2013-07-08 16:46 - 00000000 ____D C:\Windows\Panther
2014-01-12 02:22 - 2013-07-19 16:32 - 00000000 ____D C:\Users\User\AppData\Roaming\BitTorrent
2014-01-12 02:22 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2014-01-12 02:21 - 2014-01-12 02:21 - 00000000 ____D C:\Users\Public\Documents\Cyberlink
2014-01-12 02:21 - 2014-01-12 02:21 - 00000000 ____D C:\Users\User\Documents\Avatar
2014-01-12 02:18 - 2014-01-12 02:18 - 00001355 _____ C:\Users\Public\Desktop\CyberLink YouCam 5.lnk
2014-01-12 02:18 - 2013-08-28 18:12 - 00000000 ____D C:\Users\User\AppData\Roaming\CyberLink
2014-01-12 02:16 - 2013-08-28 18:09 - 00000000 ____D C:\Program Files (x86)\CyberLink
2014-01-12 02:16 - 2013-07-08 16:13 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-12 02:10 - 2014-01-12 02:06 - 00000000 ____D C:\Users\User\Downloads\YouCam 5 v5.0.0909 PreActivated
2014-01-12 02:07 - 2013-11-28 19:52 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2014-01-11 23:48 - 2013-10-30 14:16 - 00000000 ____D C:\Program Files (x86)\Origin
2014-01-11 21:14 - 2013-07-09 16:20 - 00003696 _____ C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-01-11 20:47 - 2013-08-09 18:30 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-11 20:47 - 2013-08-04 18:38 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-11 20:47 - 2013-08-04 18:38 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-11 19:11 - 2013-10-09 20:16 - 00002770 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-11 19:10 - 2014-01-11 19:00 - 100793648 _____ ( ) C:\Users\User\Downloads\Power2Go_133215(8.0.0)_HDPI_LE_HideMPEGAudio_LE_P2G130815-01.exe
2014-01-11 19:02 - 2014-01-11 19:02 - 00000990 _____ C:\Windows\DirectX.log
2014-01-11 19:01 - 2013-07-08 23:36 - 00000000 ____D C:\Users\User\AppData\Roaming\DAEMON Tools Lite
2014-01-11 19:01 - 2013-07-08 16:23 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2014-01-11 19:01 - 2013-07-08 16:23 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2014-01-11 19:01 - 2013-07-08 16:22 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2014-01-11 18:58 - 2014-01-11 18:58 - 00000000 ____D C:\Program Files\NVIDIA GPU Computing Toolkit
2014-01-11 18:57 - 2014-01-11 18:50 - 142546944 _____ C:\Users\User\Downloads\rescue-cd-3.16-63801.iso
2014-01-11 18:54 - 2014-01-11 18:54 - 00000000 _____ C:\Windows\setuperr.log
2014-01-11 18:47 - 2014-01-11 18:47 - 00001812 _____ C:\Windows\SysWOW64\readme.txt
2014-01-11 18:47 - 2014-01-11 18:47 - 00000000 ____D C:\Users\User\AppData\Roaming\f-secure
2014-01-11 18:47 - 2014-01-11 18:46 - 00000000 ____D C:\ProgramData\F-Secure
2014-01-11 18:46 - 2014-01-11 18:46 - 00000000 ____D C:\ProgramData\boost_interprocess
2014-01-11 18:32 - 2013-07-11 13:21 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
2014-01-11 18:32 - 2013-07-11 12:09 - 00000000 ____D C:\AeriaGames
2014-01-11 18:26 - 2013-08-09 18:30 - 00003824 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-11 18:26 - 2013-08-04 18:38 - 00004112 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-01-11 18:26 - 2013-08-04 18:38 - 00003860 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-01-11 18:26 - 2013-07-24 15:43 - 00003740 _____ C:\Windows\System32\Tasks\Divx-Online-Aktualisierungsprogramm
2014-01-11 18:22 - 2013-12-21 12:37 - 00000000 ____D C:\Users\User\AppData\Roaming\newnext.me
2014-01-11 10:55 - 2014-01-06 01:16 - 00000000 ____D C:\Users\User\Desktop\Musik neu
2014-01-11 10:34 - 2014-01-11 10:33 - 00000000 ____D C:\Users\User\AppData\Local\Edwtion
2014-01-11 00:18 - 2014-01-10 22:57 - 00000000 ____D C:\Users\User\Downloads\hobbit.2.dvdscr.ld.xvid-thsc.mp4
2014-01-10 17:50 - 2013-12-10 15:48 - 00000000 ____D C:\Users\User\AppData\Roaming\FileZilla
2014-01-10 17:28 - 2013-10-28 09:35 - 00406528 ___SH C:\Users\User\Desktop\Thumbs.db
2014-01-10 15:45 - 2014-01-10 14:58 - 00002754 _____ C:\Users\User\Desktop\Witz.txt
2014-01-10 14:53 - 2014-01-10 14:53 - 00000049 _____ C:\Users\User\Desktop\Forum Dota.txt
2014-01-10 11:45 - 2014-01-10 11:45 - 27923456 _____ C:\Users\User\Downloads\PhysX-9.13.0725-SystemSoftware.msi
2014-01-10 11:39 - 2014-01-10 11:39 - 00000000 ____D C:\Windows\SysWOW64\NV
2014-01-10 11:39 - 2014-01-10 11:39 - 00000000 ____D C:\Windows\system32\NV
2014-01-10 11:34 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Help
2014-01-10 11:20 - 2013-11-20 07:30 - 00000000 ____D C:\Users\User\AppData\Local\NVIDIA Corporation
2014-01-10 11:20 - 2013-08-31 15:37 - 00000000 ____D C:\Users\User\AppData\Local\NVIDIA
2014-01-10 11:13 - 2014-01-10 10:47 - 895645440 _____ (NVIDIA Corporation) C:\Users\User\Downloads\cuda_5.5.20_winvista_win7_win8_notebook_64.exe
2014-01-10 10:58 - 2014-01-10 10:47 - 266633424 _____ (NVIDIA Corporation) C:\Users\User\Downloads\332.21-notebook-win8-win7-64bit-international-whql.exe
2014-01-10 10:07 - 2013-07-25 15:01 - 00000000 ____D C:\Users\User\Desktop\Games
2014-01-09 15:01 - 2013-07-13 14:04 - 00000000 ____D C:\Users\User\Documents\Any Video Converter
2014-01-09 12:45 - 2013-12-05 20:34 - 00005743 _____ C:\Users\User\Documents\TombRaider.log
2014-01-08 13:53 - 2014-01-08 13:13 - 74947032 _____ C:\Users\User\Downloads\Feel The Power Gaming Music Mix (Low).flv
2014-01-08 11:58 - 2014-01-07 11:36 - 00000000 ____D C:\Users\User\AppData\Roaming\VMware
2014-01-08 11:58 - 2014-01-07 11:36 - 00000000 ____D C:\Users\User\AppData\Local\VMware
2014-01-08 11:51 - 2013-07-22 08:27 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-07 21:29 - 2014-01-07 14:34 - 00000000 ____D C:\Users\User\Downloads\Sailor Moon Staffel-001
2014-01-07 17:22 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2014-01-07 16:42 - 2014-01-07 16:42 - 00000000 ____D C:\Users\User\Downloads\KMS 8.1
2014-01-07 10:23 - 2014-01-06 12:39 - 408436736 _____ C:\Users\User\Downloads\Windows 8 AIO 16 in 1 RTM.iso
2014-01-07 06:52 - 2014-01-07 06:47 - 69814913 _____ C:\Users\User\Downloads\Bei dem Anbllick deines Schwanzes fange ich an zu sabbern.flv
2014-01-07 06:23 - 2014-01-07 06:23 - 00001655 _____ C:\Users\Public\Desktop\VMware Workstation.lnk
2014-01-07 06:23 - 2014-01-07 06:23 - 00001024 _____ C:\Windows\SysWOW64\%TMP%
2014-01-07 06:23 - 2014-01-07 06:23 - 00000000 ____D C:\Program Files\Common Files\VMware
2014-01-07 06:23 - 2013-07-08 16:17 - 01661876 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-07 06:22 - 2014-01-07 06:22 - 00000000 ____D C:\Program Files (x86)\VMware
2014-01-07 05:50 - 2014-01-07 05:50 - 00000000 ____D C:\Users\User\Downloads\VMware Workstation 10.0.1 Build 1379776
2014-01-06 20:23 - 2014-01-06 20:23 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2014-01-06 15:31 - 2014-01-06 15:31 - 00000000 ___SD C:\Users\User\Documents\Meine Datenquellen
2014-01-06 14:27 - 2011-05-01 09:30 - 00020896 _____ C:\Users\User\Desktop\Mein Bücherkatalog.xlsx
2014-01-06 13:38 - 2013-11-16 18:19 - 00000000 ____D C:\Program Files (x86)\Zylom Games
2014-01-06 13:37 - 2014-01-06 12:36 - 00000000 ____D C:\Users\User\AppData\Local\Lollipop
2014-01-06 11:39 - 2014-01-04 13:39 - 00001090 _____ C:\Users\User\Desktop\left4uncut.exe - Verknüpfung.lnk
2014-01-05 22:51 - 2014-01-05 22:51 - 00000000 ____D C:\ProgramData\TomTom
2014-01-05 22:45 - 2013-07-14 19:06 - 00000000 ____D C:\Users\User\AppData\Local\Downloaded Installations
2014-01-05 13:36 - 2014-01-04 09:34 - 00000000 ____D C:\Users\User\AppData\Local\Arma 3
2014-01-04 21:34 - 2014-01-04 09:34 - 00000000 ____D C:\Users\User\Documents\Arma 3
2014-01-04 19:58 - 2014-01-04 19:57 - 00000000 ____D C:\Users\User\AppData\Local\dxhr
2014-01-04 19:17 - 2014-01-04 19:17 - 00000000 ____D C:\Users\User\AppData\Local\238010
2014-01-04 19:14 - 2013-07-08 16:07 - 00000000 ____D C:\ProgramData\Intel
2014-01-04 15:33 - 2014-01-02 23:17 - 00000000 ____D C:\Users\User\AppData\Local\ArmA 2 OA
2014-01-04 13:02 - 2014-01-02 23:17 - 00000000 ____D C:\Users\User\Documents\ArmA 2
2014-01-04 11:31 - 2013-07-09 11:12 - 00000000 ____D C:\Users\User\MP Navigator EX
2014-01-04 11:30 - 2013-07-09 11:05 - 00000000 ____D C:\ProgramData\CanonIJPLM
2014-01-04 09:34 - 2014-01-04 09:34 - 00000000 ____D C:\ProgramData\Bohemia Interactive
2014-01-03 21:07 - 2014-01-04 13:36 - 00567253 _____ C:\Users\User\Desktop\left4uncut_ver21.zip
2014-01-03 19:22 - 2013-08-18 14:40 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-01-03 14:16 - 2013-07-18 22:33 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-01-02 23:17 - 2013-09-19 17:49 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2014-01-02 21:14 - 2014-01-02 21:13 - 00000000 ____D C:\Users\User\Downloads\ALT
2014-01-01 20:50 - 2013-12-31 12:11 - 00000000 ____D C:\Program Files (x86)\Free FLV Converter
2013-12-31 14:52 - 2013-12-31 14:24 - 00000000 ____D C:\Users\User\Documents\Freemake
2013-12-31 14:52 - 2013-12-31 14:23 - 00000000 ____D C:\ProgramData\Freemake
2013-12-31 14:24 - 2013-12-31 14:24 - 00001320 _____ C:\Users\Public\Desktop\Freemake Video Converter.lnk
2013-12-31 14:24 - 2013-12-31 14:24 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2013-12-31 14:24 - 2013-12-31 14:22 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-12-31 12:14 - 2013-12-31 12:12 - 00000000 ____D C:\Users\User\AppData\Roaming\FreeFLVConverter
2013-12-30 15:09 - 2013-12-30 15:09 - 00085645 _____ C:\Users\User\Desktop\Fritzbox Blacklist Filter.txt
2013-12-30 01:09 - 2013-07-17 21:14 - 00291296 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-12-30 01:09 - 2013-07-16 16:41 - 00291296 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-12-30 00:34 - 2013-07-16 16:41 - 00291296 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-12-29 20:45 - 2013-12-29 20:44 - 00000765 _____ C:\Users\User\Desktop\Lets plays.txt
2013-12-28 13:29 - 2013-12-28 13:29 - 00000000 ____D C:\ProgramData\Solidshield
2013-12-28 13:29 - 2013-07-15 14:51 - 00000000 ____D C:\Users\User\Documents\My Games
2013-12-27 23:05 - 2013-12-27 23:05 - 00000000 ____D C:\Users\User\AppData\Roaming\27396
2013-12-27 23:00 - 2013-12-27 23:00 - 00000000 ____D C:\Users\User\Documents\DVDFab9
2013-12-27 22:16 - 2013-12-27 22:16 - 00000000 ____D C:\Program Files (x86)\ffdshow
2013-12-27 22:14 - 2013-12-27 22:14 - 00000000 ____D C:\Users\User\AppData\Roaming\Stereoscopic Player
2013-12-27 20:48 - 2013-12-27 20:48 - 00000000 ____D C:\Download
2013-12-27 20:48 - 2013-12-27 20:48 - 00000000 ____D C:\AllShare
2013-12-27 20:48 - 2013-09-05 21:54 - 00000000 ____D C:\Users\User\AppData\Roaming\Samsung
2013-12-27 20:47 - 2013-09-06 05:27 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-12-27 15:55 - 2013-07-19 21:50 - 00000000 ____D C:\Users\User\AppData\Roaming\DivX
2013-12-26 22:31 - 2013-09-19 06:53 - 00001733 _____ C:\Windows\Cm106.ini.imi
2013-12-26 16:14 - 2013-12-26 16:14 - 00000063 _____ C:\Users\User\Desktop\Sat-Receiver.txt
2013-12-24 00:01 - 2013-07-09 09:56 - 00000000 ____D C:\Users\User\AppData\Local\Google
2013-12-24 00:01 - 2013-07-09 09:56 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-22 14:19 - 2013-12-22 14:19 - 00000000 ____D C:\Users\User\AppData\Local\Electronic Arts
2013-12-22 13:50 - 2013-12-22 13:50 - 00000000 ____D C:\Users\User\Documents\Electronic Arts
2013-12-21 16:19 - 2013-12-21 16:08 - 2120024064 _____ C:\Users\User\Desktop\FS13 Titanium.iso
2013-12-21 13:41 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-21 12:50 - 2013-07-08 23:34 - 00000000 ____D C:\Users\User\AppData\Roaming\Notepad++
2013-12-21 12:45 - 2013-12-21 12:37 - 00000000 ____D C:\Users\User\AppData\Local\Mobogenie
2013-12-21 12:45 - 2013-12-21 12:36 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2013-12-21 12:43 - 2013-12-21 12:43 - 00103002 _____ C:\Users\User\Documents\cc_20131221_124335.reg
2013-12-21 12:43 - 2013-12-21 12:43 - 00001078 _____ C:\Users\User\Documents\cc_20131221_124352.reg
2013-12-21 12:38 - 2013-12-21 12:37 - 00000000 ____D C:\Users\User\AppData\Local\cache
2013-12-21 12:37 - 2013-12-21 12:37 - 00000000 ____D C:\Users\User\Documents\Mobogenie
2013-12-21 12:37 - 2013-12-21 12:37 - 00000000 ____D C:\Users\User\AppData\Local\genienext
2013-12-21 12:37 - 2013-12-21 12:37 - 00000000 ____D C:\Users\User\.android
2013-12-21 12:37 - 2013-12-21 12:37 - 00000000 _____ C:\Users\User\daemonprocess.txt
2013-12-21 12:06 - 2013-07-08 20:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-21 01:28 - 2013-12-21 01:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-20 15:09 - 2013-12-20 12:36 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2013-12-20 14:41 - 2013-12-20 14:39 - 00000000 ____D C:\Users\User\AppData\Roaming\MarkSpace
2013-12-20 14:40 - 2013-12-20 14:40 - 00000000 ____D C:\Users\User\AppData\Roaming\Nokia
2013-12-20 14:40 - 2013-12-20 14:39 - 00000000 ____D C:\Program Files (x86)\MarkSpace
2013-12-20 14:03 - 2013-12-20 14:03 - 00000000 ___RD C:\Users\User\Podcasts
2013-12-20 12:46 - 2013-12-20 12:46 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2013-12-20 12:44 - 2013-12-20 12:44 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2013-12-20 12:36 - 2013-07-08 20:41 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-12-20 12:36 - 2013-07-08 20:41 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2013-12-20 12:36 - 2013-07-08 20:41 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-12-20 12:36 - 2013-07-08 20:41 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-12-20 12:36 - 2013-07-08 20:41 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-12-20 12:36 - 2013-07-08 20:40 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-12-19 21:33 - 2014-01-10 11:20 - 30372640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-12-19 21:33 - 2014-01-10 11:20 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-12-19 21:33 - 2014-01-10 11:20 - 22960416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-12-19 21:33 - 2014-01-10 11:20 - 18310112 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-12-19 21:33 - 2014-01-10 11:20 - 18222008 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-12-19 21:33 - 2014-01-10 11:20 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-12-19 21:33 - 2014-01-10 11:20 - 15877216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-12-19 21:33 - 2014-01-10 11:20 - 15230352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-12-19 21:33 - 2014-01-10 11:20 - 12645664 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-12-19 21:33 - 2014-01-10 11:20 - 11605752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-12-19 21:33 - 2014-01-10 11:20 - 11554264 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-12-19 21:33 - 2014-01-10 11:20 - 09700224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-12-19 21:33 - 2014-01-10 11:20 - 09657464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-12-19 21:33 - 2014-01-10 11:20 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-12-19 21:33 - 2014-01-10 11:20 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-12-19 21:33 - 2014-01-10 11:20 - 03071656 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-12-19 21:33 - 2014-01-10 11:20 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-12-19 21:33 - 2014-01-10 11:20 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-12-19 21:33 - 2014-01-10 11:20 - 02698272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-12-19 21:33 - 2014-01-10 11:20 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433221.dll
2013-12-19 21:33 - 2014-01-10 11:20 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433221.dll
2013-12-19 21:33 - 2014-01-10 11:20 - 01436528 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2013-12-19 21:33 - 2014-01-10 11:20 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-12-19 21:33 - 2014-01-10 11:20 - 00882464 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-12-19 21:33 - 2014-01-10 11:20 - 00879392 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-12-19 21:33 - 2014-01-10 11:20 - 00852768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-12-19 21:33 - 2014-01-10 11:20 - 00847648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-12-19 21:33 - 2014-01-10 11:20 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-12-19 21:33 - 2014-01-10 11:20 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-12-19 21:33 - 2014-01-10 11:20 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-12-19 21:33 - 2014-01-10 11:20 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-12-19 21:33 - 2014-01-10 11:20 - 00032544 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2013-12-19 21:33 - 2014-01-10 11:20 - 00023754 _____ C:\Windows\system32\nvinfo.pb
2013-12-19 19:53 - 2014-01-10 11:34 - 06671648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-12-19 19:53 - 2014-01-10 11:34 - 03490080 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-12-19 19:53 - 2014-01-10 11:34 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2013-12-19 19:53 - 2014-01-10 11:34 - 01065248 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2013-12-19 19:53 - 2014-01-10 11:34 - 00922912 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-12-19 19:53 - 2014-01-10 11:34 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-12-19 19:53 - 2014-01-10 11:34 - 00067072 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2013-12-19 19:53 - 2014-01-10 11:34 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-12-19 17:33 - 2013-12-19 17:33 - 00000000 ____D C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2013-12-19 17:33 - 2013-09-19 10:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-12-19 12:20 - 2013-12-19 12:20 - 00590112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-12-19 06:01 - 2014-01-10 11:34 - 03539040 _____ C:\Windows\system32\nvcoproc.bin
2013-12-15 22:52 - 2013-10-08 10:16 - 00000000 ____D C:\Users\User\Documents\Visual Studio 2005
2013-12-15 20:52 - 2013-07-09 11:13 - 00000000 ____D C:\ProgramData\CanonIJ
2013-12-15 20:12 - 2013-12-15 20:12 - 00015412 _____ C:\Windows\SysWOW64\BReWErS.dll
2013-12-14 19:23 - 2013-07-17 21:14 - 00000000 ____D C:\Users\User\AppData\Local\PunkBuster
2013-12-14 17:06 - 2013-12-14 17:06 - 00000000 ____D C:\Crash
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\DivXSetup.exe
C:\Users\User\AppData\Local\Temp\fs_health_check.exe
C:\Users\User\AppData\Local\Temp\htmlayout.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-09 02:22
==================== End Of Log ============================
--- --- --- FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-01-2014 01
Ran by User at 2014-01-13 10:34:36
Running from C:\Users\User\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
7-Zip 9.20 (x32 Version: - )
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles CS CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS4 (x32 Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Fonts All (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 (x32 Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (x32 Version: 1.1 - Adobe Systems Incorporated)
Adobe Output Module (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (x32 Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop CS4 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 Support (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Search for Help (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Service Manager Extension (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player (x32 Version: 11.0 - Adobe Systems, Inc.)
Adobe Type Support CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (x32 Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (x32 Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetCMYK (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetRGB (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Advanced Archive Password Recovery (HKCU Version: 4.53 - ElcomSoft Co. Ltd.)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Akamai NetSession Interface (HKCU Version: - Akamai Technologies, Inc)
Any Video Converter 5.0.7 (x32 Version: - Any-Video-Converter.com)
ArcSoft PhotoStudio 6 (x32 Version: 6.0.1.134 - ArcSoft)
Arma 2 (x32 Version: - Bohemia Interactive)
ARMA 2 Dedicated Server (x32 Version: - Bohemia Interactive)
Arma 2: Operation Arrowhead - Dedicated Server (x32 Version: - Bohemia Interactive)
Arma 2: Operation Arrowhead (x32 Version: - Bohemia Interactive)
Arma 3 (x32 Version: - Bohemia Interactive)
Arma 3 Server (x32 Version: - Bohemia Interactive)
Arma 3 Tools (x32 Version: - Bohemia Interactive)
ArmA Uninstall (x32 Version: - )
Assassin's Creed(R) III v1.06 (x32 Version: 1.06 - Ubisoft)
Astroburn Lite (x32 Version: 1.8.0.0182 - Disc Soft Ltd)
ASUS Turbo Engine v1.3 (x32 Version: - ASUS)
avast! Free Antivirus (x32 Version: 9.0.2011 - Avast Software)
Bandicam (x32 Version: 1.9.1.419 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (x32 Version: - Bandisoft.com)
Battlefield 2(TM) (x32 Version: - )
Battlefield 3™ (x32 Version: 1.0.0.0 - Electronic Arts)
Battlefield 4™ (x32 Version: 1.0.0.1 - Electronic Arts)
Battlelog Web Plugins (x32 Version: 2.3.2 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (x32 Version: - )
BitTorrent (HKCU Version: 7.8.2.30332 - BitTorrent Inc.)
Bulletstorm (x32 Version: 1.0.0000.130 - EA)
Bulletstorm (x32 Version: 1.0.0000.130 - EA) Hidden
BulletStorm (x32 Version: 1.0.0001.130 - EA) Hidden
Call of Duty Ghosts Update 2 (x32 Version: 1 - )
Call of Duty: Modern Warfare 2 - Multiplayer (x32 Version: - Infinity Ward)
Call of Duty: Modern Warfare 2 (x32 Version: - Infinity Ward)
Call of Duty: Modern Warfare 3 - Dedicated Server (x32 Version: - Infinity Ward - Sledgehammer Games)
Call of Duty: Modern Warfare 3 - Multiplayer (x32 Version: - Infinity Ward)
Call of Duty: Modern Warfare 3 (x32 Version: - Infinity Ward)
Canon IJ Network Scan Utility (x32 Version: - )
Canon IJ Network Tool (x32 Version: 3.1.1 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (x32 Version: - )
Canon MG5200 series MP Drivers (Version: - Canon Inc.)
Canon MP Navigator EX 2.1 (x32 Version: - )
Canon MP Navigator EX 4.0 (x32 Version: - )
Canon Utilities Solution Menu (x32 Version: - )
CanoScan LiDE 700F Scanner Driver (Version: - )
CCleaner (Version: 4.06 - Piriform)
Clive Barker's Jericho (x32 Version: 0.10.0000 - Codemasters)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Content Manager 2 (x32 Version: 3.10.0.52790 - NNG Llc.)
Counter-Strike: Source (x32 Version: - Valve)
Crysis® 2 (x32 Version: 1.0.0.0 - Electronic Arts)
CyberLink Power2Go (x32 Version: 7.0.0.1126 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 7.0.0.1126 - CyberLink Corp.) Hidden
CyberLink YouCam 5 (x32 Version: 5.0.0909 - CyberLink Corp.)
CyberLink YouCam 5 (x32 Version: 5.0.0909 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (x32 Version: 4.48.1.0347 - Disc Soft Ltd)
Dead Space™ (x32 Version: 1.0.222.0 - Electronic Arts)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft)
DER HERR DER RINGE: DIE GEFÄHRTEN (x32 Version: 1.01.0453 - Ihr Firmenname)
DER HERR DER RINGE: DIE GEFÄHRTEN (x32 Version: 1.01.0453 - Ihr Firmenname) Hidden
Deus Ex: Human Revolution - Director's Cut (x32 Version: - Eidos Montreal)
DivX-Setup (x32 Version: 2.6.1.87 - DivX, LLC)
Dolby Home Theater v4 (x32 Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dota 2 (x32 Version: - Valve)
Driver Fusion (x32 Version: - Treexy)
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
ESN Sonar (x32 Version: 0.70.4 - ESN Social Software AB)
Euro Truck Simulator 2 (x32 Version: 1.1.1 - SCS Software)
Extended Asian Language font pack for Adobe Reader XI (x32 Version: 11.0.0 - Adobe Systems Incorporated)
Far Cry 3 (x32 Version: 1.05 - Ubisoft)
ffdshow v1.1.3892 [2011-06-20] (x32 Version: 1.1.3892.0 - )
FileZilla Client 3.7.3 (x32 Version: 3.7.3 - Tim Kosse)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Franzis Führerschein Trainer 2012 (x32 Version: 1.0 - Franzis Verlag GmbH, Poing)
Freemake Video Converter Version 4.1.2 (x32 Version: 4.1.2 - Ellora Assets Corporation)
Gameforge Live 1.9.0 "Legend" (x32 Version: 1.9.0 - Gameforge)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)
Google Earth Plug-in (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Grand Theft Auto IV (x32 Version: 1.00.0000 - Rockstar Games)
Hama Black Force Pad (x32 Version: 2007.01.01 - )
Intel(R) Control Center (x32 Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252 - Intel Corporation)
Intel(R) My WiFi Dashboard (Version: 15.03.0000.0222 - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2932 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 15.8.0.0548 - Intel Corporation) Hidden
Intel(R) PROSet/Wireless WiFi Software Driver (Version: 15.08.0000.0249 - Intel Corporation) Hidden
Intel(R) Rapid Storage Technology (x32 Version: 11.6.0.1030 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.4.220 - Intel Corporation)
Intel(R) WiDi (Version: 3.5.40.0 - Intel Corporation)
Intel® PROSet/Wireless Software (x32 Version: 15.8.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 15.08.0000.0172 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
James Cameron's AVATAR(tm): DAS SPIEL (x32 Version: 1.01.00 - Ubisoft)
Java 7 Update 45 (64-bit) (Version: 7.0.450 - Oracle)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 25 (64-bit) (Version: 1.7.0.250 - Oracle)
Java SE Development Kit 7 Update 40 (64-bit) (Version: 1.7.0.400 - Oracle)
Java SE Development Kit 7 Update 40 (x32 Version: 1.7.0.400 - Oracle)
JDownloader 0.9 (x32 Version: 0.9 - AppWork GmbH)
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Landwirtschafts Simulator 2013 (x32 Version: 1.0 - GIANTS Software)
Left 4 Dead 2 (x32 Version: - Valve)
Lern-o-Mat (x32 Version: - )
MAGIX Online Druck Service (x32 Version: 3.4.3.0 - MAGIX AG)
MAGIX Xtreme Web Designer 5 5.0.2.10712 (D) (x32 Version: 5.0.2.10712 - MAGIX AG)
MEDUSA NX USB 5.1 Gaming Headset (Version: - )
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (x32 Version: 3.3.24.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.2.3.0 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Social Connector Provider for Facebook 32-bit (x32 Version: 14.0.6114.5003 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Windows Media Video 9 VCM (x32 Version: - )
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKCU Version: - )
MySQL Connector/ODBC 3.51 (x32 Version: 3.51.27 - MySQL AB)
Notepad++ (x32 Version: 6.5.2 - Notepad++ Team)
NVIDIA 3D Vision Treiber 332.21 (Version: 332.21 - NVIDIA Corporation)
NVIDIA CUDA Documentation 5.5 (Version: 5.5 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.1 (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 332.21 (Version: 332.21 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Nsight Visual Studio Edition 3.1.0.13141 (Version: 3.1.0.13141 - NVIDIA Corporation)
NVIDIA Optimus Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Legacy) (x32 Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3221 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (Version: 1.2.19 - NVIDIA Corporation)
OpenAL (x32 Version: - )
Oracle VM VirtualBox 4.2.18 (Version: 4.2.18 - Oracle Corporation)
Origin (x32 Version: 9.3.10.4710 - Electronic Arts, Inc.)
Overwolf (x32 Version: 0.45.266 - Overwolf)
PCSX2 - Playstation 2 Emulator (x32 Version: - )
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
PDF24 Creator 5.6.0 (x32 Version: - PDF24.org)
PHotkey (x32 Version: 1.00.0081 - Pegatron Corporation)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (x32 Version: 3.9 - Google, Inc.)
PlanetSide 2 (x32 Version: - Sony Online Entertainment)
Plato für HiOrgs (x32 Version: 2.5 - C:\BENDT - IT-Services + more)
PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation)
Plus-HD-1.3 (x32 Version: 1.27.153.7 - Plus HD) <==== ATTENTION
Project64 1.6 (x32 Version: 1.6 - Project64)
Prototype 2 (x32 Version: - )
PunkBuster Services (x32 Version: 0.993 - Even Balance, Inc.)
Quiz 2.10 (x32 Version: - )
Realtek Ethernet Controller Driver (x32 Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6722 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (x32 Version: 1.00.0000 - Rockstar Games)
Runes of Magic (x32 Version: 6.0.2.2664 - Gameforge Productions GmbH)
Samsung AllShare (x32 Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.)
Samsung AllShare (x32 Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (x32 Version: 2.3.2.12064_9 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.3.2.12064_9 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Shutdown Timer (x32 Version: 3.3.4 - Sinvise Systems)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Sniper Ghost Warrior 2 (x32 Version: - )
Sniper: Ghost Warrior (x32 Version: - City Interactive)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Synaptics Pointing Device Driver (Version: 16.2.16.0 - Synaptics Incorporated)
System Requirements Lab for Intel (x32 Version: 4.5.15.0 - Husdawg, LLC)
TeamViewer 9 (x32 Version: 9.0.24951 - TeamViewer)
Tom Clancy's Rainbow Six Vegas 2 (x32 Version: 1.03 - Ubisoft)
Tom Clancy's Splinter Cell® Blacklist™ (x32 Version: 1.03 - Ubisoft)
Tomb Raider (VI): The Angel of Darkness (x32 Version: - Core Design)
Tomb Raider (x32 Version: - Crystal Dynamics)
Tomb Raider I (x32 Version: - Core Design)
Tomb Raider II (x32 Version: - Core Design)
Tomb Raider III: Adventures of Lara Croft (x32 Version: - Core Design)
Tomb Raider: Anniversary (x32 Version: - Crystal Dynamics)
Tomb Raider: Chronicles (x32 Version: - Core Design)
Tomb Raider: Legend (x32 Version: - Crystal Dynamics)
Tomb Raider: The Last Revelation (x32 Version: - Core Design)
Tomb Raider: Underworld (x32 Version: - Crystal Dynamics Inc.)
TomTom HOME (x32 Version: 2.9.7 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (x32 Version: 1.0.2 - TomTom International B.V.)
tools-freebsd (x32 Version: 9.6.1.1379776 - VMware, Inc.) Hidden
tools-linux (x32 Version: 9.6.1.1379776 - VMware, Inc.) Hidden
tools-netware (x32 Version: 9.6.1.1379776 - VMware, Inc.) Hidden
tools-solaris (x32 Version: 9.6.1.1379776 - VMware, Inc.) Hidden
tools-windows (x32 Version: 9.6.1.1379776 - VMware, Inc.) Hidden
tools-winPre2k (x32 Version: 9.6.1.1379776 - VMware, Inc.) Hidden
TuneUp Utilities 2012 (x32 Version: 12.0.3500.13 - TuneUp Software)
TuneUp Utilities 2012 (x32 Version: 12.0.3500.13 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3500.13 - TuneUp Software) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version: - Microsoft)
Uplay (x32 Version: 2.0 - Ubisoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Virtual DJ - Atomix Productions (x32 Version: - )
VLC media player 2.1.2 (x32 Version: 2.1.2 - VideoLAN)
VMware Workstation (Version: 10.0.1 - VMware, Inc.) Hidden
VMware Workstation (x32 Version: 10.0.1 - VMware, Inc)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
==================== Restore Points =========================
11-01-2014 17:33:10 Removed Stereoscopic Player
11-01-2014 18:01:43 DirectX wurde installiert
11-01-2014 19:57:21 Windows Modules Installer
12-01-2014 00:58:41 Installiert YouCam
12-01-2014 01:16:14 Installiert YouCam
==================== Hosts content: ==========================
2009-07-14 03:34 - 2013-09-20 10:52 - 00001306 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
==================== Scheduled Tasks (whitelisted) =============
Task: {2215B802-F037-48E4-B49B-9586042B10E6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {2E464223-A36E-4417-A7ED-74A58FD92AA1} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {2E790E7A-F0C5-48D0-BCF1-AFC20AC8EE5B} - System32\Tasks\Plus-HD-1.3-firefoxinstaller => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-firefoxinstaller.exe [2013-07-09] (Plus HD) <==== ATTENTION
Task: {371BA440-57E8-4D82-AC7A-9D19CDA9BA55} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {469D59C3-DC49-4E97-BFE2-7F3159EB4F83} - System32\Tasks\irMonitor => C:\Windows\system32\IRMonitor.exe [2013-07-08] (ITE Tech. Inc.)
Task: {592C1340-5409-42F3-961D-E800DE93FEFF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-04] (Google Inc.)
Task: {7263EF33-618C-42D4-B7F4-19FA504AEA75} - System32\Tasks\Plus-HD-1.3-updater => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-updater.exe [2013-07-09] (Plus HD) <==== ATTENTION
Task: {7FAD8EEA-3F4D-4085-B632-B0BE13F152FA} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-05-11] (Adobe Systems Incorporated)
Task: {97859F46-ECCA-4B1A-9243-503DD1B50326} - System32\Tasks\IntelBootstrapCCDashServer => C:\Program Files\Intel\CCDashboard\bin\CCDashServer.exe [2012-08-22] (Intel® Corporation)
Task: {9B6A4B61-44A1-45CB-86B1-E9A04ED92D23} - System32\Tasks\Plus-HD-1.3-enabler => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-enabler.exe [2013-07-09] (Plus HD) <==== ATTENTION
Task: {A467740F-E83D-437A-852E-276F4E11FEA1} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe [2012-04-05] (TuneUp Software)
Task: {B7AB9BF9-B9BE-4D33-A01B-9DB4365C667E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-12-20] (AVAST Software)
Task: {C241A46C-4671-455F-9811-B21807B2765A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-04] (Google Inc.)
Task: {F3EFA383-7AAB-486C-952B-B2072A36818D} - System32\Tasks\Divx-Online-Aktualisierungsprogramm => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2013-08-29] ()
Task: {F77B3EC4-4732-4927-8787-3DFF69AFD695} - System32\Tasks\Plus-HD-1.3-codedownloader => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-codedownloader.exe [2013-07-09] (Plus HD) <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Plus-HD-1.3-codedownloader.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-1.3-enabler.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-1.3-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-firefoxinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-1.3-updater.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-updater.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2014-01-11 10:12 - 2014-01-11 10:12 - 02493440 _____ () C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopOverlays.dll
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-01-11 10:12 - 2014-01-11 10:12 - 02179584 _____ () C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopCore.dll
2012-06-18 16:24 - 2012-06-18 16:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2013-07-08 16:19 - 2013-06-11 09:43 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-01-13 09:16 - 2014-01-12 17:45 - 02153984 _____ () C:\Program Files\AVAST Software\Avast\defs\14011202\algo.dll
2013-10-18 12:46 - 2013-10-18 12:46 - 01260624 _____ () D:\VM Ware\Installation\libxml2.dll
2013-07-12 18:51 - 2009-12-18 14:36 - 00973432 _____ () C:\Program Files (x86)\PHotkey\acAuth.dll
2013-07-12 18:51 - 2009-12-18 14:41 - 00129544 _____ () C:\Program Files (x86)\PHotkey\GFNEX.dll
2013-10-22 10:38 - 2013-10-22 10:38 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\libcef.dll
2013-12-21 01:28 - 2013-12-21 01:28 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-11-27 16:24 - 2013-11-27 16:24 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\3d023b01ea66213baba36f2c2cab0f25\PSIClient.ni.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 01135616 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMSWrap.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00656896 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ContentDirectoryPresenter.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00105472 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DCMCDP.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00098816 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\FolderCDP.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00077312 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\MetadataFramework.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00520234 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\sqlite3.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00450560 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\MoodExtractor.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 05717504 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DCMImgExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00029184 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AutoChaptering.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00147456 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexpat.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00012288 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoThumb.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 04671488 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avcodec-52.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00070656 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avutil-50.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00686080 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avformat-52.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00152064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\swscale-0.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00027648 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AudioExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00063488 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ID3Driver.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00366592 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\tag.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00289792 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libThumbnail.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00023040 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\RichInfoDriver.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00017920 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00017920 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ThumbnailMaker.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00133120 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoMetadataDriver.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00290304 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libKeyFrame.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00024064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\SECMetaDriver.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00012288 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ImageExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00024064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\photoDriver.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00399826 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexif-12.dll.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00013824 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\TextExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00031232 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\Autobackup.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00054784 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\RosettaAllShare.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00044032 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\us.dll
2013-07-08 16:07 - 2013-06-11 09:43 - 01198912 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\User:zylomtest
AlternateDataStreams: C:\Users\User:zylomtr{000HQ7FF-AD7A-3FG5-CHL5-24516UNKQ668}
AlternateDataStreams: C:\Users\User:zylomtr{000HQ7FF-AD7A-3FG5-CHL5-24516UNKQ670}
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: Deskjet 6980 series
Description: Deskjet 6980 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Deskjet 6980 series
Description: Deskjet 6980 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Deskjet 6980 series
Description: Deskjet 6980 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/13/2014 09:17:39 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
Error: (01/11/2014 10:41:28 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Steam.exe, Version: 2.6.70.5, Zeitstempel: 0x52cc5ea3
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc000041d
Fehleroffset: 0x00d70000
ID des fehlerhaften Prozesses: 0xa08
Startzeit der fehlerhaften Anwendung: 0xSteam.exe0
Pfad der fehlerhaften Anwendung: Steam.exe1
Pfad des fehlerhaften Moduls: Steam.exe2
Berichtskennung: Steam.exe3
Error: (01/11/2014 10:41:22 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Steam.exe, Version: 2.6.70.5, Zeitstempel: 0x52cc5ea3
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00d70000
ID des fehlerhaften Prozesses: 0xa08
Startzeit der fehlerhaften Anwendung: 0xSteam.exe0
Pfad der fehlerhaften Anwendung: Steam.exe1
Pfad des fehlerhaften Moduls: Steam.exe2
Berichtskennung: Steam.exe3
Error: (01/11/2014 00:42:46 AM) (Source: Application Hang) (User: )
Description: Programm javaw.exe, Version 7.0.450.18 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: dac
Startzeit: 01cf0e4e2e645379
Endzeit: 682
Anwendungspfad: C:\Program Files\Java\jre7\bin\javaw.exe
Berichts-ID:
Error: (01/11/2014 00:42:10 AM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 26.0.0.5087 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 14ec
Startzeit: 01cf0e4abfd0d00d
Endzeit: 15399
Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID: bf0a9d51-7a50-11e3-996c-e9ca2ab55c61
Error: (01/10/2014 11:08:19 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: DivX Player.exe, Version: 11.2.1.1, Zeitstempel: 0x52675132
Name des fehlerhaften Moduls: QtNetwork4.dll, Version: 4.8.1.0, Zeitstempel: 0x4fadb3ee
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00024314
ID des fehlerhaften Prozesses: 0x1958
Startzeit der fehlerhaften Anwendung: 0xDivX Player.exe0
Pfad der fehlerhaften Anwendung: DivX Player.exe1
Pfad des fehlerhaften Moduls: DivX Player.exe2
Berichtskennung: DivX Player.exe3
Error: (01/10/2014 11:46:41 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
Error: (01/10/2014 11:46:24 AM) (Source: MsiInstaller) (User: Notebook-Medion)
Description: Produkt: NVIDIA PhysX -- Fehler 1316. Beim Lesen der Datei C:\Users\User\Downloads\PhysX_9.13.0725_SystemSoftware.msi ist ein Netzwerkfehler aufgetreten
Error: (01/09/2014 03:01:15 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: AVCFree.exe, Version: 5.0.7.1, Zeitstempel: 0x51d6707a
Name des fehlerhaften Moduls: UILib.dll, Version: 0.0.0.0, Zeitstempel: 0x51d66ffc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00029c92
ID des fehlerhaften Prozesses: 0xe4c
Startzeit der fehlerhaften Anwendung: 0xAVCFree.exe0
Pfad der fehlerhaften Anwendung: AVCFree.exe1
Pfad des fehlerhaften Moduls: AVCFree.exe2
Berichtskennung: AVCFree.exe3
Error: (01/09/2014 00:45:49 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: TombRaider.exe, Version: 1.1.748.0, Zeitstempel: 0x519379a7
Name des fehlerhaften Moduls: gameoverlayrenderer.dll, Version: 2.6.70.5, Zeitstempel: 0x52cc5e67
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00025724
ID des fehlerhaften Prozesses: 0xc68
Startzeit der fehlerhaften Anwendung: 0xTombRaider.exe0
Pfad der fehlerhaften Anwendung: TombRaider.exe1
Pfad des fehlerhaften Moduls: TombRaider.exe2
Berichtskennung: TombRaider.exe3
System errors:
=============
Error: (01/13/2014 09:17:57 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet:
%%-2147467243
Error: (01/13/2014 09:17:25 AM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (01/10/2014 11:25:51 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (01/10/2014 11:21:16 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst NvNetworkService erreicht.
Error: (01/07/2014 03:13:48 PM) (Source: BTHUSB) (User: )
Description: Die beiderseitige Authentifizierung zwischen dem lokalen Bluetooth-Adapter und einem Gerät mit Bluetooth-Adapteradresse (0c:89:10:69:ea:6e) ist fehlgeschlagen.
Error: (01/06/2014 01:36:06 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Update Bizzybolt" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (01/06/2014 00:10:03 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden.
Error: (01/06/2014 00:10:03 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden.
Error: (01/06/2014 00:10:02 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden.
Error: (01/06/2014 00:10:02 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden.
Microsoft Office Sessions:
=========================
Error: (01/13/2014 09:17:39 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe)(User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
Error: (01/11/2014 10:41:28 AM) (Source: Application Error)(User: )
Description: Steam.exe2.6.70.552cc5ea3unknown0.0.0.000000000c000041d00d70000a0801cf0eb06ace4ab8D:\Steam\Steam.exeunknown8b2794a4-7aa4-11e3-9672-e984a2846809
Error: (01/11/2014 10:41:22 AM) (Source: Application Error)(User: )
Description: Steam.exe2.6.70.552cc5ea3unknown0.0.0.000000000c000000500d70000a0801cf0eb06ace4ab8D:\Steam\Steam.exeunknown873386a1-7aa4-11e3-9672-e984a2846809
Error: (01/11/2014 00:42:46 AM) (Source: Application Hang)(User: )
Description: javaw.exe7.0.450.18dac01cf0e4e2e645379682C:\Program Files\Java\jre7\bin\javaw.exe
Error: (01/11/2014 00:42:10 AM) (Source: Application Hang)(User: )
Description: firefox.exe26.0.0.508714ec01cf0e4abfd0d00d15399C:\Program Files (x86)\Mozilla Firefox\firefox.exebf0a9d51-7a50-11e3-996c-e9ca2ab55c61
Error: (01/10/2014 11:08:19 PM) (Source: Application Error)(User: )
Description: DivX Player.exe11.2.1.152675132QtNetwork4.dll4.8.1.04fadb3eec000000500024314195801cf0e506ca884d4C:\Program Files (x86)\DivX\DivX Player\DivX Player.exeC:\Program Files (x86)\Common Files\DivX Shared\Qt4.8\QtNetwork4.dllb5dcf396-7a43-11e3-996c-e9ca2ab55c61
Error: (01/10/2014 11:46:41 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe)(User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
Error: (01/10/2014 11:46:24 AM) (Source: MsiInstaller)(User: Notebook-Medion)
Description: Produkt: NVIDIA PhysX -- Fehler 1316. Beim Lesen der Datei C:\Users\User\Downloads\PhysX_9.13.0725_SystemSoftware.msi ist ein Netzwerkfehler aufgetreten(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (01/09/2014 03:01:15 PM) (Source: Application Error)(User: )
Description: AVCFree.exe5.0.7.151d6707aUILib.dll0.0.0.051d66ffcc000000500029c92e4c01cf0d42a615087eD:\Any Video Converter\AVCFree.exeD:\Any Video Converter\UILib.dll80f2e421-7936-11e3-a8a9-ddd492a21408
Error: (01/09/2014 00:45:49 PM) (Source: Application Error)(User: )
Description: TombRaider.exe1.1.748.0519379a7gameoverlayrenderer.dll2.6.70.552cc5e67c000000500025724c6801cf0d292cbddf7fD:\Steam\steamapps\common\Tomb Raider\TombRaider.exeD:\Steam\gameoverlayrenderer.dll952f1b0b-7923-11e3-a8a9-ddd492a21408
CodeIntegrity Errors:
===================================
Date: 2013-09-05 23:02:58.842
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-09-05 23:02:58.763
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-09-05 23:02:55.529
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-09-05 23:02:55.427
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-09-05 23:02:52.745
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-09-05 23:02:52.646
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-09-05 23:02:49.762
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-09-05 23:02:49.662
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-09-05 23:02:47.179
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-09-05 23:02:47.058
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 58%
Total physical RAM: 3977.04 MB
Available physical RAM: 1660.63 MB
Total Pagefile: 7952.25 MB
Available Pagefile: 5504 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:146.39 GB) (Free:41.19 GB) NTFS
Drive d: () (Fixed) (Total:785.03 GB) (Free:321.12 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 6424E35D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=785 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
13.01.2014, 14:34
| #4 |
| | Windows 7 64Bit+ Avast, Win32:Maleware.gen Teil 1 Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2014-01-13 11:54:46
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000094 ATA_____ rev.0001 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\User\AppData\Local\Temp\pftdipoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 00000001499a0460
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 00000001499a0450
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 00000001499a0370
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 00000001499a0470
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000001499a03e0
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 00000001499a0320
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000001499a03b0
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 00000001499a0390
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000001499a02e0
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000001499a02d0
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 00000001499a0310
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000001499a03c0
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000001499a03f0
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 00000001499a0230
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 00000001499a0480
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000001499a03a0
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000001499a02f0
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 00000001499a0350
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 00000001499a0290
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000001499a02b0
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000001499a03d0
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 00000001499a0330
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 00000001499a0410
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 00000001499a0240
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000001499a01e0
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 00000001499a0250
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 00000001499a0490
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000001499a04a0
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 00000001499a0300
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 00000001499a0360
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000001499a02a0
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000001499a02c0
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 00000001499a0380
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 00000001499a0340
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 00000001499a0440
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 00000001499a0260
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 00000001499a0270
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 00000001499a0400
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000001499a01f0
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 00000001499a0210
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 00000001499a0200
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 00000001499a0420
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 00000001499a0430
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 00000001499a0220
.text C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 00000001499a0280
.text C:\Windows\system32\wininit.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000077750460
.text C:\Windows\system32\wininit.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000077750450
.text C:\Windows\system32\wininit.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000077750370
.text C:\Windows\system32\wininit.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000077750470
.text C:\Windows\system32\wininit.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000000777503e0
.text C:\Windows\system32\wininit.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000077750320
.text C:\Windows\system32\wininit.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000000777503b0
.text C:\Windows\system32\wininit.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000077750390
.text C:\Windows\system32\wininit.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000000777502e0
.text C:\Windows\system32\wininit.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000000777502d0
.text C:\Windows\system32\wininit.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000077750310
.text C:\Windows\system32\wininit.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000000777503c0
.text C:\Windows\system32\wininit.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000000777503f0
.text C:\Windows\system32\wininit.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000077750230
.text C:\Windows\system32\wininit.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000077750480
.text C:\Windows\system32\wininit.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000000777503a0
.text C:\Windows\system32\wininit.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000000777502f0
.text C:\Windows\system32\wininit.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000077750350
.text C:\Windows\system32\wininit.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000077750290
.text C:\Windows\system32\wininit.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000000777502b0
.text C:\Windows\system32\wininit.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000000777503d0
.text C:\Windows\system32\wininit.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000077750330
.text C:\Windows\system32\wininit.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000077750410
.text C:\Windows\system32\wininit.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000077750240
.text C:\Windows\system32\wininit.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000000777501e0
.text C:\Windows\system32\wininit.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000077750250
.text C:\Windows\system32\wininit.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000077750490
.text C:\Windows\system32\wininit.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000000777504a0
.text C:\Windows\system32\wininit.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000077750300
.text C:\Windows\system32\wininit.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000077750360
.text C:\Windows\system32\wininit.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000000777502a0
.text C:\Windows\system32\wininit.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000000777502c0
.text C:\Windows\system32\wininit.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000077750380
.text C:\Windows\system32\wininit.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000077750340
.text C:\Windows\system32\wininit.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000077750440
.text C:\Windows\system32\wininit.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000077750260
.text C:\Windows\system32\wininit.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000077750270
.text C:\Windows\system32\wininit.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000077750400
.text C:\Windows\system32\wininit.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000000777501f0
.text C:\Windows\system32\wininit.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000077750210
.text C:\Windows\system32\wininit.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000077750200
.text C:\Windows\system32\wininit.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000077750420
.text C:\Windows\system32\wininit.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000077750430
.text C:\Windows\system32\wininit.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000077750220
.text C:\Windows\system32\wininit.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000077750280
.text C:\Windows\system32\wininit.exe[756] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773deecd 1 byte [62]
.text C:\Windows\system32\csrss.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000100040460
.text C:\Windows\system32\csrss.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000100040450
.text C:\Windows\system32\csrss.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000100040370
.text C:\Windows\system32\csrss.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000100040470
.text C:\Windows\system32\csrss.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000001000403e0
.text C:\Windows\system32\csrss.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000100040320
.text C:\Windows\system32\csrss.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000001000403b0
.text C:\Windows\system32\csrss.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000100040390
.text C:\Windows\system32\csrss.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000001000402e0
.text C:\Windows\system32\csrss.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000001000402d0
.text C:\Windows\system32\csrss.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000100040310
.text C:\Windows\system32\csrss.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000001000403c0
.text C:\Windows\system32\csrss.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000001000403f0
.text C:\Windows\system32\csrss.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000100040230
.text C:\Windows\system32\csrss.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000100040480
.text C:\Windows\system32\csrss.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000001000403a0
.text C:\Windows\system32\csrss.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000001000402f0
.text C:\Windows\system32\csrss.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000100040350
.text C:\Windows\system32\csrss.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000100040290
.text C:\Windows\system32\csrss.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000001000402b0
.text C:\Windows\system32\csrss.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000001000403d0
.text C:\Windows\system32\csrss.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000100040330
.text C:\Windows\system32\csrss.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000100040410
.text C:\Windows\system32\csrss.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000100040240
.text C:\Windows\system32\csrss.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000001000401e0
.text C:\Windows\system32\csrss.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000100040250
.text C:\Windows\system32\csrss.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000100040490
.text C:\Windows\system32\csrss.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000001000404a0
.text C:\Windows\system32\csrss.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000100040300
.text C:\Windows\system32\csrss.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000100040360
.text C:\Windows\system32\csrss.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000001000402a0
.text C:\Windows\system32\csrss.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000001000402c0
.text C:\Windows\system32\csrss.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000100040380
.text C:\Windows\system32\csrss.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000100040340
.text C:\Windows\system32\csrss.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000100040440
.text C:\Windows\system32\csrss.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000100040260
.text C:\Windows\system32\csrss.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000100040270
.text C:\Windows\system32\csrss.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000100040400
.text C:\Windows\system32\csrss.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000001000401f0
.text C:\Windows\system32\csrss.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000100040210
.text C:\Windows\system32\csrss.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000100040200
.text C:\Windows\system32\csrss.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000100040420
.text C:\Windows\system32\csrss.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000100040430
.text C:\Windows\system32\csrss.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000100040220
.text C:\Windows\system32\csrss.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000100040280
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000077750460
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000077750450
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000077750370
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000077750470
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000000777503e0
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000077750320
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000000777503b0
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000077750390
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000000777502e0
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000000777502d0
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000077750310
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000000777503c0
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000000777503f0
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000077750230
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000077750480
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000000777503a0
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000000777502f0
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000077750350
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000077750290
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000000777502b0
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000000777503d0
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000077750330
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000077750410
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000077750240
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000000777501e0
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000077750250
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000077750490
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000000777504a0
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000077750300
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000077750360
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000000777502a0
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000000777502c0
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000077750380
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000077750340
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000077750440
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000077750260
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000077750270
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000077750400
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000000777501f0
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000077750210
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000077750200
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000077750420
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000077750430
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000077750220
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000077750280
.text C:\Windows\system32\winlogon.exe[828] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773deecd 1 byte [62]
.text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000077750460
.text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000077750450
.text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000077750370
.text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000077750470
.text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000000777503e0
.text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000077750320
.text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000000777503b0
.text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000077750390
.text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000000777502e0
.text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000000777502d0
.text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000077750310
.text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000000777503c0
.text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000000777503f0
.text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000077750230
.text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000077750480
.text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000000777503a0
.text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000000777502f0
.text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000077750350
.text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000077750290
.text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000000777502b0
.text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000000777503d0
.text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000077750330
.text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000077750410
.text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000077750240
.text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000000777501e0
.text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000077750250
.text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000077750490
.text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000000777504a0
.text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000077750300
.text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000077750360
.text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000000777502a0
.text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000000777502c0
.text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000077750380
.text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000077750340
.text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000077750440
.text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000077750260
.text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000077750270
.text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000077750400
.text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000000777501f0
.text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000077750210
.text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000077750200
.text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000077750420
.text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000077750430
.text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000077750220
.text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000077750280
.text C:\Windows\system32\services.exe[856] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773deecd 1 byte [62]
.text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000077750460
.text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000077750450
.text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000077750370
.text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000077750470
.text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000000777503e0
.text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000077750320
.text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000000777503b0
.text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000077750390
.text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000000777502e0
.text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000000777502d0
.text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000077750310
.text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000000777503c0
.text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000000777503f0
.text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000077750230
.text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000077750480
.text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000000777503a0
.text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000000777502f0
.text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000077750350
.text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000077750290
.text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000000777502b0
.text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000000777503d0
.text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000077750330
.text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000077750410
.text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000077750240
.text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000000777501e0
.text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000077750250
.text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000077750490
.text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000000777504a0
.text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000077750300
.text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000077750360
.text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000000777502a0
.text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000000777502c0
.text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000077750380
.text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000077750340
.text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000077750440
.text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000077750260
.text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000077750270
.text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000077750400
.text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000000777501f0
.text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000077750210
.text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000077750200
.text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000077750420
.text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000077750430
.text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000077750220
.text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000077750280
|
|
13.01.2014, 14:35
| #5 |
| | Windows 7 64Bit+ Avast, Win32:Maleware.gen Teil 2 Code:
ATTFilter .text C:\Windows\system32\lsass.exe[880] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773deecd 1 byte [62]
.text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000100070460
.text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000100070450
.text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000100070370
.text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000100070470
.text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000100070320
.text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000100070390
.text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000100070310
.text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000100070230
.text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000100070480
.text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000100070350
.text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000100070290
.text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000100070330
.text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000100070410
.text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000100070240
.text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000100070250
.text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000100070490
.text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000100070300
.text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000100070360
.text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000100070380
.text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000100070340
.text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000100070440
.text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000100070260
.text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000100070270
.text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000100070400
.text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000100070210
.text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000100070200
.text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000100070420
.text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000100070430
.text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000100070220
.text C:\Windows\system32\lsm.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000100070280
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000077750460
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000077750450
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000077750370
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000077750470
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000000777503e0
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000077750320
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000000777503b0
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000077750390
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000000777502e0
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000000777502d0
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000077750310
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000000777503c0
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000000777503f0
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000077750230
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000077750480
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000000777503a0
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000000777502f0
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000077750350
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000077750290
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000000777502b0
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000000777503d0
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000077750330
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000077750410
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000077750240
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000000777501e0
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000077750250
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000077750490
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000000777504a0
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000077750300
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000077750360
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000000777502a0
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000000777502c0
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000077750380
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000077750340
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000077750440
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000077750260
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000077750270
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000077750400
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000000777501f0
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000077750210
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000077750200
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000077750420
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000077750430
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000077750220
.text C:\Windows\system32\svchost.exe[996] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000077750280
.text C:\Windows\system32\svchost.exe[996] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773deecd 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000100060460
.text C:\Windows\system32\nvvsvc.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000100060450
.text C:\Windows\system32\nvvsvc.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000100060370
.text C:\Windows\system32\nvvsvc.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000100060470
.text C:\Windows\system32\nvvsvc.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000001000603e0
.text C:\Windows\system32\nvvsvc.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000100060320
.text C:\Windows\system32\nvvsvc.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000001000603b0
.text C:\Windows\system32\nvvsvc.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000100060390
.text C:\Windows\system32\nvvsvc.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000001000602e0
.text C:\Windows\system32\nvvsvc.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000001000602d0
.text C:\Windows\system32\nvvsvc.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000100060310
.text C:\Windows\system32\nvvsvc.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000001000603c0
.text C:\Windows\system32\nvvsvc.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000001000603f0
.text C:\Windows\system32\nvvsvc.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000100060230
.text C:\Windows\system32\nvvsvc.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000100060480
.text C:\Windows\system32\nvvsvc.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000001000603a0
.text C:\Windows\system32\nvvsvc.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000001000602f0
.text C:\Windows\system32\nvvsvc.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000100060350
.text C:\Windows\system32\nvvsvc.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000100060290
.text C:\Windows\system32\nvvsvc.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000001000602b0
.text C:\Windows\system32\nvvsvc.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000001000603d0
.text C:\Windows\system32\nvvsvc.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000100060330
.text C:\Windows\system32\nvvsvc.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000100060410
.text C:\Windows\system32\nvvsvc.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000100060240
.text C:\Windows\system32\nvvsvc.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000001000601e0
.text C:\Windows\system32\nvvsvc.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000100060250
.text C:\Windows\system32\nvvsvc.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000100060490
.text C:\Windows\system32\nvvsvc.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000001000604a0
.text C:\Windows\system32\nvvsvc.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000100060300
.text C:\Windows\system32\nvvsvc.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000100060360
.text C:\Windows\system32\nvvsvc.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000001000602a0
.text C:\Windows\system32\nvvsvc.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000001000602c0
.text C:\Windows\system32\nvvsvc.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000100060380
.text C:\Windows\system32\nvvsvc.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000100060340
.text C:\Windows\system32\nvvsvc.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000100060440
.text C:\Windows\system32\nvvsvc.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000100060260
.text C:\Windows\system32\nvvsvc.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000100060270
.text C:\Windows\system32\nvvsvc.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000100060400
.text C:\Windows\system32\nvvsvc.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000001000601f0
.text C:\Windows\system32\nvvsvc.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000100060210
.text C:\Windows\system32\nvvsvc.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000100060200
.text C:\Windows\system32\nvvsvc.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000100060420
.text C:\Windows\system32\nvvsvc.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000100060430
.text C:\Windows\system32\nvvsvc.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000100060220
.text C:\Windows\system32\nvvsvc.exe[420] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000100060280
.text C:\Windows\system32\nvvsvc.exe[420] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773deecd 1 byte [62]
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[668] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2ba 1 byte [62]
.text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000077750460
.text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000077750450
.text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000077750370
.text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000077750470
.text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000000777503e0
.text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000077750320
.text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000000777503b0
.text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000077750390
.text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000000777502e0
.text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000000777502d0
.text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000077750310
.text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000000777503c0
.text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000000777503f0
.text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000077750230
.text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000077750480
.text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000000777503a0
.text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000000777502f0
.text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000077750350
.text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000077750290
.text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000000777502b0
.text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000000777503d0
.text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000077750330
.text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000077750410
.text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000077750240
.text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000000777501e0
.text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000077750250
.text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000077750490
.text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000000777504a0
.text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000077750300
.text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000077750360
.text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000000777502a0
.text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000000777502c0
.text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000077750380
.text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000077750340
.text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000077750440
.text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000077750260
.text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000077750270
.text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000077750400
.text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000000777501f0
.text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000077750210
.text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000077750200
.text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000077750420
.text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000077750430
.text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000077750220
.text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000077750280
.text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000077750460
.text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000077750450
.text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000077750370
.text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000077750470
.text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000000777503e0
.text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000077750320
.text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000000777503b0
.text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000077750390
.text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000000777502e0
.text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000000777502d0
.text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000077750310
.text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000000777503c0
.text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000000777503f0
.text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000077750230
.text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000077750480
.text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000000777503a0
.text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000000777502f0
.text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000077750350
.text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000077750290
.text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000000777502b0
.text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000000777503d0
.text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000077750330
.text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000077750410
.text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000077750240
.text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000000777501e0
.text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000077750250
.text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000077750490
.text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000000777504a0
.text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000077750300
.text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000077750360
.text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000000777502a0
.text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000000777502c0
.text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000077750380
.text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000077750340
.text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000077750440
.text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000077750260
.text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000077750270
.text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000077750400
.text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000000777501f0
.text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000077750210
.text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000077750200
.text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000077750420
.text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000077750430
.text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000077750220
.text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000077750280
.text C:\Windows\System32\svchost.exe[1044] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773deecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000077750460
.text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000077750450
.text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000077750370
.text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000077750470
.text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000000777503e0
.text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000077750320
.text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000000777503b0
.text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000077750390
.text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000000777502e0
.text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000000777502d0
.text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000077750310
.text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000000777503c0
.text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000000777503f0
.text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000077750230
.text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000077750480
.text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000000777503a0
.text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000000777502f0
.text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000077750350
.text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000077750290
.text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000000777502b0
.text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000000777503d0
.text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000077750330
.text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000077750410
.text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000077750240
.text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000000777501e0
.text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000077750250
.text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000077750490
.text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000000777504a0
.text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000077750300
.text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000077750360
.text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000000777502a0
.text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000000777502c0
.text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000077750380
.text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000077750340
.text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000077750440
.text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000077750260
.text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000077750270
.text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000077750400
.text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000000777501f0
.text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000077750210
.text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000077750200
.text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000077750420
.text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000077750430
.text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000077750220
.text C:\Windows\System32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000077750280
.text C:\Windows\System32\svchost.exe[1092] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773deecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000077750460
.text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000077750450
.text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000077750370
.text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000077750470
.text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000000777503e0
.text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000077750320
.text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000000777503b0
.text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000077750390
.text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000000777502e0
.text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000000777502d0
.text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000077750310
.text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000000777503c0
.text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000000777503f0
.text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000077750230
.text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000077750480
.text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000000777503a0
.text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000000777502f0
.text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000077750350
.text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000077750290
.text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000000777502b0
.text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000000777503d0
|
|
13.01.2014, 14:37
| #6 |
| | Windows 7 64Bit+ Avast, Win32:Maleware.gen Teil 3 Code:
ATTFilter .text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000077750330
.text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000077750410
.text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000077750240
.text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000000777501e0
.text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000077750250
.text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000077750490
.text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000000777504a0
.text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000077750300
.text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000077750360
.text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000000777502a0
.text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000000777502c0
.text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000077750380
.text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000077750340
.text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000077750440
.text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000077750260
.text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000077750270
.text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000077750400
.text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000000777501f0
.text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000077750210
.text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000077750200
.text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000077750420
.text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000077750430
.text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000077750220
.text C:\Windows\system32\svchost.exe[1136] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000077750280
.text C:\Windows\system32\svchost.exe[1136] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773deecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000077750460
.text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000077750450
.text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000077750370
.text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000077750470
.text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000000777503e0
.text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000077750320
.text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000000777503b0
.text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000077750390
.text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000000777502e0
.text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000000777502d0
.text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000077750310
.text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000000777503c0
.text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000000777503f0
.text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000077750230
.text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000077750480
.text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000000777503a0
.text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000000777502f0
.text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000077750350
.text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000077750290
.text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000000777502b0
.text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000000777503d0
.text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000077750330
.text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000077750410
.text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000077750240
.text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000000777501e0
.text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000077750250
.text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000077750490
.text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000000777504a0
.text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000077750300
.text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000077750360
.text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000000777502a0
.text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000000777502c0
.text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000077750380
.text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000077750340
.text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000077750440
.text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000077750260
.text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000077750270
.text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000077750400
.text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000000777501f0
.text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000077750210
.text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000077750200
.text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000077750420
.text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000077750430
.text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000077750220
.text C:\Windows\system32\svchost.exe[1176] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000077750280
.text C:\Windows\system32\svchost.exe[1176] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773deecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000077750460
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000077750450
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000077750370
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000077750470
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000000777503e0
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000077750320
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000000777503b0
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000077750390
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000000777502e0
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000000777502d0
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000077750310
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000000777503c0
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000000777503f0
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000077750230
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000077750480
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000000777503a0
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000000777502f0
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000077750350
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000077750290
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000000777502b0
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000000777503d0
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000077750330
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000077750410
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000077750240
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000000777501e0
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000077750250
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000077750490
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000000777504a0
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000077750300
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000077750360
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000000777502a0
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000000777502c0
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000077750380
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000077750340
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000077750440
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000077750260
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000077750270
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000077750400
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000000777501f0
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000077750210
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000077750200
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000077750420
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000077750430
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000077750220
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000077750280
.text C:\Windows\system32\svchost.exe[1396] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773deecd 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000100070460
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000100070450
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000100070370
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000100070470
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000001000703e0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000100070320
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000001000703b0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000100070390
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000001000702e0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000001000702d0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000100070310
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000001000703c0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000001000703f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000100070230
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000100070480
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000001000703a0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000001000702f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000100070350
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000100070290
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000001000702b0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000001000703d0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000100070330
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000100070410
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000100070240
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000001000701e0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000100070250
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000100070490
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000001000704a0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000100070300
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000100070360
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000001000702a0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000001000702c0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000100070380
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000100070340
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000100070440
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000100070260
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000100070270
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000100070400
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000001000701f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000100070210
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000100070200
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000100070420
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000100070430
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000100070220
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000100070280
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007738af40 7 bytes JMP 000000016fff0260
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077394a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773b2990 5 bytes JMP 000000016fff01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773befe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773deecd 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773e99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773f94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000773f9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007741a500 7 bytes JMP 000000016fff0228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd732db0 5 bytes JMP 000007fffd720180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7337d0 7 bytes JMP 000007fffd7200d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd738ef0 6 bytes JMP 000007fffd720148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd74af60 5 bytes JMP 000007fffd720110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff2889e0 8 bytes JMP 000007fffd7201f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff28be40 8 bytes JMP 000007fffd7201b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefef27490 11 bytes JMP 000007fffd720228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1544] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefef3bf00 7 bytes JMP 000007fffd720260
.text C:\Windows\system32\nvvsvc.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000077750460
.text C:\Windows\system32\nvvsvc.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000077750450
.text C:\Windows\system32\nvvsvc.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000077750370
.text C:\Windows\system32\nvvsvc.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000077750470
.text C:\Windows\system32\nvvsvc.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000000777503e0
.text C:\Windows\system32\nvvsvc.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000077750320
.text C:\Windows\system32\nvvsvc.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000000777503b0
.text C:\Windows\system32\nvvsvc.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000077750390
.text C:\Windows\system32\nvvsvc.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000000777502e0
.text C:\Windows\system32\nvvsvc.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000000777502d0
.text C:\Windows\system32\nvvsvc.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000077750310
.text C:\Windows\system32\nvvsvc.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000000777503c0
.text C:\Windows\system32\nvvsvc.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000000777503f0
.text C:\Windows\system32\nvvsvc.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000077750230
.text C:\Windows\system32\nvvsvc.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000077750480
.text C:\Windows\system32\nvvsvc.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000000777503a0
.text C:\Windows\system32\nvvsvc.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000000777502f0
.text C:\Windows\system32\nvvsvc.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000077750350
.text C:\Windows\system32\nvvsvc.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000077750290
.text C:\Windows\system32\nvvsvc.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000000777502b0
.text C:\Windows\system32\nvvsvc.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000000777503d0
.text C:\Windows\system32\nvvsvc.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000077750330
.text C:\Windows\system32\nvvsvc.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000077750410
.text C:\Windows\system32\nvvsvc.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000077750240
.text C:\Windows\system32\nvvsvc.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000000777501e0
.text C:\Windows\system32\nvvsvc.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000077750250
.text C:\Windows\system32\nvvsvc.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000077750490
.text C:\Windows\system32\nvvsvc.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000000777504a0
.text C:\Windows\system32\nvvsvc.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000077750300
.text C:\Windows\system32\nvvsvc.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000077750360
.text C:\Windows\system32\nvvsvc.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000000777502a0
.text C:\Windows\system32\nvvsvc.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000000777502c0
.text C:\Windows\system32\nvvsvc.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000077750380
.text C:\Windows\system32\nvvsvc.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000077750340
.text C:\Windows\system32\nvvsvc.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000077750440
.text C:\Windows\system32\nvvsvc.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000077750260
.text C:\Windows\system32\nvvsvc.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000077750270
.text C:\Windows\system32\nvvsvc.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000077750400
.text C:\Windows\system32\nvvsvc.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000000777501f0
.text C:\Windows\system32\nvvsvc.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000077750210
.text C:\Windows\system32\nvvsvc.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000077750200
.text C:\Windows\system32\nvvsvc.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000077750420
.text C:\Windows\system32\nvvsvc.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000077750430
.text C:\Windows\system32\nvvsvc.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000077750220
.text C:\Windows\system32\nvvsvc.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000077750280
.text C:\Windows\system32\nvvsvc.exe[1552] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773deecd 1 byte [62]
.text C:\Windows\system32\WLANExt.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000077750460
.text C:\Windows\system32\WLANExt.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000077750450
.text C:\Windows\system32\WLANExt.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000077750370
.text C:\Windows\system32\WLANExt.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000077750470
.text C:\Windows\system32\WLANExt.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000000777503e0
.text C:\Windows\system32\WLANExt.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000077750320
.text C:\Windows\system32\WLANExt.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000000777503b0
.text C:\Windows\system32\WLANExt.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000077750390
.text C:\Windows\system32\WLANExt.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000000777502e0
.text C:\Windows\system32\WLANExt.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000000777502d0
.text C:\Windows\system32\WLANExt.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000077750310
.text C:\Windows\system32\WLANExt.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000000777503c0
.text C:\Windows\system32\WLANExt.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000000777503f0
.text C:\Windows\system32\WLANExt.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000077750230
.text C:\Windows\system32\WLANExt.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000077750480
.text C:\Windows\system32\WLANExt.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000000777503a0
.text C:\Windows\system32\WLANExt.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000000777502f0
.text C:\Windows\system32\WLANExt.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000077750350
.text C:\Windows\system32\WLANExt.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000077750290
.text C:\Windows\system32\WLANExt.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000000777502b0
.text C:\Windows\system32\WLANExt.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000000777503d0
.text C:\Windows\system32\WLANExt.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000077750330
.text C:\Windows\system32\WLANExt.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000077750410
.text C:\Windows\system32\WLANExt.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000077750240
.text C:\Windows\system32\WLANExt.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000000777501e0
.text C:\Windows\system32\WLANExt.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000077750250
.text C:\Windows\system32\WLANExt.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000077750490
.text C:\Windows\system32\WLANExt.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000000777504a0
.text C:\Windows\system32\WLANExt.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000077750300
.text C:\Windows\system32\WLANExt.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000077750360
.text C:\Windows\system32\WLANExt.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000000777502a0
.text C:\Windows\system32\WLANExt.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000000777502c0
.text C:\Windows\system32\WLANExt.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000077750380
.text C:\Windows\system32\WLANExt.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000077750340
.text C:\Windows\system32\WLANExt.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000077750440
.text C:\Windows\system32\WLANExt.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000077750260
.text C:\Windows\system32\WLANExt.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000077750270
.text C:\Windows\system32\WLANExt.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000077750400
.text C:\Windows\system32\WLANExt.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000000777501f0
.text C:\Windows\system32\WLANExt.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000077750210
.text C:\Windows\system32\WLANExt.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000077750200
.text C:\Windows\system32\WLANExt.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000077750420
.text C:\Windows\system32\WLANExt.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000077750430
.text C:\Windows\system32\WLANExt.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000077750220
.text C:\Windows\system32\WLANExt.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000077750280
.text C:\Windows\system32\WLANExt.exe[1644] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773deecd 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000077750460
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000077750450
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000077750370
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000077750470
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000000777503e0
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000077750320
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000000777503b0
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000077750390
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000000777502e0
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000000777502d0
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000077750310
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000000777503c0
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000000777503f0
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000077750230
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000077750480
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000000777503a0
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000000777502f0
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000077750350
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000077750290
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000000777502b0
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000000777503d0
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000077750330
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000077750410
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000077750240
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000000777501e0
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000077750250
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000077750490
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000000777504a0
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000077750300
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000077750360
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000000777502a0
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000000777502c0
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000077750380
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000077750340
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000077750440
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000077750260
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000077750270
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000077750400
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000000777501f0
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000077750210
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000077750200
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000077750420
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000077750430
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000077750220
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000077750280
.text C:\Windows\System32\spoolsv.exe[1668] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773deecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000077750460
.text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000077750450
.text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000077750370
.text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000077750470
.text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000000777503e0
.text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000077750320
.text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000000777503b0
.text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000077750390
.text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000000777502e0
.text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000000777502d0
.text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000077750310
.text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000000777503c0
.text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000000777503f0
.text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000077750230
.text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000077750480
.text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000000777503a0
.text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000000777502f0
.text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000077750350
.text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000077750290
.text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000000777502b0
.text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000000777503d0
.text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000077750330
.text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000077750410
.text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000077750240
.text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000000777501e0
.text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000077750250
.text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000077750490
.text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000000777504a0
.text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000077750300
.text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000077750360
.text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000000777502a0
.text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000000777502c0
.text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000077750380
.text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000077750340
.text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000077750440
.text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000077750260
|
|
13.01.2014, 14:38
| #7 |
| | Windows 7 64Bit+ Avast, Win32:Maleware.gen Teil 4 Code:
ATTFilter .text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000077750270
.text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000077750400
.text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000000777501f0
.text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000077750210
.text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000077750200
.text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000077750420
.text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000077750430
.text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000077750220
.text C:\Windows\system32\svchost.exe[1808] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000077750280
.text C:\Windows\system32\svchost.exe[1808] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773deecd 1 byte [62]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000077750460
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000077750450
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000077750370
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000077750470
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000000777503e0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000077750320
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000000777503b0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000077750390
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000000777502e0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000000777502d0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000077750310
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000000777503c0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000000777503f0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000077750230
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000077750480
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000000777503a0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000000777502f0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000077750350
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000077750290
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000000777502b0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000000777503d0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000077750330
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000077750410
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000077750240
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000000777501e0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000077750250
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000077750490
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000000777504a0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000077750300
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000077750360
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000000777502a0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000000777502c0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000077750380
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000077750340
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000077750440
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000077750260
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000077750270
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000077750400
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000000777501f0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000077750210
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000077750200
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000077750420
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000077750430
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000077750220
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2136] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000077750280
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2136] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773deecd 1 byte [62]
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000077750460
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000077750450
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000077750370
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000077750470
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000000777503e0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000077750320
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000000777503b0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000077750390
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000000777502e0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000000777502d0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000077750310
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000000777503c0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000000777503f0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000077750230
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000077750480
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000000777503a0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000000777502f0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000077750350
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000077750290
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000000777502b0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000000777503d0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000077750330
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000077750410
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000077750240
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000000777501e0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000077750250
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000077750490
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000000777504a0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000077750300
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000077750360
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000000777502a0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000000777502c0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000077750380
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000077750340
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000077750440
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000077750260
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000077750270
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000077750400
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000000777501f0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000077750210
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000077750200
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000077750420
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000077750430
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000077750220
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000077750280
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2200] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2ba 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000764e1465 2 bytes [4E, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764e14bb 2 bytes [4E, 76]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[2312] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2ba 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000077750460
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000077750450
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000077750370
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000077750470
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000000777503e0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000077750320
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000000777503b0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000077750390
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000000777502e0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000000777502d0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000077750310
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000000777503c0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000000777503f0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000077750230
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000077750480
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000000777503a0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000000777502f0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000077750350
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000077750290
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000000777502b0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000000777503d0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000077750330
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000077750410
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000077750240
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000000777501e0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000077750250
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000077750490
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000000777504a0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000077750300
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000077750360
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000000777502a0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000000777502c0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000077750380
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000077750340
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000077750440
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000077750260
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000077750270
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000077750400
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000000777501f0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000077750210
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000077750200
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000077750420
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000077750430
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000077750220
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000077750280
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2380] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773deecd 1 byte [62]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2556] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2ba 1 byte [62]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2556] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000074401a22 2 bytes [40, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2556] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000074401ad0 2 bytes [40, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2556] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000074401b08 2 bytes [40, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2556] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000074401bba 2 bytes [40, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2556] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000074401bda 2 bytes [40, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000764e1465 2 bytes [4E, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764e14bb 2 bytes [4E, 76]
.text ... * 2
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000077750460
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000077750450
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000077750370
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000077750470
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000000777503e0
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000077750320
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000000777503b0
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000077750390
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000000777502e0
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000000777502d0
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000077750310
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000000777503c0
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000000777503f0
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000077750230
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000077750480
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000000777503a0
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000000777502f0
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000077750350
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000077750290
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000000777502b0
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000000777503d0
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000077750330
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000077750410
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000077750240
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000000777501e0
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000077750250
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000077750490
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000000777504a0
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000077750300
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000077750360
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000000777502a0
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000000777502c0
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000077750380
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000077750340
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000077750440
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000077750260
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000077750270
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000077750400
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000000777501f0
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000077750210
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000077750200
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000077750420
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000077750430
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000077750220
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000077750280
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2584] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773deecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[2640] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773deecd 1 byte [62]
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2676] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2ba 1 byte [62]
.text C:\Windows\system32\taskhost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000077750460
.text C:\Windows\system32\taskhost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000077750450
.text C:\Windows\system32\taskhost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000077750370
.text C:\Windows\system32\taskhost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000077750470
.text C:\Windows\system32\taskhost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000000777503e0
.text C:\Windows\system32\taskhost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000077750320
.text C:\Windows\system32\taskhost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000000777503b0
.text C:\Windows\system32\taskhost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000077750390
.text C:\Windows\system32\taskhost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000000777502e0
.text C:\Windows\system32\taskhost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000000777502d0
.text C:\Windows\system32\taskhost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000077750310
.text C:\Windows\system32\taskhost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000000777503c0
.text C:\Windows\system32\taskhost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000000777503f0
.text C:\Windows\system32\taskhost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000077750230
.text C:\Windows\system32\taskhost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000077750480
.text C:\Windows\system32\taskhost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000000777503a0
.text C:\Windows\system32\taskhost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000000777502f0
.text C:\Windows\system32\taskhost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000077750350
.text C:\Windows\system32\taskhost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000077750290
.text C:\Windows\system32\taskhost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000000777502b0
.text C:\Windows\system32\taskhost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000000777503d0
.text C:\Windows\system32\taskhost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000077750330
.text C:\Windows\system32\taskhost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000077750410
.text C:\Windows\system32\taskhost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000077750240
.text C:\Windows\system32\taskhost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000000777501e0
.text C:\Windows\system32\taskhost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000077750250
.text C:\Windows\system32\taskhost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000077750490
.text C:\Windows\system32\taskhost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000000777504a0
.text C:\Windows\system32\taskhost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000077750300
.text C:\Windows\system32\taskhost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000077750360
.text C:\Windows\system32\taskhost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000000777502a0
.text C:\Windows\system32\taskhost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000000777502c0
.text C:\Windows\system32\taskhost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000077750380
.text C:\Windows\system32\taskhost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000077750340
.text C:\Windows\system32\taskhost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000077750440
.text C:\Windows\system32\taskhost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000077750260
.text C:\Windows\system32\taskhost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000077750270
.text C:\Windows\system32\taskhost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000077750400
.text C:\Windows\system32\taskhost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000000777501f0
.text C:\Windows\system32\taskhost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000077750210
.text C:\Windows\system32\taskhost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000077750200
.text C:\Windows\system32\taskhost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000077750420
.text C:\Windows\system32\taskhost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000077750430
.text C:\Windows\system32\taskhost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000077750220
.text C:\Windows\system32\taskhost.exe[2812] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000077750280
.text C:\Windows\system32\taskhost.exe[2812] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773deecd 1 byte [62]
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000077750460
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000077750450
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000077750370
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000077750470
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000000777503e0
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000077750320
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000000777503b0
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000077750390
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000000777502e0
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000000777502d0
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000077750310
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000000777503c0
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000000777503f0
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000077750230
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000077750480
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000000777503a0
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000000777502f0
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000077750350
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000077750290
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000000777502b0
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000000777503d0
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000077750330
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000077750410
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000077750240
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000000777501e0
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000077750250
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000077750490
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000000777504a0
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000077750300
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000077750360
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000000777502a0
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000000777502c0
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000077750380
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000077750340
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000077750440
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000077750260
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000077750270
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000077750400
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000000777501f0
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000077750210
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000077750200
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000077750420
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000077750430
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000077750220
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000077750280
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd732db0 5 bytes JMP 000007fffd720180
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7337d0 7 bytes JMP 000007fffd7200d8
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd738ef0 6 bytes JMP 000007fffd720148
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd74af60 5 bytes JMP 000007fffd720110
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff2889e0 8 bytes JMP 000007fffd7201f0
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff28be40 8 bytes JMP 000007fffd7201b8
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef5f1dc88 5 bytes JMP 000007fff5ef00d8
.text C:\Windows\system32\Dwm.exe[2900] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef5f1de10 5 bytes JMP 000007fff5ef0110
.text C:\Windows\Explorer.EXE[2976] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000077750460
.text C:\Windows\Explorer.EXE[2976] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000077750450
.text C:\Windows\Explorer.EXE[2976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000077750370
.text C:\Windows\Explorer.EXE[2976] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000077750470
.text C:\Windows\Explorer.EXE[2976] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000000777503e0
.text C:\Windows\Explorer.EXE[2976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000077750320
.text C:\Windows\Explorer.EXE[2976] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000000777503b0
.text C:\Windows\Explorer.EXE[2976] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000077750390
.text C:\Windows\Explorer.EXE[2976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000000777502e0
.text C:\Windows\Explorer.EXE[2976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000000777502d0
.text C:\Windows\Explorer.EXE[2976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000077750310
.text C:\Windows\Explorer.EXE[2976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000000777503c0
.text C:\Windows\Explorer.EXE[2976] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000000777503f0
.text C:\Windows\Explorer.EXE[2976] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000077750230
.text C:\Windows\Explorer.EXE[2976] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000077750480
.text C:\Windows\Explorer.EXE[2976] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000000777503a0
.text C:\Windows\Explorer.EXE[2976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000000777502f0
.text C:\Windows\Explorer.EXE[2976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000077750350
.text C:\Windows\Explorer.EXE[2976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000077750290
.text C:\Windows\Explorer.EXE[2976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000000777502b0
.text C:\Windows\Explorer.EXE[2976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000000777503d0
.text C:\Windows\Explorer.EXE[2976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000077750330
.text C:\Windows\Explorer.EXE[2976] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000077750410
.text C:\Windows\Explorer.EXE[2976] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000077750240
.text C:\Windows\Explorer.EXE[2976] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000000777501e0
.text C:\Windows\Explorer.EXE[2976] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000077750250
.text C:\Windows\Explorer.EXE[2976] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000077750490
.text C:\Windows\Explorer.EXE[2976] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000000777504a0
.text C:\Windows\Explorer.EXE[2976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000077750300
.text C:\Windows\Explorer.EXE[2976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000077750360
.text C:\Windows\Explorer.EXE[2976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000000777502a0
.text C:\Windows\Explorer.EXE[2976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000000777502c0
.text C:\Windows\Explorer.EXE[2976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000077750380
.text C:\Windows\Explorer.EXE[2976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000077750340
|
|
13.01.2014, 14:39
| #8 |
| | Windows 7 64Bit+ Avast, Win32:Maleware.gen Teil 5 Code:
ATTFilter .text C:\Windows\Explorer.EXE[2976] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000077750440
.text C:\Windows\Explorer.EXE[2976] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000077750260
.text C:\Windows\Explorer.EXE[2976] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000077750270
.text C:\Windows\Explorer.EXE[2976] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000077750400
.text C:\Windows\Explorer.EXE[2976] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000000777501f0
.text C:\Windows\Explorer.EXE[2976] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000077750210
.text C:\Windows\Explorer.EXE[2976] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000077750200
.text C:\Windows\Explorer.EXE[2976] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000077750420
.text C:\Windows\Explorer.EXE[2976] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000077750430
.text C:\Windows\Explorer.EXE[2976] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000077750220
.text C:\Windows\Explorer.EXE[2976] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000077750280
.text C:\Windows\Explorer.EXE[2976] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773deecd 1 byte [62]
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000077750460
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000077750450
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000077750370
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000077750470
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000000777503e0
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000077750320
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000000777503b0
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000077750390
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000000777502e0
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000000777502d0
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000077750310
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000000777503c0
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000000777503f0
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000077750230
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000077750480
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000000777503a0
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000000777502f0
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000077750350
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000077750290
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000000777502b0
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000000777503d0
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000077750330
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000077750410
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000077750240
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000000777501e0
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000077750250
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000077750490
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000000777504a0
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000077750300
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000077750360
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000000777502a0
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000000777502c0
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000077750380
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000077750340
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000077750440
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000077750260
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000077750270
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000077750400
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000000777501f0
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000077750210
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000077750200
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000077750420
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000077750430
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000077750220
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000077750280
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe[2472] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773deecd 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000077750460
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000077750450
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000077750370
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000077750470
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000000777503e0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000077750320
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000000777503b0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000077750390
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000000777502e0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000000777502d0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000077750310
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000000777503c0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000000777503f0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000077750230
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000077750480
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000000777503a0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000000777502f0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000077750350
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000077750290
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000000777502b0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000000777503d0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000077750330
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000077750410
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000077750240
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000000777501e0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000077750250
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000077750490
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000000777504a0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000077750300
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000077750360
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000000777502a0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000000777502c0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000077750380
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000077750340
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000077750440
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000077750260
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000077750270
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000077750400
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000000777501f0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000077750210
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000077750200
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000077750420
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000077750430
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000077750220
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000077750280
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007738af40 7 bytes JMP 000000016fff0260
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077394a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773b2990 5 bytes JMP 000000016fff01f0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773befe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773deecd 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773e99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773f94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000773f9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007741a500 7 bytes JMP 000000016fff0228
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd732db0 5 bytes JMP 000007fffd720180
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7337d0 7 bytes JMP 000007fffd7200d8
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd738ef0 6 bytes JMP 000007fffd720148
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd74af60 5 bytes JMP 000007fffd720110
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff2889e0 8 bytes JMP 000007fffd7201f0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff28be40 8 bytes JMP 000007fffd7201b8
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fef77b2460 5 bytes JMP 000007fefd7202d0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1168] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007fef77e96b0 6 bytes JMP 000007fefd720298
.text C:\Windows\SysWOW64\vmnat.exe[1480] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2ba 1 byte [62]
.text C:\Windows\SysWOW64\vmnat.exe[1480] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 26 000000006f5913c6 2 bytes [59, 6F]
.text C:\Windows\SysWOW64\vmnat.exe[1480] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 74 000000006f5913f6 2 bytes [59, 6F]
.text C:\Windows\SysWOW64\vmnat.exe[1480] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 257 000000006f5914ad 2 bytes [59, 6F]
.text C:\Windows\SysWOW64\vmnat.exe[1480] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 303 000000006f5914db 2 bytes [59, 6F]
.text ... * 2
.text C:\Windows\SysWOW64\vmnat.exe[1480] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 79 000000006f591577 2 bytes [59, 6F]
.text C:\Windows\SysWOW64\vmnat.exe[1480] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 175 000000006f5915d7 2 bytes [59, 6F]
.text C:\Windows\SysWOW64\vmnat.exe[1480] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 620 000000006f591794 2 bytes [59, 6F]
.text C:\Windows\SysWOW64\vmnat.exe[1480] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 921 000000006f5918c1 2 bytes [59, 6F]
.text C:\Windows\system32\conhost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000077750460
.text C:\Windows\system32\conhost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000077750450
.text C:\Windows\system32\conhost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000077750370
.text C:\Windows\system32\conhost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000077750470
.text C:\Windows\system32\conhost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000000777503e0
.text C:\Windows\system32\conhost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000077750320
.text C:\Windows\system32\conhost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000000777503b0
.text C:\Windows\system32\conhost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000077750390
.text C:\Windows\system32\conhost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000000777502e0
.text C:\Windows\system32\conhost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000000777502d0
.text C:\Windows\system32\conhost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000077750310
.text C:\Windows\system32\conhost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000000777503c0
.text C:\Windows\system32\conhost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000000777503f0
.text C:\Windows\system32\conhost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000077750230
.text C:\Windows\system32\conhost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000077750480
.text C:\Windows\system32\conhost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000000777503a0
.text C:\Windows\system32\conhost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000000777502f0
.text C:\Windows\system32\conhost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000077750350
.text C:\Windows\system32\conhost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000077750290
.text C:\Windows\system32\conhost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000000777502b0
.text C:\Windows\system32\conhost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000000777503d0
.text C:\Windows\system32\conhost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000077750330
.text C:\Windows\system32\conhost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000077750410
.text C:\Windows\system32\conhost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000077750240
.text C:\Windows\system32\conhost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000000777501e0
.text C:\Windows\system32\conhost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000077750250
.text C:\Windows\system32\conhost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000077750490
.text C:\Windows\system32\conhost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000000777504a0
.text C:\Windows\system32\conhost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000077750300
.text C:\Windows\system32\conhost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000077750360
.text C:\Windows\system32\conhost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000000777502a0
.text C:\Windows\system32\conhost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000000777502c0
.text C:\Windows\system32\conhost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000077750380
.text C:\Windows\system32\conhost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000077750340
.text C:\Windows\system32\conhost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000077750440
.text C:\Windows\system32\conhost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000077750260
.text C:\Windows\system32\conhost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000077750270
.text C:\Windows\system32\conhost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000077750400
.text C:\Windows\system32\conhost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000000777501f0
.text C:\Windows\system32\conhost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000077750210
.text C:\Windows\system32\conhost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000077750200
.text C:\Windows\system32\conhost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000077750420
.text C:\Windows\system32\conhost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000077750430
.text C:\Windows\system32\conhost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000077750220
.text C:\Windows\system32\conhost.exe[2764] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000077750280
.text C:\Windows\system32\conhost.exe[2764] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773deecd 1 byte [62]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3180] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075b61eee 7 bytes JMP 000000016f3a1695
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3180] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075b65b85 7 bytes JMP 000000016f3a11a9
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3180] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075b713e1 7 bytes JMP 000000016f3a128a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3180] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075b7ea0d 7 bytes JMP 000000016f3a1244
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3180] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2ba 1 byte [62]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3180] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075b8b1d3 5 bytes JMP 000000016f3a15aa
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3180] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c088b4 7 bytes JMP 000000016f3a1339
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3180] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c08939 5 bytes JMP 000000016f3a16d6
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3180] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c08c8f 5 bytes JMP 000000016f3a170d
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3180] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075f61d1b 5 bytes JMP 000000016f3a11c2
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3180] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075f61dc9 5 bytes JMP 000000016f3a1014
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3180] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075f62aa4 5 bytes JMP 000000016f3a1555
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3180] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075f62d0a 5 bytes JMP 000000016f3a1271
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3180] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000765f8a29 5 bytes JMP 000000016f3a1726
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3180] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076604572 5 bytes JMP 000000016f3a10a0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3180] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007661e567 5 bytes JMP 000000016f3a1415
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3180] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076657a5c 5 bytes JMP 000000016f3a15d2
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3180] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007600e96b 5 bytes JMP 000000016f3a15c3
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3180] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007600eba5 5 bytes JMP 000000016f3a1186
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3180] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000761e5ea5 5 bytes JMP 000000016f3a15fa
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3180] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076219d0b 5 bytes JMP 000000016f3a121c
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000764e1465 2 bytes [4E, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764e14bb 2 bytes [4E, 76]
.text ... * 2
.text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000077750460
.text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000077750450
.text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000077750370
.text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000077750470
.text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000000777503e0
.text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000077750320
.text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000000777503b0
.text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000077750390
.text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000000777502e0
.text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000000777502d0
.text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000077750310
.text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000000777503c0
.text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000000777503f0
.text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000077750230
.text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000077750480
.text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000000777503a0
.text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000000777502f0
.text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000077750350
.text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000077750290
.text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000000777502b0
.text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000000777503d0
.text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000077750330
.text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000077750410
.text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000077750240
.text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000000777501e0
.text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000077750250
.text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000077750490
.text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000000777504a0
.text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000077750300
.text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000077750360
.text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000000777502a0
.text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000000777502c0
.text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000077750380
.text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000077750340
.text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000077750440
.text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000077750260
.text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000077750270
.text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000077750400
.text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000000777501f0
.text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000077750210
.text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000077750200
.text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000077750420
.text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000077750430
.text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000077750220
.text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000077750280
.text C:\Windows\system32\wbem\wmiprvse.exe[3256] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773deecd 1 byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000077750460
.text C:\Windows\system32\wbem\wmiprvse.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000077750450
.text C:\Windows\system32\wbem\wmiprvse.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000077750370
.text C:\Windows\system32\wbem\wmiprvse.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000077750470
.text C:\Windows\system32\wbem\wmiprvse.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000000777503e0
.text C:\Windows\system32\wbem\wmiprvse.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000077750320
.text C:\Windows\system32\wbem\wmiprvse.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000000777503b0
.text C:\Windows\system32\wbem\wmiprvse.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000077750390
.text C:\Windows\system32\wbem\wmiprvse.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000000777502e0
.text C:\Windows\system32\wbem\wmiprvse.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000000777502d0
.text C:\Windows\system32\wbem\wmiprvse.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000077750310
.text C:\Windows\system32\wbem\wmiprvse.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000000777503c0
.text C:\Windows\system32\wbem\wmiprvse.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000000777503f0
.text C:\Windows\system32\wbem\wmiprvse.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000077750230
.text C:\Windows\system32\wbem\wmiprvse.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000077750480
.text C:\Windows\system32\wbem\wmiprvse.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000000777503a0
.text C:\Windows\system32\wbem\wmiprvse.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000000777502f0
.text C:\Windows\system32\wbem\wmiprvse.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000077750350
.text C:\Windows\system32\wbem\wmiprvse.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000077750290
.text C:\Windows\system32\wbem\wmiprvse.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000000777502b0
.text C:\Windows\system32\wbem\wmiprvse.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000000777503d0
.text C:\Windows\system32\wbem\wmiprvse.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000077750330
.text C:\Windows\system32\wbem\wmiprvse.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000077750410
.text C:\Windows\system32\wbem\wmiprvse.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000077750240
.text C:\Windows\system32\wbem\wmiprvse.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000000777501e0
.text C:\Windows\system32\wbem\wmiprvse.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000077750250
.text C:\Windows\system32\wbem\wmiprvse.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000077750490
.text C:\Windows\system32\wbem\wmiprvse.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000000777504a0
.text C:\Windows\system32\wbem\wmiprvse.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000077750300
.text C:\Windows\system32\wbem\wmiprvse.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000077750360
.text C:\Windows\system32\wbem\wmiprvse.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000000777502a0
.text C:\Windows\system32\wbem\wmiprvse.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000000777502c0
.text C:\Windows\system32\wbem\wmiprvse.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000077750380
.text C:\Windows\system32\wbem\wmiprvse.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000077750340
.text C:\Windows\system32\wbem\wmiprvse.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000077750440
.text C:\Windows\system32\wbem\wmiprvse.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000077750260
.text C:\Windows\system32\wbem\wmiprvse.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000077750270
.text C:\Windows\system32\wbem\wmiprvse.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000077750400
.text C:\Windows\system32\wbem\wmiprvse.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000000777501f0
.text C:\Windows\system32\wbem\wmiprvse.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000077750210
.text C:\Windows\system32\wbem\wmiprvse.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000077750200
.text C:\Windows\system32\wbem\wmiprvse.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000077750420
.text C:\Windows\system32\wbem\wmiprvse.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000077750430
.text C:\Windows\system32\wbem\wmiprvse.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000077750220
.text C:\Windows\system32\wbem\wmiprvse.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000077750280
.text C:\Windows\system32\wbem\wmiprvse.exe[3264] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773deecd 1 byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000077750460
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000077750450
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000077750370
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000077750470
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000000777503e0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000077750320
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000000777503b0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000077750390
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000000777502e0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000000777502d0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000077750310
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000000777503c0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000000777503f0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000077750230
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000077750480
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000000777503a0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000000777502f0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000077750350
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000077750290
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000000777502b0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000000777503d0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000077750330
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000077750410
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000077750240
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000000777501e0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000077750250
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000077750490
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000000777504a0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000077750300
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000077750360
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000000777502a0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000000777502c0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000077750380
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000077750340
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000077750440
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000077750260
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000077750270
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000077750400
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000000777501f0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000077750210
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000077750200
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000077750420
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000077750430
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000077750220
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000077750280
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773deecd 1 byte [62]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000077750460
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000077750450
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000077750370
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000077750470
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000000777503e0
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000077750320
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000000777503b0
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000077750390
|
|
13.01.2014, 14:40
| #9 |
| | Windows 7 64Bit+ Avast, Win32:Maleware.gen Teil 6 Code:
ATTFilter .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000000777502e0
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000000777502d0
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000077750310
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000000777503c0
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000000777503f0
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000077750230
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000077750480
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000000777503a0
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000000777502f0
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000077750350
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000077750290
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000000777502b0
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000000777503d0
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000077750330
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000077750410
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000077750240
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000000777501e0
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000077750250
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000077750490
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000000777504a0
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000077750300
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000077750360
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000000777502a0
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000000777502c0
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000077750380
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000077750340
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000077750440
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000077750260
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000077750270
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000077750400
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000000777501f0
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000077750210
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000077750200
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000077750420
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000077750430
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000077750220
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3520] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000077750280
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3520] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773deecd 1 byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000077750460
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000077750450
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000077750370
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000077750470
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000000777503e0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000077750320
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000000777503b0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000077750390
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000000777502e0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000000777502d0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000077750310
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000000777503c0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000000777503f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000077750230
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000077750480
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000000777503a0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000000777502f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000077750350
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000077750290
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000000777502b0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000000777503d0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000077750330
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000077750410
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000077750240
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000000777501e0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000077750250
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000077750490
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000000777504a0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000077750300
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000077750360
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000000777502a0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000000777502c0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000077750380
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000077750340
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000077750440
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000077750260
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000077750270
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000077750400
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000000777501f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000077750210
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000077750200
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000077750420
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000077750430
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000077750220
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000077750280
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007738af40 7 bytes JMP 000000016fff0260
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077394a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773b2990 5 bytes JMP 000000016fff01f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773befe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773deecd 1 byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773e99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773f94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000773f9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007741a500 7 bytes JMP 000000016fff0228
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd732db0 5 bytes JMP 000007fffd720180
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7337d0 7 bytes JMP 000007fffd7200d8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd738ef0 6 bytes JMP 000007fffd720148
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd74af60 5 bytes JMP 000007fffd720110
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff2889e0 8 bytes JMP 000007fffd7201f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff28be40 8 bytes JMP 000007fffd7201b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefef27490 11 bytes JMP 000007fffd720228
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3608] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefef3bf00 7 bytes JMP 000007fffd720260
.text C:\Windows\System32\igfxtray.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000077750460
.text C:\Windows\System32\igfxtray.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000077750450
.text C:\Windows\System32\igfxtray.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000077750370
.text C:\Windows\System32\igfxtray.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000077750470
.text C:\Windows\System32\igfxtray.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000000777503e0
.text C:\Windows\System32\igfxtray.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000077750320
.text C:\Windows\System32\igfxtray.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000000777503b0
.text C:\Windows\System32\igfxtray.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000077750390
.text C:\Windows\System32\igfxtray.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000000777502e0
.text C:\Windows\System32\igfxtray.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000000777502d0
.text C:\Windows\System32\igfxtray.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000077750310
.text C:\Windows\System32\igfxtray.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000000777503c0
.text C:\Windows\System32\igfxtray.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000000777503f0
.text C:\Windows\System32\igfxtray.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000077750230
.text C:\Windows\System32\igfxtray.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000077750480
.text C:\Windows\System32\igfxtray.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000000777503a0
.text C:\Windows\System32\igfxtray.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000000777502f0
.text C:\Windows\System32\igfxtray.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000077750350
.text C:\Windows\System32\igfxtray.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000077750290
.text C:\Windows\System32\igfxtray.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000000777502b0
.text C:\Windows\System32\igfxtray.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000000777503d0
.text C:\Windows\System32\igfxtray.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000077750330
.text C:\Windows\System32\igfxtray.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000077750410
.text C:\Windows\System32\igfxtray.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000077750240
.text C:\Windows\System32\igfxtray.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000000777501e0
.text C:\Windows\System32\igfxtray.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000077750250
.text C:\Windows\System32\igfxtray.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000077750490
.text C:\Windows\System32\igfxtray.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000000777504a0
.text C:\Windows\System32\igfxtray.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000077750300
.text C:\Windows\System32\igfxtray.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000077750360
.text C:\Windows\System32\igfxtray.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000000777502a0
.text C:\Windows\System32\igfxtray.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000000777502c0
.text C:\Windows\System32\igfxtray.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000077750380
.text C:\Windows\System32\igfxtray.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000077750340
.text C:\Windows\System32\igfxtray.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000077750440
.text C:\Windows\System32\igfxtray.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000077750260
.text C:\Windows\System32\igfxtray.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000077750270
.text C:\Windows\System32\igfxtray.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000077750400
.text C:\Windows\System32\igfxtray.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000000777501f0
.text C:\Windows\System32\igfxtray.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000077750210
.text C:\Windows\System32\igfxtray.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000077750200
.text C:\Windows\System32\igfxtray.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000077750420
.text C:\Windows\System32\igfxtray.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000077750430
.text C:\Windows\System32\igfxtray.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000077750220
.text C:\Windows\System32\igfxtray.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000077750280
.text C:\Windows\System32\igfxtray.exe[3664] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773deecd 1 byte [62]
.text D:\VM Ware\Installation\vmware-authd.exe[3672] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2ba 1 byte [62]
.text D:\VM Ware\Installation\vmware-authd.exe[3672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000764e1465 2 bytes [4E, 76]
.text D:\VM Ware\Installation\vmware-authd.exe[3672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764e14bb 2 bytes [4E, 76]
.text ... * 2
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3680] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd732db0 5 bytes JMP 000007fffd720180
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3680] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7337d0 7 bytes JMP 000007fffd7200d8
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3680] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd738ef0 6 bytes JMP 000007fffd720148
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3680] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd74af60 5 bytes JMP 000007fffd720110
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3680] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff2889e0 8 bytes JMP 000007fffd7201f0
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3680] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff28be40 8 bytes JMP 000007fffd7201b8
.text C:\Windows\System32\hkcmd.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000077750460
.text C:\Windows\System32\hkcmd.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000077750450
.text C:\Windows\System32\hkcmd.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000077750370
.text C:\Windows\System32\hkcmd.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000077750470
.text C:\Windows\System32\hkcmd.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000000777503e0
.text C:\Windows\System32\hkcmd.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000077750320
.text C:\Windows\System32\hkcmd.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000000777503b0
.text C:\Windows\System32\hkcmd.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000077750390
.text C:\Windows\System32\hkcmd.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000000777502e0
.text C:\Windows\System32\hkcmd.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000000777502d0
.text C:\Windows\System32\hkcmd.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000077750310
.text C:\Windows\System32\hkcmd.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000000777503c0
.text C:\Windows\System32\hkcmd.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000000777503f0
.text C:\Windows\System32\hkcmd.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000077750230
.text C:\Windows\System32\hkcmd.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000077750480
.text C:\Windows\System32\hkcmd.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000000777503a0
.text C:\Windows\System32\hkcmd.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000000777502f0
.text C:\Windows\System32\hkcmd.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000077750350
.text C:\Windows\System32\hkcmd.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000077750290
.text C:\Windows\System32\hkcmd.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000000777502b0
.text C:\Windows\System32\hkcmd.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000000777503d0
.text C:\Windows\System32\hkcmd.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000077750330
.text C:\Windows\System32\hkcmd.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000077750410
.text C:\Windows\System32\hkcmd.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000077750240
.text C:\Windows\System32\hkcmd.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000000777501e0
.text C:\Windows\System32\hkcmd.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000077750250
.text C:\Windows\System32\hkcmd.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000077750490
.text C:\Windows\System32\hkcmd.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000000777504a0
.text C:\Windows\System32\hkcmd.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000077750300
.text C:\Windows\System32\hkcmd.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000077750360
.text C:\Windows\System32\hkcmd.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000000777502a0
.text C:\Windows\System32\hkcmd.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000000777502c0
.text C:\Windows\System32\hkcmd.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000077750380
.text C:\Windows\System32\hkcmd.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000077750340
.text C:\Windows\System32\hkcmd.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000077750440
.text C:\Windows\System32\hkcmd.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000077750260
.text C:\Windows\System32\hkcmd.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000077750270
.text C:\Windows\System32\hkcmd.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000077750400
.text C:\Windows\System32\hkcmd.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000000777501f0
.text C:\Windows\System32\hkcmd.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000077750210
.text C:\Windows\System32\hkcmd.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000077750200
.text C:\Windows\System32\hkcmd.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000077750420
.text C:\Windows\System32\hkcmd.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000077750430
.text C:\Windows\System32\hkcmd.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000077750220
.text C:\Windows\System32\hkcmd.exe[3772] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000077750280
.text C:\Windows\System32\hkcmd.exe[3772] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773deecd 1 byte [62]
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000077750460
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000077750450
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000077750370
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000077750470
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000000777503e0
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000077750320
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000000777503b0
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000077750390
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000000777502e0
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000000777502d0
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000077750310
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000000777503c0
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000000777503f0
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000077750230
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000077750480
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000000777503a0
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000000777502f0
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000077750350
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000077750290
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000000777502b0
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000000777503d0
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000077750330
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000077750410
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000077750240
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000000777501e0
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000077750250
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000077750490
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000000777504a0
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000077750300
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000077750360
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000000777502a0
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000000777502c0
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000077750380
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000077750340
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000077750440
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000077750260
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000077750270
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000077750400
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000000777501f0
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000077750210
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000077750200
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000077750420
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000077750430
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000077750220
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000077750280
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007738af40 7 bytes JMP 000000016fff0260
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077394a60 5 bytes JMP 000000016fff01b8
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773b2990 5 bytes JMP 000000016fff01f0
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773befe0 5 bytes JMP 000000016fff0148
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773deecd 1 byte [62]
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773e99b0 7 bytes JMP 000000016fff00d8
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773f94d0 5 bytes JMP 000000016fff0180
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000773f9640 5 bytes JMP 000000016fff0110
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007741a500 7 bytes JMP 000000016fff0228
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd732db0 5 bytes JMP 000007fffd720180
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7337d0 7 bytes JMP 000007fffd7200d8
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd738ef0 6 bytes JMP 000007fffd720148
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd74af60 5 bytes JMP 000007fffd720110
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff2889e0 8 bytes JMP 000007fffd7201f0
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff28be40 8 bytes JMP 000007fffd7201b8
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefef27490 11 bytes JMP 000007fffd720228
.text C:\Windows\System32\igfxpers.exe[3912] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefef3bf00 7 bytes JMP 000007fffd720260
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000077750460
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000077750450
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000077750370
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000077750470
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000000777503e0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000077750320
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000000777503b0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000077750390
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000000777502e0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000000777502d0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000077750310
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000000777503c0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000000777503f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000077750230
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000077750480
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000000777503a0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000000777502f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000077750350
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000077750290
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000000777502b0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000000777503d0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000077750330
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000077750410
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000077750240
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000000777501e0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000077750250
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000077750490
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000000777504a0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000077750300
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000077750360
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000000777502a0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000000777502c0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000077750380
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000077750340
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000077750440
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000077750260
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000077750270
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000077750400
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000000777501f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000077750210
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000077750200
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000077750420
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000077750430
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000077750220
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000077750280
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007738af40 7 bytes JMP 000000016fff0260
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077394a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773b2990 5 bytes JMP 000000016fff01f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773befe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773deecd 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773e99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773f94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000773f9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007741a500 7 bytes JMP 000000016fff0228
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd732db0 5 bytes JMP 000007fffd720180
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7337d0 7 bytes JMP 000007fffd7200d8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd738ef0 6 bytes JMP 000007fffd720148
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd74af60 5 bytes JMP 000007fffd720110
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff2889e0 8 bytes JMP 000007fffd7201f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff28be40 8 bytes JMP 000007fffd7201b8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefef27490 11 bytes JMP 000007fffd720228
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3928] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefef3bf00 7 bytes JMP 000007fffd720260
.text C:\Program Files (x86)\PHotkey\PHotkey.exe[3980] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075b61eee 7 bytes JMP 000000016f3a1695
.text C:\Program Files (x86)\PHotkey\PHotkey.exe[3980] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075b65b85 7 bytes JMP 000000016f3a11a9
.text C:\Program Files (x86)\PHotkey\PHotkey.exe[3980] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075b713e1 7 bytes JMP 000000016f3a128a
.text C:\Program Files (x86)\PHotkey\PHotkey.exe[3980] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075b7ea0d 7 bytes JMP 000000016f3a1244
.text C:\Program Files (x86)\PHotkey\PHotkey.exe[3980] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2ba 1 byte [62]
.text C:\Program Files (x86)\PHotkey\PHotkey.exe[3980] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075b8b1d3 5 bytes JMP 000000016f3a15aa
.text C:\Program Files (x86)\PHotkey\PHotkey.exe[3980] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c088b4 7 bytes JMP 000000016f3a1339
.text C:\Program Files (x86)\PHotkey\PHotkey.exe[3980] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c08939 5 bytes JMP 000000016f3a16d6
.text C:\Program Files (x86)\PHotkey\PHotkey.exe[3980] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c08c8f 5 bytes JMP 000000016f3a170d
.text C:\Program Files (x86)\PHotkey\PHotkey.exe[3980] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075f61d1b 5 bytes JMP 000000016f3a11c2
.text C:\Program Files (x86)\PHotkey\PHotkey.exe[3980] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075f61dc9 5 bytes JMP 000000016f3a1014
.text C:\Program Files (x86)\PHotkey\PHotkey.exe[3980] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075f62aa4 5 bytes JMP 000000016f3a1555
.text C:\Program Files (x86)\PHotkey\PHotkey.exe[3980] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075f62d0a 5 bytes JMP 000000016f3a1271
|
|
13.01.2014, 14:41
| #10 |
| | Windows 7 64Bit+ Avast, Win32:Maleware.gen Teil 7 Code:
ATTFilter .text C:\Program Files (x86)\PHotkey\PHotkey.exe[3980] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000765f8a29 5 bytes JMP 000000016f3a1726
.text C:\Program Files (x86)\PHotkey\PHotkey.exe[3980] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076604572 5 bytes JMP 000000016f3a10a0
.text C:\Program Files (x86)\PHotkey\PHotkey.exe[3980] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007661e567 5 bytes JMP 000000016f3a1415
.text C:\Program Files (x86)\PHotkey\PHotkey.exe[3980] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076657a5c 5 bytes JMP 000000016f3a15d2
.text C:\Program Files (x86)\PHotkey\PHotkey.exe[3980] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007600e96b 5 bytes JMP 000000016f3a15c3
.text C:\Program Files (x86)\PHotkey\PHotkey.exe[3980] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007600eba5 5 bytes JMP 000000016f3a1186
.text C:\Program Files (x86)\PHotkey\PHotkey.exe[3980] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000761e5ea5 5 bytes JMP 000000016f3a15fa
.text C:\Program Files (x86)\PHotkey\PHotkey.exe[3980] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076219d0b 5 bytes JMP 000000016f3a121c
.text C:\Program Files (x86)\PHotkey\MsgTranAgt.exe[3988] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075b61eee 7 bytes JMP 000000016f3a1695
.text C:\Program Files (x86)\PHotkey\MsgTranAgt.exe[3988] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075b65b85 7 bytes JMP 000000016f3a11a9
.text C:\Program Files (x86)\PHotkey\MsgTranAgt.exe[3988] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075b713e1 7 bytes JMP 000000016f3a128a
.text C:\Program Files (x86)\PHotkey\MsgTranAgt.exe[3988] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075b7ea0d 7 bytes JMP 000000016f3a1244
.text C:\Program Files (x86)\PHotkey\MsgTranAgt.exe[3988] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2ba 1 byte [62]
.text C:\Program Files (x86)\PHotkey\MsgTranAgt.exe[3988] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075b8b1d3 5 bytes JMP 000000016f3a15aa
.text C:\Program Files (x86)\PHotkey\MsgTranAgt.exe[3988] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c088b4 7 bytes JMP 000000016f3a1339
.text C:\Program Files (x86)\PHotkey\MsgTranAgt.exe[3988] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c08939 5 bytes JMP 000000016f3a16d6
.text C:\Program Files (x86)\PHotkey\MsgTranAgt.exe[3988] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c08c8f 5 bytes JMP 000000016f3a170d
.text C:\Program Files (x86)\PHotkey\MsgTranAgt.exe[3988] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075f61d1b 5 bytes JMP 000000016f3a11c2
.text C:\Program Files (x86)\PHotkey\MsgTranAgt.exe[3988] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075f61dc9 5 bytes JMP 000000016f3a1014
.text C:\Program Files (x86)\PHotkey\MsgTranAgt.exe[3988] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075f62aa4 5 bytes JMP 000000016f3a1555
.text C:\Program Files (x86)\PHotkey\MsgTranAgt.exe[3988] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075f62d0a 5 bytes JMP 000000016f3a1271
.text C:\Program Files (x86)\PHotkey\MsgTranAgt.exe[3988] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000765f8a29 5 bytes JMP 000000016f3a1726
.text C:\Program Files (x86)\PHotkey\MsgTranAgt.exe[3988] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076604572 5 bytes JMP 000000016f3a10a0
.text C:\Program Files (x86)\PHotkey\MsgTranAgt.exe[3988] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007661e567 5 bytes JMP 000000016f3a1415
.text C:\Program Files (x86)\PHotkey\MsgTranAgt.exe[3988] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076657a5c 5 bytes JMP 000000016f3a15d2
.text C:\Program Files (x86)\PHotkey\MsgTranAgt.exe[3988] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007600e96b 5 bytes JMP 000000016f3a15c3
.text C:\Program Files (x86)\PHotkey\MsgTranAgt.exe[3988] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007600eba5 5 bytes JMP 000000016f3a1186
.text C:\Program Files (x86)\PHotkey\MsgTranAgt.exe[3988] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000761e5ea5 5 bytes JMP 000000016f3a15fa
.text C:\Program Files (x86)\PHotkey\MsgTranAgt.exe[3988] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076219d0b 5 bytes JMP 000000016f3a121c
.text C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe[4000] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd732db0 5 bytes JMP 000007fffd720180
.text C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe[4000] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7337d0 7 bytes JMP 000007fffd7200d8
.text C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe[4000] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd738ef0 6 bytes JMP 000007fffd720148
.text C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe[4000] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd74af60 5 bytes JMP 000007fffd720110
.text C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe[4000] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff2889e0 8 bytes JMP 000007fffd7201f0
.text C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe[4000] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff28be40 8 bytes JMP 000007fffd7201b8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000077750460
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000077750450
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000077750370
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000077750470
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000000777503e0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000077750320
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000000777503b0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000077750390
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000000777502e0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000000777502d0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000077750310
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000000777503c0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000000777503f0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000077750230
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000077750480
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000000777503a0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000000777502f0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000077750350
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000077750290
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000000777502b0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000000777503d0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000077750330
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000077750410
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000077750240
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000000777501e0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000077750250
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000077750490
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000000777504a0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000077750300
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000077750360
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000000777502a0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000000777502c0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000077750380
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000077750340
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000077750440
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000077750260
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000077750270
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000077750400
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000000777501f0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000077750210
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000077750200
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000077750420
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000077750430
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000077750220
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000077750280
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007738af40 7 bytes JMP 000000016fff0260
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077394a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773b2990 5 bytes JMP 000000016fff01f0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773befe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773deecd 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773e99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773f94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000773f9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007741a500 7 bytes JMP 000000016fff0228
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd732db0 5 bytes JMP 000007fffd720180
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7337d0 7 bytes JMP 000007fffd7200d8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd738ef0 6 bytes JMP 000007fffd720148
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd74af60 5 bytes JMP 000007fffd720110
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefef27490 11 bytes JMP 000007fffd720228
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefef3bf00 7 bytes JMP 000007fffd720260
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff2889e0 8 bytes JMP 000007fffd7201f0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1268] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff28be40 8 bytes JMP 000007fffd7201b8
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000077750460
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000077750450
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000077750370
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000077750470
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000000777503e0
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000077750320
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000000777503b0
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000077750390
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000000777502e0
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000000777502d0
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000077750310
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000000777503c0
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000000777503f0
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000077750230
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000077750480
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000000777503a0
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000000777502f0
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000077750350
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000077750290
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000000777502b0
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000000777503d0
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000077750330
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000077750410
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000077750240
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000000777501e0
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000077750250
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000077750490
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000000777504a0
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000077750300
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000077750360
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000000777502a0
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000000777502c0
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000077750380
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000077750340
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000077750440
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000077750260
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000077750270
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000077750400
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000000777501f0
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000077750210
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000077750200
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000077750420
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000077750430
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000077750220
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000077750280
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007738af40 7 bytes JMP 000000016fff0260
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077394a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773b2990 5 bytes JMP 000000016fff01f0
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773befe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773deecd 1 byte [62]
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773e99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773f94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000773f9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007741a500 7 bytes JMP 000000016fff0228
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd732db0 5 bytes JMP 000007fffd720180
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7337d0 7 bytes JMP 000007fffd7200d8
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd738ef0 6 bytes JMP 000007fffd720148
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd74af60 5 bytes JMP 000007fffd720110
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff2889e0 8 bytes JMP 000007fffd7201f0
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff28be40 8 bytes JMP 000007fffd7201b8
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefef27490 11 bytes JMP 000007fffd720228
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3168] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefef3bf00 7 bytes JMP 000007fffd720260
.text C:\Windows\SysWOW64\rundll32.exe[1768] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2ba 1 byte [62]
.text C:\Program Files (x86)\PHotkey\HCSynApi.exe[3972] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075b61eee 7 bytes JMP 000000016f3a1695
.text C:\Program Files (x86)\PHotkey\HCSynApi.exe[3972] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075b65b85 7 bytes JMP 000000016f3a11a9
.text C:\Program Files (x86)\PHotkey\HCSynApi.exe[3972] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075b713e1 7 bytes JMP 000000016f3a128a
.text C:\Program Files (x86)\PHotkey\HCSynApi.exe[3972] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075b7ea0d 7 bytes JMP 000000016f3a1244
.text C:\Program Files (x86)\PHotkey\HCSynApi.exe[3972] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2ba 1 byte [62]
.text C:\Program Files (x86)\PHotkey\HCSynApi.exe[3972] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075b8b1d3 5 bytes JMP 000000016f3a15aa
.text C:\Program Files (x86)\PHotkey\HCSynApi.exe[3972] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c088b4 7 bytes JMP 000000016f3a1339
.text C:\Program Files (x86)\PHotkey\HCSynApi.exe[3972] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c08939 5 bytes JMP 000000016f3a16d6
.text C:\Program Files (x86)\PHotkey\HCSynApi.exe[3972] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c08c8f 5 bytes JMP 000000016f3a170d
.text C:\Program Files (x86)\PHotkey\HCSynApi.exe[3972] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075f61d1b 5 bytes JMP 000000016f3a11c2
.text C:\Program Files (x86)\PHotkey\HCSynApi.exe[3972] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075f61dc9 5 bytes JMP 000000016f3a1014
.text C:\Program Files (x86)\PHotkey\HCSynApi.exe[3972] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075f62aa4 5 bytes JMP 000000016f3a1555
.text C:\Program Files (x86)\PHotkey\HCSynApi.exe[3972] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075f62d0a 5 bytes JMP 000000016f3a1271
.text C:\Program Files (x86)\PHotkey\HCSynApi.exe[3972] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000765f8a29 5 bytes JMP 000000016f3a1726
.text C:\Program Files (x86)\PHotkey\HCSynApi.exe[3972] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076604572 5 bytes JMP 000000016f3a10a0
.text C:\Program Files (x86)\PHotkey\HCSynApi.exe[3972] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007661e567 5 bytes JMP 000000016f3a1415
.text C:\Program Files (x86)\PHotkey\HCSynApi.exe[3972] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076657a5c 5 bytes JMP 000000016f3a15d2
.text C:\Program Files (x86)\PHotkey\HCSynApi.exe[3972] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007600e96b 5 bytes JMP 000000016f3a15c3
.text C:\Program Files (x86)\PHotkey\HCSynApi.exe[3972] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007600eba5 5 bytes JMP 000000016f3a1186
.text C:\Program Files (x86)\PHotkey\HCSynApi.exe[3972] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000761e5ea5 5 bytes JMP 000000016f3a15fa
.text C:\Program Files (x86)\PHotkey\HCSynApi.exe[3972] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076219d0b 5 bytes JMP 000000016f3a121c
.text C:\Program Files (x86)\PHotkey\PVDesktop.exe[3812] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd732db0 5 bytes JMP 000007fffd720180
.text C:\Program Files (x86)\PHotkey\PVDesktop.exe[3812] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7337d0 7 bytes JMP 000007fffd7200d8
.text C:\Program Files (x86)\PHotkey\PVDesktop.exe[3812] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd738ef0 6 bytes JMP 000007fffd720148
.text C:\Program Files (x86)\PHotkey\PVDesktop.exe[3812] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd74af60 5 bytes JMP 000007fffd720110
.text C:\Program Files (x86)\PHotkey\PVDesktop.exe[3812] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff2889e0 8 bytes JMP 000007fffd7201f0
.text C:\Program Files (x86)\PHotkey\PVDesktop.exe[3812] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff28be40 8 bytes JMP 000007fffd7201b8
.text C:\Program Files (x86)\PHotkey\PVDesktop.exe[3812] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefef27490 11 bytes JMP 000007fffd720228
.text C:\Program Files (x86)\PHotkey\PVDesktop.exe[3812] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefef3bf00 7 bytes JMP 000007fffd720260
.text C:\Program Files (x86)\PHotkey\PVDAgent.exe[4120] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd732db0 5 bytes JMP 000007fffd720180
.text C:\Program Files (x86)\PHotkey\PVDAgent.exe[4120] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7337d0 7 bytes JMP 000007fffd7200d8
.text C:\Program Files (x86)\PHotkey\PVDAgent.exe[4120] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd738ef0 6 bytes JMP 000007fffd720148
.text C:\Program Files (x86)\PHotkey\PVDAgent.exe[4120] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd74af60 5 bytes JMP 000007fffd720110
.text C:\Program Files (x86)\PHotkey\PVDAgent.exe[4120] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff2889e0 8 bytes JMP 000007fffd7201f0
.text C:\Program Files (x86)\PHotkey\PVDAgent.exe[4120] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff28be40 8 bytes JMP 000007fffd7201b8
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4284] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075b61eee 7 bytes JMP 000000016f3a1695
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4284] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075b65b85 7 bytes JMP 000000016f3a11a9
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4284] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075b713e1 7 bytes JMP 000000016f3a128a
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4284] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075b7ea0d 7 bytes JMP 000000016f3a1244
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4284] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2ba 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4284] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075b8b1d3 5 bytes JMP 000000016f3a15aa
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4284] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c088b4 7 bytes JMP 000000016f3a1339
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4284] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c08939 5 bytes JMP 000000016f3a16d6
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4284] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c08c8f 5 bytes JMP 000000016f3a170d
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4284] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075f61d1b 5 bytes JMP 000000016f3a11c2
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4284] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075f61dc9 5 bytes JMP 000000016f3a1014
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4284] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075f62aa4 5 bytes JMP 000000016f3a1555
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4284] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075f62d0a 5 bytes JMP 000000016f3a1271
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4284] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007600e96b 5 bytes JMP 000000016f3a15c3
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4284] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007600eba5 5 bytes JMP 000000016f3a1186
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4284] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000765f8a29 5 bytes JMP 000000016f3a1726
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4284] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076604572 5 bytes JMP 000000016f3a10a0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4284] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007661e567 5 bytes JMP 000000016f3a1415
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4284] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076657a5c 5 bytes JMP 000000016f3a15d2
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4284] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000761e5ea5 5 bytes JMP 000000016f3a15fa
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4284] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076219d0b 5 bytes JMP 000000016f3a121c
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 00000001001f0460
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 00000001001f0450
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 00000001001f0370
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 00000001001f0470
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000001001f03e0
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 00000001001f0320
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000001001f03b0
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 00000001001f0390
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000001001f02e0
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000001001f02d0
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 00000001001f0310
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000001001f03c0
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000001001f03f0
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 00000001001f0230
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 00000001001f0480
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000001001f03a0
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000001001f02f0
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 00000001001f0350
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 00000001001f0290
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000001001f02b0
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000001001f03d0
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 00000001001f0330
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 00000001001f0410
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 00000001001f0240
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000001001f01e0
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 00000001001f0250
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 00000001001f0490
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000001001f04a0
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 00000001001f0300
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 00000001001f0360
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000001001f02a0
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000001001f02c0
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 00000001001f0380
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 00000001001f0340
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 00000001001f0440
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 00000001001f0260
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 00000001001f0270
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 00000001001f0400
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000001001f01f0
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 00000001001f0210
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 00000001001f0200
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 00000001001f0420
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 00000001001f0430
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 00000001001f0220
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 00000001001f0280
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\system32\KERNEL32.dll!RegSetValueExW 000000007738af40 7 bytes JMP 000000016fff0260
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\system32\KERNEL32.dll!RegQueryValueExW 0000000077394a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\system32\KERNEL32.dll!RegDeleteValueW 00000000773b2990 5 bytes JMP 000000016fff01f0
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 00000000773befe0 5 bytes JMP 000000016fff0148
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 00000000773deecd 1 byte [62]
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 00000000773e99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 00000000773f94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\system32\KERNEL32.dll!K32GetModuleFileNameExW 00000000773f9640 5 bytes JMP 000000016fff0110
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 000000007741a500 7 bytes JMP 000000016fff0228
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd732db0 5 bytes JMP 000007fffd720180
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7337d0 7 bytes JMP 000007fffd7200d8
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd738ef0 6 bytes JMP 000007fffd720148
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd74af60 5 bytes JMP 000007fffd720110
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff2889e0 8 bytes JMP 000007fffd7201f0
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff28be40 8 bytes JMP 000007fffd7201b8
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefef27490 11 bytes JMP 000007fffd720228
.text C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe[4408] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefef3bf00 7 bytes JMP 000007fffd720260
.text C:\Program Files (x86)\PHotkey\POSD.exe[4428] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075b61eee 7 bytes JMP 000000016f3a1695
.text C:\Program Files (x86)\PHotkey\POSD.exe[4428] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075b65b85 7 bytes JMP 000000016f3a11a9
.text C:\Program Files (x86)\PHotkey\POSD.exe[4428] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075b713e1 7 bytes JMP 000000016f3a128a
.text C:\Program Files (x86)\PHotkey\POSD.exe[4428] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075b7ea0d 7 bytes JMP 000000016f3a1244
.text C:\Program Files (x86)\PHotkey\POSD.exe[4428] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2ba 1 byte [62]
.text C:\Program Files (x86)\PHotkey\POSD.exe[4428] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075b8b1d3 5 bytes JMP 000000016f3a15aa
.text C:\Program Files (x86)\PHotkey\POSD.exe[4428] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c088b4 7 bytes JMP 000000016f3a1339
.text C:\Program Files (x86)\PHotkey\POSD.exe[4428] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c08939 5 bytes JMP 000000016f3a16d6
.text C:\Program Files (x86)\PHotkey\POSD.exe[4428] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c08c8f 5 bytes JMP 000000016f3a170d
.text C:\Program Files (x86)\PHotkey\POSD.exe[4428] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075f61d1b 5 bytes JMP 000000016f3a11c2
.text C:\Program Files (x86)\PHotkey\POSD.exe[4428] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075f61dc9 5 bytes JMP 000000016f3a1014
.text C:\Program Files (x86)\PHotkey\POSD.exe[4428] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075f62aa4 5 bytes JMP 000000016f3a1555
.text C:\Program Files (x86)\PHotkey\POSD.exe[4428] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075f62d0a 5 bytes JMP 000000016f3a1271
.text C:\Program Files (x86)\PHotkey\POSD.exe[4428] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000765f8a29 5 bytes JMP 000000016f3a1726
.text C:\Program Files (x86)\PHotkey\POSD.exe[4428] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076604572 5 bytes JMP 000000016f3a10a0
.text C:\Program Files (x86)\PHotkey\POSD.exe[4428] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007661e567 5 bytes JMP 000000016f3a1415
.text C:\Program Files (x86)\PHotkey\POSD.exe[4428] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076657a5c 5 bytes JMP 000000016f3a15d2
.text C:\Program Files (x86)\PHotkey\POSD.exe[4428] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007600e96b 5 bytes JMP 000000016f3a15c3
.text C:\Program Files (x86)\PHotkey\POSD.exe[4428] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007600eba5 5 bytes JMP 000000016f3a1186
.text C:\Program Files (x86)\PHotkey\POSD.exe[4428] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000761e5ea5 5 bytes JMP 000000016f3a15fa
.text C:\Program Files (x86)\PHotkey\POSD.exe[4428] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076219d0b 5 bytes JMP 000000016f3a121c
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4480] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2ba 1 byte [62]
.text D:\VM Ware\Installation\vmware-tray.exe[4544] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075b61eee 7 bytes JMP 000000016f3a1695
.text D:\VM Ware\Installation\vmware-tray.exe[4544] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075b65b85 7 bytes JMP 000000016f3a11a9
.text D:\VM Ware\Installation\vmware-tray.exe[4544] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075b713e1 7 bytes JMP 000000016f3a128a
.text D:\VM Ware\Installation\vmware-tray.exe[4544] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075b7ea0d 7 bytes JMP 000000016f3a1244
.text D:\VM Ware\Installation\vmware-tray.exe[4544] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2ba 1 byte [62]
.text D:\VM Ware\Installation\vmware-tray.exe[4544] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075b8b1d3 5 bytes JMP 000000016f3a15aa
.text D:\VM Ware\Installation\vmware-tray.exe[4544] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c088b4 7 bytes JMP 000000016f3a1339
.text D:\VM Ware\Installation\vmware-tray.exe[4544] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c08939 5 bytes JMP 000000016f3a16d6
.text D:\VM Ware\Installation\vmware-tray.exe[4544] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c08c8f 5 bytes JMP 000000016f3a170d
.text D:\VM Ware\Installation\vmware-tray.exe[4544] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075f61d1b 5 bytes JMP 000000016f3a11c2
.text D:\VM Ware\Installation\vmware-tray.exe[4544] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075f61dc9 5 bytes JMP 000000016f3a1014
.text D:\VM Ware\Installation\vmware-tray.exe[4544] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075f62aa4 5 bytes JMP 000000016f3a1555
.text D:\VM Ware\Installation\vmware-tray.exe[4544] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075f62d0a 5 bytes JMP 000000016f3a1271
.text D:\VM Ware\Installation\vmware-tray.exe[4544] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000765f8a29 5 bytes JMP 000000016f3a1726
.text D:\VM Ware\Installation\vmware-tray.exe[4544] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076604572 5 bytes JMP 000000016f3a10a0
.text D:\VM Ware\Installation\vmware-tray.exe[4544] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007661e567 5 bytes JMP 000000016f3a1415
.text D:\VM Ware\Installation\vmware-tray.exe[4544] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076657a5c 5 bytes JMP 000000016f3a15d2
.text D:\VM Ware\Installation\vmware-tray.exe[4544] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007600e96b 5 bytes JMP 000000016f3a15c3
.text D:\VM Ware\Installation\vmware-tray.exe[4544] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007600eba5 5 bytes JMP 000000016f3a1186
.text D:\VM Ware\Installation\vmware-tray.exe[4544] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000761e5ea5 5 bytes JMP 000000016f3a15fa
.text D:\VM Ware\Installation\vmware-tray.exe[4544] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076219d0b 5 bytes JMP 000000016f3a121c
.text C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe[4596] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075b61eee 7 bytes JMP 000000016f3a1695
.text C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe[4596] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075b65b85 7 bytes JMP 000000016f3a11a9
|
|
13.01.2014, 14:42
| #11 |
| | Windows 7 64Bit+ Avast, Win32:Maleware.gen Teil 8 Code:
ATTFilter .text C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe[4596] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075b713e1 7 bytes JMP 000000016f3a128a
.text C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe[4596] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075b7ea0d 7 bytes JMP 000000016f3a1244
.text C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe[4596] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2ba 1 byte [62]
.text C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe[4596] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075b8b1d3 5 bytes JMP 000000016f3a15aa
.text C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe[4596] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c088b4 7 bytes JMP 000000016f3a1339
.text C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe[4596] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c08939 5 bytes JMP 000000016f3a16d6
.text C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe[4596] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c08c8f 5 bytes JMP 000000016f3a170d
.text C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe[4596] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075f61d1b 5 bytes JMP 000000016f3a11c2
.text C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe[4596] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075f61dc9 5 bytes JMP 000000016f3a1014
.text C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe[4596] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075f62aa4 5 bytes JMP 000000016f3a1555
.text C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe[4596] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075f62d0a 5 bytes JMP 000000016f3a1271
.text C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe[4596] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007600e96b 5 bytes JMP 000000016f3a15c3
.text C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe[4596] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007600eba5 5 bytes JMP 000000016f3a1186
.text C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe[4596] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000765f8a29 5 bytes JMP 000000016f3a1726
.text C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe[4596] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076604572 5 bytes JMP 000000016f3a10a0
.text C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe[4596] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007661e567 5 bytes JMP 000000016f3a1415
.text C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe[4596] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076657a5c 5 bytes JMP 000000016f3a15d2
.text C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe[4596] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000761e5ea5 5 bytes JMP 000000016f3a15fa
.text C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe[4596] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076219d0b 5 bytes JMP 000000016f3a121c
.text C:\Program Files (x86)\PHotkey\GPMTray.exe[4676] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075b61eee 7 bytes JMP 000000016f3a1695
.text C:\Program Files (x86)\PHotkey\GPMTray.exe[4676] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075b65b85 7 bytes JMP 000000016f3a11a9
.text C:\Program Files (x86)\PHotkey\GPMTray.exe[4676] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075b713e1 7 bytes JMP 000000016f3a128a
.text C:\Program Files (x86)\PHotkey\GPMTray.exe[4676] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075b7ea0d 7 bytes JMP 000000016f3a1244
.text C:\Program Files (x86)\PHotkey\GPMTray.exe[4676] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2ba 1 byte [62]
.text C:\Program Files (x86)\PHotkey\GPMTray.exe[4676] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075b8b1d3 5 bytes JMP 000000016f3a15aa
.text C:\Program Files (x86)\PHotkey\GPMTray.exe[4676] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c088b4 7 bytes JMP 000000016f3a1339
.text C:\Program Files (x86)\PHotkey\GPMTray.exe[4676] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c08939 5 bytes JMP 000000016f3a16d6
.text C:\Program Files (x86)\PHotkey\GPMTray.exe[4676] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c08c8f 5 bytes JMP 000000016f3a170d
.text C:\Program Files (x86)\PHotkey\GPMTray.exe[4676] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075f61d1b 5 bytes JMP 000000016f3a11c2
.text C:\Program Files (x86)\PHotkey\GPMTray.exe[4676] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075f61dc9 5 bytes JMP 000000016f3a1014
.text C:\Program Files (x86)\PHotkey\GPMTray.exe[4676] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075f62aa4 5 bytes JMP 000000016f3a1555
.text C:\Program Files (x86)\PHotkey\GPMTray.exe[4676] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075f62d0a 5 bytes JMP 000000016f3a1271
.text C:\Program Files (x86)\PHotkey\GPMTray.exe[4676] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007600e96b 5 bytes JMP 000000016f3a15c3
.text C:\Program Files (x86)\PHotkey\GPMTray.exe[4676] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007600eba5 5 bytes JMP 000000016f3a1186
.text C:\Program Files (x86)\PHotkey\GPMTray.exe[4676] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000765f8a29 5 bytes JMP 000000016f3a1726
.text C:\Program Files (x86)\PHotkey\GPMTray.exe[4676] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076604572 5 bytes JMP 000000016f3a10a0
.text C:\Program Files (x86)\PHotkey\GPMTray.exe[4676] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007661e567 5 bytes JMP 000000016f3a1415
.text C:\Program Files (x86)\PHotkey\GPMTray.exe[4676] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076657a5c 5 bytes JMP 000000016f3a15d2
.text C:\Program Files (x86)\PHotkey\GPMTray.exe[4676] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000761e5ea5 5 bytes JMP 000000016f3a15fa
.text C:\Program Files (x86)\PHotkey\GPMTray.exe[4676] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076219d0b 5 bytes JMP 000000016f3a121c
.text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4880] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075b61eee 7 bytes JMP 000000016f3a1695
.text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4880] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075b65b85 7 bytes JMP 000000016f3a11a9
.text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4880] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075b713e1 7 bytes JMP 000000016f3a128a
.text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4880] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075b7ea0d 7 bytes JMP 000000016f3a1244
.text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4880] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2ba 1 byte [62]
.text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4880] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075b8b1d3 5 bytes JMP 000000016f3a15aa
.text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4880] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c088b4 7 bytes JMP 000000016f3a1339
.text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4880] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c08939 5 bytes JMP 000000016f3a16d6
.text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4880] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c08c8f 5 bytes JMP 000000016f3a170d
.text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4880] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075f61d1b 5 bytes JMP 000000016f3a11c2
.text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4880] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075f61dc9 5 bytes JMP 000000016f3a1014
.text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4880] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075f62aa4 5 bytes JMP 000000016f3a1555
.text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4880] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075f62d0a 5 bytes JMP 000000016f3a1271
.text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4880] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000765f8a29 5 bytes JMP 000000016f3a1726
.text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4880] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076604572 5 bytes JMP 000000016f3a10a0
.text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4880] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007661e567 5 bytes JMP 000000016f3a1415
.text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4880] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076657a5c 5 bytes JMP 000000016f3a15d2
.text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4880] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007600e96b 5 bytes JMP 000000016f3a15c3
.text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4880] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007600eba5 5 bytes JMP 000000016f3a1186
.text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4880] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 00000000764e1465 2 bytes [4E, 76]
.text C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4880] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000764e14bb 2 bytes [4E, 76]
.text ... * 2
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000100070460
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000100070450
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000100070370
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000100070470
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000001000703e0
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000100070320
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000001000703b0
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000100070390
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000001000702e0
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000001000702d0
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000100070310
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000001000703c0
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000001000703f0
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000100070230
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000100070480
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000001000703a0
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000001000702f0
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000100070350
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000100070290
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000001000702b0
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000001000703d0
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000100070330
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000100070410
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000100070240
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000001000701e0
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000100070250
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000100070490
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000001000704a0
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000100070300
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000100070360
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000001000702a0
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000001000702c0
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000100070380
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000100070340
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000100070440
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000100070260
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000100070270
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000100070400
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000001000701f0
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000100070210
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000100070200
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000100070420
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000100070430
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000100070220
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000100070280
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd732db0 5 bytes JMP 000007fffd720180
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7337d0 7 bytes JMP 000007fffd7200d8
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd738ef0 6 bytes JMP 000007fffd720148
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd74af60 5 bytes JMP 000007fffd720110
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff2889e0 8 bytes JMP 000007fffd7201f0
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff28be40 8 bytes JMP 000007fffd7201b8
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefef27490 11 bytes JMP 000007fffd720228
.text C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe[4940] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefef3bf00 7 bytes JMP 000007fffd720260
.text C:\Windows\SysWOW64\vmnetdhcp.exe[4960] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2ba 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000100070460
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000100070450
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000100070370
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000100070470
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000001000703e0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000100070320
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000001000703b0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000100070390
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000001000702e0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000001000702d0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000100070310
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000001000703c0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000001000703f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000100070230
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000100070480
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000001000703a0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000001000702f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000100070350
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000100070290
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000001000702b0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000001000703d0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000100070330
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000100070410
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000100070240
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000001000701e0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000100070250
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000100070490
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000001000704a0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000100070300
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000100070360
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000001000702a0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000001000702c0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000100070380
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000100070340
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000100070440
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000100070260
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000100070270
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000100070400
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000001000701f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000100070210
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000100070200
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000100070420
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000100070430
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000100070220
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000100070280
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007738af40 7 bytes JMP 000000016fff0260
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077394a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773b2990 5 bytes JMP 000000016fff01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773befe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773deecd 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000773e99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000773f94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000773f9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007741a500 7 bytes JMP 000000016fff0228
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd732db0 5 bytes JMP 000007fffd720180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7337d0 7 bytes JMP 000007fffd7200d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd738ef0 6 bytes JMP 000007fffd720148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd74af60 5 bytes JMP 000007fffd720110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff2889e0 8 bytes JMP 000007fffd7201f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4132] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff28be40 8 bytes JMP 000007fffd7201b8
.text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000077750460
.text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000077750450
.text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000077750370
.text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000077750470
.text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000000777503e0
.text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000077750320
.text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000000777503b0
.text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000077750390
.text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000000777502e0
.text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000000777502d0
.text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000077750310
.text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000000777503c0
.text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000000777503f0
.text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000077750230
.text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000077750480
.text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000000777503a0
.text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000000777502f0
.text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000077750350
.text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000077750290
.text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000000777502b0
.text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000000777503d0
.text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000077750330
.text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000077750410
.text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000077750240
.text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000000777501e0
.text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000077750250
.text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000077750490
.text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000000777504a0
.text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000077750300
.text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000077750360
.text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000000777502a0
.text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000000777502c0
.text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000077750380
.text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000077750340
.text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000077750440
.text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000077750260
.text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000077750270
.text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000077750400
.text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000000777501f0
.text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000077750210
.text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000077750200
.text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000077750420
.text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000077750430
.text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000077750220
.text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[4068] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000077750280
.text C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[4068] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773deecd 1 byte [62]
.text D:\VM Ware\Installation\vmware-hostd.exe[4228] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2ba 1 byte [62]
.text D:\VM Ware\Installation\vmware-hostd.exe[4228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000764e1465 2 bytes [4E, 76]
.text D:\VM Ware\Installation\vmware-hostd.exe[4228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764e14bb 2 bytes [4E, 76]
.text ... * 2
.text C:\Windows\system32\wbem\unsecapp.exe[380] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd732db0 5 bytes JMP 000007fffd720180
.text C:\Windows\system32\wbem\unsecapp.exe[380] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7337d0 7 bytes JMP 000007fffd7200d8
.text C:\Windows\system32\wbem\unsecapp.exe[380] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd738ef0 6 bytes JMP 000007fffd720148
.text C:\Windows\system32\wbem\unsecapp.exe[380] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd74af60 5 bytes JMP 000007fffd720110
.text C:\Windows\system32\wbem\unsecapp.exe[380] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefef27490 11 bytes JMP 000007fffd720228
.text C:\Windows\system32\wbem\unsecapp.exe[380] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefef3bf00 7 bytes JMP 000007fffd720260
.text C:\Windows\system32\wbem\unsecapp.exe[380] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff2889e0 8 bytes JMP 000007fffd7201f0
.text C:\Windows\system32\wbem\unsecapp.exe[380] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff28be40 8 bytes JMP 000007fffd7201b8
.text C:\Windows\system32\SearchIndexer.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000100070460
.text C:\Windows\system32\SearchIndexer.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000100070450
.text C:\Windows\system32\SearchIndexer.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000100070370
.text C:\Windows\system32\SearchIndexer.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000100070470
.text C:\Windows\system32\SearchIndexer.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\SearchIndexer.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000100070320
.text C:\Windows\system32\SearchIndexer.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\SearchIndexer.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000100070390
.text C:\Windows\system32\SearchIndexer.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\SearchIndexer.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\SearchIndexer.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000100070310
.text C:\Windows\system32\SearchIndexer.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\SearchIndexer.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\SearchIndexer.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000100070230
.text C:\Windows\system32\SearchIndexer.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000100070480
.text C:\Windows\system32\SearchIndexer.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\SearchIndexer.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\SearchIndexer.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000100070350
.text C:\Windows\system32\SearchIndexer.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000100070290
.text C:\Windows\system32\SearchIndexer.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\SearchIndexer.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\SearchIndexer.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000100070330
.text C:\Windows\system32\SearchIndexer.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000100070410
.text C:\Windows\system32\SearchIndexer.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000100070240
.text C:\Windows\system32\SearchIndexer.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\SearchIndexer.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000100070250
.text C:\Windows\system32\SearchIndexer.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000100070490
.text C:\Windows\system32\SearchIndexer.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\SearchIndexer.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000100070300
.text C:\Windows\system32\SearchIndexer.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000100070360
.text C:\Windows\system32\SearchIndexer.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\SearchIndexer.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\SearchIndexer.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000100070380
.text C:\Windows\system32\SearchIndexer.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000100070340
.text C:\Windows\system32\SearchIndexer.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000100070440
.text C:\Windows\system32\SearchIndexer.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000100070260
.text C:\Windows\system32\SearchIndexer.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000100070270
.text C:\Windows\system32\SearchIndexer.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000100070400
.text C:\Windows\system32\SearchIndexer.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\SearchIndexer.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000100070210
.text C:\Windows\system32\SearchIndexer.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000100070200
.text C:\Windows\system32\SearchIndexer.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000100070420
.text C:\Windows\system32\SearchIndexer.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000100070430
.text C:\Windows\system32\SearchIndexer.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000100070220
.text C:\Windows\system32\SearchIndexer.exe[3492] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000100070280
.text C:\Windows\system32\SearchIndexer.exe[3492] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773deecd 1 byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5976] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773deecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000077750460
.text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000077750450
.text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000077750370
.text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000077750470
.text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000000777503e0
.text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000077750320
.text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000000777503b0
.text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000077750390
.text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000000777502e0
.text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000000777502d0
.text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000077750310
.text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000000777503c0
.text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000000777503f0
.text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000077750230
.text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000077750480
.text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000000777503a0
.text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000000777502f0
.text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000077750350
.text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000077750290
.text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000000777502b0
.text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000000777503d0
.text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000077750330
.text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000077750410
.text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000077750240
.text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000000777501e0
.text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000077750250
.text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000077750490
.text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000000777504a0
.text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000077750300
.text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000077750360
.text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000000777502a0
.text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000000777502c0
.text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000077750380
.text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000077750340
.text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000077750440
.text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000077750260
.text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000077750270
.text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000077750400
.text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000000777501f0
.text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000077750210
.text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000077750200
.text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000077750420
.text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000077750430
.text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000077750220
.text C:\Windows\system32\svchost.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000077750280
.text C:\Windows\system32\svchost.exe[4760] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773deecd 1 byte [62]
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000077750460
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000077750450
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000077750370
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000077750470
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000000777503e0
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000077750320
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000000777503b0
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000077750390
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000000777502e0
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000000777502d0
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000077750310
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000000777503c0
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000000777503f0
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000077750230
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000077750480
|
|
13.01.2014, 14:44
| #12 |
| | Windows 7 64Bit+ Avast, Win32:Maleware.gen Teil 9 Code:
ATTFilter .text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000000777503a0
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000000777502f0
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000077750350
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000077750290
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000000777502b0
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000000777503d0
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000077750330
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000077750410
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000077750240
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000000777501e0
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000077750250
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000077750490
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000000777504a0
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000077750300
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000077750360
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000000777502a0
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000000777502c0
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000077750380
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000077750340
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000077750440
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000077750260
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000077750270
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000077750400
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000000777501f0
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000077750210
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000077750200
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000077750420
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000077750430
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000077750220
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7072] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000077750280
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[7072] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773deecd 1 byte [62]
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[7124] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000077750460
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[7124] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000077750450
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[7124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000077750370
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[7124] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000077750470
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[7124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000000777503e0
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[7124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000077750320
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[7124] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000000777503b0
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[7124] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000077750390
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[7124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000000777502e0
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[7124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000000777502d0
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[7124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000077750310
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[7124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000000777503c0
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[7124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000000777503f0
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[7124] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000077750230
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[7124] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000077750480
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[7124] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000000777503a0
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[7124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000000777502f0
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[7124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000077750350
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[7124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000077750290
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[7124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000000777502b0
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[7124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000000777503d0
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[7124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000077750330
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[7124] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000077750410
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[7124] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000077750240
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[7124] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000000777501e0
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[7124] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000077750250
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[7124] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000077750490
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[7124] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000000777504a0
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[7124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000077750300
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[7124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000077750360
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[7124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000000777502a0
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[7124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000000777502c0
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[7124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000077750380
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[7124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000077750340
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[7124] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000077750440
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[7124] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000077750260
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[7124] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000077750270
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[7124] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000077750400
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[7124] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000000777501f0
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[7124] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000077750210
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[7124] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000077750200
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[7124] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000077750420
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[7124] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000077750430
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[7124] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000077750220
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[7124] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000077750280
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[7124] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773deecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000077750460
.text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000077750450
.text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000077750370
.text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000077750470
.text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000000777503e0
.text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000077750320
.text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000000777503b0
.text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000077750390
.text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000000777502e0
.text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000000777502d0
.text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000077750310
.text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000000777503c0
.text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000000777503f0
.text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000077750230
.text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000077750480
.text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000000777503a0
.text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000000777502f0
.text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000077750350
.text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000077750290
.text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000000777502b0
.text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000000777503d0
.text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000077750330
.text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000077750410
.text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000077750240
.text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000000777501e0
.text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000077750250
.text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000077750490
.text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000000777504a0
.text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000077750300
.text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000077750360
.text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000000777502a0
.text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000000777502c0
.text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000077750380
.text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000077750340
.text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000077750440
.text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000077750260
.text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000077750270
.text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000077750400
.text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000000777501f0
.text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000077750210
.text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000077750200
.text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000077750420
.text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000077750430
.text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000077750220
.text C:\Windows\system32\svchost.exe[1508] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000077750280
.text C:\Windows\system32\svchost.exe[1508] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773deecd 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2236] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000075b8a2ba 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000764e1465 2 bytes [4E, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764e14bb 2 bytes [4E, 76]
.text ...
Code:
ATTFilter
* 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3764] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2ba 1 byte [62]
.text C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[2996] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000075b8a2ba 1 byte [62]
.text C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000764e1465 2 bytes [4E, 76]
.text C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764e14bb 2 bytes [4E, 76]
.text ... * 2
.text C:\Windows\System32\svchost.exe[6924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000077750460
.text C:\Windows\System32\svchost.exe[6924] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000077750450
.text C:\Windows\System32\svchost.exe[6924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000077750370
.text C:\Windows\System32\svchost.exe[6924] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000077750470
.text C:\Windows\System32\svchost.exe[6924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000000777503e0
.text C:\Windows\System32\svchost.exe[6924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000077750320
.text C:\Windows\System32\svchost.exe[6924] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000000777503b0
.text C:\Windows\System32\svchost.exe[6924] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000077750390
.text C:\Windows\System32\svchost.exe[6924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000000777502e0
.text C:\Windows\System32\svchost.exe[6924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000000777502d0
.text C:\Windows\System32\svchost.exe[6924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000077750310
.text C:\Windows\System32\svchost.exe[6924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000000777503c0
.text C:\Windows\System32\svchost.exe[6924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000000777503f0
.text C:\Windows\System32\svchost.exe[6924] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000077750230
.text C:\Windows\System32\svchost.exe[6924] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000077750480
.text C:\Windows\System32\svchost.exe[6924] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000000777503a0
.text C:\Windows\System32\svchost.exe[6924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000000777502f0
.text C:\Windows\System32\svchost.exe[6924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000077750350
.text C:\Windows\System32\svchost.exe[6924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000077750290
.text C:\Windows\System32\svchost.exe[6924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000000777502b0
.text C:\Windows\System32\svchost.exe[6924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000000777503d0
.text C:\Windows\System32\svchost.exe[6924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000077750330
.text C:\Windows\System32\svchost.exe[6924] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000077750410
.text C:\Windows\System32\svchost.exe[6924] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000077750240
.text C:\Windows\System32\svchost.exe[6924] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000000777501e0
.text C:\Windows\System32\svchost.exe[6924] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000077750250
.text C:\Windows\System32\svchost.exe[6924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000077750490
.text C:\Windows\System32\svchost.exe[6924] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000000777504a0
.text C:\Windows\System32\svchost.exe[6924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000077750300
.text C:\Windows\System32\svchost.exe[6924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000077750360
.text C:\Windows\System32\svchost.exe[6924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000000777502a0
.text C:\Windows\System32\svchost.exe[6924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000000777502c0
.text C:\Windows\System32\svchost.exe[6924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000077750380
.text C:\Windows\System32\svchost.exe[6924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000077750340
.text C:\Windows\System32\svchost.exe[6924] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000077750440
.text C:\Windows\System32\svchost.exe[6924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000077750260
.text C:\Windows\System32\svchost.exe[6924] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000077750270
.text C:\Windows\System32\svchost.exe[6924] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000077750400
.text C:\Windows\System32\svchost.exe[6924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000000777501f0
.text C:\Windows\System32\svchost.exe[6924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000077750210
.text C:\Windows\System32\svchost.exe[6924] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000077750200
.text C:\Windows\System32\svchost.exe[6924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000077750420
.text C:\Windows\System32\svchost.exe[6924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000077750430
.text C:\Windows\System32\svchost.exe[6924] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000077750220
.text C:\Windows\System32\svchost.exe[6924] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000077750280
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6996] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2ba 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000764e1465 2 bytes [4E, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764e14bb 2 bytes [4E, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2616] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075b61eee 7 bytes JMP 000000016f3a1695
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2616] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075b65b85 7 bytes JMP 000000016f3a11a9
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2616] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075b713e1 7 bytes JMP 000000016f3a128a
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2616] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075b7ea0d 7 bytes JMP 000000016f3a1244
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2616] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2ba 1 byte [62]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2616] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075b8b1d3 5 bytes JMP 000000016f3a15aa
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2616] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c088b4 7 bytes JMP 000000016f3a1339
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2616] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c08939 5 bytes JMP 000000016f3a16d6
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2616] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c08c8f 5 bytes JMP 000000016f3a170d
.text C:\Windows\system32\AUDIODG.EXE[6612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000775f1360 5 bytes JMP 0000000077750460
.text C:\Windows\system32\AUDIODG.EXE[6612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775f13b0 5 bytes JMP 0000000077750450
.text C:\Windows\system32\AUDIODG.EXE[6612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000775f1510 5 bytes JMP 0000000077750370
.text C:\Windows\system32\AUDIODG.EXE[6612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000775f1560 5 bytes JMP 0000000077750470
.text C:\Windows\system32\AUDIODG.EXE[6612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000775f1570 5 bytes JMP 00000000777503e0
.text C:\Windows\system32\AUDIODG.EXE[6612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000775f1620 5 bytes JMP 0000000077750320
.text C:\Windows\system32\AUDIODG.EXE[6612] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000775f1650 5 bytes JMP 00000000777503b0
.text C:\Windows\system32\AUDIODG.EXE[6612] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000775f1670 5 bytes JMP 0000000077750390
.text C:\Windows\system32\AUDIODG.EXE[6612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775f16b0 5 bytes JMP 00000000777502e0
.text C:\Windows\system32\AUDIODG.EXE[6612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000775f1730 5 bytes JMP 00000000777502d0
.text C:\Windows\system32\AUDIODG.EXE[6612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000775f1750 5 bytes JMP 0000000077750310
.text C:\Windows\system32\AUDIODG.EXE[6612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000775f1790 5 bytes JMP 00000000777503c0
.text C:\Windows\system32\AUDIODG.EXE[6612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775f17e0 5 bytes JMP 00000000777503f0
.text C:\Windows\system32\AUDIODG.EXE[6612] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000775f1940 5 bytes JMP 0000000077750230
.text C:\Windows\system32\AUDIODG.EXE[6612] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000775f1b00 5 bytes JMP 0000000077750480
.text C:\Windows\system32\AUDIODG.EXE[6612] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000775f1b30 5 bytes JMP 00000000777503a0
.text C:\Windows\system32\AUDIODG.EXE[6612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000775f1c10 5 bytes JMP 00000000777502f0
.text C:\Windows\system32\AUDIODG.EXE[6612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000775f1c20 5 bytes JMP 0000000077750350
.text C:\Windows\system32\AUDIODG.EXE[6612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000775f1c80 5 bytes JMP 0000000077750290
.text C:\Windows\system32\AUDIODG.EXE[6612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000775f1d10 5 bytes JMP 00000000777502b0
.text C:\Windows\system32\AUDIODG.EXE[6612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000775f1d30 5 bytes JMP 00000000777503d0
.text C:\Windows\system32\AUDIODG.EXE[6612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000775f1d40 5 bytes JMP 0000000077750330
.text C:\Windows\system32\AUDIODG.EXE[6612] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000775f1db0 5 bytes JMP 0000000077750410
.text C:\Windows\system32\AUDIODG.EXE[6612] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000775f1de0 5 bytes JMP 0000000077750240
.text C:\Windows\system32\AUDIODG.EXE[6612] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775f20a0 5 bytes JMP 00000000777501e0
.text C:\Windows\system32\AUDIODG.EXE[6612] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000775f2160 5 bytes JMP 0000000077750250
.text C:\Windows\system32\AUDIODG.EXE[6612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000775f2190 5 bytes JMP 0000000077750490
.text C:\Windows\system32\AUDIODG.EXE[6612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775f21a0 5 bytes JMP 00000000777504a0
.text C:\Windows\system32\AUDIODG.EXE[6612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775f21d0 5 bytes JMP 0000000077750300
.text C:\Windows\system32\AUDIODG.EXE[6612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775f21e0 5 bytes JMP 0000000077750360
.text C:\Windows\system32\AUDIODG.EXE[6612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000775f2240 5 bytes JMP 00000000777502a0
.text C:\Windows\system32\AUDIODG.EXE[6612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000775f2290 5 bytes JMP 00000000777502c0
.text C:\Windows\system32\AUDIODG.EXE[6612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775f22c0 5 bytes JMP 0000000077750380
.text C:\Windows\system32\AUDIODG.EXE[6612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775f22d0 5 bytes JMP 0000000077750340
.text C:\Windows\system32\AUDIODG.EXE[6612] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775f25c0 5 bytes JMP 0000000077750440
.text C:\Windows\system32\AUDIODG.EXE[6612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775f27c0 5 bytes JMP 0000000077750260
.text C:\Windows\system32\AUDIODG.EXE[6612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775f27d0 5 bytes JMP 0000000077750270
.text C:\Windows\system32\AUDIODG.EXE[6612] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775f27e0 5 bytes JMP 0000000077750400
.text C:\Windows\system32\AUDIODG.EXE[6612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775f29a0 5 bytes JMP 00000000777501f0
.text C:\Windows\system32\AUDIODG.EXE[6612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775f29b0 5 bytes JMP 0000000077750210
.text C:\Windows\system32\AUDIODG.EXE[6612] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000775f2a20 5 bytes JMP 0000000077750200
.text C:\Windows\system32\AUDIODG.EXE[6612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000775f2a80 5 bytes JMP 0000000077750420
.text C:\Windows\system32\AUDIODG.EXE[6612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000775f2a90 5 bytes JMP 0000000077750430
.text C:\Windows\system32\AUDIODG.EXE[6612] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000775f2aa0 5 bytes JMP 0000000077750220
.text C:\Windows\system32\AUDIODG.EXE[6612] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000775f2b80 5 bytes JMP 0000000077750280
.text C:\Windows\system32\AUDIODG.EXE[6612] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 00000000773deecd 1 byte [62]
.text C:\Windows\system32\taskhost.exe[6180] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000773deecd 1 byte [62]
.text C:\Users\User\Downloads\gmer_2.1.19163.exe[6688] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075b61eee 7 bytes JMP 000000016f3a1695
.text C:\Users\User\Downloads\gmer_2.1.19163.exe[6688] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075b65b85 7 bytes JMP 000000016f3a11a9
.text C:\Users\User\Downloads\gmer_2.1.19163.exe[6688] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075b713e1 7 bytes JMP 000000016f3a128a
.text C:\Users\User\Downloads\gmer_2.1.19163.exe[6688] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075b7ea0d 7 bytes JMP 000000016f3a1244
.text C:\Users\User\Downloads\gmer_2.1.19163.exe[6688] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075b8a2ba 1 byte [62]
.text C:\Users\User\Downloads\gmer_2.1.19163.exe[6688] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000075b8b1d3 5 bytes JMP 000000016f3a15aa
.text C:\Users\User\Downloads\gmer_2.1.19163.exe[6688] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c088b4 7 bytes JMP 000000016f3a1339
.text C:\Users\User\Downloads\gmer_2.1.19163.exe[6688] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c08939 5 bytes JMP 000000016f3a16d6
.text C:\Users\User\Downloads\gmer_2.1.19163.exe[6688] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c08c8f 5 bytes JMP 000000016f3a170d
.text C:\Users\User\Downloads\gmer_2.1.19163.exe[6688] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075f61d1b 5 bytes JMP 000000016f3a11c2
.text C:\Users\User\Downloads\gmer_2.1.19163.exe[6688] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075f61dc9 5 bytes JMP 000000016f3a1014
.text C:\Users\User\Downloads\gmer_2.1.19163.exe[6688] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075f62aa4 5 bytes JMP 000000016f3a1555
.text C:\Users\User\Downloads\gmer_2.1.19163.exe[6688] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075f62d0a 5 bytes JMP 000000016f3a1271
.text C:\Users\User\Downloads\gmer_2.1.19163.exe[6688] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007600e96b 5 bytes JMP 000000016f3a15c3
.text C:\Users\User\Downloads\gmer_2.1.19163.exe[6688] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007600eba5 5 bytes JMP 000000016f3a1186
.text C:\Users\User\Downloads\gmer_2.1.19163.exe[6688] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000765f8a29 5 bytes JMP 000000016f3a1726
.text C:\Users\User\Downloads\gmer_2.1.19163.exe[6688] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076604572 5 bytes JMP 000000016f3a10a0
.text C:\Users\User\Downloads\gmer_2.1.19163.exe[6688] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007661e567 5 bytes JMP 000000016f3a1415
.text C:\Users\User\Downloads\gmer_2.1.19163.exe[6688] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076657a5c 5 bytes JMP 000000016f3a15d2
.text C:\Users\User\Downloads\gmer_2.1.19163.exe[6688] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000761e5ea5 5 bytes JMP 000000016f3a15fa
.text C:\Users\User\Downloads\gmer_2.1.19163.exe[6688] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076219d0b 5 bytes JMP 000000016f3a121c
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [6924:5952] 000007fef5789688
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\6036dd228c96
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\6036dd228c96@7c6193c12649 0x92 0x48 0xF9 0x6A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\6036dd228c96@c06599989914 0x6D 0x4F 0xB2 0x4C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\6036dd228c96@5c3c27fa6824 0x59 0x8F 0x56 0xA6 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA9 0x20 0x40 0x9B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF1 0x3D 0x0E 0x6A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3D 0x6C 0x8E 0x94 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\6036dd228c96 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\6036dd228c96@7c6193c12649 0x92 0x48 0xF9 0x6A ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\6036dd228c96@c06599989914 0x6D 0x4F 0xB2 0x4C ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\6036dd228c96@5c3c27fa6824 0x59 0x8F 0x56 0xA6 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA9 0x20 0x40 0x9B ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF1 0x3D 0x0E 0x6A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3D 0x6C 0x8E 0x94 ...
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@SIGN.MEDIA=1E9F19FA Franzis 3D Führerschein-Trainer \x2013 2012 Theoretische Führerscheinprüfung\Fuehrerschein-2012-PCWelt.exe 1
---- EOF - GMER 2.1 ----
|
|
14.01.2014, 09:50
| #13 |
| /// the machine /// TB-Ausbilder | Windows 7 64Bit+ Avast, Win32:Maleware.gen Wo findet Avast das denn?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.01.2014, 10:54
| #14 |
| | Windows 7 64Bit+ Avast, Win32:Maleware.gen Avast findet ihn auf: C:\Programm Files (86)\Internet Explorer\IEXPLORE.EXE und auf diese Seite hier: TudoSearch.com :: Maps wird verwiesen. Habe diese Seite aber nie aufgerufen. |
|
16.01.2014, 08:31
| #15 |
| /// the machine /// TB-Ausbilder | Windows 7 64Bit+ Avast, Win32:Maleware.gen hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 7 64Bit+ Avast, Win32:Maleware.gen |
| automatisch, avast, avast free antivirus, fehlermeldung, firefox, free, gelöscht, gmer, infizierte, keine viren, langsam, malware, neu, problem, programm, programme, ratlos, rechner, scan, scanner, suchmaschine, system, system neu, viren, virus, win 7 64 bit, win32, win32 malware gen, windows, windows 7, öffnen |
Linear-Darstellung
