Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Malwarebytes findet Mobogenie. Noch mehr malware?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 26.11.2014, 17:33   #1
Sirene88
 
Malwarebytes findet Mobogenie. Noch mehr malware? - Standard

Malwarebytes findet Mobogenie. Noch mehr malware?



Hallo liebes TB-Team.

Malwarebytes fand heute einen schädling auf meinem Rechner.
Ich lies diesen Entfernen (Log anbei)
und folgte eurer anleitung.
Meine Frage ist, ob sich eventuell noch mehr auf meinem Rechner befindet
und ersuche daher eure Hilfe.

Defogger nicht nötig, da keine virtuellen Laufwerke vorhanden.
Hier die Logs :

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014
Ran by Jessica (administrator) on JESSICA-PC on 26-11-2014 18:13:32
Running from C:\Users\Jessica\Desktop
Loaded Profile: Jessica (Available profiles: Jessica)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar Core\DIPAwayMode\DipAwayMode.exe
() C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.03\AsusFanControlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ACD Systems) C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-12-19] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-12-19] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-26] (AVAST Software)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ACPW05DE] => C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe [822384 2011-11-17] (ACD Systems)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3833322267-538766727-1948873061-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-3833322267-538766727-1948873061-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x737E9E5CDFFCCE01
HKU\S-1-5-21-3833322267-538766727-1948873061-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.192.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-12-20]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-19]

Chrome: 
=======
CHR Profile: C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-26]
CHR Extension: (Google Drive) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-26]
CHR Extension: (Google-Suche) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-26]
CHR Extension: (Avast SafePrice) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-08-21]
CHR Extension: (ZenMate) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-07-26]
CHR Extension: (AdBlock) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-26]
CHR Extension: (Avast Online Security) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-12-19]
CHR Extension: (Session Manager) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc [2014-07-26]
CHR Extension: (Google Wallet) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-19]
CHR Extension: (Google Mail) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-26]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-12-19] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2013-12-19] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2013-12-19] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.03\AsusFanControlService.exe [1690424 2013-12-19] (ASUSTeK Computer Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-26] (AVAST Software)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4797064 2013-11-05] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-03-28] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
S1 ASMTFilter; C:\Windows\System32\DRIVERS\asmtufdriver.sys [21400 2013-12-19] (hxxp://www.asmedia.com.tw) [File not signed]
S1 ASMTFilter; C:\Windows\SysWOW64\DRIVERS\asmtufdriver.sys [16640 2013-12-19] (hxxp://www.asmedia.com.tw) [File not signed]
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2013-12-19] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2013-12-19] (MCCI Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-26] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-26] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-26] ()
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-30] (Intel Corporation)
S3 ezplay; C:\Windows\System32\Drivers\ezplay.sys [118400 2014-01-24] (VSO Software) [File not signed]
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [4433696 2013-12-19] (Intel Corporation) [File not signed]
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [442368 2013-12-19] (Intel(R) Corporation) [File not signed]
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-26 18:13 - 2014-11-26 18:13 - 02118144 _____ (Farbar) C:\Users\Jessica\Desktop\FRST64.exe
2014-11-26 18:13 - 2014-11-26 18:13 - 00016062 _____ () C:\Users\Jessica\Desktop\FRST.txt
2014-11-26 18:13 - 2014-11-26 18:13 - 00000000 ____D () C:\FRST
2014-11-26 18:12 - 2014-11-26 18:13 - 02118144 _____ (Farbar) C:\Users\Jessica\Downloads\FRST64.exe
2014-11-26 18:07 - 2014-11-26 18:07 - 00001147 _____ () C:\Users\Jessica\Desktop\123.txt
2014-11-26 17:52 - 2014-11-26 17:52 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-26 17:52 - 2014-11-26 17:52 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-26 17:52 - 2014-11-26 17:52 - 00001924 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-11-26 17:35 - 2014-11-26 17:35 - 05198336 _____ (AVAST Software) C:\Users\Jessica\Downloads\aswmbr.exe
2014-11-18 20:49 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 20:49 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 20:49 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 20:49 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-14 15:53 - 2014-11-14 15:53 - 00000000 ____D () C:\Users\Jessica\Desktop\tattoos
2014-11-13 20:55 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-13 20:55 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-13 20:55 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-13 20:55 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 20:55 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-13 20:55 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-13 20:55 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-13 20:55 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-13 20:55 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-13 20:55 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 20:55 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 20:55 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-13 20:55 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-13 20:55 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-13 20:55 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-13 20:55 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-13 20:55 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-13 20:55 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 20:55 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-13 20:55 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 20:55 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-13 20:55 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-13 20:55 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-13 20:55 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-13 20:55 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-13 20:55 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 20:55 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-13 20:55 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-13 20:55 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-13 20:55 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-13 20:55 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-13 20:55 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 20:55 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-13 20:55 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-13 20:55 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 20:55 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-13 20:55 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-13 20:55 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 20:55 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-13 20:55 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-13 20:55 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 20:55 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-13 20:55 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-13 20:55 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-13 20:55 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 20:55 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-13 20:55 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-13 20:55 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-13 20:55 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-13 20:55 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 20:55 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 20:55 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-13 20:55 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-13 20:55 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-13 20:55 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-13 20:55 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-13 20:55 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-13 20:55 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-13 20:55 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-13 20:55 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-13 20:55 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-13 20:55 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 20:55 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 20:55 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 20:55 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-13 20:55 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-13 20:55 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-13 20:55 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-13 20:55 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 20:55 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-13 20:55 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-13 20:55 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-13 20:55 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-13 20:55 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-13 20:55 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-13 20:55 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 20:55 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-13 20:55 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-13 20:55 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-13 20:55 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-13 20:55 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-13 20:54 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 20:54 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-13 20:54 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 20:54 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-13 20:54 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-13 20:54 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-13 20:54 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-13 20:54 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 20:54 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 20:54 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 20:54 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-13 20:54 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 20:54 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-13 20:54 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-13 20:54 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-13 20:54 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-13 20:54 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-13 20:54 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-13 20:54 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-13 20:54 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-03 15:02 - 2014-11-03 15:02 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\pdfforge
2014-11-03 15:02 - 2014-11-03 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-11-03 15:02 - 2014-11-03 15:02 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-11-03 15:02 - 2014-04-25 17:44 - 01070152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2014-11-03 15:02 - 2014-04-25 17:44 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2014-11-03 15:02 - 2014-04-25 17:44 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2014-11-03 15:02 - 2014-04-25 17:44 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2014-11-03 15:02 - 2014-04-25 17:44 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2014-11-03 15:02 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL
2014-11-03 15:02 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL
2014-11-03 15:02 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL
2014-11-03 15:00 - 2014-11-03 15:01 - 27843432 _____ (pdfforge ) C:\Users\Jessica\Downloads\PDFCreator-1_7_3_setup.exe
2014-11-01 00:26 - 2014-11-01 00:26 - 00009946 _____ () C:\Users\Jessica\Documents\Unbenannt 1.odt
2014-10-29 23:20 - 2014-10-29 23:42 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\Bioshock2Steam
2014-10-29 23:20 - 2014-10-29 23:20 - 00000000 ____D () C:\Users\Jessica\Documents\Bioshock2
2014-10-29 18:56 - 2014-10-29 18:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-29 18:56 - 2014-10-29 18:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-29 18:56 - 2014-10-29 18:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-29 18:56 - 2014-10-29 18:56 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-29 18:56 - 2014-10-29 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-29 18:56 - 2014-10-29 18:56 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-29 18:33 - 2014-10-30 23:02 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\Bioshock
2014-10-29 18:33 - 2014-10-29 18:40 - 00000000 ____D () C:\Users\Jessica\Documents\Bioshock


==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-26 18:12 - 2009-07-14 05:45 - 00027120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-26 18:12 - 2009-07-14 05:45 - 00027120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-26 18:08 - 2013-12-19 17:57 - 01940258 _____ () C:\Windows\WindowsUpdate.log
2014-11-26 18:06 - 2014-07-14 13:54 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-26 18:05 - 2009-07-14 05:51 - 00113411 _____ () C:\Windows\setupact.log
2014-11-26 18:04 - 2013-12-19 19:20 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-26 18:04 - 2010-11-21 04:47 - 00034110 _____ () C:\Windows\PFRO.log
2014-11-26 18:04 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-26 18:03 - 2013-12-20 17:17 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2014-11-26 17:52 - 2014-05-04 17:42 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-26 17:52 - 2013-12-19 19:25 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-26 17:52 - 2013-12-19 19:25 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-11-26 17:52 - 2013-12-19 19:25 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-26 17:52 - 2013-12-19 19:25 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-11-26 17:52 - 2013-12-19 19:25 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-26 17:52 - 2013-12-19 19:25 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-26 17:52 - 2013-12-19 19:25 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-26 17:52 - 2013-12-19 19:25 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-26 17:49 - 2014-07-14 13:54 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-26 17:49 - 2014-07-14 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-26 17:49 - 2014-07-14 13:54 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-24 21:17 - 2013-12-19 19:20 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-24 20:18 - 2013-12-19 19:21 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-23 00:53 - 2013-12-19 19:33 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-20 22:31 - 2013-12-20 16:50 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\vlc
2014-11-16 15:42 - 2013-12-20 17:16 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-11-16 13:53 - 2011-04-12 08:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-11-16 13:53 - 2011-04-12 08:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-11-16 13:53 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-15 11:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-14 16:12 - 2013-12-19 19:20 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 16:12 - 2013-12-19 19:20 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-14 15:51 - 2009-07-14 05:45 - 00295752 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-14 15:50 - 2014-05-06 19:36 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-13 22:09 - 2013-12-19 19:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 22:07 - 2013-12-19 19:46 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-09 15:59 - 2014-07-26 11:02 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\TeamViewer
2014-11-04 14:30 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-29 19:55 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-29 18:56 - 2013-12-20 17:17 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-29 18:33 - 2013-12-20 17:49 - 00440803 _____ () C:\Windows\DirectX.log

Some content of TEMP:
====================
C:\Users\Jessica\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Jessica\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Jessica\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Jessica\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Jessica\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Jessica\AppData\Local\Temp\sonarinst.exe
C:\Users\Jessica\AppData\Local\Temp\vlc-2.1.4-win64.exe
C:\Users\Jessica\AppData\Local\Temp\vlc-2.1.5-win64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-15 11:46

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2014
Ran by Jessica at 2014-11-26 18:14:03
Running from C:\Users\Jessica\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ACDSee Pro 5 (HKLM-x32\...\{35E0BA9D-3AFE-402A-99CA-D94FE1E73D18}) (Version: 5.3.168 - ACD Systems International Inc.)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AI Suite 3 (HKLM-x32\...\{D46DA5F0-25AD-4B77-98DA-6DD6AF39FBD9}) (Version: 1.00.56 - ASUSTeK Computer Inc.)
Alice: Madness Returns (HKLM-x32\...\Steam App 19680) (Version:  - Spicy Horse Games)
Ashampoo Burning Studio 2014 v.12.0.5 (HKLM-x32\...\{91B33C97-280F-B76D-E27B-E712D7041B76}_is1) (Version: 12.0.5 - Ashampoo GmbH & Co. KG)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
BioShock (HKLM-x32\...\Steam App 7670) (Version:  - 2K Boston)
BioShock 2 (HKLM-x32\...\Steam App 8850) (Version:  - 2K Marin)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
Burnout Paradise: The Ultimate Box (HKLM-x32\...\Steam App 24740) (Version:  - Criterion Games)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CPUID ASUS CPU-Z 1.66.1 (HKLM\...\CPUID ASUS CPU-Z_is1) (Version: 1.66.1 - CPUID, Inc.)
Crysis 2 Maximum Edition (HKLM-x32\...\Steam App 108800) (Version:  - Crytek Studios)
Dead Space (HKLM-x32\...\Steam App 17470) (Version:  - EA Redwood Shores)
Defiance (HKLM-x32\...\Steam App 224600) (Version:  - Trion Worlds, Inc.)
Defy Gravity (HKLM-x32\...\Steam App 96100) (Version:  - Fish Factory Games)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dragon Nest Europe (HKLM-x32\...\Steam App 258700) (Version:  - Eyedentity Games)
Eets Munchies (HKLM-x32\...\Steam App 214550) (Version:  - Klei Entertainment)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Free YouTube to MP3 Converter version 3.12.43.806 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.43.806 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Mafia II (HKLM-x32\...\Steam App 50130) (Version:  - 2K Czech)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mark of the Ninja (HKLM-x32\...\Steam App 214560) (Version:  - Klei Entertainment)
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version:  - 4A Games)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSI Afterburner 3.0.1 (HKLM-x32\...\Afterburner) (Version: 3.0.1 - MSI Co., LTD)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
RaceRoom Racing Experience Launcher (HKLM-x32\...\{1FD9F07F-7BBF-4C91-B3F0-A23714A3A913}_is1) (Version: 1.0 - SimBin)
RaiderZ (HKLM-x32\...\Steam App 218470) (Version:  - )
Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version:  - Wild Shadow Studios)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Red Orchestra 2: Heroes of Stalingrad - Single Player (HKLM-x32\...\Steam App 236830) (Version:  - )
Rising Storm/Red Orchestra 2 Multiplayer (HKLM-x32\...\Steam App 35450) (Version:  - Tripwire Interactive)
RivaTuner Statistics Server 6.1.2 (HKLM-x32\...\RTSS) (Version: 6.1.2 - Unwinder)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
The Book of Unwritten Tales (HKLM-x32\...\Steam App 215160) (Version:  - KING Art)
The Evil Within Demo (HKLM-x32\...\Steam App 329960) (Version:  - Tango Gameworks)
The Guild II (HKLM-x32\...\Steam App 39650) (Version:  - 4 Head Studios)
The Night of the Rabbit (HKLM-x32\...\Steam App 230820) (Version:  - Daedalic Entertainment)
Trine 2 (HKLM-x32\...\Steam App 35720) (Version:  - Frozenbyte)
Unigine Valley Benchmark version 1.0 (HKLM-x32\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

13-11-2014 19:50:46 Windows Update
13-11-2014 21:06:56 Windows Update
18-11-2014 19:49:33 Windows Update
18-11-2014 22:12:26 Windows Update
26-11-2014 16:36:57 Windows Update
26-11-2014 16:51:52 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0BD209E8-D3E6-493F-B1C5-C12F10B168D3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-19] (Google Inc.)
Task: {1FF7C8C9-9E97-4481-B457-471CA6528802} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-19] (Google Inc.)
Task: {3CB13316-66D3-4841-A4CD-3451F8BC4C7C} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2013-08-07] (ASUSTeK Computer Inc.)
Task: {428AD03E-2C5F-4307-8F38-49956A739E93} - System32\Tasks\ASUS\ASUS Network iControl Help Execute => C:\Program Files (x86)\ASUS\AI Suite III\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe [2013-02-07] (ASUSTeK Computer Inc.)
Task: {7A4240FA-C304-454E-AF8E-B2362CE6C2E8} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar Core\DipAwayMode\DipAwayMode.exe [2013-09-18] ()
Task: {91559963-A65A-423F-A8AD-D0173BED7475} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr.exe [2013-07-24] (ASUSTeK Computer Inc.)
Task: {9813B0EC-6504-457C-8403-DA94F4A162B9} - System32\Tasks\ASUS\Ez Update => C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe [2013-07-24] ()
Task: {BF71063C-60D7-45DB-B2C7-CC0FCA4D0AFA} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-26] (AVAST Software)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-14 15:46 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-12-19 19:02 - 2013-12-19 18:59 - 00936728 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2013-12-20 19:37 - 2013-09-18 10:18 - 01225528 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar Core\DipAwayMode\DipAwayMode.exe
2013-12-20 19:34 - 2013-07-24 10:16 - 01425208 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
2013-12-21 21:34 - 2014-03-28 22:44 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-03-07 16:05 - 2014-07-25 14:51 - 00699680 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll
2014-03-07 16:05 - 2014-07-25 14:51 - 00855328 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll
2014-11-26 17:32 - 2014-11-26 17:32 - 02903552 _____ () C:\Program Files\AVAST Software\Avast\defs\14112600\algo.dll
2013-12-19 19:09 - 2014-11-26 18:04 - 00028672 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2013-12-19 19:02 - 2013-12-19 18:59 - 00104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2013-12-20 19:34 - 2013-08-07 19:11 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite III\AssistFunc.dll
2013-12-20 19:34 - 2013-08-29 15:59 - 01138176 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EasyUpdt.dll
2013-12-20 19:35 - 2013-06-24 15:59 - 01173504 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Network iControl\Network iControl.dll
2013-12-20 19:37 - 2013-09-18 10:27 - 02371584 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar Core\tufx.dll
2013-12-20 19:33 - 2013-12-19 18:59 - 00662016 _____ () C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMLib.dll
2013-12-20 19:34 - 2013-08-07 19:11 - 00053248 _____ () C:\Program Files (x86)\ASUS\AI Suite III\cpuutil.dll
2013-12-20 19:37 - 2013-09-18 10:18 - 00685056 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar Core\DipAwayMode\DIPDLL\DIP4DIGIPowerControlAction.dll
2013-12-20 19:37 - 2013-09-18 10:18 - 00825344 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar Core\DipAwayMode\DIPDLL\DIP4EpuAction.dll
2013-12-20 19:37 - 2013-09-18 10:18 - 00765952 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar Core\DipAwayMode\DIPDLL\DIP4FanAction.dll
2013-12-20 19:37 - 2013-09-18 10:18 - 00776704 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar Core\DipAwayMode\DIPDLL\DIP4TurboVEVOAction.dll
2013-12-20 19:37 - 2013-09-18 10:18 - 00904704 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar Core\DipAwayMode\DIPDLL\UsbPowerManager.dll
2013-12-20 19:34 - 2013-07-31 20:05 - 05773588 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzULIB.dll
2013-12-20 19:34 - 2010-06-21 15:21 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\ImageHelper.dll
2014-11-26 17:52 - 2014-11-26 17:52 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-12-19 18:53 - 2013-09-03 16:52 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-11-24 20:18 - 2014-11-14 22:15 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\libglesv2.dll
2014-11-24 20:18 - 2014-11-14 22:15 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\libegl.dll
2014-11-24 20:18 - 2014-11-14 22:15 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\pdf.dll
2014-11-24 20:18 - 2014-11-14 22:15 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3833322267-538766727-1948873061-500 - Administrator - Disabled)
Gast (S-1-5-21-3833322267-538766727-1948873061-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3833322267-538766727-1948873061-1002 - Limited - Enabled)
Jessica (S-1-5-21-3833322267-538766727-1948873061-1000 - Administrator - Enabled) => C:\Users\Jessica

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/26/2014 06:05:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/26/2014 05:33:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/24/2014 07:48:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/22/2014 09:18:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/21/2014 07:38:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/20/2014 07:44:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2014 07:46:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2014 08:44:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2014 08:18:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2014 03:52:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000018e5d
ID des fehlerhaften Prozesses: 0x1290
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3


System errors:
=============
Error: (11/26/2014 06:05:15 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (11/26/2014 06:05:06 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
ASMTFilter

Error: (11/26/2014 05:33:48 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (11/26/2014 05:33:12 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (11/26/2014 05:33:09 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
ASMTFilter

Error: (11/24/2014 07:48:07 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (11/24/2014 07:48:01 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
ASMTFilter

Error: (11/22/2014 09:18:44 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (11/22/2014 09:18:38 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
ASMTFilter

Error: (11/21/2014 07:39:14 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================
Error: (11/26/2014 06:05:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/26/2014 05:33:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/24/2014 07:48:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/22/2014 09:18:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/21/2014 07:38:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/20/2014 07:44:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2014 07:46:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2014 08:44:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2014 08:18:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2014 03:52:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.1.7601.18247521eaf24c00000050000000000018e5d129001d001ab8bce7676C:\Program Files\VideoLAN\VLC\vlc.exeC:\Windows\SYSTEM32\ntdll.dll39bb210b-6da0-11e4-89c5-ac220bc62755


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz
Percentage of memory in use: 27%
Total physical RAM: 8098.18 MB
Available physical RAM: 5902.12 MB
Total Pagefile: 16194.54 MB
Available Pagefile: 13729.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:189.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 9B03A74A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 26.11.2014, 17:36   #2
Sirene88
 
Malwarebytes findet Mobogenie. Noch mehr malware? - Standard

Malwarebytes findet Mobogenie. Noch mehr malware?



Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-11-26 18:21:52
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EZEX-21M2NA0 rev.01.01A01 931,51GB
Running: w9pgdzdz.exe; Driver: C:\Users\Jessica\AppData\Local\Temp\pwlirfoc.sys


---- User code sections - GMER 2.1 ----

.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                         0000000076e21360 5 bytes JMP 000000014a1b0460
.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                  0000000076e213b0 5 bytes JMP 000000014a1b0450
.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                  0000000076e21510 5 bytes JMP 000000014a1b0370
.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                       0000000076e21560 5 bytes JMP 000000014a1b0470
.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                             0000000076e21570 5 bytes JMP 000000014a1b03e0
.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                  0000000076e21620 5 bytes JMP 000000014a1b0320
.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                           0000000076e21650 5 bytes JMP 000000014a1b03b0
.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                              0000000076e21670 5 bytes JMP 000000014a1b0390
.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                    0000000076e216b0 5 bytes JMP 000000014a1b02e0
.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                  0000000076e21730 5 bytes JMP 000000014a1b02d0
.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                0000000076e21750 5 bytes JMP 000000014a1b0310
.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                 0000000076e21790 5 bytes JMP 000000014a1b03c0
.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                              0000000076e217e0 5 bytes JMP 000000014a1b03f0
.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                 0000000076e21940 5 bytes JMP 000000014a1b0230
.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                      0000000076e21b00 5 bytes JMP 000000014a1b0480
.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                     0000000076e21b30 5 bytes JMP 000000014a1b03a0
.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                              0000000076e21c10 5 bytes JMP 000000014a1b02f0
.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                           0000000076e21c20 5 bytes JMP 000000014a1b0350
.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                 0000000076e21c80 5 bytes JMP 000000014a1b0290
.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                              0000000076e21d10 5 bytes JMP 000000014a1b02b0
.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                               0000000076e21d30 5 bytes JMP 000000014a1b03d0
.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                  0000000076e21d40 5 bytes JMP 000000014a1b0330
.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                           0000000076e21db0 5 bytes JMP 000000014a1b0410
.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                              0000000076e21de0 5 bytes JMP 000000014a1b0240
.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                   0000000076e220a0 5 bytes JMP 000000014a1b01e0
.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                              0000000076e22160 5 bytes JMP 000000014a1b0250
.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                              0000000076e22190 5 bytes JMP 000000014a1b0490
.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                     0000000076e221a0 5 bytes JMP 000000014a1b04a0
.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                0000000076e221d0 5 bytes JMP 000000014a1b0300
.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                             0000000076e221e0 5 bytes JMP 000000014a1b0360
.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                   0000000076e22240 5 bytes JMP 000000014a1b02a0
.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                0000000076e22290 5 bytes JMP 000000014a1b02c0
.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                   0000000076e222c0 5 bytes JMP 000000014a1b0380
.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                    0000000076e222d0 5 bytes JMP 000000014a1b0340
.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                             0000000076e225c0 5 bytes JMP 000000014a1b0440
.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                            0000000076e227c0 5 bytes JMP 000000014a1b0260
.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                               0000000076e227d0 5 bytes JMP 000000014a1b0270
.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                             0000000076e227e0 5 bytes JMP 000000014a1b0400
.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                         0000000076e229a0 5 bytes JMP 000000014a1b01f0
.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                          0000000076e229b0 5 bytes JMP 000000014a1b0210
.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                               0000000076e22a20 5 bytes JMP 000000014a1b0200
.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                               0000000076e22a80 5 bytes JMP 000000014a1b0420
.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                0000000076e22a90 5 bytes JMP 000000014a1b0430
.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                           0000000076e22aa0 5 bytes JMP 000000014a1b0220
.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                   0000000076e22b80 5 bytes JMP 000000014a1b0280
.text  C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                       0000000076e21360 5 bytes JMP 0000000076f80460
.text  C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                0000000076e213b0 5 bytes JMP 0000000076f80450
.text  C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                0000000076e21510 5 bytes JMP 0000000076f80370
.text  C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                     0000000076e21560 5 bytes JMP 0000000076f80470
.text  C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                           0000000076e21570 5 bytes JMP 0000000076f803e0
.text  C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                0000000076e21620 5 bytes JMP 0000000076f80320
.text  C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                         0000000076e21650 5 bytes JMP 0000000076f803b0
.text  C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                            0000000076e21670 5 bytes JMP 0000000076f80390
.text  C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                  0000000076e216b0 5 bytes JMP 0000000076f802e0
.text  C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                0000000076e21730 5 bytes JMP 0000000076f802d0
.text  C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                              0000000076e21750 5 bytes JMP 0000000076f80310
.text  C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                               0000000076e21790 5 bytes JMP 0000000076f803c0
.text  C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                            0000000076e217e0 5 bytes JMP 0000000076f803f0
.text  C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                               0000000076e21940 5 bytes JMP 0000000076f80230
.text  C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                    0000000076e21b00 5 bytes JMP 0000000076f80480
.text  C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                   0000000076e21b30 5 bytes JMP 0000000076f803a0
.text  C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                            0000000076e21c10 5 bytes JMP 0000000076f802f0
.text  C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                         0000000076e21c20 5 bytes JMP 0000000076f80350
.text  C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                               0000000076e21c80 5 bytes JMP 0000000076f80290
.text  C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                            0000000076e21d10 5 bytes JMP 0000000076f802b0
.text  C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                             0000000076e21d30 5 bytes JMP 0000000076f803d0
.text  C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                0000000076e21d40 5 bytes JMP 0000000076f80330
.text  C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                         0000000076e21db0 5 bytes JMP 0000000076f80410
.text  C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                            0000000076e21de0 5 bytes JMP 0000000076f80240
.text  C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                 0000000076e220a0 5 bytes JMP 0000000076f801e0
.text  C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                            0000000076e22160 5 bytes JMP 0000000076f80250
.text  C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                            0000000076e22190 5 bytes JMP 0000000076f80490
.text  C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                   0000000076e221a0 5 bytes JMP 0000000076f804a0
.text  C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                              0000000076e221d0 5 bytes JMP 0000000076f80300
.text  C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                           0000000076e221e0 5 bytes JMP 0000000076f80360
.text  C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                 0000000076e22240 5 bytes JMP 0000000076f802a0
.text  C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                              0000000076e22290 5 bytes JMP 0000000076f802c0
.text  C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                 0000000076e222c0 5 bytes JMP 0000000076f80380
.text  C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                  0000000076e222d0 5 bytes JMP 0000000076f80340
.text  C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                           0000000076e225c0 5 bytes JMP 0000000076f80440
.text  C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                          0000000076e227c0 5 bytes JMP 0000000076f80260
.text  C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                             0000000076e227d0 5 bytes JMP 0000000076f80270
.text  C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                           0000000076e227e0 5 bytes JMP 0000000076f80400
.text  C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                       0000000076e229a0 5 bytes JMP 0000000076f801f0
.text  C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                        0000000076e229b0 5 bytes JMP 0000000076f80210
.text  C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                             0000000076e22a20 5 bytes JMP 0000000076f80200
.text  C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                             0000000076e22a80 5 bytes JMP 0000000076f80420
.text  C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                              0000000076e22a90 5 bytes JMP 0000000076f80430
.text  C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                         0000000076e22aa0 5 bytes JMP 0000000076f80220
.text  C:\Windows\system32\wininit.exe[632] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                 0000000076e22b80 5 bytes JMP 0000000076f80280
.text  C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                         0000000076e21360 5 bytes JMP 000000014a1b0460
.text  C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                  0000000076e213b0 5 bytes JMP 000000014a1b0450
.text  C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                  0000000076e21510 5 bytes JMP 000000014a1b0370
.text  C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                       0000000076e21560 5 bytes JMP 000000014a1b0470
.text  C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                             0000000076e21570 5 bytes JMP 000000014a1b03e0
.text  C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                  0000000076e21620 5 bytes JMP 000000014a1b0320
.text  C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                           0000000076e21650 5 bytes JMP 000000014a1b03b0
.text  C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                              0000000076e21670 5 bytes JMP 000000014a1b0390
.text  C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                    0000000076e216b0 5 bytes JMP 000000014a1b02e0
.text  C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                  0000000076e21730 5 bytes JMP 000000014a1b02d0
.text  C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                0000000076e21750 5 bytes JMP 000000014a1b0310
.text  C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                 0000000076e21790 5 bytes JMP 000000014a1b03c0
.text  C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                              0000000076e217e0 5 bytes JMP 000000014a1b03f0
.text  C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                 0000000076e21940 5 bytes JMP 000000014a1b0230
.text  C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                      0000000076e21b00 5 bytes JMP 000000014a1b0480
.text  C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                     0000000076e21b30 5 bytes JMP 000000014a1b03a0
.text  C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                              0000000076e21c10 5 bytes JMP 000000014a1b02f0
.text  C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                           0000000076e21c20 5 bytes JMP 000000014a1b0350
.text  C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                 0000000076e21c80 5 bytes JMP 000000014a1b0290
.text  C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                              0000000076e21d10 5 bytes JMP 000000014a1b02b0
.text  C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                               0000000076e21d30 5 bytes JMP 000000014a1b03d0
.text  C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                  0000000076e21d40 5 bytes JMP 000000014a1b0330
.text  C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                           0000000076e21db0 5 bytes JMP 000000014a1b0410
.text  C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                              0000000076e21de0 5 bytes JMP 000000014a1b0240
.text  C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                   0000000076e220a0 5 bytes JMP 000000014a1b01e0
.text  C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                              0000000076e22160 5 bytes JMP 000000014a1b0250
.text  C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                              0000000076e22190 5 bytes JMP 000000014a1b0490
.text  C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                     0000000076e221a0 5 bytes JMP 000000014a1b04a0
.text  C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                0000000076e221d0 5 bytes JMP 000000014a1b0300
.text  C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                             0000000076e221e0 5 bytes JMP 000000014a1b0360
.text  C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                   0000000076e22240 5 bytes JMP 000000014a1b02a0
.text  C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                0000000076e22290 5 bytes JMP 000000014a1b02c0
.text  C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                   0000000076e222c0 5 bytes JMP 000000014a1b0380
.text  C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                    0000000076e222d0 5 bytes JMP 000000014a1b0340
.text  C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                             0000000076e225c0 5 bytes JMP 000000014a1b0440
.text  C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                            0000000076e227c0 5 bytes JMP 000000014a1b0260
.text  C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                               0000000076e227d0 5 bytes JMP 000000014a1b0270
.text  C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                             0000000076e227e0 5 bytes JMP 000000014a1b0400
.text  C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                         0000000076e229a0 5 bytes JMP 000000014a1b01f0
.text  C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                          0000000076e229b0 5 bytes JMP 000000014a1b0210
.text  C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                               0000000076e22a20 5 bytes JMP 000000014a1b0200
.text  C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                               0000000076e22a80 5 bytes JMP 000000014a1b0420
.text  C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                0000000076e22a90 5 bytes JMP 000000014a1b0430
.text  C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                           0000000076e22aa0 5 bytes JMP 000000014a1b0220
.text  C:\Windows\system32\csrss.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                   0000000076e22b80 5 bytes JMP 000000014a1b0280
.text  C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                      0000000076e21360 5 bytes JMP 0000000076f80460
.text  C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                               0000000076e213b0 5 bytes JMP 0000000076f80450
.text  C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                               0000000076e21510 5 bytes JMP 0000000076f80370
.text  C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                    0000000076e21560 5 bytes JMP 0000000076f80470
.text  C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                          0000000076e21570 5 bytes JMP 0000000076f803e0
.text  C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                               0000000076e21620 5 bytes JMP 0000000076f80320
.text  C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                        0000000076e21650 5 bytes JMP 0000000076f803b0
.text  C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                           0000000076e21670 5 bytes JMP 0000000076f80390
.text  C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                 0000000076e216b0 5 bytes JMP 0000000076f802e0
.text  C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                               0000000076e21730 5 bytes JMP 0000000076f802d0
.text  C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                             0000000076e21750 5 bytes JMP 0000000076f80310
.text  C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                              0000000076e21790 5 bytes JMP 0000000076f803c0
.text  C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                           0000000076e217e0 5 bytes JMP 0000000076f803f0
.text  C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                              0000000076e21940 5 bytes JMP 0000000076f80230
.text  C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                   0000000076e21b00 5 bytes JMP 0000000076f80480
.text  C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                  0000000076e21b30 5 bytes JMP 0000000076f803a0
.text  C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                           0000000076e21c10 5 bytes JMP 0000000076f802f0
.text  C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                        0000000076e21c20 5 bytes JMP 0000000076f80350
.text  C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                              0000000076e21c80 5 bytes JMP 0000000076f80290
.text  C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                           0000000076e21d10 5 bytes JMP 0000000076f802b0
.text  C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                            0000000076e21d30 5 bytes JMP 0000000076f803d0
.text  C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                               0000000076e21d40 5 bytes JMP 0000000076f80330
.text  C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                        0000000076e21db0 5 bytes JMP 0000000076f80410
.text  C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                           0000000076e21de0 5 bytes JMP 0000000076f80240
.text  C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                0000000076e220a0 5 bytes JMP 0000000076f801e0
.text  C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                           0000000076e22160 5 bytes JMP 0000000076f80250
.text  C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                           0000000076e22190 5 bytes JMP 0000000076f80490
.text  C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                  0000000076e221a0 5 bytes JMP 0000000076f804a0
.text  C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                             0000000076e221d0 5 bytes JMP 0000000076f80300
.text  C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                          0000000076e221e0 5 bytes JMP 0000000076f80360
.text  C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                0000000076e22240 5 bytes JMP 0000000076f802a0
.text  C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                             0000000076e22290 5 bytes JMP 0000000076f802c0
.text  C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                0000000076e222c0 5 bytes JMP 0000000076f80380
.text  C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                 0000000076e222d0 5 bytes JMP 0000000076f80340
.text  C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                          0000000076e225c0 5 bytes JMP 0000000076f80440
.text  C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                         0000000076e227c0 5 bytes JMP 0000000076f80260
.text  C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                            0000000076e227d0 5 bytes JMP 0000000076f80270
.text  C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                          0000000076e227e0 5 bytes JMP 0000000076f80400
.text  C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                      0000000076e229a0 5 bytes JMP 0000000076f801f0
.text  C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                       0000000076e229b0 5 bytes JMP 0000000076f80210
.text  C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                            0000000076e22a20 5 bytes JMP 0000000076f80200
.text  C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                            0000000076e22a80 5 bytes JMP 0000000076f80420
.text  C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                             0000000076e22a90 5 bytes JMP 0000000076f80430
.text  C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                        0000000076e22aa0 5 bytes JMP 0000000076f80220
.text  C:\Windows\system32\services.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                0000000076e22b80 5 bytes JMP 0000000076f80280
.text  C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                         0000000076e21360 5 bytes JMP 0000000076f80460
.text  C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                  0000000076e213b0 5 bytes JMP 0000000076f80450
.text  C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                  0000000076e21510 5 bytes JMP 0000000076f80370
.text  C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                       0000000076e21560 5 bytes JMP 0000000076f80470
.text  C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                             0000000076e21570 5 bytes JMP 0000000076f803e0
.text  C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                  0000000076e21620 5 bytes JMP 0000000076f80320
.text  C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                           0000000076e21650 5 bytes JMP 0000000076f803b0
.text  C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                              0000000076e21670 5 bytes JMP 0000000076f80390
.text  C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                    0000000076e216b0 5 bytes JMP 0000000076f802e0
.text  C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                  0000000076e21730 5 bytes JMP 0000000076f802d0
.text  C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                0000000076e21750 5 bytes JMP 0000000076f80310
.text  C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                 0000000076e21790 5 bytes JMP 0000000076f803c0
.text  C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                              0000000076e217e0 5 bytes JMP 0000000076f803f0
.text  C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                 0000000076e21940 5 bytes JMP 0000000076f80230
.text  C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                      0000000076e21b00 5 bytes JMP 0000000076f80480
.text  C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                     0000000076e21b30 5 bytes JMP 0000000076f803a0
.text  C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                              0000000076e21c10 5 bytes JMP 0000000076f802f0
.text  C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                           0000000076e21c20 5 bytes JMP 0000000076f80350
.text  C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                 0000000076e21c80 5 bytes JMP 0000000076f80290
.text  C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                              0000000076e21d10 5 bytes JMP 0000000076f802b0
.text  C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                               0000000076e21d30 5 bytes JMP 0000000076f803d0
.text  C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                  0000000076e21d40 5 bytes JMP 0000000076f80330
.text  C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                           0000000076e21db0 5 bytes JMP 0000000076f80410
.text  C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                              0000000076e21de0 5 bytes JMP 0000000076f80240
.text  C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                   0000000076e220a0 5 bytes JMP 0000000076f801e0
.text  C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                              0000000076e22160 5 bytes JMP 0000000076f80250
.text  C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                              0000000076e22190 5 bytes JMP 0000000076f80490
.text  C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                     0000000076e221a0 5 bytes JMP 0000000076f804a0
.text  C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                0000000076e221d0 5 bytes JMP 0000000076f80300
.text  C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                             0000000076e221e0 5 bytes JMP 0000000076f80360
.text  C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                   0000000076e22240 5 bytes JMP 0000000076f802a0
.text  C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                0000000076e22290 5 bytes JMP 0000000076f802c0
.text  C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                   0000000076e222c0 5 bytes JMP 0000000076f80380
.text  C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                    0000000076e222d0 5 bytes JMP 0000000076f80340
.text  C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                             0000000076e225c0 5 bytes JMP 0000000076f80440
.text  C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                            0000000076e227c0 5 bytes JMP 0000000076f80260
.text  C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                               0000000076e227d0 5 bytes JMP 0000000076f80270
.text  C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                             0000000076e227e0 5 bytes JMP 0000000076f80400
.text  C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                         0000000076e229a0 5 bytes JMP 0000000076f801f0
.text  C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                          0000000076e229b0 5 bytes JMP 0000000076f80210
.text  C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                               0000000076e22a20 5 bytes JMP 0000000076f80200
.text  C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                               0000000076e22a80 5 bytes JMP 0000000076f80420
.text  C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                0000000076e22a90 5 bytes JMP 0000000076f80430
.text  C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                           0000000076e22aa0 5 bytes JMP 0000000076f80220
.text  C:\Windows\system32\lsass.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                   0000000076e22b80 5 bytes JMP 0000000076f80280
.text  C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                           0000000076e21360 5 bytes JMP 0000000076f80460
.text  C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                    0000000076e213b0 5 bytes JMP 0000000076f80450
.text  C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                    0000000076e21510 5 bytes JMP 0000000076f80370
.text  C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                         0000000076e21560 5 bytes JMP 0000000076f80470
.text  C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                               0000000076e21570 5 bytes JMP 0000000076f803e0
.text  C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                    0000000076e21620 5 bytes JMP 0000000076f80320
.text  C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                             0000000076e21650 5 bytes JMP 0000000076f803b0
.text  C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                0000000076e21670 5 bytes JMP 0000000076f80390
.text  C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                      0000000076e216b0 5 bytes JMP 0000000076f802e0
.text  C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                    0000000076e21730 5 bytes JMP 0000000076f802d0
.text  C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                  0000000076e21750 5 bytes JMP 0000000076f80310
.text  C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                   0000000076e21790 5 bytes JMP 0000000076f803c0
.text  C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                0000000076e217e0 5 bytes JMP 0000000076f803f0
.text  C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                   0000000076e21940 5 bytes JMP 0000000076f80230
.text  C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                        0000000076e21b00 5 bytes JMP 0000000076f80480
.text  C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                       0000000076e21b30 5 bytes JMP 0000000076f803a0
.text  C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                0000000076e21c10 5 bytes JMP 0000000076f802f0
.text  C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                             0000000076e21c20 5 bytes JMP 0000000076f80350
.text  C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                   0000000076e21c80 5 bytes JMP 0000000076f80290
.text  C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                0000000076e21d10 5 bytes JMP 0000000076f802b0
.text  C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                 0000000076e21d30 5 bytes JMP 0000000076f803d0
.text  C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                    0000000076e21d40 5 bytes JMP 0000000076f80330
.text  C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                             0000000076e21db0 5 bytes JMP 0000000076f80410
.text  C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                0000000076e21de0 5 bytes JMP 0000000076f80240
.text  C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                     0000000076e220a0 5 bytes JMP 0000000076f801e0
.text  C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                0000000076e22160 5 bytes JMP 0000000076f80250
.text  C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                0000000076e22190 5 bytes JMP 0000000076f80490
.text  C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                       0000000076e221a0 5 bytes JMP 0000000076f804a0
.text  C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                  0000000076e221d0 5 bytes JMP 0000000076f80300
.text  C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                               0000000076e221e0 5 bytes JMP 0000000076f80360
.text  C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                     0000000076e22240 5 bytes JMP 0000000076f802a0
.text  C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                  0000000076e22290 5 bytes JMP 0000000076f802c0
.text  C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                     0000000076e222c0 5 bytes JMP 0000000076f80380
.text  C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                      0000000076e222d0 5 bytes JMP 0000000076f80340
.text  C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                               0000000076e225c0 5 bytes JMP 0000000076f80440
.text  C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                              0000000076e227c0 5 bytes JMP 0000000076f80260
.text  C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                 0000000076e227d0 5 bytes JMP 0000000076f80270
.text  C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                               0000000076e227e0 5 bytes JMP 0000000076f80400
.text  C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                           0000000076e229a0 5 bytes JMP 0000000076f801f0
.text  C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                            0000000076e229b0 5 bytes JMP 0000000076f80210
.text  C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                 0000000076e22a20 5 bytes JMP 0000000076f80200
.text  C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                 0000000076e22a80 5 bytes JMP 0000000076f80420
.text  C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                  0000000076e22a90 5 bytes JMP 0000000076f80430
.text  C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                             0000000076e22aa0 5 bytes JMP 0000000076f80220
.text  C:\Windows\system32\lsm.exe[720] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                     0000000076e22b80 5 bytes JMP 0000000076f80280
.text  C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                      0000000076e21360 5 bytes JMP 0000000076f80460
.text  C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                               0000000076e213b0 5 bytes JMP 0000000076f80450
.text  C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                               0000000076e21510 5 bytes JMP 0000000076f80370
.text  C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                    0000000076e21560 5 bytes JMP 0000000076f80470
.text  C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                          0000000076e21570 5 bytes JMP 0000000076f803e0
.text  C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                               0000000076e21620 5 bytes JMP 0000000076f80320
.text  C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                        0000000076e21650 5 bytes JMP 0000000076f803b0
.text  C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                           0000000076e21670 5 bytes JMP 0000000076f80390
.text  C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                 0000000076e216b0 5 bytes JMP 0000000076f802e0
.text  C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                               0000000076e21730 5 bytes JMP 0000000076f802d0
.text  C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                             0000000076e21750 5 bytes JMP 0000000076f80310
.text  C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                              0000000076e21790 5 bytes JMP 0000000076f803c0
.text  C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                           0000000076e217e0 5 bytes JMP 0000000076f803f0
.text  C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                              0000000076e21940 5 bytes JMP 0000000076f80230
.text  C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                   0000000076e21b00 5 bytes JMP 0000000076f80480
.text  C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                  0000000076e21b30 5 bytes JMP 0000000076f803a0
.text  C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                           0000000076e21c10 5 bytes JMP 0000000076f802f0
.text  C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                        0000000076e21c20 5 bytes JMP 0000000076f80350
.text  C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                              0000000076e21c80 5 bytes JMP 0000000076f80290
.text  C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                           0000000076e21d10 5 bytes JMP 0000000076f802b0
.text  C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                            0000000076e21d30 5 bytes JMP 0000000076f803d0
.text  C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                               0000000076e21d40 5 bytes JMP 0000000076f80330
.text  C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                        0000000076e21db0 5 bytes JMP 0000000076f80410
.text  C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                           0000000076e21de0 5 bytes JMP 0000000076f80240
.text  C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                0000000076e220a0 5 bytes JMP 0000000076f801e0
.text  C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                           0000000076e22160 5 bytes JMP 0000000076f80250
.text  C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                           0000000076e22190 5 bytes JMP 0000000076f80490
.text  C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                  0000000076e221a0 5 bytes JMP 0000000076f804a0
.text  C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                             0000000076e221d0 5 bytes JMP 0000000076f80300
.text  C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                          0000000076e221e0 5 bytes JMP 0000000076f80360
.text  C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                0000000076e22240 5 bytes JMP 0000000076f802a0
.text  C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                             0000000076e22290 5 bytes JMP 0000000076f802c0
.text  C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                0000000076e222c0 5 bytes JMP 0000000076f80380
.text  C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                 0000000076e222d0 5 bytes JMP 0000000076f80340
.text  C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                          0000000076e225c0 5 bytes JMP 0000000076f80440
.text  C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                         0000000076e227c0 5 bytes JMP 0000000076f80260
.text  C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                            0000000076e227d0 5 bytes JMP 0000000076f80270
.text  C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                          0000000076e227e0 5 bytes JMP 0000000076f80400
.text  C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                      0000000076e229a0 5 bytes JMP 0000000076f801f0
.text  C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                       0000000076e229b0 5 bytes JMP 0000000076f80210
.text  C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                            0000000076e22a20 5 bytes JMP 0000000076f80200
.text  C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                            0000000076e22a80 5 bytes JMP 0000000076f80420
.text  C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                             0000000076e22a90 5 bytes JMP 0000000076f80430
.text  C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                        0000000076e22aa0 5 bytes JMP 0000000076f80220
.text  C:\Windows\system32\winlogon.exe[828] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                0000000076e22b80 5 bytes JMP 0000000076f80280
.text  C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                       0000000076e21360 5 bytes JMP 0000000100070460
.text  C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                0000000076e213b0 5 bytes JMP 0000000100070450
.text  C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                0000000076e21510 5 bytes JMP 0000000100070370
.text  C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                     0000000076e21560 5 bytes JMP 0000000100070470
.text  C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                           0000000076e21570 5 bytes JMP 00000001000703e0
.text  C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                0000000076e21620 5 bytes JMP 0000000100070320
.text  C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                         0000000076e21650 5 bytes JMP 00000001000703b0
.text  C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                            0000000076e21670 5 bytes JMP 0000000100070390
.text  C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                  0000000076e216b0 5 bytes JMP 00000001000702e0
.text  C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                0000000076e21730 5 bytes JMP 00000001000702d0
.text  C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                              0000000076e21750 5 bytes JMP 0000000100070310
.text  C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                               0000000076e21790 5 bytes JMP 00000001000703c0
.text  C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                            0000000076e217e0 5 bytes JMP 00000001000703f0
.text  C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                               0000000076e21940 5 bytes JMP 0000000100070230
.text  C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                    0000000076e21b00 5 bytes JMP 0000000100070480
.text  C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                   0000000076e21b30 5 bytes JMP 00000001000703a0
.text  C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                            0000000076e21c10 5 bytes JMP 00000001000702f0
.text  C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                         0000000076e21c20 5 bytes JMP 0000000100070350
.text  C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                               0000000076e21c80 5 bytes JMP 0000000100070290
.text  C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                            0000000076e21d10 5 bytes JMP 00000001000702b0
.text  C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                             0000000076e21d30 5 bytes JMP 00000001000703d0
.text  C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                0000000076e21d40 5 bytes JMP 0000000100070330
.text  C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                         0000000076e21db0 5 bytes JMP 0000000100070410
.text  C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                            0000000076e21de0 5 bytes JMP 0000000100070240
.text  C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                 0000000076e220a0 5 bytes JMP 00000001000701e0
.text  C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                            0000000076e22160 5 bytes JMP 0000000100070250
.text  C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                            0000000076e22190 5 bytes JMP 0000000100070490
.text  C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                   0000000076e221a0 5 bytes JMP 00000001000704a0
.text  C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                              0000000076e221d0 5 bytes JMP 0000000100070300
.text  C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                           0000000076e221e0 5 bytes JMP 0000000100070360
.text  C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                 0000000076e22240 5 bytes JMP 00000001000702a0
.text  C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                              0000000076e22290 5 bytes JMP 00000001000702c0
.text  C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                 0000000076e222c0 5 bytes JMP 0000000100070380
.text  C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                  0000000076e222d0 5 bytes JMP 0000000100070340
.text  C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                           0000000076e225c0 5 bytes JMP 0000000100070440
.text  C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                          0000000076e227c0 5 bytes JMP 0000000100070260
.text  C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                             0000000076e227d0 5 bytes JMP 0000000100070270
.text  C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                           0000000076e227e0 5 bytes JMP 0000000100070400
.text  C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                       0000000076e229a0 5 bytes JMP 00000001000701f0
.text  C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                        0000000076e229b0 5 bytes JMP 0000000100070210
.text  C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                             0000000076e22a20 5 bytes JMP 0000000100070200
.text  C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                             0000000076e22a80 5 bytes JMP 0000000100070420
.text  C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                              0000000076e22a90 5 bytes JMP 0000000100070430
.text  C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                         0000000076e22aa0 5 bytes JMP 0000000100070220
.text  C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                 0000000076e22b80 5 bytes JMP 0000000100070280
.text  C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                        0000000076e21360 5 bytes JMP 0000000076f80460
.text  C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                 0000000076e213b0 5 bytes JMP 0000000076f80450
.text  C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                 0000000076e21510 5 bytes JMP 0000000076f80370
.text  C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                      0000000076e21560 5 bytes JMP 0000000076f80470
.text  C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                            0000000076e21570 5 bytes JMP 0000000076f803e0
.text  C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                 0000000076e21620 5 bytes JMP 0000000076f80320
.text  C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                          0000000076e21650 5 bytes JMP 0000000076f803b0
.text  C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                             0000000076e21670 5 bytes JMP 0000000076f80390
.text  C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                   0000000076e216b0 5 bytes JMP 0000000076f802e0
.text  C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                 0000000076e21730 5 bytes JMP 0000000076f802d0
.text  C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                               0000000076e21750 5 bytes JMP 0000000076f80310
.text  C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                0000000076e21790 5 bytes JMP 0000000076f803c0
.text  C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                             0000000076e217e0 5 bytes JMP 0000000076f803f0
.text  C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                0000000076e21940 5 bytes JMP 0000000076f80230
.text  C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                     0000000076e21b00 5 bytes JMP 0000000076f80480
.text  C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                    0000000076e21b30 5 bytes JMP 0000000076f803a0
.text  C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                             0000000076e21c10 5 bytes JMP 0000000076f802f0
.text  C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                          0000000076e21c20 5 bytes JMP 0000000076f80350
.text  C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                0000000076e21c80 5 bytes JMP 0000000076f80290
.text  C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                             0000000076e21d10 5 bytes JMP 0000000076f802b0
.text  C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                              0000000076e21d30 5 bytes JMP 0000000076f803d0
.text  C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                 0000000076e21d40 5 bytes JMP 0000000076f80330
.text  C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                          0000000076e21db0 5 bytes JMP 0000000076f80410
.text  C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                             0000000076e21de0 5 bytes JMP 0000000076f80240
.text  C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                  0000000076e220a0 5 bytes JMP 0000000076f801e0
.text  C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                             0000000076e22160 5 bytes JMP 0000000076f80250
.text  C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                             0000000076e22190 5 bytes JMP 0000000076f80490
.text  C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                    0000000076e221a0 5 bytes JMP 0000000076f804a0
.text  C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                               0000000076e221d0 5 bytes JMP 0000000076f80300
.text  C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                            0000000076e221e0 5 bytes JMP 0000000076f80360
.text  C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                  0000000076e22240 5 bytes JMP 0000000076f802a0
.text  C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                               0000000076e22290 5 bytes JMP 0000000076f802c0
.text  C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                  0000000076e222c0 5 bytes JMP 0000000076f80380
.text  C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                   0000000076e222d0 5 bytes JMP 0000000076f80340
.text  C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                            0000000076e225c0 5 bytes JMP 0000000076f80440
.text  C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                           0000000076e227c0 5 bytes JMP 0000000076f80260
.text  C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                              0000000076e227d0 5 bytes JMP 0000000076f80270
.text  C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                            0000000076e227e0 5 bytes JMP 0000000076f80400
.text  C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                        0000000076e229a0 5 bytes JMP 0000000076f801f0
.text  C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                         0000000076e229b0 5 bytes JMP 0000000076f80210
.text  C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                              0000000076e22a20 5 bytes JMP 0000000076f80200
.text  C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                              0000000076e22a80 5 bytes JMP 0000000076f80420
.text  C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                               0000000076e22a90 5 bytes JMP 0000000076f80430
.text  C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                          0000000076e22aa0 5 bytes JMP 0000000076f80220
.text  C:\Windows\system32\nvvsvc.exe[944] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                  0000000076e22b80 5 bytes JMP 0000000076f80280
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                       0000000076e21360 5 bytes JMP 0000000076f80460
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                0000000076e213b0 5 bytes JMP 0000000076f80450
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                0000000076e21510 5 bytes JMP 0000000076f80370
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                     0000000076e21560 5 bytes JMP 0000000076f80470
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                           0000000076e21570 5 bytes JMP 0000000076f803e0
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                0000000076e21620 5 bytes JMP 0000000076f80320
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                         0000000076e21650 5 bytes JMP 0000000076f803b0
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                            0000000076e21670 5 bytes JMP 0000000076f80390
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                  0000000076e216b0 5 bytes JMP 0000000076f802e0
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                0000000076e21730 5 bytes JMP 0000000076f802d0
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                              0000000076e21750 5 bytes JMP 0000000076f80310
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                               0000000076e21790 5 bytes JMP 0000000076f803c0
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                            0000000076e217e0 5 bytes JMP 0000000076f803f0
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                               0000000076e21940 5 bytes JMP 0000000076f80230
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                    0000000076e21b00 5 bytes JMP 0000000076f80480
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                   0000000076e21b30 5 bytes JMP 0000000076f803a0
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                            0000000076e21c10 5 bytes JMP 0000000076f802f0
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                         0000000076e21c20 5 bytes JMP 0000000076f80350
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                               0000000076e21c80 5 bytes JMP 0000000076f80290
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                            0000000076e21d10 5 bytes JMP 0000000076f802b0
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                             0000000076e21d30 5 bytes JMP 0000000076f803d0
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                0000000076e21d40 5 bytes JMP 0000000076f80330
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                         0000000076e21db0 5 bytes JMP 0000000076f80410
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                            0000000076e21de0 5 bytes JMP 0000000076f80240
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                 0000000076e220a0 5 bytes JMP 0000000076f801e0
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                            0000000076e22160 5 bytes JMP 0000000076f80250
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                            0000000076e22190 5 bytes JMP 0000000076f80490
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                   0000000076e221a0 5 bytes JMP 0000000076f804a0
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                              0000000076e221d0 5 bytes JMP 0000000076f80300
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                           0000000076e221e0 5 bytes JMP 0000000076f80360
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                 0000000076e22240 5 bytes JMP 0000000076f802a0
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                              0000000076e22290 5 bytes JMP 0000000076f802c0
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                 0000000076e222c0 5 bytes JMP 0000000076f80380
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                  0000000076e222d0 5 bytes JMP 0000000076f80340
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                           0000000076e225c0 5 bytes JMP 0000000076f80440
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                          0000000076e227c0 5 bytes JMP 0000000076f80260
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                             0000000076e227d0 5 bytes JMP 0000000076f80270
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                           0000000076e227e0 5 bytes JMP 0000000076f80400
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                       0000000076e229a0 5 bytes JMP 0000000076f801f0
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                        0000000076e229b0 5 bytes JMP 0000000076f80210
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                             0000000076e22a20 5 bytes JMP 0000000076f80200
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                             0000000076e22a80 5 bytes JMP 0000000076f80420
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                              0000000076e22a90 5 bytes JMP 0000000076f80430
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                         0000000076e22aa0 5 bytes JMP 0000000076f80220
.text  C:\Windows\system32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                 0000000076e22b80 5 bytes JMP 0000000076f80280
.text  C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                       0000000076e21360 5 bytes JMP 0000000076f80460
.text  C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                0000000076e213b0 5 bytes JMP 0000000076f80450
.text  C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                0000000076e21510 5 bytes JMP 0000000076f80370
.text  C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                     0000000076e21560 5 bytes JMP 0000000076f80470
.text  C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                           0000000076e21570 5 bytes JMP 0000000076f803e0
.text  C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                0000000076e21620 5 bytes JMP 0000000076f80320
.text  C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                         0000000076e21650 5 bytes JMP 0000000076f803b0
.text  C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                            0000000076e21670 5 bytes JMP 0000000076f80390
.text  C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                  0000000076e216b0 5 bytes JMP 0000000076f802e0
.text  C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                0000000076e21730 5 bytes JMP 0000000076f802d0
.text  C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                              0000000076e21750 5 bytes JMP 0000000076f80310
.text  C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                               0000000076e21790 5 bytes JMP 0000000076f803c0
.text  C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                            0000000076e217e0 5 bytes JMP 0000000076f803f0
.text  C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                               0000000076e21940 5 bytes JMP 0000000076f80230
.text  C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                    0000000076e21b00 5 bytes JMP 0000000076f80480
.text  C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                   0000000076e21b30 5 bytes JMP 0000000076f803a0
.text  C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                            0000000076e21c10 5 bytes JMP 0000000076f802f0
.text  C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                         0000000076e21c20 5 bytes JMP 0000000076f80350
.text  C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                               0000000076e21c80 5 bytes JMP 0000000076f80290
.text  C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                            0000000076e21d10 5 bytes JMP 0000000076f802b0
.text  C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                             0000000076e21d30 5 bytes JMP 0000000076f803d0
.text  C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                0000000076e21d40 5 bytes JMP 0000000076f80330
.text  C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                         0000000076e21db0 5 bytes JMP 0000000076f80410
.text  C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                            0000000076e21de0 5 bytes JMP 0000000076f80240
.text  C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                 0000000076e220a0 5 bytes JMP 0000000076f801e0
.text  C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                            0000000076e22160 5 bytes JMP 0000000076f80250
.text  C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                            0000000076e22190 5 bytes JMP 0000000076f80490
.text  C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                   0000000076e221a0 5 bytes JMP 0000000076f804a0
.text  C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                              0000000076e221d0 5 bytes JMP 0000000076f80300
.text  C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                           0000000076e221e0 5 bytes JMP 0000000076f80360
.text  C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                 0000000076e22240 5 bytes JMP 0000000076f802a0
.text  C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                              0000000076e22290 5 bytes JMP 0000000076f802c0
.text  C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                 0000000076e222c0 5 bytes JMP 0000000076f80380
.text  C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                  0000000076e222d0 5 bytes JMP 0000000076f80340
.text  C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                           0000000076e225c0 5 bytes JMP 0000000076f80440
.text  C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                          0000000076e227c0 5 bytes JMP 0000000076f80260
.text  C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                             0000000076e227d0 5 bytes JMP 0000000076f80270
.text  C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                           0000000076e227e0 5 bytes JMP 0000000076f80400
.text  C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                       0000000076e229a0 5 bytes JMP 0000000076f801f0
.text  C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                        0000000076e229b0 5 bytes JMP 0000000076f80210
.text  C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                             0000000076e22a20 5 bytes JMP 0000000076f80200
.text  C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                             0000000076e22a80 5 bytes JMP 0000000076f80420
.text  C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                              0000000076e22a90 5 bytes JMP 0000000076f80430
.text  C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                         0000000076e22aa0 5 bytes JMP 0000000076f80220
.text  C:\Windows\System32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                 0000000076e22b80 5 bytes JMP 0000000076f80280
.text  C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                       0000000076e21360 5 bytes JMP 0000000076f80460
.text  C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                0000000076e213b0 5 bytes JMP 0000000076f80450
.text  C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                0000000076e21510 5 bytes JMP 0000000076f80370
.text  C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                     0000000076e21560 5 bytes JMP 0000000076f80470
.text  C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                           0000000076e21570 5 bytes JMP 0000000076f803e0
.text  C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                0000000076e21620 5 bytes JMP 0000000076f80320
.text  C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                         0000000076e21650 5 bytes JMP 0000000076f803b0
.text  C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                            0000000076e21670 5 bytes JMP 0000000076f80390
.text  C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                  0000000076e216b0 5 bytes JMP 0000000076f802e0
.text  C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                0000000076e21730 5 bytes JMP 0000000076f802d0
.text  C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                              0000000076e21750 5 bytes JMP 0000000076f80310
.text  C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                               0000000076e21790 5 bytes JMP 0000000076f803c0
.text  C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                            0000000076e217e0 5 bytes JMP 0000000076f803f0
.text  C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                               0000000076e21940 5 bytes JMP 0000000076f80230
.text  C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                    0000000076e21b00 5 bytes JMP 0000000076f80480
.text  C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                   0000000076e21b30 5 bytes JMP 0000000076f803a0
.text  C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                            0000000076e21c10 5 bytes JMP 0000000076f802f0
.text  C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                         0000000076e21c20 5 bytes JMP 0000000076f80350
.text  C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                               0000000076e21c80 5 bytes JMP 0000000076f80290
.text  C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                            0000000076e21d10 5 bytes JMP 0000000076f802b0
.text  C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                             0000000076e21d30 5 bytes JMP 0000000076f803d0
.text  C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                0000000076e21d40 5 bytes JMP 0000000076f80330
.text  C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                         0000000076e21db0 5 bytes JMP 0000000076f80410
.text  C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                            0000000076e21de0 5 bytes JMP 0000000076f80240
.text  C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                 0000000076e220a0 5 bytes JMP 0000000076f801e0
.text  C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                            0000000076e22160 5 bytes JMP 0000000076f80250
.text  C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                            0000000076e22190 5 bytes JMP 0000000076f80490
.text  C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                   0000000076e221a0 5 bytes JMP 0000000076f804a0
.text  C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                              0000000076e221d0 5 bytes JMP 0000000076f80300
.text  C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                           0000000076e221e0 5 bytes JMP 0000000076f80360
.text  C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                 0000000076e22240 5 bytes JMP 0000000076f802a0
.text  C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                              0000000076e22290 5 bytes JMP 0000000076f802c0
.text  C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                 0000000076e222c0 5 bytes JMP 0000000076f80380
.text  C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                  0000000076e222d0 5 bytes JMP 0000000076f80340
.text  C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                           0000000076e225c0 5 bytes JMP 0000000076f80440
.text  C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                          0000000076e227c0 5 bytes JMP 0000000076f80260
.text  C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                             0000000076e227d0 5 bytes JMP 0000000076f80270
.text  C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                           0000000076e227e0 5 bytes JMP 0000000076f80400
.text  C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                       0000000076e229a0 5 bytes JMP 0000000076f801f0
.text  C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                        0000000076e229b0 5 bytes JMP 0000000076f80210
.text  C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                             0000000076e22a20 5 bytes JMP 0000000076f80200
.text  C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                             0000000076e22a80 5 bytes JMP 0000000076f80420
.text  C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                              0000000076e22a90 5 bytes JMP 0000000076f80430
.text  C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                         0000000076e22aa0 5 bytes JMP 0000000076f80220
.text  C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                 0000000076e22b80 5 bytes JMP 0000000076f80280
.text  C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                      0000000076e21360 5 bytes JMP 0000000100070460
.text  C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                               0000000076e213b0 5 bytes JMP 0000000100070450
.text  C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                               0000000076e21510 5 bytes JMP 0000000100070370
.text  C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                    0000000076e21560 5 bytes JMP 0000000100070470
.text  C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                          0000000076e21570 5 bytes JMP 00000001000703e0
.text  C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                               0000000076e21620 5 bytes JMP 0000000100070320
.text  C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                        0000000076e21650 5 bytes JMP 00000001000703b0
.text  C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                           0000000076e21670 5 bytes JMP 0000000100070390
.text  C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                 0000000076e216b0 5 bytes JMP 00000001000702e0
.text  C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                               0000000076e21730 5 bytes JMP 00000001000702d0
.text  C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                             0000000076e21750 5 bytes JMP 0000000100070310
.text  C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                              0000000076e21790 5 bytes JMP 00000001000703c0
.text  C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                           0000000076e217e0 5 bytes JMP 00000001000703f0
.text  C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                              0000000076e21940 5 bytes JMP 0000000100070230
.text  C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                   0000000076e21b00 5 bytes JMP 0000000100070480
.text  C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                  0000000076e21b30 5 bytes JMP 00000001000703a0
.text  C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                           0000000076e21c10 5 bytes JMP 00000001000702f0
.text  C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                        0000000076e21c20 5 bytes JMP 0000000100070350
.text  C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                              0000000076e21c80 5 bytes JMP 0000000100070290
.text  C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                           0000000076e21d10 5 bytes JMP 00000001000702b0
.text  C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                            0000000076e21d30 5 bytes JMP 00000001000703d0
.text  C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                               0000000076e21d40 5 bytes JMP 0000000100070330
.text  C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                        0000000076e21db0 5 bytes JMP 0000000100070410
.text  C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                           0000000076e21de0 5 bytes JMP 0000000100070240
.text  C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                0000000076e220a0 5 bytes JMP 00000001000701e0
.text  C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                           0000000076e22160 5 bytes JMP 0000000100070250
.text  C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                           0000000076e22190 5 bytes JMP 0000000100070490
.text  C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                  0000000076e221a0 5 bytes JMP 00000001000704a0
.text  C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                             0000000076e221d0 5 bytes JMP 0000000100070300
.text  C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                          0000000076e221e0 5 bytes JMP 0000000100070360
.text  C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                0000000076e22240 5 bytes JMP 00000001000702a0
.text  C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                             0000000076e22290 5 bytes JMP 00000001000702c0
.text  C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                0000000076e222c0 5 bytes JMP 0000000100070380
.text  C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                 0000000076e222d0 5 bytes JMP 0000000100070340
.text  C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                          0000000076e225c0 5 bytes JMP 0000000100070440
.text  C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                         0000000076e227c0 5 bytes JMP 0000000100070260
.text  C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                            0000000076e227d0 5 bytes JMP 0000000100070270
.text  C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                          0000000076e227e0 5 bytes JMP 0000000100070400
.text  C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                      0000000076e229a0 5 bytes JMP 00000001000701f0
.text  C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                       0000000076e229b0 5 bytes JMP 0000000100070210
.text  C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                            0000000076e22a20 5 bytes JMP 0000000100070200
.text  C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                            0000000076e22a80 5 bytes JMP 0000000100070420
.text  C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                             0000000076e22a90 5 bytes JMP 0000000100070430
.text  C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                        0000000076e22aa0 5 bytes JMP 0000000100070220
.text  C:\Windows\system32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                0000000076e22b80 5 bytes JMP 0000000100070280
         
__________________


Alt 26.11.2014, 17:39   #3
Sirene88
 
Malwarebytes findet Mobogenie. Noch mehr malware? - Standard

Malwarebytes findet Mobogenie. Noch mehr malware?



Code:
ATTFilter
.text  C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                      0000000076e21360 5 bytes JMP 0000000100070460
.text  C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                               0000000076e213b0 5 bytes JMP 0000000100070450
.text  C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                               0000000076e21510 5 bytes JMP 0000000100070370
.text  C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                    0000000076e21560 5 bytes JMP 0000000100070470
.text  C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                          0000000076e21570 5 bytes JMP 00000001000703e0
.text  C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                               0000000076e21620 5 bytes JMP 0000000100070320
.text  C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                        0000000076e21650 5 bytes JMP 00000001000703b0
.text  C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                           0000000076e21670 5 bytes JMP 0000000100070390
.text  C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                 0000000076e216b0 5 bytes JMP 00000001000702e0
.text  C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                               0000000076e21730 5 bytes JMP 00000001000702d0
.text  C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                             0000000076e21750 5 bytes JMP 0000000100070310
.text  C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                              0000000076e21790 5 bytes JMP 00000001000703c0
.text  C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                           0000000076e217e0 5 bytes JMP 00000001000703f0
.text  C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                              0000000076e21940 5 bytes JMP 0000000100070230
.text  C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                   0000000076e21b00 5 bytes JMP 0000000100070480
.text  C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                  0000000076e21b30 5 bytes JMP 00000001000703a0
.text  C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                           0000000076e21c10 5 bytes JMP 00000001000702f0
.text  C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                        0000000076e21c20 5 bytes JMP 0000000100070350
.text  C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                              0000000076e21c80 5 bytes JMP 0000000100070290
.text  C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                           0000000076e21d10 5 bytes JMP 00000001000702b0
.text  C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                            0000000076e21d30 5 bytes JMP 00000001000703d0
.text  C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                               0000000076e21d40 5 bytes JMP 0000000100070330
.text  C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                        0000000076e21db0 5 bytes JMP 0000000100070410
.text  C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                           0000000076e21de0 5 bytes JMP 0000000100070240
.text  C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                0000000076e220a0 5 bytes JMP 00000001000701e0
.text  C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                           0000000076e22160 5 bytes JMP 0000000100070250
.text  C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                           0000000076e22190 5 bytes JMP 0000000100070490
.text  C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                  0000000076e221a0 5 bytes JMP 00000001000704a0
.text  C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                             0000000076e221d0 5 bytes JMP 0000000100070300
.text  C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                          0000000076e221e0 5 bytes JMP 0000000100070360
.text  C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                0000000076e22240 5 bytes JMP 00000001000702a0
.text  C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                             0000000076e22290 5 bytes JMP 00000001000702c0
.text  C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                0000000076e222c0 5 bytes JMP 0000000100070380
.text  C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                 0000000076e222d0 5 bytes JMP 0000000100070340
.text  C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                          0000000076e225c0 5 bytes JMP 0000000100070440
.text  C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                         0000000076e227c0 5 bytes JMP 0000000100070260
.text  C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                            0000000076e227d0 5 bytes JMP 0000000100070270
.text  C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                          0000000076e227e0 5 bytes JMP 0000000100070400
.text  C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                      0000000076e229a0 5 bytes JMP 00000001000701f0
.text  C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                       0000000076e229b0 5 bytes JMP 0000000100070210
.text  C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                            0000000076e22a20 5 bytes JMP 0000000100070200
.text  C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                            0000000076e22a80 5 bytes JMP 0000000100070420
.text  C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                             0000000076e22a90 5 bytes JMP 0000000100070430
.text  C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                        0000000076e22aa0 5 bytes JMP 0000000100070220
.text  C:\Windows\system32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                0000000076e22b80 5 bytes JMP 0000000100070280
.text  C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                      0000000076e21360 5 bytes JMP 0000000076f80460
.text  C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                               0000000076e213b0 5 bytes JMP 0000000076f80450
.text  C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                               0000000076e21510 5 bytes JMP 0000000076f80370
.text  C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                    0000000076e21560 5 bytes JMP 0000000076f80470
.text  C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                          0000000076e21570 5 bytes JMP 0000000076f803e0
.text  C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                               0000000076e21620 5 bytes JMP 0000000076f80320
.text  C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                        0000000076e21650 5 bytes JMP 0000000076f803b0
.text  C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                           0000000076e21670 5 bytes JMP 0000000076f80390
.text  C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                 0000000076e216b0 5 bytes JMP 0000000076f802e0
.text  C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                               0000000076e21730 5 bytes JMP 0000000076f802d0
.text  C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                             0000000076e21750 5 bytes JMP 0000000076f80310
.text  C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                              0000000076e21790 5 bytes JMP 0000000076f803c0
.text  C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                           0000000076e217e0 5 bytes JMP 0000000076f803f0
.text  C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                              0000000076e21940 5 bytes JMP 0000000076f80230
.text  C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                   0000000076e21b00 5 bytes JMP 0000000076f80480
.text  C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                  0000000076e21b30 5 bytes JMP 0000000076f803a0
.text  C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                           0000000076e21c10 5 bytes JMP 0000000076f802f0
.text  C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                        0000000076e21c20 5 bytes JMP 0000000076f80350
.text  C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                              0000000076e21c80 5 bytes JMP 0000000076f80290
.text  C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                           0000000076e21d10 5 bytes JMP 0000000076f802b0
.text  C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                            0000000076e21d30 5 bytes JMP 0000000076f803d0
.text  C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                               0000000076e21d40 5 bytes JMP 0000000076f80330
.text  C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                        0000000076e21db0 5 bytes JMP 0000000076f80410
.text  C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                           0000000076e21de0 5 bytes JMP 0000000076f80240
.text  C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                0000000076e220a0 5 bytes JMP 0000000076f801e0
.text  C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                           0000000076e22160 5 bytes JMP 0000000076f80250
.text  C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                           0000000076e22190 5 bytes JMP 0000000076f80490
.text  C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                  0000000076e221a0 5 bytes JMP 0000000076f804a0
.text  C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                             0000000076e221d0 5 bytes JMP 0000000076f80300
.text  C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                          0000000076e221e0 5 bytes JMP 0000000076f80360
.text  C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                0000000076e22240 5 bytes JMP 0000000076f802a0
.text  C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                             0000000076e22290 5 bytes JMP 0000000076f802c0
.text  C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                0000000076e222c0 5 bytes JMP 0000000076f80380
.text  C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                 0000000076e222d0 5 bytes JMP 0000000076f80340
.text  C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                          0000000076e225c0 5 bytes JMP 0000000076f80440
.text  C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                         0000000076e227c0 5 bytes JMP 0000000076f80260
.text  C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                            0000000076e227d0 5 bytes JMP 0000000076f80270
.text  C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                          0000000076e227e0 5 bytes JMP 0000000076f80400
.text  C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                      0000000076e229a0 5 bytes JMP 0000000076f801f0
.text  C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                       0000000076e229b0 5 bytes JMP 0000000076f80210
.text  C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                            0000000076e22a20 5 bytes JMP 0000000076f80200
.text  C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                            0000000076e22a80 5 bytes JMP 0000000076f80420
.text  C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                             0000000076e22a90 5 bytes JMP 0000000076f80430
.text  C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                        0000000076e22aa0 5 bytes JMP 0000000076f80220
.text  C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                0000000076e22b80 5 bytes JMP 0000000076f80280
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort             0000000076e21360 5 bytes JMP 0000000076f80460
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                      0000000076e213b0 5 bytes JMP 0000000076f80450
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                      0000000076e21510 5 bytes JMP 0000000076f80370
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx           0000000076e21560 5 bytes JMP 0000000076f80470
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                 0000000076e21570 5 bytes JMP 0000000076f803e0
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                      0000000076e21620 5 bytes JMP 0000000076f80320
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory               0000000076e21650 5 bytes JMP 0000000076f803b0
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                  0000000076e21670 5 bytes JMP 0000000076f80390
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                        0000000076e216b0 5 bytes JMP 0000000076f802e0
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                      0000000076e21730 5 bytes JMP 0000000076f802d0
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                    0000000076e21750 5 bytes JMP 0000000076f80310
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                     0000000076e21790 5 bytes JMP 0000000076f803c0
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                  0000000076e217e0 5 bytes JMP 0000000076f803f0
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                     0000000076e21940 5 bytes JMP 0000000076f80230
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort          0000000076e21b00 5 bytes JMP 0000000076f80480
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject         0000000076e21b30 5 bytes JMP 0000000076f803a0
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                  0000000076e21c10 5 bytes JMP 0000000076f802f0
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion               0000000076e21c20 5 bytes JMP 0000000076f80350
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                     0000000076e21c80 5 bytes JMP 0000000076f80290
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                  0000000076e21d10 5 bytes JMP 0000000076f802b0
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                   0000000076e21d30 5 bytes JMP 0000000076f803d0
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                      0000000076e21d40 5 bytes JMP 0000000076f80330
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess               0000000076e21db0 5 bytes JMP 0000000076f80410
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                  0000000076e21de0 5 bytes JMP 0000000076f80240
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                       0000000076e220a0 5 bytes JMP 0000000076f801e0
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                  0000000076e22160 5 bytes JMP 0000000076f80250
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                  0000000076e22190 5 bytes JMP 0000000076f80490
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys         0000000076e221a0 5 bytes JMP 0000000076f804a0
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                    0000000076e221d0 5 bytes JMP 0000000076f80300
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                 0000000076e221e0 5 bytes JMP 0000000076f80360
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                       0000000076e22240 5 bytes JMP 0000000076f802a0
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                    0000000076e22290 5 bytes JMP 0000000076f802c0
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                       0000000076e222c0 5 bytes JMP 0000000076f80380
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                        0000000076e222d0 5 bytes JMP 0000000076f80340
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                 0000000076e225c0 5 bytes JMP 0000000076f80440
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                0000000076e227c0 5 bytes JMP 0000000076f80260
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                   0000000076e227d0 5 bytes JMP 0000000076f80270
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                 0000000076e227e0 5 bytes JMP 0000000076f80400
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation             0000000076e229a0 5 bytes JMP 0000000076f801f0
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState              0000000076e229b0 5 bytes JMP 0000000076f80210
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                   0000000076e22a20 5 bytes JMP 0000000076f80200
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                   0000000076e22a80 5 bytes JMP 0000000076f80420
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                    0000000076e22a90 5 bytes JMP 0000000076f80430
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl               0000000076e22aa0 5 bytes JMP 0000000076f80220
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1400] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                       0000000076e22b80 5 bytes JMP 0000000076f80280
.text  C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                       0000000076e21360 5 bytes JMP 0000000076f80460
.text  C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                0000000076e213b0 5 bytes JMP 0000000076f80450
.text  C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                0000000076e21510 5 bytes JMP 0000000076f80370
.text  C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                     0000000076e21560 5 bytes JMP 0000000076f80470
.text  C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                           0000000076e21570 5 bytes JMP 0000000076f803e0
.text  C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                0000000076e21620 5 bytes JMP 0000000076f80320
.text  C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                         0000000076e21650 5 bytes JMP 0000000076f803b0
.text  C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                            0000000076e21670 5 bytes JMP 0000000076f80390
.text  C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                  0000000076e216b0 5 bytes JMP 0000000076f802e0
.text  C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                0000000076e21730 5 bytes JMP 0000000076f802d0
.text  C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                              0000000076e21750 5 bytes JMP 0000000076f80310
.text  C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                               0000000076e21790 5 bytes JMP 0000000076f803c0
.text  C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                            0000000076e217e0 5 bytes JMP 0000000076f803f0
.text  C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                               0000000076e21940 5 bytes JMP 0000000076f80230
.text  C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                    0000000076e21b00 5 bytes JMP 0000000076f80480
.text  C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                   0000000076e21b30 5 bytes JMP 0000000076f803a0
.text  C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                            0000000076e21c10 5 bytes JMP 0000000076f802f0
.text  C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                         0000000076e21c20 5 bytes JMP 0000000076f80350
.text  C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                               0000000076e21c80 5 bytes JMP 0000000076f80290
.text  C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                            0000000076e21d10 5 bytes JMP 0000000076f802b0
.text  C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                             0000000076e21d30 5 bytes JMP 0000000076f803d0
.text  C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                0000000076e21d40 5 bytes JMP 0000000076f80330
.text  C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                         0000000076e21db0 5 bytes JMP 0000000076f80410
.text  C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                            0000000076e21de0 5 bytes JMP 0000000076f80240
.text  C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                 0000000076e220a0 5 bytes JMP 0000000076f801e0
.text  C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                            0000000076e22160 5 bytes JMP 0000000076f80250
.text  C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                            0000000076e22190 5 bytes JMP 0000000076f80490
.text  C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                   0000000076e221a0 5 bytes JMP 0000000076f804a0
.text  C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                              0000000076e221d0 5 bytes JMP 0000000076f80300
.text  C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                           0000000076e221e0 5 bytes JMP 0000000076f80360
.text  C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                 0000000076e22240 5 bytes JMP 0000000076f802a0
.text  C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                              0000000076e22290 5 bytes JMP 0000000076f802c0
.text  C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                 0000000076e222c0 5 bytes JMP 0000000076f80380
.text  C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                  0000000076e222d0 5 bytes JMP 0000000076f80340
.text  C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                           0000000076e225c0 5 bytes JMP 0000000076f80440
.text  C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                          0000000076e227c0 5 bytes JMP 0000000076f80260
.text  C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                             0000000076e227d0 5 bytes JMP 0000000076f80270
.text  C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                           0000000076e227e0 5 bytes JMP 0000000076f80400
.text  C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                       0000000076e229a0 5 bytes JMP 0000000076f801f0
.text  C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                        0000000076e229b0 5 bytes JMP 0000000076f80210
.text  C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                             0000000076e22a20 5 bytes JMP 0000000076f80200
.text  C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                             0000000076e22a80 5 bytes JMP 0000000076f80420
.text  C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                              0000000076e22a90 5 bytes JMP 0000000076f80430
.text  C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                         0000000076e22aa0 5 bytes JMP 0000000076f80220
.text  C:\Windows\system32\nvvsvc.exe[1408] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                 0000000076e22b80 5 bytes JMP 0000000076f80280
.text  C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                          0000000076e21360 5 bytes JMP 0000000076f80460
.text  C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                   0000000076e213b0 5 bytes JMP 0000000076f80450
.text  C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                   0000000076e21510 5 bytes JMP 0000000076f80370
.text  C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                        0000000076e21560 5 bytes JMP 0000000076f80470
.text  C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                              0000000076e21570 5 bytes JMP 0000000076f803e0
.text  C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                   0000000076e21620 5 bytes JMP 0000000076f80320
.text  C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                            0000000076e21650 5 bytes JMP 0000000076f803b0
.text  C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                               0000000076e21670 5 bytes JMP 0000000076f80390
.text  C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                     0000000076e216b0 5 bytes JMP 0000000076f802e0
.text  C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                   0000000076e21730 5 bytes JMP 0000000076f802d0
.text  C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                 0000000076e21750 5 bytes JMP 0000000076f80310
.text  C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                  0000000076e21790 5 bytes JMP 0000000076f803c0
.text  C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                               0000000076e217e0 5 bytes JMP 0000000076f803f0
.text  C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                  0000000076e21940 5 bytes JMP 0000000076f80230
.text  C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                       0000000076e21b00 5 bytes JMP 0000000076f80480
.text  C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                      0000000076e21b30 5 bytes JMP 0000000076f803a0
.text  C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                               0000000076e21c10 5 bytes JMP 0000000076f802f0
.text  C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                            0000000076e21c20 5 bytes JMP 0000000076f80350
.text  C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                  0000000076e21c80 5 bytes JMP 0000000076f80290
.text  C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                               0000000076e21d10 5 bytes JMP 0000000076f802b0
.text  C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                0000000076e21d30 5 bytes JMP 0000000076f803d0
.text  C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                   0000000076e21d40 5 bytes JMP 0000000076f80330
.text  C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                            0000000076e21db0 5 bytes JMP 0000000076f80410
.text  C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                               0000000076e21de0 5 bytes JMP 0000000076f80240
.text  C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                    0000000076e220a0 5 bytes JMP 0000000076f801e0
.text  C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                               0000000076e22160 5 bytes JMP 0000000076f80250
.text  C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                               0000000076e22190 5 bytes JMP 0000000076f80490
.text  C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                      0000000076e221a0 5 bytes JMP 0000000076f804a0
.text  C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                 0000000076e221d0 5 bytes JMP 0000000076f80300
.text  C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                              0000000076e221e0 5 bytes JMP 0000000076f80360
.text  C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                    0000000076e22240 5 bytes JMP 0000000076f802a0
.text  C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                 0000000076e22290 5 bytes JMP 0000000076f802c0
.text  C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                    0000000076e222c0 5 bytes JMP 0000000076f80380
.text  C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                     0000000076e222d0 5 bytes JMP 0000000076f80340
.text  C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                              0000000076e225c0 5 bytes JMP 0000000076f80440
.text  C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                             0000000076e227c0 5 bytes JMP 0000000076f80260
.text  C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                0000000076e227d0 5 bytes JMP 0000000076f80270
.text  C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                              0000000076e227e0 5 bytes JMP 0000000076f80400
.text  C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                          0000000076e229a0 5 bytes JMP 0000000076f801f0
.text  C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                           0000000076e229b0 5 bytes JMP 0000000076f80210
.text  C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                0000000076e22a20 5 bytes JMP 0000000076f80200
.text  C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                0000000076e22a80 5 bytes JMP 0000000076f80420
.text  C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                 0000000076e22a90 5 bytes JMP 0000000076f80430
.text  C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                            0000000076e22aa0 5 bytes JMP 0000000076f80220
.text  C:\Windows\system32\Dwm.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                    0000000076e22b80 5 bytes JMP 0000000076f80280
.text  C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                              0000000076e21360 5 bytes JMP 0000000076f80460
.text  C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                       0000000076e213b0 5 bytes JMP 0000000076f80450
.text  C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                       0000000076e21510 5 bytes JMP 0000000076f80370
.text  C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                            0000000076e21560 5 bytes JMP 0000000076f80470
.text  C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                  0000000076e21570 5 bytes JMP 0000000076f803e0
.text  C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                       0000000076e21620 5 bytes JMP 0000000076f80320
.text  C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                0000000076e21650 5 bytes JMP 0000000076f803b0
.text  C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                   0000000076e21670 5 bytes JMP 0000000076f80390
.text  C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                         0000000076e216b0 5 bytes JMP 0000000076f802e0
.text  C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                       0000000076e21730 5 bytes JMP 0000000076f802d0
.text  C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                     0000000076e21750 5 bytes JMP 0000000076f80310
.text  C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                      0000000076e21790 5 bytes JMP 0000000076f803c0
.text  C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                   0000000076e217e0 5 bytes JMP 0000000076f803f0
.text  C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                      0000000076e21940 5 bytes JMP 0000000076f80230
.text  C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                           0000000076e21b00 5 bytes JMP 0000000076f80480
.text  C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                          0000000076e21b30 5 bytes JMP 0000000076f803a0
.text  C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                   0000000076e21c10 5 bytes JMP 0000000076f802f0
.text  C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                0000000076e21c20 5 bytes JMP 0000000076f80350
.text  C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                      0000000076e21c80 5 bytes JMP 0000000076f80290
.text  C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                   0000000076e21d10 5 bytes JMP 0000000076f802b0
.text  C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                    0000000076e21d30 5 bytes JMP 0000000076f803d0
.text  C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                       0000000076e21d40 5 bytes JMP 0000000076f80330
.text  C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                0000000076e21db0 5 bytes JMP 0000000076f80410
.text  C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                   0000000076e21de0 5 bytes JMP 0000000076f80240
.text  C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                        0000000076e220a0 5 bytes JMP 0000000076f801e0
.text  C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                   0000000076e22160 5 bytes JMP 0000000076f80250
.text  C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                   0000000076e22190 5 bytes JMP 0000000076f80490
.text  C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                          0000000076e221a0 5 bytes JMP 0000000076f804a0
.text  C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                     0000000076e221d0 5 bytes JMP 0000000076f80300
.text  C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                  0000000076e221e0 5 bytes JMP 0000000076f80360
.text  C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                        0000000076e22240 5 bytes JMP 0000000076f802a0
.text  C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                     0000000076e22290 5 bytes JMP 0000000076f802c0
.text  C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                        0000000076e222c0 5 bytes JMP 0000000076f80380
.text  C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                         0000000076e222d0 5 bytes JMP 0000000076f80340
.text  C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                  0000000076e225c0 5 bytes JMP 0000000076f80440
.text  C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                 0000000076e227c0 5 bytes JMP 0000000076f80260
.text  C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                    0000000076e227d0 5 bytes JMP 0000000076f80270
.text  C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                  0000000076e227e0 5 bytes JMP 0000000076f80400
.text  C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                              0000000076e229a0 5 bytes JMP 0000000076f801f0
.text  C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                               0000000076e229b0 5 bytes JMP 0000000076f80210
.text  C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                    0000000076e22a20 5 bytes JMP 0000000076f80200
.text  C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                    0000000076e22a80 5 bytes JMP 0000000076f80420
.text  C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                     0000000076e22a90 5 bytes JMP 0000000076f80430
.text  C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                0000000076e22aa0 5 bytes JMP 0000000076f80220
.text  C:\Windows\Explorer.EXE[1632] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                        0000000076e22b80 5 bytes JMP 0000000076f80280
.text  C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                      0000000076e21360 5 bytes JMP 0000000076f80460
.text  C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                               0000000076e213b0 5 bytes JMP 0000000076f80450
.text  C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                               0000000076e21510 5 bytes JMP 0000000076f80370
.text  C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                    0000000076e21560 5 bytes JMP 0000000076f80470
.text  C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                          0000000076e21570 5 bytes JMP 0000000076f803e0
.text  C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                               0000000076e21620 5 bytes JMP 0000000076f80320
.text  C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                        0000000076e21650 5 bytes JMP 0000000076f803b0
.text  C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                           0000000076e21670 5 bytes JMP 0000000076f80390
.text  C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                 0000000076e216b0 5 bytes JMP 0000000076f802e0
.text  C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                               0000000076e21730 5 bytes JMP 0000000076f802d0
.text  C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                             0000000076e21750 5 bytes JMP 0000000076f80310
.text  C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                              0000000076e21790 5 bytes JMP 0000000076f803c0
.text  C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                           0000000076e217e0 5 bytes JMP 0000000076f803f0
.text  C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                              0000000076e21940 5 bytes JMP 0000000076f80230
.text  C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                   0000000076e21b00 5 bytes JMP 0000000076f80480
.text  C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                  0000000076e21b30 5 bytes JMP 0000000076f803a0
.text  C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                           0000000076e21c10 5 bytes JMP 0000000076f802f0
.text  C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                        0000000076e21c20 5 bytes JMP 0000000076f80350
.text  C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                              0000000076e21c80 5 bytes JMP 0000000076f80290
.text  C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                           0000000076e21d10 5 bytes JMP 0000000076f802b0
.text  C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                            0000000076e21d30 5 bytes JMP 0000000076f803d0
.text  C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                               0000000076e21d40 5 bytes JMP 0000000076f80330
.text  C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                        0000000076e21db0 5 bytes JMP 0000000076f80410
.text  C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                           0000000076e21de0 5 bytes JMP 0000000076f80240
.text  C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                0000000076e220a0 5 bytes JMP 0000000076f801e0
.text  C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                           0000000076e22160 5 bytes JMP 0000000076f80250
.text  C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                           0000000076e22190 5 bytes JMP 0000000076f80490
.text  C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                  0000000076e221a0 5 bytes JMP 0000000076f804a0
.text  C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                             0000000076e221d0 5 bytes JMP 0000000076f80300
.text  C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                          0000000076e221e0 5 bytes JMP 0000000076f80360
.text  C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                0000000076e22240 5 bytes JMP 0000000076f802a0
.text  C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                             0000000076e22290 5 bytes JMP 0000000076f802c0
.text  C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                0000000076e222c0 5 bytes JMP 0000000076f80380
.text  C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                 0000000076e222d0 5 bytes JMP 0000000076f80340
.text  C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                          0000000076e225c0 5 bytes JMP 0000000076f80440
.text  C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                         0000000076e227c0 5 bytes JMP 0000000076f80260
.text  C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                            0000000076e227d0 5 bytes JMP 0000000076f80270
.text  C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                          0000000076e227e0 5 bytes JMP 0000000076f80400
.text  C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                      0000000076e229a0 5 bytes JMP 0000000076f801f0
.text  C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                       0000000076e229b0 5 bytes JMP 0000000076f80210
.text  C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                            0000000076e22a20 5 bytes JMP 0000000076f80200
.text  C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                            0000000076e22a80 5 bytes JMP 0000000076f80420
.text  C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                             0000000076e22a90 5 bytes JMP 0000000076f80430
.text  C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                        0000000076e22aa0 5 bytes JMP 0000000076f80220
.text  C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                0000000076e22b80 5 bytes JMP 0000000076f80280
.text  C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                      0000000076e21360 5 bytes JMP 0000000076f80460
.text  C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                               0000000076e213b0 5 bytes JMP 0000000076f80450
.text  C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                               0000000076e21510 5 bytes JMP 0000000076f80370
.text  C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                    0000000076e21560 5 bytes JMP 0000000076f80470
.text  C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                          0000000076e21570 5 bytes JMP 0000000076f803e0
.text  C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                               0000000076e21620 5 bytes JMP 0000000076f80320
.text  C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                        0000000076e21650 5 bytes JMP 0000000076f803b0
.text  C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                           0000000076e21670 5 bytes JMP 0000000076f80390
.text  C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                 0000000076e216b0 5 bytes JMP 0000000076f802e0
.text  C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                               0000000076e21730 5 bytes JMP 0000000076f802d0
.text  C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                             0000000076e21750 5 bytes JMP 0000000076f80310
.text  C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                              0000000076e21790 5 bytes JMP 0000000076f803c0
.text  C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                           0000000076e217e0 5 bytes JMP 0000000076f803f0
.text  C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                              0000000076e21940 5 bytes JMP 0000000076f80230
.text  C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                   0000000076e21b00 5 bytes JMP 0000000076f80480
.text  C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                  0000000076e21b30 5 bytes JMP 0000000076f803a0
.text  C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                           0000000076e21c10 5 bytes JMP 0000000076f802f0
.text  C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                        0000000076e21c20 5 bytes JMP 0000000076f80350
.text  C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                              0000000076e21c80 5 bytes JMP 0000000076f80290
.text  C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                           0000000076e21d10 5 bytes JMP 0000000076f802b0
.text  C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                            0000000076e21d30 5 bytes JMP 0000000076f803d0
.text  C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                               0000000076e21d40 5 bytes JMP 0000000076f80330
.text  C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                        0000000076e21db0 5 bytes JMP 0000000076f80410
.text  C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                           0000000076e21de0 5 bytes JMP 0000000076f80240
.text  C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                0000000076e220a0 5 bytes JMP 0000000076f801e0
.text  C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                           0000000076e22160 5 bytes JMP 0000000076f80250
.text  C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                           0000000076e22190 5 bytes JMP 0000000076f80490
.text  C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                  0000000076e221a0 5 bytes JMP 0000000076f804a0
.text  C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                             0000000076e221d0 5 bytes JMP 0000000076f80300
.text  C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                          0000000076e221e0 5 bytes JMP 0000000076f80360
.text  C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                0000000076e22240 5 bytes JMP 0000000076f802a0
.text  C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                             0000000076e22290 5 bytes JMP 0000000076f802c0
.text  C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                0000000076e222c0 5 bytes JMP 0000000076f80380
.text  C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                 0000000076e222d0 5 bytes JMP 0000000076f80340
.text  C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                          0000000076e225c0 5 bytes JMP 0000000076f80440
.text  C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                         0000000076e227c0 5 bytes JMP 0000000076f80260
.text  C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                            0000000076e227d0 5 bytes JMP 0000000076f80270
.text  C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                          0000000076e227e0 5 bytes JMP 0000000076f80400
.text  C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                      0000000076e229a0 5 bytes JMP 0000000076f801f0
.text  C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                       0000000076e229b0 5 bytes JMP 0000000076f80210
.text  C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                            0000000076e22a20 5 bytes JMP 0000000076f80200
.text  C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                            0000000076e22a80 5 bytes JMP 0000000076f80420
.text  C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                             0000000076e22a90 5 bytes JMP 0000000076f80430
.text  C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                        0000000076e22aa0 5 bytes JMP 0000000076f80220
.text  C:\Windows\system32\svchost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                0000000076e22b80 5 bytes JMP 0000000076f80280
.text  C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                     0000000076e21360 5 bytes JMP 0000000076f80460
.text  C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                              0000000076e213b0 5 bytes JMP 0000000076f80450
.text  C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                              0000000076e21510 5 bytes JMP 0000000076f80370
.text  C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                   0000000076e21560 5 bytes JMP 0000000076f80470
.text  C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                         0000000076e21570 5 bytes JMP 0000000076f803e0
.text  C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                              0000000076e21620 5 bytes JMP 0000000076f80320
.text  C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                       0000000076e21650 5 bytes JMP 0000000076f803b0
.text  C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                          0000000076e21670 5 bytes JMP 0000000076f80390
.text  C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                0000000076e216b0 5 bytes JMP 0000000076f802e0
.text  C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                              0000000076e21730 5 bytes JMP 0000000076f802d0
.text  C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                            0000000076e21750 5 bytes JMP 0000000076f80310
.text  C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                             0000000076e21790 5 bytes JMP 0000000076f803c0
.text  C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                          0000000076e217e0 5 bytes JMP 0000000076f803f0
.text  C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                             0000000076e21940 5 bytes JMP 0000000076f80230
.text  C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                  0000000076e21b00 5 bytes JMP 0000000076f80480
.text  C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                 0000000076e21b30 5 bytes JMP 0000000076f803a0
.text  C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                          0000000076e21c10 5 bytes JMP 0000000076f802f0
.text  C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                       0000000076e21c20 5 bytes JMP 0000000076f80350
.text  C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                             0000000076e21c80 5 bytes JMP 0000000076f80290
.text  C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                          0000000076e21d10 5 bytes JMP 0000000076f802b0
.text  C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                           0000000076e21d30 5 bytes JMP 0000000076f803d0
.text  C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                              0000000076e21d40 5 bytes JMP 0000000076f80330
.text  C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                       0000000076e21db0 5 bytes JMP 0000000076f80410
.text  C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                          0000000076e21de0 5 bytes JMP 0000000076f80240
.text  C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                               0000000076e220a0 5 bytes JMP 0000000076f801e0
.text  C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                          0000000076e22160 5 bytes JMP 0000000076f80250
.text  C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                          0000000076e22190 5 bytes JMP 0000000076f80490
.text  C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                 0000000076e221a0 5 bytes JMP 0000000076f804a0
.text  C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                            0000000076e221d0 5 bytes JMP 0000000076f80300
.text  C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                         0000000076e221e0 5 bytes JMP 0000000076f80360
.text  C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                               0000000076e22240 5 bytes JMP 0000000076f802a0
.text  C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                            0000000076e22290 5 bytes JMP 0000000076f802c0
.text  C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                               0000000076e222c0 5 bytes JMP 0000000076f80380
.text  C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                0000000076e222d0 5 bytes JMP 0000000076f80340
.text  C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                         0000000076e225c0 5 bytes JMP 0000000076f80440
.text  C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                        0000000076e227c0 5 bytes JMP 0000000076f80260
.text  C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                           0000000076e227d0 5 bytes JMP 0000000076f80270
.text  C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                         0000000076e227e0 5 bytes JMP 0000000076f80400
.text  C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                     0000000076e229a0 5 bytes JMP 0000000076f801f0
.text  C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                      0000000076e229b0 5 bytes JMP 0000000076f80210
.text  C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                           0000000076e22a20 5 bytes JMP 0000000076f80200
.text  C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                           0000000076e22a80 5 bytes JMP 0000000076f80420
.text  C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                            0000000076e22a90 5 bytes JMP 0000000076f80430
.text  C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                       0000000076e22aa0 5 bytes JMP 0000000076f80220
.text  C:\Windows\system32\taskhost.exe[1876] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                               0000000076e22b80 5 bytes JMP 0000000076f80280
.text  C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                      0000000076e21360 5 bytes JMP 0000000076f80460
.text  C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                               0000000076e213b0 5 bytes JMP 0000000076f80450
.text  C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                               0000000076e21510 5 bytes JMP 0000000076f80370
.text  C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                    0000000076e21560 5 bytes JMP 0000000076f80470
.text  C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                          0000000076e21570 5 bytes JMP 0000000076f803e0
.text  C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                               0000000076e21620 5 bytes JMP 0000000076f80320
.text  C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                        0000000076e21650 5 bytes JMP 0000000076f803b0
.text  C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                           0000000076e21670 5 bytes JMP 0000000076f80390
.text  C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                 0000000076e216b0 5 bytes JMP 0000000076f802e0
.text  C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                               0000000076e21730 5 bytes JMP 0000000076f802d0
.text  C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                             0000000076e21750 5 bytes JMP 0000000076f80310
.text  C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                              0000000076e21790 5 bytes JMP 0000000076f803c0
.text  C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                           0000000076e217e0 5 bytes JMP 0000000076f803f0
.text  C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                              0000000076e21940 5 bytes JMP 0000000076f80230
.text  C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                   0000000076e21b00 5 bytes JMP 0000000076f80480
.text  C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                  0000000076e21b30 5 bytes JMP 0000000076f803a0
.text  C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                           0000000076e21c10 5 bytes JMP 0000000076f802f0
.text  C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                        0000000076e21c20 5 bytes JMP 0000000076f80350
.text  C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                              0000000076e21c80 5 bytes JMP 0000000076f80290
.text  C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                           0000000076e21d10 5 bytes JMP 0000000076f802b0
.text  C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                            0000000076e21d30 5 bytes JMP 0000000076f803d0
.text  C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                               0000000076e21d40 5 bytes JMP 0000000076f80330
.text  C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                        0000000076e21db0 5 bytes JMP 0000000076f80410
.text  C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                           0000000076e21de0 5 bytes JMP 0000000076f80240
.text  C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                0000000076e220a0 5 bytes JMP 0000000076f801e0
.text  C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                           0000000076e22160 5 bytes JMP 0000000076f80250
.text  C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                           0000000076e22190 5 bytes JMP 0000000076f80490
.text  C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                  0000000076e221a0 5 bytes JMP 0000000076f804a0
.text  C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                             0000000076e221d0 5 bytes JMP 0000000076f80300
.text  C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                          0000000076e221e0 5 bytes JMP 0000000076f80360
.text  C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                0000000076e22240 5 bytes JMP 0000000076f802a0
.text  C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                             0000000076e22290 5 bytes JMP 0000000076f802c0
.text  C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                0000000076e222c0 5 bytes JMP 0000000076f80380
.text  C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                 0000000076e222d0 5 bytes JMP 0000000076f80340
.text  C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                          0000000076e225c0 5 bytes JMP 0000000076f80440
.text  C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                         0000000076e227c0 5 bytes JMP 0000000076f80260
.text  C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                            0000000076e227d0 5 bytes JMP 0000000076f80270
.text  C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                          0000000076e227e0 5 bytes JMP 0000000076f80400
.text  C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                      0000000076e229a0 5 bytes JMP 0000000076f801f0
.text  C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                       0000000076e229b0 5 bytes JMP 0000000076f80210
.text  C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                            0000000076e22a20 5 bytes JMP 0000000076f80200
.text  C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                            0000000076e22a80 5 bytes JMP 0000000076f80420
.text  C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                             0000000076e22a90 5 bytes JMP 0000000076f80430
.text  C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                        0000000076e22aa0 5 bytes JMP 0000000076f80220
.text  C:\Windows\system32\taskeng.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                0000000076e22b80 5 bytes JMP 0000000076f80280
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                    0000000076e21360 5 bytes JMP 0000000100070460
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                             0000000076e213b0 5 bytes JMP 0000000100070450
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                             0000000076e21510 5 bytes JMP 0000000100070370
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                  0000000076e21560 5 bytes JMP 0000000100070470
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                        0000000076e21570 5 bytes JMP 00000001000703e0
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                             0000000076e21620 5 bytes JMP 0000000100070320
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                      0000000076e21650 5 bytes JMP 00000001000703b0
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                         0000000076e21670 5 bytes JMP 0000000100070390
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                               0000000076e216b0 5 bytes JMP 00000001000702e0
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                             0000000076e21730 5 bytes JMP 00000001000702d0
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                           0000000076e21750 5 bytes JMP 0000000100070310
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                            0000000076e21790 5 bytes JMP 00000001000703c0
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                         0000000076e217e0 5 bytes JMP 00000001000703f0
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                            0000000076e21940 5 bytes JMP 0000000100070230
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                 0000000076e21b00 5 bytes JMP 0000000100070480
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                0000000076e21b30 5 bytes JMP 00000001000703a0
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                         0000000076e21c10 5 bytes JMP 00000001000702f0
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                      0000000076e21c20 5 bytes JMP 0000000100070350
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                            0000000076e21c80 5 bytes JMP 0000000100070290
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                         0000000076e21d10 5 bytes JMP 00000001000702b0
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                          0000000076e21d30 5 bytes JMP 00000001000703d0
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                             0000000076e21d40 5 bytes JMP 0000000100070330
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                      0000000076e21db0 5 bytes JMP 0000000100070410
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                         0000000076e21de0 5 bytes JMP 0000000100070240
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                              0000000076e220a0 5 bytes JMP 00000001000701e0
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                         0000000076e22160 5 bytes JMP 0000000100070250
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                         0000000076e22190 5 bytes JMP 0000000100070490
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                0000000076e221a0 5 bytes JMP 00000001000704a0
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                           0000000076e221d0 5 bytes JMP 0000000100070300
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                        0000000076e221e0 5 bytes JMP 0000000100070360
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                              0000000076e22240 5 bytes JMP 00000001000702a0
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                           0000000076e22290 5 bytes JMP 00000001000702c0
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                              0000000076e222c0 5 bytes JMP 0000000100070380
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                               0000000076e222d0 5 bytes JMP 0000000100070340
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                        0000000076e225c0 5 bytes JMP 0000000100070440
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                       0000000076e227c0 5 bytes JMP 0000000100070260
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                          0000000076e227d0 5 bytes JMP 0000000100070270
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                        0000000076e227e0 5 bytes JMP 0000000100070400
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                    0000000076e229a0 5 bytes JMP 00000001000701f0
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                     0000000076e229b0 5 bytes JMP 0000000100070210
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                          0000000076e22a20 5 bytes JMP 0000000100070200
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                          0000000076e22a80 5 bytes JMP 0000000100070420
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                           0000000076e22a90 5 bytes JMP 0000000100070430
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                      0000000076e22aa0 5 bytes JMP 0000000100070220
.text  C:\Program Files\Intel\iCLS Client\HeciServer.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                              0000000076e22b80 5 bytes JMP 0000000100070280
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort      0000000076e21360 5 bytes JMP 0000000076f80460
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject               0000000076e213b0 5 bytes JMP 0000000076f80450
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess               0000000076e21510 5 bytes JMP 0000000076f80370
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx    0000000076e21560 5 bytes JMP 0000000076f80470
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess          0000000076e21570 5 bytes JMP 0000000076f803e0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection               0000000076e21620 5 bytes JMP 0000000076f80320
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory        0000000076e21650 5 bytes JMP 0000000076f803b0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject           0000000076e21670 5 bytes JMP 0000000076f80390
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                 0000000076e216b0 5 bytes JMP 0000000076f802e0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent               0000000076e21730 5 bytes JMP 0000000076f802d0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection             0000000076e21750 5 bytes JMP 0000000076f80310
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread              0000000076e21790 5 bytes JMP 0000000076f803c0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread           0000000076e217e0 5 bytes JMP 0000000076f803f0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry              0000000076e21940 5 bytes JMP 0000000076f80230
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort   0000000076e21b00 5 bytes JMP 0000000076f80480
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject  0000000076e21b30 5 bytes JMP 0000000076f803a0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair           0000000076e21c10 5 bytes JMP 0000000076f802f0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion        0000000076e21c20 5 bytes JMP 0000000076f80350
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant              0000000076e21c80 5 bytes JMP 0000000076f80290
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore           0000000076e21d10 5 bytes JMP 0000000076f802b0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx            0000000076e21d30 5 bytes JMP 0000000076f803d0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer               0000000076e21d40 5 bytes JMP 0000000076f80330
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess        0000000076e21db0 5 bytes JMP 0000000076f80410
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry           0000000076e21de0 5 bytes JMP 0000000076f80240
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                0000000076e220a0 5 bytes JMP 0000000076f801e0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry           0000000076e22160 5 bytes JMP 0000000076f80250
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey           0000000076e22190 5 bytes JMP 0000000076f80490
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys  0000000076e221a0 5 bytes JMP 0000000076f804a0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair             0000000076e221d0 5 bytes JMP 0000000076f80300
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion          0000000076e221e0 5 bytes JMP 0000000076f80360
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                0000000076e22240 5 bytes JMP 0000000076f802a0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore             0000000076e22290 5 bytes JMP 0000000076f802c0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                0000000076e222c0 5 bytes JMP 0000000076f80380
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                 0000000076e222d0 5 bytes JMP 0000000076f80340
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx          0000000076e225c0 5 bytes JMP 0000000076f80440
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder         0000000076e227c0 5 bytes JMP 0000000076f80260
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions            0000000076e227d0 5 bytes JMP 0000000076f80270
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread          0000000076e227e0 5 bytes JMP 0000000076f80400
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation      0000000076e229a0 5 bytes JMP 0000000076f801f0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState       0000000076e229b0 5 bytes JMP 0000000076f80210
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem            0000000076e22a20 5 bytes JMP 0000000076f80200
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess            0000000076e22a80 5 bytes JMP 0000000076f80420
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread             0000000076e22a90 5 bytes JMP 0000000076f80430
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl        0000000076e22aa0 5 bytes JMP 0000000076f80220
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2904] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                0000000076e22b80 5 bytes JMP 0000000076f80280
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2968] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                         00000000722c1a22 2 bytes [2C, 72]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2968] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                         00000000722c1ad0 2 bytes [2C, 72]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2968] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                         00000000722c1b08 2 bytes [2C, 72]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2968] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                         00000000722c1bba 2 bytes [2C, 72]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2968] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                         00000000722c1bda 2 bytes [2C, 72]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                  0000000000021465 2 bytes [02, 00]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                 00000000000214bb 2 bytes [02, 00]
.text  ...                                                                                                                             * 2
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort      0000000076e21360 5 bytes JMP 0000000076f80460
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject               0000000076e213b0 5 bytes JMP 0000000076f80450
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess               0000000076e21510 5 bytes JMP 0000000076f80370
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx    0000000076e21560 5 bytes JMP 0000000076f80470
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess          0000000076e21570 5 bytes JMP 0000000076f803e0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection               0000000076e21620 5 bytes JMP 0000000076f80320
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory        0000000076e21650 5 bytes JMP 0000000076f803b0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject           0000000076e21670 5 bytes JMP 0000000076f80390
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                 0000000076e216b0 5 bytes JMP 0000000076f802e0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent               0000000076e21730 5 bytes JMP 0000000076f802d0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection             0000000076e21750 5 bytes JMP 0000000076f80310
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread              0000000076e21790 5 bytes JMP 0000000076f803c0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread           0000000076e217e0 5 bytes JMP 0000000076f803f0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry              0000000076e21940 5 bytes JMP 0000000076f80230
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort   0000000076e21b00 5 bytes JMP 0000000076f80480
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject  0000000076e21b30 5 bytes JMP 0000000076f803a0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair           0000000076e21c10 5 bytes JMP 0000000076f802f0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion        0000000076e21c20 5 bytes JMP 0000000076f80350
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant              0000000076e21c80 5 bytes JMP 0000000076f80290
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore           0000000076e21d10 5 bytes JMP 0000000076f802b0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx            0000000076e21d30 5 bytes JMP 0000000076f803d0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer               0000000076e21d40 5 bytes JMP 0000000076f80330
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess        0000000076e21db0 5 bytes JMP 0000000076f80410
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry           0000000076e21de0 5 bytes JMP 0000000076f80240
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                0000000076e220a0 5 bytes JMP 0000000076f801e0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry           0000000076e22160 5 bytes JMP 0000000076f80250
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey           0000000076e22190 5 bytes JMP 0000000076f80490
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys  0000000076e221a0 5 bytes JMP 0000000076f804a0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair             0000000076e221d0 5 bytes JMP 0000000076f80300
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion          0000000076e221e0 5 bytes JMP 0000000076f80360
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                0000000076e22240 5 bytes JMP 0000000076f802a0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore             0000000076e22290 5 bytes JMP 0000000076f802c0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                0000000076e222c0 5 bytes JMP 0000000076f80380
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                 0000000076e222d0 5 bytes JMP 0000000076f80340
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx          0000000076e225c0 5 bytes JMP 0000000076f80440
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder         0000000076e227c0 5 bytes JMP 0000000076f80260
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions            0000000076e227d0 5 bytes JMP 0000000076f80270
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread          0000000076e227e0 5 bytes JMP 0000000076f80400
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation      0000000076e229a0 5 bytes JMP 0000000076f801f0
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState       0000000076e229b0 5 bytes JMP 0000000076f80210
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem            0000000076e22a20 5 bytes JMP 0000000076f80200
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess            0000000076e22a80 5 bytes JMP 0000000076f80420
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread             0000000076e22a90 5 bytes JMP 0000000076f80430
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl        0000000076e22aa0 5 bytes JMP 0000000076f80220
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2896] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                0000000076e22b80 5 bytes JMP 0000000076f80280
.text  C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                      0000000076e21360 5 bytes JMP 0000000076f80460
.text  C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                               0000000076e213b0 5 bytes JMP 0000000076f80450
.text  C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                               0000000076e21510 5 bytes JMP 0000000076f80370
.text  C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                    0000000076e21560 5 bytes JMP 0000000076f80470
.text  C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                          0000000076e21570 5 bytes JMP 0000000076f803e0
.text  C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                               0000000076e21620 5 bytes JMP 0000000076f80320
.text  C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                        0000000076e21650 5 bytes JMP 0000000076f803b0
.text  C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                           0000000076e21670 5 bytes JMP 0000000076f80390
.text  C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                 0000000076e216b0 5 bytes JMP 0000000076f802e0
.text  C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                               0000000076e21730 5 bytes JMP 0000000076f802d0
.text  C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                             0000000076e21750 5 bytes JMP 0000000076f80310
.text  C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                              0000000076e21790 5 bytes JMP 0000000076f803c0
.text  C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                           0000000076e217e0 5 bytes JMP 0000000076f803f0
.text  C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                              0000000076e21940 5 bytes JMP 0000000076f80230
.text  C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                   0000000076e21b00 5 bytes JMP 0000000076f80480
.text  C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                  0000000076e21b30 5 bytes JMP 0000000076f803a0
.text  C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                           0000000076e21c10 5 bytes JMP 0000000076f802f0
.text  C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                        0000000076e21c20 5 bytes JMP 0000000076f80350
.text  C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                              0000000076e21c80 5 bytes JMP 0000000076f80290
         
__________________

Alt 26.11.2014, 17:41   #4
Sirene88
 
Malwarebytes findet Mobogenie. Noch mehr malware? - Standard

Malwarebytes findet Mobogenie. Noch mehr malware?



Code:
ATTFilter
.text  C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                           0000000076e21d10 5 bytes JMP 0000000076f802b0
.text  C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                            0000000076e21d30 5 bytes JMP 0000000076f803d0
.text  C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                               0000000076e21d40 5 bytes JMP 0000000076f80330
.text  C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                        0000000076e21db0 5 bytes JMP 0000000076f80410
.text  C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                           0000000076e21de0 5 bytes JMP 0000000076f80240
.text  C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                0000000076e220a0 5 bytes JMP 0000000076f801e0
.text  C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                           0000000076e22160 5 bytes JMP 0000000076f80250
.text  C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                           0000000076e22190 5 bytes JMP 0000000076f80490
.text  C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                  0000000076e221a0 5 bytes JMP 0000000076f804a0
.text  C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                             0000000076e221d0 5 bytes JMP 0000000076f80300
.text  C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                          0000000076e221e0 5 bytes JMP 0000000076f80360
.text  C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                0000000076e22240 5 bytes JMP 0000000076f802a0
.text  C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                             0000000076e22290 5 bytes JMP 0000000076f802c0
.text  C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                0000000076e222c0 5 bytes JMP 0000000076f80380
.text  C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                 0000000076e222d0 5 bytes JMP 0000000076f80340
.text  C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                          0000000076e225c0 5 bytes JMP 0000000076f80440
.text  C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                         0000000076e227c0 5 bytes JMP 0000000076f80260
.text  C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                            0000000076e227d0 5 bytes JMP 0000000076f80270
.text  C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                          0000000076e227e0 5 bytes JMP 0000000076f80400
.text  C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                      0000000076e229a0 5 bytes JMP 0000000076f801f0
.text  C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                       0000000076e229b0 5 bytes JMP 0000000076f80210
.text  C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                            0000000076e22a20 5 bytes JMP 0000000076f80200
.text  C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                            0000000076e22a80 5 bytes JMP 0000000076f80420
.text  C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                             0000000076e22a90 5 bytes JMP 0000000076f80430
.text  C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                        0000000076e22aa0 5 bytes JMP 0000000076f80220
.text  C:\Windows\system32\conhost.exe[2948] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                0000000076e22b80 5 bytes JMP 0000000076f80280
.text  C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                     0000000076e21360 5 bytes JMP 0000000076f80460
.text  C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                              0000000076e213b0 5 bytes JMP 0000000076f80450
.text  C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                              0000000076e21510 5 bytes JMP 0000000076f80370
.text  C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                   0000000076e21560 5 bytes JMP 0000000076f80470
.text  C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                         0000000076e21570 5 bytes JMP 0000000076f803e0
.text  C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                              0000000076e21620 5 bytes JMP 0000000076f80320
.text  C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                       0000000076e21650 5 bytes JMP 0000000076f803b0
.text  C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                          0000000076e21670 5 bytes JMP 0000000076f80390
.text  C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                0000000076e216b0 5 bytes JMP 0000000076f802e0
.text  C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                              0000000076e21730 5 bytes JMP 0000000076f802d0
.text  C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                            0000000076e21750 5 bytes JMP 0000000076f80310
.text  C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                             0000000076e21790 5 bytes JMP 0000000076f803c0
.text  C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                          0000000076e217e0 5 bytes JMP 0000000076f803f0
.text  C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                             0000000076e21940 5 bytes JMP 0000000076f80230
.text  C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                  0000000076e21b00 5 bytes JMP 0000000076f80480
.text  C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                 0000000076e21b30 5 bytes JMP 0000000076f803a0
.text  C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                          0000000076e21c10 5 bytes JMP 0000000076f802f0
.text  C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                       0000000076e21c20 5 bytes JMP 0000000076f80350
.text  C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                             0000000076e21c80 5 bytes JMP 0000000076f80290
.text  C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                          0000000076e21d10 5 bytes JMP 0000000076f802b0
.text  C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                           0000000076e21d30 5 bytes JMP 0000000076f803d0
.text  C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                              0000000076e21d40 5 bytes JMP 0000000076f80330
.text  C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                       0000000076e21db0 5 bytes JMP 0000000076f80410
.text  C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                          0000000076e21de0 5 bytes JMP 0000000076f80240
.text  C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                               0000000076e220a0 5 bytes JMP 0000000076f801e0
.text  C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                          0000000076e22160 5 bytes JMP 0000000076f80250
.text  C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                          0000000076e22190 5 bytes JMP 0000000076f80490
.text  C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                 0000000076e221a0 5 bytes JMP 0000000076f804a0
.text  C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                            0000000076e221d0 5 bytes JMP 0000000076f80300
.text  C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                         0000000076e221e0 5 bytes JMP 0000000076f80360
.text  C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                               0000000076e22240 5 bytes JMP 0000000076f802a0
.text  C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                            0000000076e22290 5 bytes JMP 0000000076f802c0
.text  C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                               0000000076e222c0 5 bytes JMP 0000000076f80380
.text  C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                0000000076e222d0 5 bytes JMP 0000000076f80340
.text  C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                         0000000076e225c0 5 bytes JMP 0000000076f80440
.text  C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                        0000000076e227c0 5 bytes JMP 0000000076f80260
.text  C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                           0000000076e227d0 5 bytes JMP 0000000076f80270
.text  C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                         0000000076e227e0 5 bytes JMP 0000000076f80400
.text  C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                     0000000076e229a0 5 bytes JMP 0000000076f801f0
.text  C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                      0000000076e229b0 5 bytes JMP 0000000076f80210
.text  C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                           0000000076e22a20 5 bytes JMP 0000000076f80200
.text  C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                           0000000076e22a80 5 bytes JMP 0000000076f80420
.text  C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                            0000000076e22a90 5 bytes JMP 0000000076f80430
.text  C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                       0000000076e22aa0 5 bytes JMP 0000000076f80220
.text  C:\Windows\System32\rundll32.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                               0000000076e22b80 5 bytes JMP 0000000076f80280
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort               0000000076e21360 5 bytes JMP 0000000076f80460
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                        0000000076e213b0 5 bytes JMP 0000000076f80450
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                        0000000076e21510 5 bytes JMP 0000000076f80370
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx             0000000076e21560 5 bytes JMP 0000000076f80470
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                   0000000076e21570 5 bytes JMP 0000000076f803e0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                        0000000076e21620 5 bytes JMP 0000000076f80320
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                 0000000076e21650 5 bytes JMP 0000000076f803b0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                    0000000076e21670 5 bytes JMP 0000000076f80390
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                          0000000076e216b0 5 bytes JMP 0000000076f802e0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                        0000000076e21730 5 bytes JMP 0000000076f802d0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                      0000000076e21750 5 bytes JMP 0000000076f80310
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                       0000000076e21790 5 bytes JMP 0000000076f803c0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                    0000000076e217e0 5 bytes JMP 0000000076f803f0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                       0000000076e21940 5 bytes JMP 0000000076f80230
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort            0000000076e21b00 5 bytes JMP 0000000076f80480
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject           0000000076e21b30 5 bytes JMP 0000000076f803a0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                    0000000076e21c10 5 bytes JMP 0000000076f802f0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                 0000000076e21c20 5 bytes JMP 0000000076f80350
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                       0000000076e21c80 5 bytes JMP 0000000076f80290
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                    0000000076e21d10 5 bytes JMP 0000000076f802b0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                     0000000076e21d30 5 bytes JMP 0000000076f803d0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                        0000000076e21d40 5 bytes JMP 0000000076f80330
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                 0000000076e21db0 5 bytes JMP 0000000076f80410
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                    0000000076e21de0 5 bytes JMP 0000000076f80240
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                         0000000076e220a0 5 bytes JMP 0000000076f801e0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                    0000000076e22160 5 bytes JMP 0000000076f80250
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                    0000000076e22190 5 bytes JMP 0000000076f80490
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys           0000000076e221a0 5 bytes JMP 0000000076f804a0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                      0000000076e221d0 5 bytes JMP 0000000076f80300
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                   0000000076e221e0 5 bytes JMP 0000000076f80360
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                         0000000076e22240 5 bytes JMP 0000000076f802a0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                      0000000076e22290 5 bytes JMP 0000000076f802c0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                         0000000076e222c0 5 bytes JMP 0000000076f80380
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                          0000000076e222d0 5 bytes JMP 0000000076f80340
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                   0000000076e225c0 5 bytes JMP 0000000076f80440
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                  0000000076e227c0 5 bytes JMP 0000000076f80260
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                     0000000076e227d0 5 bytes JMP 0000000076f80270
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                   0000000076e227e0 5 bytes JMP 0000000076f80400
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation               0000000076e229a0 5 bytes JMP 0000000076f801f0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                0000000076e229b0 5 bytes JMP 0000000076f80210
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                     0000000076e22a20 5 bytes JMP 0000000076f80200
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                     0000000076e22a80 5 bytes JMP 0000000076f80420
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                      0000000076e22a90 5 bytes JMP 0000000076f80430
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                 0000000076e22aa0 5 bytes JMP 0000000076f80220
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3628] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                         0000000076e22b80 5 bytes JMP 0000000076f80280
.text  C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                0000000076e21360 5 bytes JMP 0000000076f80460
.text  C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                         0000000076e213b0 5 bytes JMP 0000000076f80450
.text  C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                         0000000076e21510 5 bytes JMP 0000000076f80370
.text  C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                              0000000076e21560 5 bytes JMP 0000000076f80470
.text  C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                    0000000076e21570 5 bytes JMP 0000000076f803e0
.text  C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                         0000000076e21620 5 bytes JMP 0000000076f80320
.text  C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                  0000000076e21650 5 bytes JMP 0000000076f803b0
.text  C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                     0000000076e21670 5 bytes JMP 0000000076f80390
.text  C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                           0000000076e216b0 5 bytes JMP 0000000076f802e0
.text  C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                         0000000076e21730 5 bytes JMP 0000000076f802d0
.text  C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                       0000000076e21750 5 bytes JMP 0000000076f80310
.text  C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                        0000000076e21790 5 bytes JMP 0000000076f803c0
.text  C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                     0000000076e217e0 5 bytes JMP 0000000076f803f0
.text  C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                        0000000076e21940 5 bytes JMP 0000000076f80230
.text  C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                             0000000076e21b00 5 bytes JMP 0000000076f80480
.text  C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                            0000000076e21b30 5 bytes JMP 0000000076f803a0
.text  C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                     0000000076e21c10 5 bytes JMP 0000000076f802f0
.text  C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                  0000000076e21c20 5 bytes JMP 0000000076f80350
.text  C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                        0000000076e21c80 5 bytes JMP 0000000076f80290
.text  C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                     0000000076e21d10 5 bytes JMP 0000000076f802b0
.text  C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                      0000000076e21d30 5 bytes JMP 0000000076f803d0
.text  C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                         0000000076e21d40 5 bytes JMP 0000000076f80330
.text  C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                  0000000076e21db0 5 bytes JMP 0000000076f80410
.text  C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                     0000000076e21de0 5 bytes JMP 0000000076f80240
.text  C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                          0000000076e220a0 5 bytes JMP 0000000076f801e0
.text  C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                     0000000076e22160 5 bytes JMP 0000000076f80250
.text  C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                     0000000076e22190 5 bytes JMP 0000000076f80490
.text  C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                            0000000076e221a0 5 bytes JMP 0000000076f804a0
.text  C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                       0000000076e221d0 5 bytes JMP 0000000076f80300
.text  C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                    0000000076e221e0 5 bytes JMP 0000000076f80360
.text  C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                          0000000076e22240 5 bytes JMP 0000000076f802a0
.text  C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                       0000000076e22290 5 bytes JMP 0000000076f802c0
.text  C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                          0000000076e222c0 5 bytes JMP 0000000076f80380
.text  C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                           0000000076e222d0 5 bytes JMP 0000000076f80340
.text  C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                    0000000076e225c0 5 bytes JMP 0000000076f80440
.text  C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                   0000000076e227c0 5 bytes JMP 0000000076f80260
.text  C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                      0000000076e227d0 5 bytes JMP 0000000076f80270
.text  C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                    0000000076e227e0 5 bytes JMP 0000000076f80400
.text  C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                0000000076e229a0 5 bytes JMP 0000000076f801f0
.text  C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                 0000000076e229b0 5 bytes JMP 0000000076f80210
.text  C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                      0000000076e22a20 5 bytes JMP 0000000076f80200
.text  C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                      0000000076e22a80 5 bytes JMP 0000000076f80420
.text  C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                       0000000076e22a90 5 bytes JMP 0000000076f80430
.text  C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                  0000000076e22aa0 5 bytes JMP 0000000076f80220
.text  C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                          0000000076e22b80 5 bytes JMP 0000000076f80280
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                     0000000076e21360 5 bytes JMP 0000000076f80460
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                              0000000076e213b0 5 bytes JMP 0000000076f80450
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                              0000000076e21510 5 bytes JMP 0000000076f80370
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                   0000000076e21560 5 bytes JMP 0000000076f80470
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                         0000000076e21570 5 bytes JMP 0000000076f803e0
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                              0000000076e21620 5 bytes JMP 0000000076f80320
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                       0000000076e21650 5 bytes JMP 0000000076f803b0
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                          0000000076e21670 5 bytes JMP 0000000076f80390
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                0000000076e216b0 5 bytes JMP 0000000076f802e0
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                              0000000076e21730 5 bytes JMP 0000000076f802d0
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                            0000000076e21750 5 bytes JMP 0000000076f80310
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                             0000000076e21790 5 bytes JMP 0000000076f803c0
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                          0000000076e217e0 5 bytes JMP 0000000076f803f0
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                             0000000076e21940 5 bytes JMP 0000000076f80230
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                  0000000076e21b00 5 bytes JMP 0000000076f80480
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                 0000000076e21b30 5 bytes JMP 0000000076f803a0
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                          0000000076e21c10 5 bytes JMP 0000000076f802f0
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                       0000000076e21c20 5 bytes JMP 0000000076f80350
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                             0000000076e21c80 5 bytes JMP 0000000076f80290
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                          0000000076e21d10 5 bytes JMP 0000000076f802b0
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                           0000000076e21d30 5 bytes JMP 0000000076f803d0
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                              0000000076e21d40 5 bytes JMP 0000000076f80330
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                       0000000076e21db0 5 bytes JMP 0000000076f80410
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                          0000000076e21de0 5 bytes JMP 0000000076f80240
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                               0000000076e220a0 5 bytes JMP 0000000076f801e0
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                          0000000076e22160 5 bytes JMP 0000000076f80250
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                          0000000076e22190 5 bytes JMP 0000000076f80490
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                 0000000076e221a0 5 bytes JMP 0000000076f804a0
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                            0000000076e221d0 5 bytes JMP 0000000076f80300
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                         0000000076e221e0 5 bytes JMP 0000000076f80360
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                               0000000076e22240 5 bytes JMP 0000000076f802a0
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                            0000000076e22290 5 bytes JMP 0000000076f802c0
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                               0000000076e222c0 5 bytes JMP 0000000076f80380
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                0000000076e222d0 5 bytes JMP 0000000076f80340
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                         0000000076e225c0 5 bytes JMP 0000000076f80440
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                        0000000076e227c0 5 bytes JMP 0000000076f80260
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                           0000000076e227d0 5 bytes JMP 0000000076f80270
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                         0000000076e227e0 5 bytes JMP 0000000076f80400
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                     0000000076e229a0 5 bytes JMP 0000000076f801f0
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                      0000000076e229b0 5 bytes JMP 0000000076f80210
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                           0000000076e22a20 5 bytes JMP 0000000076f80200
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                           0000000076e22a80 5 bytes JMP 0000000076f80420
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                            0000000076e22a90 5 bytes JMP 0000000076f80430
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                       0000000076e22aa0 5 bytes JMP 0000000076f80220
.text  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                               0000000076e22b80 5 bytes JMP 0000000076f80280
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                     0000000076e21360 5 bytes JMP 0000000076f80460
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                              0000000076e213b0 5 bytes JMP 0000000076f80450
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                              0000000076e21510 5 bytes JMP 0000000076f80370
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                   0000000076e21560 5 bytes JMP 0000000076f80470
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                         0000000076e21570 5 bytes JMP 0000000076f803e0
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                              0000000076e21620 5 bytes JMP 0000000076f80320
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                       0000000076e21650 5 bytes JMP 0000000076f803b0
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                          0000000076e21670 5 bytes JMP 0000000076f80390
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                0000000076e216b0 5 bytes JMP 0000000076f802e0
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                              0000000076e21730 5 bytes JMP 0000000076f802d0
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                            0000000076e21750 5 bytes JMP 0000000076f80310
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                             0000000076e21790 5 bytes JMP 0000000076f803c0
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                          0000000076e217e0 5 bytes JMP 0000000076f803f0
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                             0000000076e21940 5 bytes JMP 0000000076f80230
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                  0000000076e21b00 5 bytes JMP 0000000076f80480
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                 0000000076e21b30 5 bytes JMP 0000000076f803a0
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                          0000000076e21c10 5 bytes JMP 0000000076f802f0
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                       0000000076e21c20 5 bytes JMP 0000000076f80350
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                             0000000076e21c80 5 bytes JMP 0000000076f80290
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                          0000000076e21d10 5 bytes JMP 0000000076f802b0
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                           0000000076e21d30 5 bytes JMP 0000000076f803d0
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                              0000000076e21d40 5 bytes JMP 0000000076f80330
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                       0000000076e21db0 5 bytes JMP 0000000076f80410
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                          0000000076e21de0 5 bytes JMP 0000000076f80240
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                               0000000076e220a0 5 bytes JMP 0000000076f801e0
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                          0000000076e22160 5 bytes JMP 0000000076f80250
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                          0000000076e22190 5 bytes JMP 0000000076f80490
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                 0000000076e221a0 5 bytes JMP 0000000076f804a0
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                            0000000076e221d0 5 bytes JMP 0000000076f80300
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                         0000000076e221e0 5 bytes JMP 0000000076f80360
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                               0000000076e22240 5 bytes JMP 0000000076f802a0
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                            0000000076e22290 5 bytes JMP 0000000076f802c0
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                               0000000076e222c0 5 bytes JMP 0000000076f80380
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                0000000076e222d0 5 bytes JMP 0000000076f80340
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                         0000000076e225c0 5 bytes JMP 0000000076f80440
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                        0000000076e227c0 5 bytes JMP 0000000076f80260
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                           0000000076e227d0 5 bytes JMP 0000000076f80270
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                         0000000076e227e0 5 bytes JMP 0000000076f80400
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                     0000000076e229a0 5 bytes JMP 0000000076f801f0
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                      0000000076e229b0 5 bytes JMP 0000000076f80210
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                           0000000076e22a20 5 bytes JMP 0000000076f80200
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                           0000000076e22a80 5 bytes JMP 0000000076f80420
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                            0000000076e22a90 5 bytes JMP 0000000076f80430
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                       0000000076e22aa0 5 bytes JMP 0000000076f80220
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                               0000000076e22b80 5 bytes JMP 0000000076f80280
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort            0000000076e21360 5 bytes JMP 0000000076f80460
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                     0000000076e213b0 5 bytes JMP 0000000076f80450
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                     0000000076e21510 5 bytes JMP 0000000076f80370
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx          0000000076e21560 5 bytes JMP 0000000076f80470
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                0000000076e21570 5 bytes JMP 0000000076f803e0
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                     0000000076e21620 5 bytes JMP 0000000076f80320
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory              0000000076e21650 5 bytes JMP 0000000076f803b0
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                 0000000076e21670 5 bytes JMP 0000000076f80390
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                       0000000076e216b0 5 bytes JMP 0000000076f802e0
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                     0000000076e21730 5 bytes JMP 0000000076f802d0
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                   0000000076e21750 5 bytes JMP 0000000076f80310
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                    0000000076e21790 5 bytes JMP 0000000076f803c0
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                 0000000076e217e0 5 bytes JMP 0000000076f803f0
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                    0000000076e21940 5 bytes JMP 0000000076f80230
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort         0000000076e21b00 5 bytes JMP 0000000076f80480
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject        0000000076e21b30 5 bytes JMP 0000000076f803a0
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                 0000000076e21c10 5 bytes JMP 0000000076f802f0
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion              0000000076e21c20 5 bytes JMP 0000000076f80350
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                    0000000076e21c80 5 bytes JMP 0000000076f80290
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                 0000000076e21d10 5 bytes JMP 0000000076f802b0
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                  0000000076e21d30 5 bytes JMP 0000000076f803d0
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                     0000000076e21d40 5 bytes JMP 0000000076f80330
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess              0000000076e21db0 5 bytes JMP 0000000076f80410
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                 0000000076e21de0 5 bytes JMP 0000000076f80240
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                      0000000076e220a0 5 bytes JMP 0000000076f801e0
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                 0000000076e22160 5 bytes JMP 0000000076f80250
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                 0000000076e22190 5 bytes JMP 0000000076f80490
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys        0000000076e221a0 5 bytes JMP 0000000076f804a0
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                   0000000076e221d0 5 bytes JMP 0000000076f80300
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                0000000076e221e0 5 bytes JMP 0000000076f80360
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                      0000000076e22240 5 bytes JMP 0000000076f802a0
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                   0000000076e22290 5 bytes JMP 0000000076f802c0
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                      0000000076e222c0 5 bytes JMP 0000000076f80380
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                       0000000076e222d0 5 bytes JMP 0000000076f80340
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                0000000076e225c0 5 bytes JMP 0000000076f80440
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder               0000000076e227c0 5 bytes JMP 0000000076f80260
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                  0000000076e227d0 5 bytes JMP 0000000076f80270
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                0000000076e227e0 5 bytes JMP 0000000076f80400
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation            0000000076e229a0 5 bytes JMP 0000000076f801f0
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState             0000000076e229b0 5 bytes JMP 0000000076f80210
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                  0000000076e22a20 5 bytes JMP 0000000076f80200
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                  0000000076e22a80 5 bytes JMP 0000000076f80420
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                   0000000076e22a90 5 bytes JMP 0000000076f80430
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl              0000000076e22aa0 5 bytes JMP 0000000076f80220
.text  C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[4020] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                      0000000076e22b80 5 bytes JMP 0000000076f80280
.text  C:\Program Files\AVAST Software\Avast\AvastUI.exe[3608] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter            0000000075f78791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text  C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                      0000000076e21360 5 bytes JMP 0000000076f80460
.text  C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                               0000000076e213b0 5 bytes JMP 0000000076f80450
.text  C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                               0000000076e21510 5 bytes JMP 0000000076f80370
.text  C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                    0000000076e21560 5 bytes JMP 0000000076f80470
.text  C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                          0000000076e21570 5 bytes JMP 0000000076f803e0
.text  C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                               0000000076e21620 5 bytes JMP 0000000076f80320
.text  C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                        0000000076e21650 5 bytes JMP 0000000076f803b0
.text  C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                           0000000076e21670 5 bytes JMP 0000000076f80390
.text  C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                 0000000076e216b0 5 bytes JMP 0000000076f802e0
.text  C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                               0000000076e21730 5 bytes JMP 0000000076f802d0
.text  C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                             0000000076e21750 5 bytes JMP 0000000076f80310
.text  C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                              0000000076e21790 5 bytes JMP 0000000076f803c0
.text  C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                           0000000076e217e0 5 bytes JMP 0000000076f803f0
.text  C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                              0000000076e21940 5 bytes JMP 0000000076f80230
.text  C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                   0000000076e21b00 5 bytes JMP 0000000076f80480
.text  C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                  0000000076e21b30 5 bytes JMP 0000000076f803a0
.text  C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                           0000000076e21c10 5 bytes JMP 0000000076f802f0
.text  C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                        0000000076e21c20 5 bytes JMP 0000000076f80350
.text  C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                              0000000076e21c80 5 bytes JMP 0000000076f80290
.text  C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                           0000000076e21d10 5 bytes JMP 0000000076f802b0
.text  C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                            0000000076e21d30 5 bytes JMP 0000000076f803d0
.text  C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                               0000000076e21d40 5 bytes JMP 0000000076f80330
.text  C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                        0000000076e21db0 5 bytes JMP 0000000076f80410
.text  C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                           0000000076e21de0 5 bytes JMP 0000000076f80240
.text  C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                0000000076e220a0 5 bytes JMP 0000000076f801e0
.text  C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                           0000000076e22160 5 bytes JMP 0000000076f80250
.text  C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                           0000000076e22190 5 bytes JMP 0000000076f80490
.text  C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                  0000000076e221a0 5 bytes JMP 0000000076f804a0
.text  C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                             0000000076e221d0 5 bytes JMP 0000000076f80300
.text  C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                          0000000076e221e0 5 bytes JMP 0000000076f80360
.text  C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                0000000076e22240 5 bytes JMP 0000000076f802a0
.text  C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                             0000000076e22290 5 bytes JMP 0000000076f802c0
.text  C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                0000000076e222c0 5 bytes JMP 0000000076f80380
.text  C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                 0000000076e222d0 5 bytes JMP 0000000076f80340
.text  C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                          0000000076e225c0 5 bytes JMP 0000000076f80440
.text  C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                         0000000076e227c0 5 bytes JMP 0000000076f80260
.text  C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                            0000000076e227d0 5 bytes JMP 0000000076f80270
.text  C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                          0000000076e227e0 5 bytes JMP 0000000076f80400
.text  C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                      0000000076e229a0 5 bytes JMP 0000000076f801f0
.text  C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                       0000000076e229b0 5 bytes JMP 0000000076f80210
.text  C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                            0000000076e22a20 5 bytes JMP 0000000076f80200
.text  C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                            0000000076e22a80 5 bytes JMP 0000000076f80420
.text  C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                             0000000076e22a90 5 bytes JMP 0000000076f80430
.text  C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                        0000000076e22aa0 5 bytes JMP 0000000076f80220
.text  C:\Windows\system32\svchost.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                0000000076e22b80 5 bytes JMP 0000000076f80280
.text  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort        0000000076e21360 5 bytes JMP 0000000076f80460
.text  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                 0000000076e213b0 5 bytes JMP 0000000076f80450
.text  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                 0000000076e21510 5 bytes JMP 0000000076f80370
.text  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx      0000000076e21560 5 bytes JMP 0000000076f80470
.text  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess            0000000076e21570 5 bytes JMP 0000000076f803e0
.text  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                 0000000076e21620 5 bytes JMP 0000000076f80320
.text  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory          0000000076e21650 5 bytes JMP 0000000076f803b0
.text  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject             0000000076e21670 5 bytes JMP 0000000076f80390
.text  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                   0000000076e216b0 5 bytes JMP 0000000076f802e0
.text  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                 0000000076e21730 5 bytes JMP 0000000076f802d0
.text  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection               0000000076e21750 5 bytes JMP 0000000076f80310
.text  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                0000000076e21790 5 bytes JMP 0000000076f803c0
.text  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread             0000000076e217e0 5 bytes JMP 0000000076f803f0
.text  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                0000000076e21940 5 bytes JMP 0000000076f80230
.text  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort     0000000076e21b00 5 bytes JMP 0000000076f80480
.text  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject    0000000076e21b30 5 bytes JMP 0000000076f803a0
.text  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair             0000000076e21c10 5 bytes JMP 0000000076f802f0
.text  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion          0000000076e21c20 5 bytes JMP 0000000076f80350
.text  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                0000000076e21c80 5 bytes JMP 0000000076f80290
.text  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore             0000000076e21d10 5 bytes JMP 0000000076f802b0
.text  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx              0000000076e21d30 5 bytes JMP 0000000076f803d0
.text  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                 0000000076e21d40 5 bytes JMP 0000000076f80330
.text  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess          0000000076e21db0 5 bytes JMP 0000000076f80410
.text  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry             0000000076e21de0 5 bytes JMP 0000000076f80240
.text  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                  0000000076e220a0 5 bytes JMP 0000000076f801e0
.text  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry             0000000076e22160 5 bytes JMP 0000000076f80250
.text  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey             0000000076e22190 5 bytes JMP 0000000076f80490
.text  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys    0000000076e221a0 5 bytes JMP 0000000076f804a0
.text  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair               0000000076e221d0 5 bytes JMP 0000000076f80300
.text  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion            0000000076e221e0 5 bytes JMP 0000000076f80360
.text  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                  0000000076e22240 5 bytes JMP 0000000076f802a0
.text  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore               0000000076e22290 5 bytes JMP 0000000076f802c0
.text  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                  0000000076e222c0 5 bytes JMP 0000000076f80380
.text  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                   0000000076e222d0 5 bytes JMP 0000000076f80340
.text  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx            0000000076e225c0 5 bytes JMP 0000000076f80440
.text  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder           0000000076e227c0 5 bytes JMP 0000000076f80260
.text  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions              0000000076e227d0 5 bytes JMP 0000000076f80270
.text  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread            0000000076e227e0 5 bytes JMP 0000000076f80400
.text  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation        0000000076e229a0 5 bytes JMP 0000000076f801f0
.text  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState         0000000076e229b0 5 bytes JMP 0000000076f80210
.text  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem              0000000076e22a20 5 bytes JMP 0000000076f80200
.text  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess              0000000076e22a80 5 bytes JMP 0000000076f80420
.text  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread               0000000076e22a90 5 bytes JMP 0000000076f80430
.text  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl          0000000076e22aa0 5 bytes JMP 0000000076f80220
.text  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[4544] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                  0000000076e22b80 5 bytes JMP 0000000076f80280
.text  C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                      0000000076e21360 5 bytes JMP 0000000076f80460
.text  C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                               0000000076e213b0 5 bytes JMP 0000000076f80450
.text  C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                               0000000076e21510 5 bytes JMP 0000000076f80370
.text  C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                    0000000076e21560 5 bytes JMP 0000000076f80470
.text  C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                          0000000076e21570 5 bytes JMP 0000000076f803e0
.text  C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                               0000000076e21620 5 bytes JMP 0000000076f80320
.text  C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                        0000000076e21650 5 bytes JMP 0000000076f803b0
.text  C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                           0000000076e21670 5 bytes JMP 0000000076f80390
.text  C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                 0000000076e216b0 5 bytes JMP 0000000076f802e0
.text  C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                               0000000076e21730 5 bytes JMP 0000000076f802d0
.text  C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                             0000000076e21750 5 bytes JMP 0000000076f80310
.text  C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                              0000000076e21790 5 bytes JMP 0000000076f803c0
.text  C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                           0000000076e217e0 5 bytes JMP 0000000076f803f0
.text  C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                              0000000076e21940 5 bytes JMP 0000000076f80230
.text  C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                   0000000076e21b00 5 bytes JMP 0000000076f80480
.text  C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                  0000000076e21b30 5 bytes JMP 0000000076f803a0
.text  C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                           0000000076e21c10 5 bytes JMP 0000000076f802f0
.text  C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                        0000000076e21c20 5 bytes JMP 0000000076f80350
.text  C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                              0000000076e21c80 5 bytes JMP 0000000076f80290
.text  C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                           0000000076e21d10 5 bytes JMP 0000000076f802b0
.text  C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                            0000000076e21d30 5 bytes JMP 0000000076f803d0
.text  C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                               0000000076e21d40 5 bytes JMP 0000000076f80330
.text  C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                        0000000076e21db0 5 bytes JMP 0000000076f80410
.text  C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                           0000000076e21de0 5 bytes JMP 0000000076f80240
.text  C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                0000000076e220a0 5 bytes JMP 0000000076f801e0
.text  C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                           0000000076e22160 5 bytes JMP 0000000076f80250
.text  C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                           0000000076e22190 5 bytes JMP 0000000076f80490
.text  C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                  0000000076e221a0 5 bytes JMP 0000000076f804a0
.text  C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                             0000000076e221d0 5 bytes JMP 0000000076f80300
.text  C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                          0000000076e221e0 5 bytes JMP 0000000076f80360
.text  C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                0000000076e22240 5 bytes JMP 0000000076f802a0
.text  C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                             0000000076e22290 5 bytes JMP 0000000076f802c0
.text  C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                0000000076e222c0 5 bytes JMP 0000000076f80380
.text  C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                 0000000076e222d0 5 bytes JMP 0000000076f80340
.text  C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                          0000000076e225c0 5 bytes JMP 0000000076f80440
.text  C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                         0000000076e227c0 5 bytes JMP 0000000076f80260
.text  C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                            0000000076e227d0 5 bytes JMP 0000000076f80270
.text  C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                          0000000076e227e0 5 bytes JMP 0000000076f80400
.text  C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                      0000000076e229a0 5 bytes JMP 0000000076f801f0
.text  C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                       0000000076e229b0 5 bytes JMP 0000000076f80210
.text  C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                            0000000076e22a20 5 bytes JMP 0000000076f80200
.text  C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                            0000000076e22a80 5 bytes JMP 0000000076f80420
.text  C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                             0000000076e22a90 5 bytes JMP 0000000076f80430
.text  C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                        0000000076e22aa0 5 bytes JMP 0000000076f80220
.text  C:\Windows\System32\svchost.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                0000000076e22b80 5 bytes JMP 0000000076f80280
.text  C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                       0000000076e21360 5 bytes JMP 0000000076f80460
.text  C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                0000000076e213b0 5 bytes JMP 0000000076f80450
.text  C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                0000000076e21510 5 bytes JMP 0000000076f80370
.text  C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                     0000000076e21560 5 bytes JMP 0000000076f80470
.text  C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                           0000000076e21570 5 bytes JMP 0000000076f803e0
.text  C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                0000000076e21620 5 bytes JMP 0000000076f80320
.text  C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                         0000000076e21650 5 bytes JMP 0000000076f803b0
.text  C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                            0000000076e21670 5 bytes JMP 0000000076f80390
.text  C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                  0000000076e216b0 5 bytes JMP 0000000076f802e0
.text  C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                0000000076e21730 5 bytes JMP 0000000076f802d0
.text  C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                              0000000076e21750 5 bytes JMP 0000000076f80310
.text  C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                               0000000076e21790 5 bytes JMP 0000000076f803c0
.text  C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                            0000000076e217e0 5 bytes JMP 0000000076f803f0
.text  C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                               0000000076e21940 5 bytes JMP 0000000076f80230
.text  C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                    0000000076e21b00 5 bytes JMP 0000000076f80480
.text  C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                   0000000076e21b30 5 bytes JMP 0000000076f803a0
.text  C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                            0000000076e21c10 5 bytes JMP 0000000076f802f0
.text  C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                         0000000076e21c20 5 bytes JMP 0000000076f80350
.text  C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                               0000000076e21c80 5 bytes JMP 0000000076f80290
.text  C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                            0000000076e21d10 5 bytes JMP 0000000076f802b0
.text  C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                             0000000076e21d30 5 bytes JMP 0000000076f803d0
.text  C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                0000000076e21d40 5 bytes JMP 0000000076f80330
.text  C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                         0000000076e21db0 5 bytes JMP 0000000076f80410
.text  C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                            0000000076e21de0 5 bytes JMP 0000000076f80240
.text  C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                 0000000076e220a0 5 bytes JMP 0000000076f801e0
.text  C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                            0000000076e22160 5 bytes JMP 0000000076f80250
.text  C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                            0000000076e22190 5 bytes JMP 0000000076f80490
.text  C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                   0000000076e221a0 5 bytes JMP 0000000076f804a0
.text  C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                              0000000076e221d0 5 bytes JMP 0000000076f80300
.text  C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                           0000000076e221e0 5 bytes JMP 0000000076f80360
.text  C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                 0000000076e22240 5 bytes JMP 0000000076f802a0
.text  C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                              0000000076e22290 5 bytes JMP 0000000076f802c0
.text  C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                 0000000076e222c0 5 bytes JMP 0000000076f80380
.text  C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                  0000000076e222d0 5 bytes JMP 0000000076f80340
.text  C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                           0000000076e225c0 5 bytes JMP 0000000076f80440
.text  C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                          0000000076e227c0 5 bytes JMP 0000000076f80260
.text  C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                             0000000076e227d0 5 bytes JMP 0000000076f80270
.text  C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                           0000000076e227e0 5 bytes JMP 0000000076f80400
.text  C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                       0000000076e229a0 5 bytes JMP 0000000076f801f0
.text  C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                        0000000076e229b0 5 bytes JMP 0000000076f80210
.text  C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                             0000000076e22a20 5 bytes JMP 0000000076f80200
.text  C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                             0000000076e22a80 5 bytes JMP 0000000076f80420
.text  C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                              0000000076e22a90 5 bytes JMP 0000000076f80430
.text  C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                         0000000076e22aa0 5 bytes JMP 0000000076f80220
.text  C:\Windows\System32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                 0000000076e22b80 5 bytes JMP 0000000076f80280
.text  C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                      0000000076e21360 5 bytes JMP 0000000076f80460
.text  C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                               0000000076e213b0 5 bytes JMP 0000000076f80450
.text  C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                               0000000076e21510 5 bytes JMP 0000000076f80370
.text  C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                    0000000076e21560 5 bytes JMP 0000000076f80470
.text  C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                          0000000076e21570 5 bytes JMP 0000000076f803e0
.text  C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                               0000000076e21620 5 bytes JMP 0000000076f80320
.text  C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                        0000000076e21650 5 bytes JMP 0000000076f803b0
.text  C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                           0000000076e21670 5 bytes JMP 0000000076f80390
.text  C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                 0000000076e216b0 5 bytes JMP 0000000076f802e0
.text  C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                               0000000076e21730 5 bytes JMP 0000000076f802d0
.text  C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                             0000000076e21750 5 bytes JMP 0000000076f80310
.text  C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                              0000000076e21790 5 bytes JMP 0000000076f803c0
.text  C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                           0000000076e217e0 5 bytes JMP 0000000076f803f0
.text  C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                              0000000076e21940 5 bytes JMP 0000000076f80230
.text  C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                   0000000076e21b00 5 bytes JMP 0000000076f80480
.text  C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                  0000000076e21b30 5 bytes JMP 0000000076f803a0
.text  C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                           0000000076e21c10 5 bytes JMP 0000000076f802f0
.text  C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                        0000000076e21c20 5 bytes JMP 0000000076f80350
.text  C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                              0000000076e21c80 5 bytes JMP 0000000076f80290
.text  C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                           0000000076e21d10 5 bytes JMP 0000000076f802b0
.text  C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                            0000000076e21d30 5 bytes JMP 0000000076f803d0
.text  C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                               0000000076e21d40 5 bytes JMP 0000000076f80330
.text  C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                        0000000076e21db0 5 bytes JMP 0000000076f80410
.text  C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                           0000000076e21de0 5 bytes JMP 0000000076f80240
.text  C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                0000000076e220a0 5 bytes JMP 0000000076f801e0
.text  C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                           0000000076e22160 5 bytes JMP 0000000076f80250
.text  C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                           0000000076e22190 5 bytes JMP 0000000076f80490
.text  C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                  0000000076e221a0 5 bytes JMP 0000000076f804a0
.text  C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                             0000000076e221d0 5 bytes JMP 0000000076f80300
.text  C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                          0000000076e221e0 5 bytes JMP 0000000076f80360
.text  C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                0000000076e22240 5 bytes JMP 0000000076f802a0
.text  C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                             0000000076e22290 5 bytes JMP 0000000076f802c0
.text  C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                0000000076e222c0 5 bytes JMP 0000000076f80380
.text  C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                 0000000076e222d0 5 bytes JMP 0000000076f80340
.text  C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                          0000000076e225c0 5 bytes JMP 0000000076f80440
.text  C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                         0000000076e227c0 5 bytes JMP 0000000076f80260
.text  C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                            0000000076e227d0 5 bytes JMP 0000000076f80270
.text  C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                          0000000076e227e0 5 bytes JMP 0000000076f80400
.text  C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                      0000000076e229a0 5 bytes JMP 0000000076f801f0
.text  C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                       0000000076e229b0 5 bytes JMP 0000000076f80210
.text  C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                            0000000076e22a20 5 bytes JMP 0000000076f80200
.text  C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                            0000000076e22a80 5 bytes JMP 0000000076f80420
.text  C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                             0000000076e22a90 5 bytes JMP 0000000076f80430
.text  C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                        0000000076e22aa0 5 bytes JMP 0000000076f80220
.text  C:\Windows\system32\AUDIODG.EXE[5492] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                0000000076e22b80 5 bytes JMP 0000000076f80280

---- EOF - GMER 2.1 ----
         
Malwarebytes log nach Fund
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 26.11.2014
Scan Time: 17:58:41
Logfile: 123.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.26.05
Rootkit Database: v2014.11.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jessica

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 314522
Time Elapsed: 4 min, 53 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.NextLive.A, C:\Program Files (x86)\Mobogenie\nengine.dll, Quarantined, [5409202091ebce68406af07fa35e6997], 

Physical Sectors: 0
(No malicious items detected)


(end)
         

Alt 27.11.2014, 13:14   #5
schrauber
/// the machine
/// TB-Ausbilder
 

Malwarebytes findet Mobogenie. Noch mehr malware? - Standard

Malwarebytes findet Mobogenie. Noch mehr malware?



hi,

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.11.2014, 17:38   #6
Sirene88
 
Malwarebytes findet Mobogenie. Noch mehr malware? - Standard

Malwarebytes findet Mobogenie. Noch mehr malware?



ADW cleaner
Code:
ATTFilter
# AdwCleaner v4.102 - Bericht erstellt am 27/11/2014 um 18:22:43
# Aktualisiert 23/11/2014 von Xplode
# Database : 2014-11-27.1 [Live]
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Jessica - JESSICA-PC
# Gestartet von : C:\Users\Jessica\Downloads\AdwCleaner_4.102.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\Mobogenie
Ordner Gelöscht : C:\Users\Jessica\AppData\Local\genienext
Ordner Gelöscht : C:\Users\Jessica\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Jessica\AppData\Local\CrashRpt
Ordner Gelöscht : C:\Users\Jessica\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Jessica\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Jessica\Documents\Mobogenie
Ordner Gelöscht : C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Datei Gelöscht : C:\Users\Jessica\daemonprocess.txt

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Schlüssel Gelöscht : HKCU\Software\OCS

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Google Chrome v39.0.2171.71


*************************

AdwCleaner[R0].txt - [1726 octets] - [27/11/2014 18:20:48]
AdwCleaner[S0].txt - [1601 octets] - [27/11/2014 18:22:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1661 octets] ##########
         
JRT
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Ultimate x64
Ran by Jessica on 27.11.2014 at 18:25:55,12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.11.2014 at 18:28:06,12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by Jessica (administrator) on JESSICA-PC on 27-11-2014 18:30:50
Running from C:\Users\Jessica\Desktop
Loaded Profile: Jessica (Available profiles: Jessica)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ACD Systems) C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar Core\DIPAwayMode\DipAwayMode.exe
() C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.03\AsusFanControlService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-12-19] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-12-19] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-26] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3833322267-538766727-1948873061-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-3833322267-538766727-1948873061-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x737E9E5CDFFCCE01
HKU\S-1-5-21-3833322267-538766727-1948873061-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.192.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-12-20]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-19]

Chrome: 
=======
CHR Profile: C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-26]
CHR Extension: (Google Drive) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-26]
CHR Extension: (Google-Suche) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-26]
CHR Extension: (ZenMate) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-07-26]
CHR Extension: (AdBlock) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-26]
CHR Extension: (Avast Online Security) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-12-19]
CHR Extension: (Session Manager) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc [2014-07-26]
CHR Extension: (Google Wallet) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-19]
CHR Extension: (Google Mail) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-26]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-12-19] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2013-12-19] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2013-12-19] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.03\AsusFanControlService.exe [1690424 2013-12-19] (ASUSTeK Computer Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-26] (AVAST Software)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4797064 2013-11-05] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-03-28] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
S1 ASMTFilter; C:\Windows\System32\DRIVERS\asmtufdriver.sys [21400 2013-12-19] (hxxp://www.asmedia.com.tw) [File not signed]
S1 ASMTFilter; C:\Windows\SysWOW64\DRIVERS\asmtufdriver.sys [16640 2013-12-19] (hxxp://www.asmedia.com.tw) [File not signed]
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2013-12-19] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2013-12-19] (MCCI Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-26] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-26] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-26] ()
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-30] (Intel Corporation)
S3 ezplay; C:\Windows\System32\Drivers\ezplay.sys [118400 2014-01-24] (VSO Software) [File not signed]
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [4433696 2013-12-19] (Intel Corporation) [File not signed]
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [442368 2013-12-19] (Intel(R) Corporation) [File not signed]
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-27 18:28 - 2014-11-27 18:28 - 00000623 _____ () C:\Users\Jessica\Desktop\JRT.txt
2014-11-27 18:28 - 2014-11-27 18:28 - 00000000 ____D () C:\Users\Jessica\Desktop\FRST-OlderVersion
2014-11-27 18:25 - 2014-11-27 18:25 - 01707532 _____ (Thisisu) C:\Users\Jessica\Desktop\JRT.exe
2014-11-27 18:25 - 2014-11-27 18:25 - 00000000 ____D () C:\Windows\ERUNT
2014-11-27 18:24 - 2014-11-27 18:24 - 00001741 _____ () C:\Users\Jessica\Desktop\AdwCleaner[S0].txt
2014-11-27 18:20 - 2014-11-27 18:22 - 00000000 ____D () C:\AdwCleaner
2014-11-27 18:20 - 2014-11-27 18:20 - 02148864 _____ () C:\Users\Jessica\Downloads\AdwCleaner_4.102.exe
2014-11-26 19:35 - 2014-11-26 19:38 - 00000362 _____ () C:\Users\Jessica\Desktop\prime.txt
2014-11-26 19:35 - 2014-11-26 19:36 - 00000168 _____ () C:\Users\Jessica\Desktop\local.txt
2014-11-26 19:35 - 2014-11-26 19:35 - 05378177 _____ () C:\Users\Jessica\Downloads\p95v285.win64.zip
2014-11-26 19:35 - 2014-05-30 03:33 - 36363264 _____ () C:\Users\Jessica\Desktop\prime95.exe
2014-11-26 18:52 - 2014-11-26 18:52 - 00121069 _____ () C:\Users\Jessica\Downloads\memtest86+-5.01.usb.installer.zip
2014-11-26 18:51 - 2014-11-26 18:51 - 00059435 _____ () C:\Users\Jessica\Downloads\memtest86+-5.01.iso.zip
2014-11-26 18:45 - 2014-11-26 18:45 - 00293384 _____ () C:\Windows\Minidump\112614-15381-01.dmp
2014-11-26 18:21 - 2014-11-26 18:21 - 00313108 _____ () C:\Users\Jessica\Desktop\gmer.log
2014-11-26 18:14 - 2014-11-26 18:14 - 00380416 _____ () C:\Users\Jessica\Downloads\w9pgdzdz.exe
2014-11-26 18:14 - 2014-11-26 18:14 - 00380416 _____ () C:\Users\Jessica\Desktop\w9pgdzdz.exe
2014-11-26 18:14 - 2014-11-26 18:14 - 00026147 _____ () C:\Users\Jessica\Desktop\Addition.txt
2014-11-26 18:13 - 2014-11-27 18:30 - 00015039 _____ () C:\Users\Jessica\Desktop\FRST.txt
2014-11-26 18:13 - 2014-11-27 18:30 - 00000000 ____D () C:\FRST
2014-11-26 18:13 - 2014-11-27 18:28 - 02117632 _____ (Farbar) C:\Users\Jessica\Desktop\FRST64.exe
2014-11-26 18:12 - 2014-11-26 18:13 - 02118144 _____ (Farbar) C:\Users\Jessica\Downloads\FRST64.exe
2014-11-26 18:07 - 2014-11-26 18:07 - 00001147 _____ () C:\Users\Jessica\Desktop\123.txt
2014-11-26 17:52 - 2014-11-26 17:52 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-26 17:52 - 2014-11-26 17:52 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-26 17:52 - 2014-11-26 17:52 - 00001924 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-11-26 17:35 - 2014-11-26 17:35 - 05198336 _____ (AVAST Software) C:\Users\Jessica\Downloads\aswmbr.exe
2014-11-18 20:49 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 20:49 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 20:49 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 20:49 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-14 15:53 - 2014-11-14 15:53 - 00000000 ____D () C:\Users\Jessica\Desktop\tattoos
2014-11-13 20:55 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-13 20:55 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-13 20:55 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-13 20:55 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 20:55 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-13 20:55 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-13 20:55 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-13 20:55 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-13 20:55 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-13 20:55 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 20:55 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 20:55 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-13 20:55 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-13 20:55 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-13 20:55 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-13 20:55 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-13 20:55 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-13 20:55 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 20:55 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-13 20:55 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 20:55 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-13 20:55 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-13 20:55 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-13 20:55 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-13 20:55 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-13 20:55 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 20:55 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-13 20:55 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-13 20:55 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-13 20:55 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-13 20:55 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-13 20:55 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 20:55 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-13 20:55 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-13 20:55 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 20:55 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-13 20:55 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-13 20:55 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 20:55 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-13 20:55 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-13 20:55 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 20:55 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-13 20:55 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-13 20:55 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-13 20:55 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 20:55 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-13 20:55 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-13 20:55 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-13 20:55 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-13 20:55 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 20:55 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 20:55 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-13 20:55 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-13 20:55 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-13 20:55 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-13 20:55 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-13 20:55 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-13 20:55 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-13 20:55 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-13 20:55 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-13 20:55 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-13 20:55 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 20:55 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 20:55 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 20:55 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-13 20:55 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-13 20:55 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-13 20:55 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-13 20:55 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 20:55 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-13 20:55 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-13 20:55 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-13 20:55 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-13 20:55 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-13 20:55 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-13 20:55 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 20:55 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-13 20:55 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-13 20:55 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-13 20:55 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-13 20:55 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-13 20:54 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 20:54 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-13 20:54 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 20:54 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-13 20:54 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-13 20:54 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-13 20:54 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-13 20:54 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 20:54 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 20:54 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 20:54 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-13 20:54 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 20:54 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-13 20:54 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-13 20:54 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-13 20:54 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-13 20:54 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-13 20:54 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-13 20:54 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-13 20:54 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-03 15:02 - 2014-11-03 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-11-03 15:02 - 2014-11-03 15:02 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-11-03 15:02 - 2014-04-25 17:44 - 01070152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2014-11-03 15:02 - 2014-04-25 17:44 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2014-11-03 15:02 - 2014-04-25 17:44 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2014-11-03 15:02 - 2014-04-25 17:44 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2014-11-03 15:02 - 2014-04-25 17:44 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2014-11-03 15:02 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL
2014-11-03 15:02 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL
2014-11-03 15:02 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL
2014-11-03 15:00 - 2014-11-03 15:01 - 27843432 _____ (pdfforge ) C:\Users\Jessica\Downloads\PDFCreator-1_7_3_setup.exe
2014-11-01 00:26 - 2014-11-01 00:26 - 00009946 _____ () C:\Users\Jessica\Documents\Unbenannt 1.odt
2014-10-29 23:20 - 2014-10-29 23:42 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\Bioshock2Steam
2014-10-29 23:20 - 2014-10-29 23:20 - 00000000 ____D () C:\Users\Jessica\Documents\Bioshock2
2014-10-29 18:56 - 2014-10-29 18:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-29 18:56 - 2014-10-29 18:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-29 18:56 - 2014-10-29 18:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-29 18:56 - 2014-10-29 18:56 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-29 18:56 - 2014-10-29 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-29 18:56 - 2014-10-29 18:56 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-29 18:33 - 2014-10-30 23:02 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\Bioshock
2014-10-29 18:33 - 2014-10-29 18:40 - 00000000 ____D () C:\Users\Jessica\Documents\Bioshock


==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-27 18:31 - 2009-07-14 05:45 - 00027120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-27 18:31 - 2009-07-14 05:45 - 00027120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-27 18:23 - 2013-12-19 19:25 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-27 18:23 - 2013-12-19 19:20 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-27 18:23 - 2013-12-19 17:57 - 01984537 _____ () C:\Windows\WindowsUpdate.log
2014-11-27 18:23 - 2010-11-21 04:47 - 00034782 _____ () C:\Windows\PFRO.log
2014-11-27 18:23 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-27 18:23 - 2009-07-14 05:51 - 00115326 _____ () C:\Windows\setupact.log
2014-11-27 18:22 - 2013-12-19 17:58 - 00000000 ____D () C:\Users\Jessica
2014-11-27 18:17 - 2013-12-19 19:20 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-26 20:18 - 2013-12-19 19:21 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-26 19:40 - 2011-04-12 08:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-11-26 19:40 - 2011-04-12 08:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-11-26 19:40 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-26 19:39 - 2013-12-19 19:33 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-26 18:45 - 2014-02-05 22:28 - 742466218 _____ () C:\Windows\MEMORY.DMP
2014-11-26 18:45 - 2014-02-05 22:28 - 00000000 ____D () C:\Windows\Minidump
2014-11-26 18:06 - 2014-07-14 13:54 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-26 17:52 - 2014-05-04 17:42 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-26 17:52 - 2013-12-19 19:25 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-26 17:52 - 2013-12-19 19:25 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-11-26 17:52 - 2013-12-19 19:25 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-26 17:52 - 2013-12-19 19:25 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-11-26 17:52 - 2013-12-19 19:25 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-26 17:52 - 2013-12-19 19:25 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-26 17:52 - 2013-12-19 19:25 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-26 17:49 - 2014-07-14 13:54 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-26 17:49 - 2014-07-14 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-26 17:49 - 2014-07-14 13:54 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-20 22:31 - 2013-12-20 16:50 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\vlc
2014-11-16 15:42 - 2013-12-20 17:16 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-11-15 11:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-14 16:12 - 2013-12-19 19:20 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 16:12 - 2013-12-19 19:20 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-14 15:51 - 2009-07-14 05:45 - 00295752 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-14 15:50 - 2014-05-06 19:36 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-13 22:09 - 2013-12-19 19:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 22:07 - 2013-12-19 19:46 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-09 15:59 - 2014-07-26 11:02 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\TeamViewer
2014-11-04 14:30 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-29 19:55 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-29 18:56 - 2013-12-20 17:17 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-29 18:33 - 2013-12-20 17:49 - 00440803 _____ () C:\Windows\DirectX.log

Some content of TEMP:
====================
C:\Users\Jessica\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Jessica\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Jessica\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Jessica\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Jessica\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Jessica\AppData\Local\Temp\Quarantine.exe
C:\Users\Jessica\AppData\Local\Temp\sonarinst.exe
C:\Users\Jessica\AppData\Local\Temp\sqlite3.dll
C:\Users\Jessica\AppData\Local\Temp\vlc-2.1.4-win64.exe
C:\Users\Jessica\AppData\Local\Temp\vlc-2.1.5-win64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-26 20:00

==================== End Of Log ============================
         
--- --- ---

Alt 28.11.2014, 16:40   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Malwarebytes findet Mobogenie. Noch mehr malware? - Standard

Malwarebytes findet Mobogenie. Noch mehr malware?




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.12.2014, 13:09   #8
Sirene88
 
Malwarebytes findet Mobogenie. Noch mehr malware? - Standard

Malwarebytes findet Mobogenie. Noch mehr malware?



Hallo, bin leider heute erst dazu gekommen

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8f6af701aa4fcd459070e9a40995b893
# engine=21401
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-04 07:40:22
# local_time=2014-12-04 08:40:22 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 92 704144 30248102 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 12735 169351872 0 0
# scanned=229545
# found=3
# cleaned=0
# scan_time=4202
sh=31CE21FE36C11E107A6E315EFE1875743809B4CC ft=1 fh=48abcfa6ce4a4014 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jessica\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=DF0FE97D4A08C5062A310BDDC24E23EE0725B1B6 ft=1 fh=4d0a96f270734e01 vn="Variante von Win32/InstallCore.BY evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jessica\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\USBDI8UZ\JDownloaderSetup_CH1[1].exe"
sh=A836A8346F791EC8A83B51BC78E84B2F6659E6DA ft=1 fh=0a2e45c370149901 vn="Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jessica\AppData\Local\Temp\is1070216317\949764_stp\wajam_validate.exe"
         

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.91  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 2.0.3.1025  
 Java 7 Update 71  
  Adobe Flash Player 14.0.0.179 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Thunderbird (24.6.0) 
 Google Chrome (39.0.2171.65) 
 Google Chrome (39.0.2171.71) 
````````Process Check: objlist.exe by Laurent````````  
 ASUS AI Suite III Thermal Radar Core DipAwayMode\DipAwayMode.exe 
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

Alt 06.12.2014, 08:30   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Malwarebytes findet Mobogenie. Noch mehr malware? - Standard

Malwarebytes findet Mobogenie. Noch mehr malware?



und der Rest?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.12.2014, 13:40   #10
Sirene88
 
Malwarebytes findet Mobogenie. Noch mehr malware? - Standard

Malwarebytes findet Mobogenie. Noch mehr malware?



Ups, entschuldige. Das hab ich total überlesen.
Probleme gibts keine.
Was ist mit den Eset funden?

Hier das FRST Log

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-12-2014
Ran by Jessica (administrator) on JESSICA-PC on 09-12-2014 14:28:28
Running from C:\Users\Jessica\Desktop
Loaded Profile: Jessica (Available profiles: Jessica)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.03\AsusFanControlService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar Core\DIPAwayMode\DipAwayMode.exe
() C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-12-19] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-12-19] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-26] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-3833322267-538766727-1948873061-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.192.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-12-20]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-19]

Chrome: 
=======
CHR Profile: C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-26]
CHR Extension: (Google Drive) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-26]
CHR Extension: (Google-Suche) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-26]
CHR Extension: (ZenMate) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-07-26]
CHR Extension: (AdBlock) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-26]
CHR Extension: (Avast Online Security) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-12-19]
CHR Extension: (Session Manager) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc [2014-07-26]
CHR Extension: (Google Wallet) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-19]
CHR Extension: (Google Mail) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-26]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-12-19] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2013-12-19] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2013-12-19] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.03\AsusFanControlService.exe [1690424 2013-12-19] (ASUSTeK Computer Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-26] (AVAST Software)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4797064 2013-11-05] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [33080 2014-12-01] (The OpenVPN Project)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-03-28] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
S1 ASMTFilter; C:\Windows\System32\DRIVERS\asmtufdriver.sys [21400 2013-12-19] (hxxp://www.asmedia.com.tw) [File not signed]
S1 ASMTFilter; C:\Windows\SysWOW64\DRIVERS\asmtufdriver.sys [16640 2013-12-19] (hxxp://www.asmedia.com.tw) [File not signed]
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2013-12-19] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2013-12-19] (MCCI Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-26] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-26] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-26] ()
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-30] (Intel Corporation)
S3 ezplay; C:\Windows\System32\Drivers\ezplay.sys [118400 2014-01-24] (VSO Software) [File not signed]
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [4433696 2013-12-19] (Intel Corporation) [File not signed]
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [442368 2013-12-19] (Intel(R) Corporation) [File not signed]
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-09 14:28 - 2014-12-09 14:29 - 00015403 _____ () C:\Users\Jessica\Desktop\FRST.txt
2014-12-09 14:28 - 2014-12-09 14:27 - 02119680 _____ (Farbar) C:\Users\Jessica\Desktop\FRST64.exe
2014-12-09 14:27 - 2014-12-09 14:27 - 02119680 _____ (Farbar) C:\Users\Jessica\Downloads\FRST64.exe
2014-12-08 21:23 - 2014-12-08 21:23 - 00000000 ____D () C:\Users\Jessica\AppData\Local\Adobe
2014-12-05 14:08 - 2014-12-05 14:08 - 00000983 _____ () C:\Users\Jessica\Desktop\checkup.txt
2014-12-04 21:02 - 2014-12-04 21:02 - 00000458 _____ () C:\Users\Jessica\Desktop\esetneu.txt
2014-12-04 18:12 - 2014-12-04 18:12 - 00000000 ____D () C:\Users\Jessica\AppData\Local\Mozilla
2014-12-04 17:45 - 2014-12-04 17:45 - 00001103 _____ () C:\Users\Public\Desktop\OpenVPN GUI.lnk
2014-12-04 17:44 - 2014-12-04 17:45 - 00000000 ____D () C:\Users\Jessica\Desktop\FirefoxPortable
2014-12-04 17:44 - 2014-12-04 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2014-12-04 17:44 - 2014-12-04 17:45 - 00000000 ____D () C:\Program Files\TAP-Windows
2014-12-04 17:44 - 2014-12-04 17:45 - 00000000 ____D () C:\Program Files (x86)\OpenVPN
2014-12-04 17:44 - 2014-12-04 17:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2014-12-03 20:23 - 2014-12-03 16:35 - 00018469 _____ () C:\Users\Jessica\Desktop\config.zip
2014-11-28 18:19 - 2014-11-28 18:19 - 00000148 _____ () C:\Users\Jessica\Desktop\j.txt
2014-11-28 17:55 - 2014-11-28 17:55 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-11-27 18:25 - 2014-11-27 18:25 - 00000000 ____D () C:\Windows\ERUNT
2014-11-27 18:20 - 2014-11-27 18:22 - 00000000 ____D () C:\AdwCleaner
2014-11-26 19:35 - 2014-05-30 03:33 - 36363264 _____ () C:\Users\Jessica\Desktop\prime95.exe
2014-11-26 18:45 - 2014-11-26 18:45 - 00293384 _____ () C:\Windows\Minidump\112614-15381-01.dmp
2014-11-26 18:13 - 2014-12-09 14:28 - 00000000 ____D () C:\FRST
2014-11-26 17:52 - 2014-11-26 17:52 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-26 17:52 - 2014-11-26 17:52 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-26 17:52 - 2014-11-26 17:52 - 00001924 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-11-18 20:49 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 20:49 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 20:49 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 20:49 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-14 15:53 - 2014-11-14 15:53 - 00000000 ____D () C:\Users\Jessica\Desktop\tattoos
2014-11-13 20:55 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-13 20:55 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-13 20:55 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-13 20:55 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 20:55 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-13 20:55 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-13 20:55 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-13 20:55 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-13 20:55 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-13 20:55 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 20:55 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 20:55 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-13 20:55 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-13 20:55 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-13 20:55 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-13 20:55 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-13 20:55 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-13 20:55 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 20:55 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-13 20:55 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 20:55 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-13 20:55 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-13 20:55 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-13 20:55 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-13 20:55 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-13 20:55 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 20:55 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-13 20:55 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-13 20:55 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-13 20:55 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-13 20:55 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-13 20:55 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 20:55 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-13 20:55 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-13 20:55 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 20:55 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-13 20:55 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-13 20:55 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 20:55 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-13 20:55 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-13 20:55 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 20:55 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-13 20:55 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-13 20:55 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-13 20:55 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 20:55 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-13 20:55 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-13 20:55 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-13 20:55 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-13 20:55 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 20:55 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 20:55 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-13 20:55 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-13 20:55 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-13 20:55 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-13 20:55 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-13 20:55 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-13 20:55 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-13 20:55 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-13 20:55 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-13 20:55 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-13 20:55 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 20:55 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 20:55 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 20:55 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-13 20:55 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-13 20:55 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-13 20:55 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-13 20:55 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 20:55 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-13 20:55 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-13 20:55 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-13 20:55 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-13 20:55 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-13 20:55 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-13 20:55 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 20:55 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-13 20:55 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-13 20:55 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-13 20:55 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-13 20:55 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-13 20:54 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 20:54 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-13 20:54 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 20:54 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-13 20:54 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-13 20:54 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-13 20:54 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-13 20:54 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 20:54 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 20:54 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 20:54 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-13 20:54 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 20:54 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-13 20:54 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-13 20:54 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-13 20:54 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-13 20:54 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-13 20:54 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-13 20:54 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-13 20:54 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-09 14:29 - 2013-12-19 17:57 - 01265277 _____ () C:\Windows\WindowsUpdate.log
2014-12-09 14:25 - 2013-12-19 19:33 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-09 14:24 - 2013-12-19 19:25 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-09 14:24 - 2013-12-19 19:20 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-09 14:24 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-09 14:24 - 2009-07-14 05:51 - 00119806 _____ () C:\Windows\setupact.log
2014-12-08 22:17 - 2013-12-19 19:20 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-08 21:34 - 2013-12-20 16:50 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\vlc
2014-12-08 11:21 - 2009-07-14 05:45 - 00027120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-08 11:21 - 2009-07-14 05:45 - 00027120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-06 19:47 - 2014-10-29 18:33 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\Bioshock
2014-12-04 19:33 - 2011-04-12 08:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-12-04 19:33 - 2011-04-12 08:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-12-04 19:33 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-04 18:24 - 2013-12-20 17:16 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-12-04 18:12 - 2014-05-19 20:58 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\Mozilla
2014-11-27 18:23 - 2010-11-21 04:47 - 00034782 _____ () C:\Windows\PFRO.log
2014-11-27 18:22 - 2013-12-19 17:58 - 00000000 ____D () C:\Users\Jessica
2014-11-26 20:18 - 2013-12-19 19:21 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-26 18:45 - 2014-02-05 22:28 - 742466218 _____ () C:\Windows\MEMORY.DMP
2014-11-26 18:45 - 2014-02-05 22:28 - 00000000 ____D () C:\Windows\Minidump
2014-11-26 18:06 - 2014-07-14 13:54 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-26 17:52 - 2014-05-04 17:42 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-26 17:52 - 2013-12-19 19:25 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-26 17:52 - 2013-12-19 19:25 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-11-26 17:52 - 2013-12-19 19:25 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-26 17:52 - 2013-12-19 19:25 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-11-26 17:52 - 2013-12-19 19:25 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-26 17:52 - 2013-12-19 19:25 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-26 17:52 - 2013-12-19 19:25 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-26 17:49 - 2014-07-14 13:54 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-26 17:49 - 2014-07-14 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-26 17:49 - 2014-07-14 13:54 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-15 11:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-14 16:12 - 2013-12-19 19:20 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 16:12 - 2013-12-19 19:20 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-14 15:51 - 2009-07-14 05:45 - 00295752 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-14 15:50 - 2014-05-06 19:36 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-13 22:09 - 2013-12-19 19:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 22:07 - 2013-12-19 19:46 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-09 15:59 - 2014-07-26 11:02 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\TeamViewer

Some content of TEMP:
====================
C:\Users\Jessica\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Jessica\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Jessica\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Jessica\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Jessica\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Jessica\AppData\Local\Temp\Quarantine.exe
C:\Users\Jessica\AppData\Local\Temp\sonarinst.exe
C:\Users\Jessica\AppData\Local\Temp\sqlite3.dll
C:\Users\Jessica\AppData\Local\Temp\vlc-2.1.4-win64.exe
C:\Users\Jessica\AppData\Local\Temp\vlc-2.1.5-win64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-08 11:43

==================== End Of Log ============================
         
--- --- ---

Alt 09.12.2014, 16:48   #11
schrauber
/// the machine
/// TB-Ausbilder
 

Malwarebytes findet Mobogenie. Noch mehr malware? - Standard

Malwarebytes findet Mobogenie. Noch mehr malware?



Machen wir jetzt. Flash Player updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.12.2014, 13:18   #12
Sirene88
 
Malwarebytes findet Mobogenie. Noch mehr malware? - Standard

Malwarebytes findet Mobogenie. Noch mehr malware?



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-12-2014
Ran by Jessica at 2014-12-10 14:09:23 Run:1
Running from C:\Users\Jessica\Desktop
Loaded Profile: Jessica (Available profiles: Jessica)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Emptytemp:
*****************

EmptyTemp: => Removed 2.6 GB temporary data.


The system needed a reboot. 

==== End of Fixlog ====
         

Flash player hat gerade sein update erhalten.

Ich danke dir vielmals für deine Hilfe =)

Alt 11.12.2014, 08:25   #13
schrauber
/// the machine
/// TB-Ausbilder
 

Malwarebytes findet Mobogenie. Noch mehr malware? - Standard

Malwarebytes findet Mobogenie. Noch mehr malware?



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Malwarebytes findet Mobogenie. Noch mehr malware?
administrator, antivirus, computer, cpu-z, dvdvideosoft ltd., entfernen, explorer, fehlercode 0xc0000005, fehlercode windows, mobogenie, mobogenie entfernen, pup.optional.nextlive.a, registry, schädling, security, services.exe, software, svchost.exe, system, win32/downloadsponsor.a, win32/installcore.by, win32/wajam.f, windows, winlogon.exe



Ähnliche Themen: Malwarebytes findet Mobogenie. Noch mehr malware?


  1. Windows 7: Malwarebytes findet Registrierungsschlüssel-Malware
    Log-Analyse und Auswertung - 23.06.2015 (10)
  2. Malwarebytes Anti-Malware geht erst nicht, findet dann Security.Hijack - Ist da noch mehr?
    Log-Analyse und Auswertung - 21.08.2014 (17)
  3. Malwarebytes Anti-Malware findet TowerTilt Adware
    Plagegeister aller Art und deren Bekämpfung - 18.06.2014 (21)
  4. Ständig Pop ups, Malwarebytes findet Malware
    Plagegeister aller Art und deren Bekämpfung - 11.06.2014 (11)
  5. Win7: Avast findet Malware Mobogenie und VBS: Malware-gen
    Log-Analyse und Auswertung - 11.03.2014 (7)
  6. Malwarebytes Anti-Malware findet infizierte Dateien, was tun?
    Plagegeister aller Art und deren Bekämpfung - 04.02.2014 (9)
  7. Malwarebytes hat PUP.Optional.OpenCandy und noch mehr Malware gefunden. 9 Funde insgesamt.
    Plagegeister aller Art und deren Bekämpfung - 25.01.2014 (3)
  8. Malwarebytes Anti-Malware Scan findet zwei Viren
    Log-Analyse und Auswertung - 07.12.2013 (25)
  9. Windows 7: Malwarebytes findet Malware ohne erkennbare Auswirkungen
    Log-Analyse und Auswertung - 05.12.2013 (11)
  10. Malwarebytes Anti-Malware findet infizierte Objekte
    Log-Analyse und Auswertung - 12.11.2013 (13)
  11. Malwarebytes Anti-Malware findet Malware.NSPack
    Plagegeister aller Art und deren Bekämpfung - 29.05.2013 (13)
  12. Malwarebytes Anti-Malware findet (PUP.InstallBrain)
    Plagegeister aller Art und deren Bekämpfung - 20.04.2013 (13)
  13. Malwarebytes Anti-Malware findet Trojan.Ransom.ANC
    Plagegeister aller Art und deren Bekämpfung - 17.03.2013 (37)
  14. Antivir findet 9 Viren, malware findet nichts mehr
    Plagegeister aller Art und deren Bekämpfung - 28.05.2012 (18)
  15. (3x) Malwarebytes Anti-Malware findet den Trojaner bei mir leider nicht!
    Mülltonne - 27.04.2012 (2)
  16. Malwarebytes' Anti-Malware findet PUM.Hijack.StartMenu in Registry
    Log-Analyse und Auswertung - 27.09.2011 (10)
  17. malwarebytes findet malware
    Log-Analyse und Auswertung - 19.01.2010 (15)

Zum Thema Malwarebytes findet Mobogenie. Noch mehr malware? - Hallo liebes TB-Team. Malwarebytes fand heute einen schädling auf meinem Rechner. Ich lies diesen Entfernen (Log anbei) und folgte eurer anleitung. Meine Frage ist, ob sich eventuell noch mehr auf - Malwarebytes findet Mobogenie. Noch mehr malware?...
Archiv
Du betrachtest: Malwarebytes findet Mobogenie. Noch mehr malware? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.