Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal"

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 02.07.2015, 21:30   #1
ingoxxl
 
Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal" - Standard

Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal"



Hallo,

seit etwa einer Woche meldet mein AVAST Virenscanner immer beim Start von Firefox, dass Infektionen blockiert wurden. Dies sind die Informationen, die AVAST preisgibt:

URL: "hxxp://alwaysisobar.com/4242/SoftwareForce_142669433517349.dll"
bzw.
URL: "hxxp://simplesitescan.net/4242/StepOne_142667180564410.dll"
Infektion: "URL:Mal"
Prozess: "C:\Windows\System32\svchost.exe"

Ist mein Rechner jetzt infiziert und wie bekomme ich diese Meldung wieder weg bzw. meinen Rechner sauber?

Danke vorab für die Hilfe,

viele Grüße
Ingo
Angehängte Grafiken
Dateityp: png Avast Malware-Warnung.png (22,3 KB, 344x aufgerufen)

Alt 02.07.2015, 21:47   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal" - Standard

Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal"



Hi,

Logs bitte immer in codetags in den Thread posten
__________________

__________________

Alt 02.07.2015, 23:33   #3
ingoxxl
 
Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal" - Standard

Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal"



Hi,

upps, sorry! Das mit den Code-Tags habe ich wohl überlesen. Ausserdem fällt mir bei der Gelegenheit auch auf, dass ich die GMER.log auch nicht angehängt habe. Daher jetzt noch mal richtig...

defogger_disable.log
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:36 on 02/07/2015 (Ingo)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-
         
Addition.txt
[CODE]
Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by Ingo at 2015-07-02 21:40:28
Running from D:\Users\Ingo\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2484450973-2070416738-4278609927-500 - Administrator - Disabled)
Gast (S-1-5-21-2484450973-2070416738-4278609927-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2484450973-2070416738-4278609927-1002 - Limited - Enabled)
Ingo (S-1-5-21-2484450973-2070416738-4278609927-1005 - Administrator - Enabled) => D:\Users\Ingo
Julia (S-1-5-21-2484450973-2070416738-4278609927-1006 - Administrator - Enabled) => D:\Users\Julia
Klara (S-1-5-21-2484450973-2070416738-4278609927-1007 - Limited - Enabled) => D:\Users\Klara

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2001616158.48.56.37883114 - Audible, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version:  - AVM Berlin)
calibre 64bit (HKLM\...\{2E2F6591-1465-4C64-8F50-E75F4AAB0ED8}) (Version: 2.27.0 - Kovid Goyal)
Dell SonicWALL NetExtender (HKLM-x32\...\Dell SonicWALL NetExtender) (Version: 7.5.223 - Dell)
Exact Audio Copy 1.0beta6 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta6 - Andre Wiethoff)
Exif-Viewer 2.51  (HKLM-x32\...\Exif-Viewer) (Version: 2.51 - Ralf Bibinger)
FileZilla Client 3.11.0 (HKLM-x32\...\FileZilla Client) (Version: 3.11.0 - Tim Kosse)
Greenshot 1.2.6.7 (HKLM\...\Greenshot_is1) (Version: 1.2.6.7 - Greenshot)
Image Resizer for Windows (64 bit) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
Iperius Backup Version 4.2.4.0 (HKLM-x32\...\Iperius Backup_is1) (Version: 4.2.4.0 - Enter Srl)
ISO Workshop 5.9 (HKLM-x32\...\ISO Workshop_is1) (Version:  - Glorylogic)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.14 - Oracle Corporation)
Java SE Development Kit 8 Update 45 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.14 - Oracle Corporation)
KeePass Password Safe 2.29 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.29 - Dominik Reichl)
K-Lite Codec Pack 11.1.6 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.1.6 - )
Lupas Rename 2000 v5.0 Release (HKLM-x32\...\Lupas Rename 2000_is1) (Version:  - Ivan Anton Albarracin)
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.3 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 5.3.7299 - Paramount Software (UK) Ltd.) Hidden
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.8.1 - Notepad++ Team)
NVIDIA 3D Vision Treiber 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
NVIDIA Grafiktreiber 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Oracle VM VirtualBox 4.3.28 (HKLM\...\{E8BB81BC-E67C-4750-84EE-128DA5A7ADA5}) (Version: 4.3.28 - Oracle Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.11 - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7512 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
ScanWizard 5 (HKLM-x32\...\{B08D262E-D902-11D5-9C28-0080C85A0C2D}) (Version:  - )
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
Spamihilator 1.6.0 (64-Bit) (HKLM\...\{A7AE76C5-098C-4F88-8557-F59060F77808}) (Version: 1.6.0 - Michel Krämer)
SportTracks 2.1 (HKLM-x32\...\{E6FA148F-1E7D-4A42-A9A2-7DFABC2C6A2B}) (Version: 2.1.3478 - Zone Five Software)
StarBurn Version 15.2 (Build 0x20131129) (HKLM-x32\...\StarBurn_is1) (Version: 15.2 - StarBurn Software)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.41459 - TeamViewer)
TuneUp Utilities 2011 (HKLM-x32\...\TuneUp Utilities 2011) (Version: 10.0.4600.4 - TuneUp Software)
TuneUp Utilities 2011 (x32 Version: 10.0.4600.4 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 10.0.4600.4 - TuneUp Software) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Z-Cron (HKLM-x32\...\{FD57FF4D-7225-4DAC-B15D-9BAE3E8A0E2B}) (Version: 4.9.0.68 - IMU Andreas Baumann)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-05-14 20:34 - 00000860 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 platform.aimersoft.com

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {124659B8-674F-4AC1-ABFD-6433FB018945} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2011 => C:\Program Files (x86)\TuneUp Utilities 2011\OneClick.exe [2011-12-13] (TuneUp Software)
Task: {5A9F4191-36EA-48AD-9551-814549047321} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-04-15] ()
Task: {A9528110-AA8F-49B9-BB39-509D7DAEB5AE} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-18] (Avast Software s.r.o.)

==================== Loaded Modules (Whitelisted) ==============

2015-05-14 20:03 - 2006-02-23 12:35 - 00020480 _____ () C:\Windows\System32\FritzColorPort64.dll
2015-05-14 20:03 - 2006-02-22 11:39 - 00020480 _____ () C:\Windows\System32\FritzPort64.dll
2015-05-19 16:56 - 2015-05-19 16:56 - 00043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2015-05-21 00:03 - 2015-05-21 00:03 - 00073728 _____ () C:\Program Files\Spamihilator\zlib1.dll
2015-05-21 00:03 - 2015-05-21 00:03 - 00380928 _____ () C:\Program Files\Spamihilator\sqlite3.dll
2015-05-13 21:39 - 2015-05-13 21:39 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-13 21:39 - 2015-05-13 21:39 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-02 18:07 - 2015-07-02 18:07 - 02955264 _____ () C:\Program Files\AVAST Software\Avast\defs\15070202\algo.dll
2015-05-13 21:39 - 2015-05-13 21:39 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-05-29 00:24 - 2015-05-29 00:24 - 00008704 _____ () D:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n89clb7s.default\extensions\mintrayr@tn123.ath.cx\lib\tray_x86-msvc.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2484450973-2070416738-4278609927-1005\Control Panel\Desktop\\Wallpaper -> D:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.177.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microtek Scanner Finder.lnk => C:\Windows\pss\Microtek Scanner Finder.lnk.CommonStartup
MSCONFIG\startupfolder: D:^Users^Ingo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Spamihilator.lnk => C:\Windows\pss\Spamihilator.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: DellNetExtender => C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe -hideGUI -clearReboot
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SonicWALLNetExtender => C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe -hideGUI -clearReboot
MSCONFIG\startupreg: StereoLinksInstall => "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe" /install1
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{1D70A97A-F028-448B-92B3-BFE0DC289320}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5EE8E22E-7C31-4A5F-8799-73A2B27D916A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1B417A7F-A2AA-4690-B9BD-3A5554D59FDA}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4AEEB65B-D743-4726-B029-E03841B2D903}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{2F3CBB2D-2FA8-4163-9675-BFDD3C0A31D6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{90A1F245-8A21-424C-834D-E990B1675CA1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8082AAD3-13FC-4085-B9F1-AF30EF95E482}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{EDAA8A87-C05B-49AA-855F-0B80666742DD}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{710863A7-B70E-46F2-AF06-2786EE61C14C}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{C4F0ABF4-2B8D-44A5-B789-015C9CCB499C}C:\program files\java\jdk1.8.0_45\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.8.0_45\bin\jmc.exe
FirewallRules: [UDP Query User{24CD8196-2198-431A-AEB1-C4E4E5EA441B}C:\program files\java\jdk1.8.0_45\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.8.0_45\bin\jmc.exe
FirewallRules: [{973A3C3F-4ED6-468D-A57D-39CCC6967CEA}] => (Allow) C:\Program Files (x86)\FRITZ!\igd_finder.exe
FirewallRules: [{5FBA8B54-2B5D-43C6-9D50-A7BB8DA1E6F1}] => (Allow) C:\Program Files (x86)\FRITZ!\igd_finder.exe
FirewallRules: [{C5C2FADB-28C0-4834-88EE-5DF521B1FFDF}] => (Block) %ProgramFiles% (x86)\Aimersoft\DRM Media Converter\DRMMediaConverter.exe
FirewallRules: [{A6046791-4438-4F69-A023-0AB25EF0E7AB}] => (Allow) C:\Program Files\Spamihilator\spamihilator.exe
FirewallRules: [{32C0CF0C-36AA-45F7-9645-9DEE35CFDC50}] => (Allow) C:\Program Files\Spamihilator\cdcc.exe
FirewallRules: [{528C10CC-C4D1-4FB7-8A23-26B56461C29B}] => (Allow) C:\Program Files\Spamihilator\dccproc.exe
FirewallRules: [TCP Query User{3DAE4350-1647-4C75-BFF0-BD3AC0D966A3}C:\program files (x86)\fritz!\frifax32.exe] => (Allow) C:\program files (x86)\fritz!\frifax32.exe
FirewallRules: [UDP Query User{4C2D01AD-D4F1-4DA4-B347-E4869BB5819E}C:\program files (x86)\fritz!\frifax32.exe] => (Allow) C:\program files (x86)\fritz!\frifax32.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/02/2015 09:37:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/02/2015 09:32:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/02/2015 09:02:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/02/2015 08:21:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/02/2015 06:07:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/02/2015 08:23:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/02/2015 02:58:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2015 11:15:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2015 08:29:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2015 07:40:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/02/2015 09:37:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ASPI32" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/02/2015 09:37:20 PM) (Source: volmgr) (EventID: 45) (User: )
Description: Das System konnte den Treiber für das Speicherabbild nicht laden.

Error: (07/02/2015 09:37:16 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error: (07/02/2015 09:32:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ASPI32" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/02/2015 09:32:26 PM) (Source: volmgr) (EventID: 45) (User: )
Description: Das System konnte den Treiber für das Speicherabbild nicht laden.

Error: (07/02/2015 09:32:21 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error: (07/02/2015 08:21:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ASPI32" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/02/2015 08:21:24 PM) (Source: volmgr) (EventID: 45) (User: )
Description: Das System konnte den Treiber für das Speicherabbild nicht laden.

Error: (07/02/2015 08:21:21 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error: (07/02/2015 06:07:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ASPI32" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-05-25 20:57:35.937
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\drivers\grmnusb.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-05-25 20:57:35.897
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\drivers\grmnusb.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-05-25 20:56:30.234
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\drivers\grmnusb.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-05-25 20:56:30.194
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\drivers\grmnusb.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 27%
Total physical RAM: 6142.55 MB
Available physical RAM: 4471.49 MB
Total Pagefile: 12283.32 MB
Available Pagefile: 10460.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive b: (Backup) (Fixed) (Total:931.51 GB) (Free:417.93 GB) NTFS
Drive c: () (Fixed) (Total:117.38 GB) (Free:92.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: () (Fixed) (Total:831.51 GB) (Free:612.95 GB) NTFS
Drive k: () (Removable) (Total:29.05 GB) (Free:20.88 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 117.4 GB) (Disk ID: F010BBB4)
Partition 1: (Active) - (Size=117.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0004B04B)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=42)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B501B48E)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 29.1 GB) (Disk ID: 0009A95F)
Partition 1: (Active) - (Size=29.1 GB) - (Type=0C)

==================== End of log ============================
         
--- --- ---


FRST.txt

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by Ingo (administrator) on HOME-PC on 02-07-2015 21:39:55
Running from D:\Users\Ingo\Downloads
Loaded Profiles: Ingo (Available Profiles: Ingo & Julia & Klara)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Enter Srl) C:\Program Files (x86)\Iperius Backup\IperiusService.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Dell Inc.) C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
(Enter Srl) C:\Program Files (x86)\Iperius Backup\Iperius.exe
(Michel Krämer) C:\Program Files\Spamihilator\spamihilator.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-13] (Avast Software s.r.o.)
HKU\S-1-5-21-2484450973-2070416738-4278609927-1005\...\Run: [Iperius Backup] => C:\Program Files (x86)\Iperius Backup\Iperius.exe [23611280 2015-05-08] (Enter Srl)
HKU\S-1-5-21-2484450973-2070416738-4278609927-1005\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2484450973-2070416738-4278609927-1005\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2484450973-2070416738-4278609927-1005\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
IFEO\codectweaktool.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO\mediainfo.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
Startup: D:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk [2015-05-28]
ShortcutTarget: Spamihilator.lnk -> C:\Program Files\Spamihilator\spamihilator.exe (Michel Krämer)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-13] (Avast Software s.r.o.)
GroupPolicyUsers\S-1-5-21-2484450973-2070416738-4278609927-1007\User: Group Policy Restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-2484450973-2070416738-4278609927-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2484450973-2070416738-4278609927-1005 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = https://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-13] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-13] (Avast Software s.r.o.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-13] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-13] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-13] (Avast Software s.r.o.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-13] (Oracle Corporation)
Hosts: 127.0.0.1 platform.aimersoft.com
Tcpip\Parameters: [DhcpNameServer] 192.168.177.1
Tcpip\..\Interfaces\{1FB36190-A6F5-4787-A58D-E71835657744}: [DhcpNameServer] 192.168.177.1

FireFox:
========
FF ProfilePath: D:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n89clb7s.default
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-13] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-13] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF Extension: MinimizeToTray revived (MinTrayR) - D:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n89clb7s.default\Extensions\mintrayr@tn123.ath.cx [2015-05-29]
FF Extension: IE Tab - D:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n89clb7s.default\Extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2015-05-29]
FF Extension: Save Text To File - D:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n89clb7s.default\Extensions\HighlightedTextToFile@bobbyrne01.org.xpi [2015-05-22]
FF Extension: Adblock Plus - D:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n89clb7s.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-22]
FF Extension: DownThemAll! - D:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n89clb7s.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-05-22]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-13]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-13]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-13] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-05-13] (Avast Software)
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed]
R2 IperiusSvc; C:\Program Files (x86)\Iperius Backup\IperiusService.exe [4364192 2015-05-08] (Enter Srl)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)
R2 SONICWALL_NetExtender; C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe [614416 2014-10-21] (Dell Inc.)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2028864 2011-12-13] (TuneUp Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 ASPI32; No ImagePath
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-13] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-13] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-13] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-13] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-27] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-13] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-13] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
R3 NxDrv; C:\Windows\System32\DRIVERS\NxDrv.sys [25536 2014-10-21] (SonicWALL Inc.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2015-05-21] (Duplex Secure Ltd.)
R1 StarPortLite; C:\Windows\System32\DRIVERS\StarPortLite.sys [120704 2013-02-04] (StarWind Software)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [11856 2011-07-07] (TuneUp Software)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-05-13] (Avast Software)
S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2013-01-25] (Wondershare)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-02 21:39 - 2015-07-02 21:40 - 00012348 _____ D:\Users\Ingo\Downloads\FRST.txt
2015-07-02 21:39 - 2015-07-02 21:39 - 00000000 ____D C:\FRST
2015-07-02 21:36 - 2015-07-02 21:36 - 00000580 _____ D:\Users\Ingo\Downloads\defogger_disable.log
2015-07-02 21:36 - 2015-07-02 21:36 - 00000020 _____ D:\Users\Ingo\defogger_reenable
2015-07-02 21:15 - 2015-07-02 21:15 - 02112512 _____ (Farbar) D:\Users\Ingo\Downloads\FRST64.exe
2015-07-02 21:15 - 2015-07-02 21:15 - 00380416 _____ D:\Users\Ingo\Downloads\Gmer-19357.exe
2015-07-02 21:14 - 2015-07-02 21:14 - 00050477 _____ D:\Users\Ingo\Downloads\Defogger.exe
2015-06-30 21:11 - 2015-06-30 21:12 - 44135827 _____ D:\Users\Julia\Downloads\downloads(1).zip
2015-06-30 21:03 - 2015-06-30 21:05 - 74260937 _____ D:\Users\Julia\Downloads\downloads.zip
2015-06-27 21:43 - 2015-06-27 21:57 - 00003584 _____ D:\Users\Julia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-18 23:06 - 2015-06-18 23:06 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-06-18 19:47 - 2015-06-18 19:47 - 00000000 ____D D:\Users\Ingo\VirtualBox VMs
2015-06-16 01:07 - 2015-06-16 01:07 - 00000000 ____D D:\Users\Ingo\AppData\Local\calibre-cache
2015-06-16 01:06 - 2015-06-18 00:35 - 00000000 ____D D:\Users\Ingo\Documents\Calibre-Bibliothek
2015-06-16 01:06 - 2015-06-16 01:09 - 00000000 ____D D:\Users\Ingo\AppData\Roaming\calibre
2015-06-12 14:12 - 2015-06-12 14:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell SonicWALL NetExtender
2015-06-12 13:59 - 2015-06-12 13:59 - 01536632 _____ D:\Users\Julia\Downloads\NXSetupU.exe
2015-06-10 03:08 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 03:08 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 03:08 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 03:08 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 03:08 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 03:08 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 03:08 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 03:08 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 03:08 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 03:08 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 03:08 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 03:08 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 03:08 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 03:08 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 03:08 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 03:08 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 03:08 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 03:08 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 03:08 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 03:08 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 03:08 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 03:08 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 03:08 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 03:08 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 03:08 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 03:08 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 03:08 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 03:08 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 03:08 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 03:08 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 03:08 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 03:08 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 03:08 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 03:08 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 03:08 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 03:08 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 03:08 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 03:08 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 03:08 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 03:08 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 03:08 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 03:08 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 03:08 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 03:08 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 03:08 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 03:08 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 03:08 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 03:08 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 03:08 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 03:08 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 03:08 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 03:08 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 03:08 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 03:08 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 03:08 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 03:08 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 03:08 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 03:08 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 03:08 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 03:08 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 03:08 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 03:08 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 03:08 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 03:08 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 03:08 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 03:07 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 03:07 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 03:07 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 03:07 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 03:07 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 03:07 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 03:07 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 03:07 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-08 21:35 - 2015-06-08 21:35 - 00000000 ____D D:\Users\Julia\AppData\Local\FreeOCR
2015-06-07 10:46 - 2015-06-07 10:46 - 00001147 _____ D:\Users\Klara\Desktop\Hörbücher.lnk
2015-06-07 10:45 - 2015-06-16 02:26 - 00000000 ____D D:\Users\Public\Hörbücher
2015-06-03 23:07 - 2015-06-03 23:07 - 00013854 _____ C:\Windows\system32\hs_err_pid1220.log
2015-06-03 23:05 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-03 23:05 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-03 23:05 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-03 23:05 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-03 23:05 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-03 23:05 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-03 23:05 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-03 23:05 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-03 23:05 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-03 23:05 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-03 23:05 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-03 23:05 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-03 23:05 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-03 23:05 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-03 23:05 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-03 23:05 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-03 23:05 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-03 23:05 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-03 23:05 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-03 23:05 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-03 23:05 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-03 23:05 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-03 23:05 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-03 23:05 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-03 23:05 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-03 23:05 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-03 23:05 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-03 23:05 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-03 23:05 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-03 23:05 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-03 23:05 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-03 23:05 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-03 23:05 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-03 23:05 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-03 23:05 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-03 23:05 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-03 23:05 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-03 23:05 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-03 23:05 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-03 23:05 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-03 23:05 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-03 23:05 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-03 23:05 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-03 23:05 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-03 23:05 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-03 23:05 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-03 23:05 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-03 23:05 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-03 23:05 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-03 23:05 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-03 23:05 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-03 23:05 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-03 23:05 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-03 23:05 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-03 23:05 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-03 23:05 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-03 23:05 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-03 23:05 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-03 23:05 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-03 23:05 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-03 23:05 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-03 23:05 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-03 23:05 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-03 23:05 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-03 23:05 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-03 23:05 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-03 23:05 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-03 23:05 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-03 23:05 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-03 23:05 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-03 23:05 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-03 23:05 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-03 23:05 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-03 23:05 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-03 23:05 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-03 23:05 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-03 23:05 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-03 23:05 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-03 23:05 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-03 23:05 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-03 23:05 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-03 23:04 - 2015-05-09 05:27 - 03147776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-06-03 23:04 - 2015-05-09 05:27 - 02589184 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-06-03 23:04 - 2015-05-09 05:27 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-06-03 23:04 - 2015-05-09 05:27 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-06-03 23:04 - 2015-05-09 05:27 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-06-03 23:04 - 2015-05-09 05:27 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-06-03 23:04 - 2015-05-09 05:27 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-06-03 23:04 - 2015-05-09 05:26 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-06-03 23:04 - 2015-05-09 05:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-06-03 23:04 - 2015-05-09 05:26 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-06-03 23:04 - 2015-05-09 05:26 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-06-03 23:04 - 2015-05-09 05:14 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-06-03 23:04 - 2015-05-09 05:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-06-03 23:04 - 2015-05-09 05:14 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-06-03 23:04 - 2015-05-09 05:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-06-03 23:04 - 2015-05-09 05:13 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-06-03 21:14 - 2015-06-13 13:13 - 00000000 ____D D:\Users\Ingo\AppData\Local\Audible
2015-06-03 21:14 - 2015-06-03 21:14 - 00255352 _____ (Audible, Inc.) C:\Windows\SysWOW64\awrdscdc.ax
2015-06-03 21:14 - 2015-06-03 21:14 - 00001863 _____ D:\Users\Julia\Desktop\Audible Manager.lnk
2015-06-03 21:14 - 2015-06-03 21:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager
2015-06-03 21:13 - 2015-06-03 21:14 - 00000000 ____D C:\Program Files (x86)\Audible
2015-06-03 21:13 - 2015-06-03 21:13 - 00000000 ____D D:\Users\Public\Documents\Audible
2015-06-03 21:13 - 2001-08-17 22:43 - 00024576 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll
2015-06-02 08:25 - 2015-06-02 08:25 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2015-06-02 08:25 - 2015-06-02 08:25 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2015-06-02 08:25 - 2015-06-02 08:25 - 00000000 ____D C:\Program Files\Realtek
2015-06-02 08:24 - 2015-06-02 08:26 - 00000000 ___HD C:\Program Files (x86)\Temp
2015-06-02 08:24 - 2015-06-02 08:24 - 00000000 ____D C:\Program Files (x86)\Realtek
2015-06-02 08:24 - 2015-05-15 19:27 - 02918104 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-06-02 08:24 - 2015-05-15 18:23 - 04464344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-06-02 08:24 - 2015-05-15 16:32 - 01316056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-06-02 08:24 - 2015-05-15 15:29 - 02847448 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2015-06-02 08:24 - 2015-05-15 15:29 - 02532568 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RltkAPO.dll
2015-06-02 08:24 - 2015-05-15 13:16 - 02048372 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-06-02 08:24 - 2015-05-11 14:01 - 01739992 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-06-02 08:24 - 2015-04-28 10:52 - 05706688 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV2apo.dll
2015-06-02 08:24 - 2015-04-27 16:09 - 00328816 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2015-06-02 08:24 - 2015-04-24 05:42 - 00858256 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDRA64.dll
2015-06-02 08:24 - 2015-04-24 05:42 - 00684176 _____ (Sound Research, Corp.) C:\Windows\system32\SECOMN64.dll
2015-06-02 08:24 - 2015-04-24 05:42 - 00435856 _____ (Sound Research, Corp.) C:\Windows\system32\SEAPO64.dll
2015-06-02 08:24 - 2015-04-24 05:41 - 00555664 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SECOMN32.DLL
2015-06-02 08:24 - 2015-04-13 19:14 - 00168816 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-06-02 08:24 - 2015-04-13 16:25 - 03262184 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE2.dll
2015-06-02 08:24 - 2015-04-09 15:23 - 01559744 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64APO.dll
2015-06-02 08:24 - 2015-04-03 13:24 - 01365768 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2015-06-02 08:24 - 2015-03-11 18:04 - 02825944 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2015-06-02 08:24 - 2015-03-10 18:04 - 02702040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-06-02 08:24 - 2015-03-08 12:22 - 03182104 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-06-02 08:24 - 2015-02-05 17:48 - 12834736 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO4064.dll
2015-06-02 08:24 - 2015-02-05 17:48 - 02789808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO7064.dll
2015-06-02 08:24 - 2015-02-04 00:38 - 01413776 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll
2015-06-02 08:24 - 2015-02-04 00:38 - 00454288 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll
2015-06-02 08:24 - 2015-02-04 00:38 - 00369296 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll
2015-06-02 08:24 - 2015-02-04 00:38 - 00329360 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll
2015-06-02 08:24 - 2015-02-04 00:38 - 00329360 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2015-06-02 08:24 - 2015-01-23 18:16 - 00213432 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaemaxapo64.dll
2015-06-02 08:24 - 2015-01-19 18:10 - 72113152 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2015-06-02 08:24 - 2015-01-19 09:08 - 12975360 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2015-06-02 08:24 - 2014-12-11 08:10 - 01104040 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
2015-06-02 08:24 - 2014-12-11 08:10 - 00943784 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2015-06-02 08:24 - 2014-12-11 08:10 - 00734376 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2015-06-02 08:24 - 2014-12-11 08:10 - 00250536 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2015-06-02 08:24 - 2014-12-02 18:42 - 03218800 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-06-02 08:24 - 2014-11-11 13:44 - 00631000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-06-02 08:24 - 2014-11-04 13:42 - 06242576 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64AF3.dll
2015-06-02 08:24 - 2014-11-04 13:42 - 01933584 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64AF3.dll
2015-06-02 08:24 - 2014-11-04 13:42 - 00336144 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64AF3.dll
2015-06-02 08:24 - 2014-11-04 13:42 - 00284944 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64F3.dll
2015-06-02 08:24 - 2014-10-24 10:12 - 05234952 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2015-06-02 08:24 - 2014-10-24 10:12 - 00995120 _____ (Nahimic Inc) C:\Windows\system32\NahimicAPONSControl.dll
2015-06-02 08:24 - 2014-09-24 11:31 - 07087448 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2015-06-02 08:24 - 2014-09-24 11:31 - 01939800 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2015-06-02 08:24 - 2014-09-24 11:31 - 00315736 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2015-06-02 08:24 - 2014-09-24 11:31 - 00261464 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2015-06-02 08:24 - 2014-08-14 19:16 - 05804772 _____ C:\Windows\system32\Drivers\rtvienna.dat
2015-06-02 08:24 - 2014-07-03 14:44 - 01499984 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2015-06-02 08:24 - 2014-07-03 14:44 - 00979280 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2015-06-02 08:24 - 2014-06-17 19:17 - 00856992 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2015-06-02 08:24 - 2014-06-09 10:59 - 00560328 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-06-02 08:24 - 2014-05-22 16:24 - 00096568 _____ C:\Windows\system32\audioLibVc.dll
2015-06-02 08:24 - 2014-04-17 17:42 - 01136728 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2015-06-02 08:24 - 2014-04-10 12:19 - 02101848 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2015-06-02 08:24 - 2014-04-10 12:19 - 02041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2015-06-02 08:24 - 2014-02-27 20:02 - 02162992 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2015-06-02 08:24 - 2014-01-31 17:27 - 01313904 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
2015-06-02 08:24 - 2013-10-11 12:47 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-06-02 08:24 - 2013-10-11 11:31 - 00947760 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2015-06-02 08:24 - 2013-10-07 00:26 - 00501184 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2015-06-02 08:24 - 2013-10-07 00:26 - 00487360 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2015-06-02 08:24 - 2013-10-07 00:26 - 00415680 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2015-06-02 08:24 - 2013-08-14 15:36 - 00662784 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2015-06-02 08:24 - 2013-08-14 15:35 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2015-06-02 08:24 - 2013-07-23 15:39 - 14048512 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2015-06-02 08:24 - 2013-07-23 15:39 - 00922880 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2015-06-02 08:24 - 2013-06-25 12:47 - 00871856 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll
2015-06-02 08:24 - 2013-06-25 12:47 - 00162224 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll
2015-06-02 08:24 - 2013-06-25 12:46 - 00582056 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll
2015-06-02 08:24 - 2013-06-21 11:01 - 00109848 _____ C:\Windows\system32\AcpiServiceVnA64.dll
2015-06-02 08:24 - 2013-04-03 14:13 - 00906800 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2015-06-02 08:24 - 2012-08-31 19:18 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2015-06-02 08:24 - 2012-08-31 19:17 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2015-06-02 08:24 - 2012-08-31 19:17 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2015-06-02 08:24 - 2012-08-31 19:17 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2015-06-02 08:24 - 2012-08-31 19:17 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2015-06-02 08:24 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-06-02 08:24 - 2012-01-10 10:20 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2015-06-02 08:24 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-06-02 08:24 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2015-06-02 08:24 - 2011-09-02 14:21 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2015-06-02 08:24 - 2011-09-02 14:21 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2015-06-02 08:24 - 2011-09-02 14:21 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2015-06-02 08:24 - 2011-08-23 17:00 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2015-06-02 08:24 - 2011-05-31 09:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2015-06-02 08:24 - 2011-05-31 09:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2015-06-02 08:24 - 2011-05-31 09:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2015-06-02 08:24 - 2011-05-31 09:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2015-06-02 08:24 - 2011-05-31 09:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2015-06-02 08:24 - 2011-05-31 09:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2015-06-02 08:24 - 2011-05-31 09:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2015-06-02 08:24 - 2011-05-31 09:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2015-06-02 08:24 - 2011-05-31 09:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2015-06-02 08:24 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2015-06-02 08:24 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2015-06-02 08:24 - 2011-05-31 09:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2015-06-02 08:24 - 2011-03-17 12:17 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2015-06-02 08:24 - 2011-03-07 17:11 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2015-06-02 08:24 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-06-02 08:24 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-06-02 08:24 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-06-02 08:24 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-06-02 08:24 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-06-02 08:24 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-06-02 08:24 - 2010-09-27 09:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-06-02 08:24 - 2010-07-22 16:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2015-06-02 08:24 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2015-06-02 08:24 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2015-06-02 08:24 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2015-06-02 08:24 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-02 21:38 - 2015-05-21 00:03 - 00000000 ____D D:\Users\Ingo\AppData\Roaming\Spamihilator
2015-07-02 21:37 - 2015-05-24 14:23 - 00033528 _____ C:\Windows\errord.log
2015-07-02 21:37 - 2015-05-24 14:23 - 00016368 _____ C:\Windows\error.log
2015-07-02 21:37 - 2015-05-21 00:48 - 00015799 _____ C:\Windows\setupact.log
2015-07-02 21:37 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-02 21:36 - 2015-05-14 23:16 - 00000000 ____D D:\Users\Ingo
2015-07-02 21:36 - 2015-05-13 20:33 - 02093661 _____ C:\Windows\WindowsUpdate.log
2015-07-02 21:36 - 2009-07-14 06:45 - 00020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-02 21:36 - 2009-07-14 06:45 - 00020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-02 21:32 - 2015-05-26 08:29 - 00037872 _____ C:\Windows\PFRO.log
2015-07-02 21:32 - 2009-07-14 06:45 - 04900304 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-02 21:26 - 2015-05-21 00:02 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2015-07-02 20:47 - 2011-04-12 09:43 - 00702198 _____ C:\Windows\system32\perfh007.dat
2015-07-02 20:47 - 2011-04-12 09:43 - 00149838 _____ C:\Windows\system32\perfc007.dat
2015-07-02 20:47 - 2009-07-14 07:13 - 01626984 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-02 18:08 - 2015-05-13 21:39 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-07-01 00:02 - 2015-05-29 03:58 - 00000000 ____D D:\Users\Ingo\AppData\Local\CrashDumps
2015-06-28 18:22 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-28 17:41 - 2015-05-23 00:35 - 00000000 ____D D:\Users\Julia\AppData\Roaming\Skype
2015-06-28 12:40 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-27 20:22 - 2015-05-13 21:39 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
2015-06-18 22:51 - 2015-05-21 21:26 - 00000000 ____D D:\Users\Ingo\.VirtualBox
2015-06-18 00:33 - 2015-05-23 23:05 - 00000000 ____D D:\Users\Ingo\Documents\decrypted ebooks
2015-06-15 22:24 - 2015-05-22 23:19 - 00000000 ____D D:\Users\Julia\AppData\Roaming\.purple
2015-06-15 02:58 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-14 16:13 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-12 21:50 - 2015-05-21 20:44 - 00000000 ____D D:\Users\Ingo\AppData\Roaming\KeePass
2015-06-12 20:56 - 2015-05-21 21:10 - 00000000 ____D D:\Users\Ingo\Documents\My Digital Editions
2015-06-12 14:11 - 2015-05-25 20:58 - 00000000 ____D C:\Windows\system32\appmgmt
2015-06-10 23:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-10 22:15 - 2015-05-14 01:03 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 22:15 - 2015-05-13 21:00 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-10 22:11 - 2015-05-14 01:03 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-08 23:49 - 2015-05-25 22:36 - 00015779 _____ D:\Users\Julia\Desktop\Wohnungsfinanzierung_1411.xlsx
2015-06-08 21:35 - 2015-05-15 00:00 - 00000000 ____D C:\Program Files (x86)\FreeOCR
2015-06-08 20:03 - 2015-05-24 14:09 - 00000000 ____D D:\Users\Julia\AppData\Roaming\KeePass
2015-06-08 20:02 - 2015-05-13 21:10 - 00000000 ____D C:\ProgramData\Skype
2015-06-04 12:50 - 2015-05-13 23:16 - 01645874 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-06-04 00:25 - 2015-05-14 23:11 - 00000000 ___HD D:\Users\Public\Libraries
2015-06-03 23:07 - 2015-05-13 21:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-03 23:06 - 2015-05-14 01:06 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-03 23:06 - 2015-05-14 01:06 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-03 20:36 - 2015-05-15 00:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-02 08:24 - 2015-05-13 21:15 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

==================== Files in the root of some directories =======

2015-05-25 23:24 - 2015-05-25 23:28 - 0000026 _____ () D:\Users\Ingo\AppData\Local\isoworkshop.ini
2015-06-02 08:25 - 2015-06-02 08:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
D:\Users\Ingo\AppData\Local\Temp\Quarantine.exe
D:\Users\Ingo\AppData\Local\Temp\sqlite3.dll
D:\Users\Julia\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-29 08:08

==================== End of log ============================
         
--- --- ---
__________________

Geändert von ingoxxl (02.07.2015 um 23:39 Uhr)

Alt 02.07.2015, 23:45   #4
ingoxxl
 
Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal" - Standard

Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal"



GMER.log Teil 1
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-07-02 22:06:41
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006d SanDisk_ rev.3.2. 117,38GB
Running: Gmer-19357.exe; Driver: D:\Users\Ingo\AppData\Local\Temp\kxldipow.sys


---- User code sections - GMER 2.1 ----

.text    C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                 0000000076f8dc60 5 bytes JMP 0000000149e00460
.text    C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                          0000000076f8dcb0 5 bytes JMP 0000000149e00450
.text    C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                          0000000076f8de10 5 bytes JMP 0000000149e00370
.text    C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                               0000000076f8de60 5 bytes JMP 0000000149e00470
.text    C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                     0000000076f8de70 5 bytes JMP 0000000149e003e0
.text    C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                          0000000076f8df20 5 bytes JMP 0000000149e00320
.text    C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                   0000000076f8df50 5 bytes JMP 0000000149e003b0
.text    C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                      0000000076f8df70 5 bytes JMP 0000000149e00390
.text    C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                            0000000076f8dfb0 5 bytes JMP 0000000149e002e0
.text    C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                          0000000076f8e030 5 bytes JMP 0000000149e002d0
.text    C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                        0000000076f8e050 5 bytes JMP 0000000149e00310
.text    C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                         0000000076f8e090 5 bytes JMP 0000000149e003c0
.text    C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                      0000000076f8e0e0 5 bytes JMP 0000000149e003f0
.text    C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                         0000000076f8e240 5 bytes JMP 0000000149e00230
.text    C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                              0000000076f8e400 5 bytes JMP 0000000149e00480
.text    C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                             0000000076f8e430 5 bytes JMP 0000000149e003a0
.text    C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                      0000000076f8e510 5 bytes JMP 0000000149e002f0
.text    C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                   0000000076f8e520 5 bytes JMP 0000000149e00350
.text    C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                         0000000076f8e580 5 bytes JMP 0000000149e00290
.text    C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                      0000000076f8e610 5 bytes JMP 0000000149e002b0
.text    C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                       0000000076f8e630 5 bytes JMP 0000000149e003d0
.text    C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                          0000000076f8e640 5 bytes JMP 0000000149e00330
.text    C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                   0000000076f8e6b0 5 bytes JMP 0000000149e00410
.text    C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                      0000000076f8e6e0 5 bytes JMP 0000000149e00240
.text    C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                           0000000076f8e9a0 5 bytes JMP 0000000149e001e0
.text    C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                      0000000076f8ea60 5 bytes JMP 0000000149e00250
.text    C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                      0000000076f8ea90 5 bytes JMP 0000000149e00490
.text    C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                             0000000076f8eaa0 5 bytes JMP 0000000149e004a0
.text    C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                        0000000076f8ead0 5 bytes JMP 0000000149e00300
.text    C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                     0000000076f8eae0 5 bytes JMP 0000000149e00360
.text    C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                           0000000076f8eb40 5 bytes JMP 0000000149e002a0
.text    C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                        0000000076f8eb90 5 bytes JMP 0000000149e002c0
.text    C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                           0000000076f8ebc0 5 bytes JMP 0000000149e00380
.text    C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                            0000000076f8ebd0 5 bytes JMP 0000000149e00340
.text    C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                     0000000076f8eec0 5 bytes JMP 0000000149e00440
.text    C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                    0000000076f8f0c0 5 bytes JMP 0000000149e00260
.text    C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                       0000000076f8f0d0 5 bytes JMP 0000000149e00270
.text    C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                     0000000076f8f0e0 5 bytes JMP 0000000149e00400
.text    C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                 0000000076f8f2a0 5 bytes JMP 0000000149e001f0
.text    C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                  0000000076f8f2b0 5 bytes JMP 0000000149e00210
.text    C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                       0000000076f8f320 5 bytes JMP 0000000149e00200
.text    C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                       0000000076f8f380 5 bytes JMP 0000000149e00420
.text    C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                        0000000076f8f390 5 bytes JMP 0000000149e00430
.text    C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                   0000000076f8f3a0 5 bytes JMP 0000000149e00220
.text    C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                           0000000076f8f480 5 bytes JMP 0000000149e00280
.text    C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                               0000000076f8dc60 5 bytes JMP 00000000770f0460
.text    C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                        0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text    C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                        0000000076f8de10 5 bytes JMP 00000000770f0370
.text    C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                             0000000076f8de60 5 bytes JMP 00000000770f0470
.text    C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                   0000000076f8de70 5 bytes JMP 00000000770f03e0
.text    C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                        0000000076f8df20 5 bytes JMP 00000000770f0320
.text    C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                 0000000076f8df50 5 bytes JMP 00000000770f03b0
.text    C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                    0000000076f8df70 5 bytes JMP 00000000770f0390
.text    C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                          0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text    C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                        0000000076f8e030 5 bytes JMP 00000000770f02d0
.text    C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                      0000000076f8e050 5 bytes JMP 00000000770f0310
.text    C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                       0000000076f8e090 5 bytes JMP 00000000770f03c0
.text    C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                    0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text    C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                       0000000076f8e240 5 bytes JMP 00000000770f0230
.text    C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                            0000000076f8e400 5 bytes JMP 00000000770f0480
.text    C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                           0000000076f8e430 5 bytes JMP 00000000770f03a0
.text    C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                    0000000076f8e510 5 bytes JMP 00000000770f02f0
.text    C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                 0000000076f8e520 5 bytes JMP 00000000770f0350
.text    C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                       0000000076f8e580 5 bytes JMP 00000000770f0290
.text    C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                    0000000076f8e610 5 bytes JMP 00000000770f02b0
.text    C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                     0000000076f8e630 5 bytes JMP 00000000770f03d0
.text    C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                        0000000076f8e640 5 bytes JMP 00000000770f0330
.text    C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                 0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text    C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                    0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text    C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                         0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text    C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                    0000000076f8ea60 5 bytes JMP 00000000770f0250
.text    C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                    0000000076f8ea90 5 bytes JMP 00000000770f0490
.text    C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                           0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text    C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                      0000000076f8ead0 5 bytes JMP 00000000770f0300
.text    C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                   0000000076f8eae0 5 bytes JMP 00000000770f0360
.text    C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                         0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text    C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                      0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text    C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                         0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text    C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                          0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text    C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                   0000000076f8eec0 5 bytes JMP 00000000770f0440
.text    C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                  0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text    C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                     0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text    C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                   0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text    C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                               0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text    C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text    C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                     0000000076f8f320 5 bytes JMP 00000000770f0200
.text    C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                     0000000076f8f380 5 bytes JMP 00000000770f0420
.text    C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                      0000000076f8f390 5 bytes JMP 00000000770f0430
.text    C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                 0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text    C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                         0000000076f8f480 5 bytes JMP 00000000770f0280
.text    C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                 0000000076f8dc60 5 bytes JMP 0000000149e00460
.text    C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                          0000000076f8dcb0 5 bytes JMP 0000000149e00450
.text    C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                          0000000076f8de10 5 bytes JMP 0000000149e00370
.text    C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                               0000000076f8de60 5 bytes JMP 0000000149e00470
.text    C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                     0000000076f8de70 5 bytes JMP 0000000149e003e0
.text    C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                          0000000076f8df20 5 bytes JMP 0000000149e00320
.text    C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                   0000000076f8df50 5 bytes JMP 0000000149e003b0
.text    C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                      0000000076f8df70 5 bytes JMP 0000000149e00390
.text    C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                            0000000076f8dfb0 5 bytes JMP 0000000149e002e0
.text    C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                          0000000076f8e030 5 bytes JMP 0000000149e002d0
.text    C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                        0000000076f8e050 5 bytes JMP 0000000149e00310
.text    C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                         0000000076f8e090 5 bytes JMP 0000000149e003c0
.text    C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                      0000000076f8e0e0 5 bytes JMP 0000000149e003f0
.text    C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                         0000000076f8e240 5 bytes JMP 0000000149e00230
.text    C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                              0000000076f8e400 5 bytes JMP 0000000149e00480
.text    C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                             0000000076f8e430 5 bytes JMP 0000000149e003a0
.text    C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                      0000000076f8e510 5 bytes JMP 0000000149e002f0
.text    C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                   0000000076f8e520 5 bytes JMP 0000000149e00350
.text    C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                         0000000076f8e580 5 bytes JMP 0000000149e00290
.text    C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                      0000000076f8e610 5 bytes JMP 0000000149e002b0
.text    C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                       0000000076f8e630 5 bytes JMP 0000000149e003d0
.text    C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                          0000000076f8e640 5 bytes JMP 0000000149e00330
.text    C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                   0000000076f8e6b0 5 bytes JMP 0000000149e00410
.text    C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                      0000000076f8e6e0 5 bytes JMP 0000000149e00240
.text    C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                           0000000076f8e9a0 5 bytes JMP 0000000149e001e0
.text    C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                      0000000076f8ea60 5 bytes JMP 0000000149e00250
.text    C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                      0000000076f8ea90 5 bytes JMP 0000000149e00490
.text    C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                             0000000076f8eaa0 5 bytes JMP 0000000149e004a0
.text    C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                        0000000076f8ead0 5 bytes JMP 0000000149e00300
.text    C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                     0000000076f8eae0 5 bytes JMP 0000000149e00360
.text    C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                           0000000076f8eb40 5 bytes JMP 0000000149e002a0
.text    C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                        0000000076f8eb90 5 bytes JMP 0000000149e002c0
.text    C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                           0000000076f8ebc0 5 bytes JMP 0000000149e00380
.text    C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                            0000000076f8ebd0 5 bytes JMP 0000000149e00340
.text    C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                     0000000076f8eec0 5 bytes JMP 0000000149e00440
.text    C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                    0000000076f8f0c0 5 bytes JMP 0000000149e00260
.text    C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                       0000000076f8f0d0 5 bytes JMP 0000000149e00270
.text    C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                     0000000076f8f0e0 5 bytes JMP 0000000149e00400
.text    C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                 0000000076f8f2a0 5 bytes JMP 0000000149e001f0
.text    C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                  0000000076f8f2b0 5 bytes JMP 0000000149e00210
.text    C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                       0000000076f8f320 5 bytes JMP 0000000149e00200
.text    C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                       0000000076f8f380 5 bytes JMP 0000000149e00420
.text    C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                        0000000076f8f390 5 bytes JMP 0000000149e00430
.text    C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                   0000000076f8f3a0 5 bytes JMP 0000000149e00220
.text    C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                           0000000076f8f480 5 bytes JMP 0000000149e00280
.text    C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                              0000000076f8dc60 5 bytes JMP 00000000770f0460
.text    C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                       0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text    C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                       0000000076f8de10 5 bytes JMP 00000000770f0370
.text    C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                            0000000076f8de60 5 bytes JMP 00000000770f0470
.text    C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                  0000000076f8de70 5 bytes JMP 00000000770f03e0
.text    C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                       0000000076f8df20 5 bytes JMP 00000000770f0320
.text    C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                0000000076f8df50 5 bytes JMP 00000000770f03b0
.text    C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                   0000000076f8df70 5 bytes JMP 00000000770f0390
.text    C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                         0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text    C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                       0000000076f8e030 5 bytes JMP 00000000770f02d0
.text    C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                     0000000076f8e050 5 bytes JMP 00000000770f0310
.text    C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                      0000000076f8e090 5 bytes JMP 00000000770f03c0
.text    C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                   0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text    C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                      0000000076f8e240 5 bytes JMP 00000000770f0230
.text    C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                           0000000076f8e400 5 bytes JMP 00000000770f0480
.text    C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                          0000000076f8e430 5 bytes JMP 00000000770f03a0
.text    C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                   0000000076f8e510 5 bytes JMP 00000000770f02f0
.text    C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                0000000076f8e520 5 bytes JMP 00000000770f0350
.text    C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                      0000000076f8e580 5 bytes JMP 00000000770f0290
.text    C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                   0000000076f8e610 5 bytes JMP 00000000770f02b0
.text    C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                    0000000076f8e630 5 bytes JMP 00000000770f03d0
.text    C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                       0000000076f8e640 5 bytes JMP 00000000770f0330
.text    C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text    C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                   0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text    C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                        0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text    C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                   0000000076f8ea60 5 bytes JMP 00000000770f0250
.text    C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                   0000000076f8ea90 5 bytes JMP 00000000770f0490
.text    C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                          0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text    C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                     0000000076f8ead0 5 bytes JMP 00000000770f0300
.text    C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                  0000000076f8eae0 5 bytes JMP 00000000770f0360
.text    C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                        0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text    C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                     0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text    C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                        0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text    C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                         0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text    C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                  0000000076f8eec0 5 bytes JMP 00000000770f0440
.text    C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                 0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text    C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                    0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text    C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                  0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text    C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                              0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text    C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                               0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text    C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                    0000000076f8f320 5 bytes JMP 00000000770f0200
.text    C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                    0000000076f8f380 5 bytes JMP 00000000770f0420
.text    C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                     0000000076f8f390 5 bytes JMP 00000000770f0430
.text    C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text    C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                        0000000076f8f480 5 bytes JMP 00000000770f0280
.text    C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                              0000000076f8dc60 5 bytes JMP 00000000770f0460
.text    C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                       0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text    C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                       0000000076f8de10 5 bytes JMP 00000000770f0370
.text    C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                            0000000076f8de60 5 bytes JMP 00000000770f0470
.text    C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                  0000000076f8de70 5 bytes JMP 00000000770f03e0
.text    C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                       0000000076f8df20 5 bytes JMP 00000000770f0320
.text    C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                0000000076f8df50 5 bytes JMP 00000000770f03b0
.text    C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                   0000000076f8df70 5 bytes JMP 00000000770f0390
.text    C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                         0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text    C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                       0000000076f8e030 5 bytes JMP 00000000770f02d0
.text    C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                     0000000076f8e050 5 bytes JMP 00000000770f0310
.text    C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                      0000000076f8e090 5 bytes JMP 00000000770f03c0
.text    C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                   0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text    C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                      0000000076f8e240 5 bytes JMP 00000000770f0230
.text    C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                           0000000076f8e400 5 bytes JMP 00000000770f0480
.text    C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                          0000000076f8e430 5 bytes JMP 00000000770f03a0
.text    C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                   0000000076f8e510 5 bytes JMP 00000000770f02f0
.text    C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                0000000076f8e520 5 bytes JMP 00000000770f0350
.text    C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                      0000000076f8e580 5 bytes JMP 00000000770f0290
.text    C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                   0000000076f8e610 5 bytes JMP 00000000770f02b0
.text    C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                    0000000076f8e630 5 bytes JMP 00000000770f03d0
.text    C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                       0000000076f8e640 5 bytes JMP 00000000770f0330
.text    C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text    C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                   0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text    C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                        0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text    C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                   0000000076f8ea60 5 bytes JMP 00000000770f0250
.text    C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                   0000000076f8ea90 5 bytes JMP 00000000770f0490
.text    C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                          0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text    C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                     0000000076f8ead0 5 bytes JMP 00000000770f0300
.text    C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                  0000000076f8eae0 5 bytes JMP 00000000770f0360
.text    C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                        0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text    C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                     0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text    C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                        0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text    C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                         0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text    C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                  0000000076f8eec0 5 bytes JMP 00000000770f0440
.text    C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                 0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text    C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                    0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text    C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                  0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text    C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                              0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text    C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                               0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text    C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                    0000000076f8f320 5 bytes JMP 00000000770f0200
.text    C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                    0000000076f8f380 5 bytes JMP 00000000770f0420
.text    C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                     0000000076f8f390 5 bytes JMP 00000000770f0430
.text    C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text    C:\Windows\system32\winlogon.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                        0000000076f8f480 5 bytes JMP 00000000770f0280
.text    C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                 0000000076f8dc60 5 bytes JMP 00000000770f0460
.text    C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                          0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text    C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                          0000000076f8de10 5 bytes JMP 00000000770f0370
.text    C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                               0000000076f8de60 5 bytes JMP 00000000770f0470
.text    C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                     0000000076f8de70 5 bytes JMP 00000000770f03e0
.text    C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                          0000000076f8df20 5 bytes JMP 00000000770f0320
.text    C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                   0000000076f8df50 5 bytes JMP 00000000770f03b0
.text    C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                      0000000076f8df70 5 bytes JMP 00000000770f0390
.text    C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                            0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text    C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                          0000000076f8e030 5 bytes JMP 00000000770f02d0
.text    C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                        0000000076f8e050 5 bytes JMP 00000000770f0310
.text    C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                         0000000076f8e090 5 bytes JMP 00000000770f03c0
.text    C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                      0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text    C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                         0000000076f8e240 5 bytes JMP 00000000770f0230
.text    C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                              0000000076f8e400 5 bytes JMP 00000000770f0480
.text    C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                             0000000076f8e430 5 bytes JMP 00000000770f03a0
.text    C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                      0000000076f8e510 5 bytes JMP 00000000770f02f0
.text    C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                   0000000076f8e520 5 bytes JMP 00000000770f0350
.text    C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                         0000000076f8e580 5 bytes JMP 00000000770f0290
.text    C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                      0000000076f8e610 5 bytes JMP 00000000770f02b0
.text    C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                       0000000076f8e630 5 bytes JMP 00000000770f03d0
.text    C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                          0000000076f8e640 5 bytes JMP 00000000770f0330
.text    C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                   0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text    C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                      0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text    C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                           0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text    C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                      0000000076f8ea60 5 bytes JMP 00000000770f0250
.text    C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                      0000000076f8ea90 5 bytes JMP 00000000770f0490
.text    C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                             0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text    C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                        0000000076f8ead0 5 bytes JMP 00000000770f0300
.text    C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                     0000000076f8eae0 5 bytes JMP 00000000770f0360
.text    C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                           0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text    C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                        0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text    C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                           0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text    C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                            0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text    C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                     0000000076f8eec0 5 bytes JMP 00000000770f0440
.text    C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                    0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text    C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                       0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text    C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                     0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text    C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                 0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text    C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                  0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text    C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                       0000000076f8f320 5 bytes JMP 00000000770f0200
.text    C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                       0000000076f8f380 5 bytes JMP 00000000770f0420
.text    C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                        0000000076f8f390 5 bytes JMP 00000000770f0430
.text    C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                   0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text    C:\Windows\system32\lsass.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                           0000000076f8f480 5 bytes JMP 00000000770f0280
.text    C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                   0000000076f8dc60 5 bytes JMP 00000000770f0460
.text    C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                            0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text    C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                            0000000076f8de10 5 bytes JMP 00000000770f0370
.text    C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                 0000000076f8de60 5 bytes JMP 00000000770f0470
.text    C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                       0000000076f8de70 5 bytes JMP 00000000770f03e0
.text    C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                            0000000076f8df20 5 bytes JMP 00000000770f0320
.text    C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                     0000000076f8df50 5 bytes JMP 00000000770f03b0
.text    C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                        0000000076f8df70 5 bytes JMP 00000000770f0390
.text    C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                              0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text    C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                            0000000076f8e030 5 bytes JMP 00000000770f02d0
.text    C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                          0000000076f8e050 5 bytes JMP 00000000770f0310
.text    C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                           0000000076f8e090 5 bytes JMP 00000000770f03c0
.text    C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                        0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text    C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                           0000000076f8e240 5 bytes JMP 00000000770f0230
.text    C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                0000000076f8e400 5 bytes JMP 00000000770f0480
.text    C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                               0000000076f8e430 5 bytes JMP 00000000770f03a0
.text    C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                        0000000076f8e510 5 bytes JMP 00000000770f02f0
.text    C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                     0000000076f8e520 5 bytes JMP 00000000770f0350
.text    C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                           0000000076f8e580 5 bytes JMP 00000000770f0290
.text    C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                        0000000076f8e610 5 bytes JMP 00000000770f02b0
.text    C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                         0000000076f8e630 5 bytes JMP 00000000770f03d0
.text    C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                            0000000076f8e640 5 bytes JMP 00000000770f0330
.text    C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                     0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text    C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                        0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text    C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                             0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text    C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                        0000000076f8ea60 5 bytes JMP 00000000770f0250
.text    C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                        0000000076f8ea90 5 bytes JMP 00000000770f0490
.text    C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                               0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text    C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                          0000000076f8ead0 5 bytes JMP 00000000770f0300
.text    C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                       0000000076f8eae0 5 bytes JMP 00000000770f0360
.text    C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                             0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text    C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                          0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text    C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                             0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text    C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                              0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text    C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                       0000000076f8eec0 5 bytes JMP 00000000770f0440
.text    C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                      0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text    C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                         0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text    C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                       0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text    C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                   0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text    C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                    0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text    C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                         0000000076f8f320 5 bytes JMP 00000000770f0200
.text    C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                         0000000076f8f380 5 bytes JMP 00000000770f0420
.text    C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                          0000000076f8f390 5 bytes JMP 00000000770f0430
.text    C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                     0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text    C:\Windows\system32\lsm.exe[656] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                             0000000076f8f480 5 bytes JMP 00000000770f0280
.text    C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                               0000000076f8dc60 5 bytes JMP 00000000770f0460
.text    C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                        0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text    C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                        0000000076f8de10 5 bytes JMP 00000000770f0370
.text    C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                             0000000076f8de60 5 bytes JMP 00000000770f0470
.text    C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                   0000000076f8de70 5 bytes JMP 00000000770f03e0
.text    C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                        0000000076f8df20 5 bytes JMP 00000000770f0320
.text    C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                 0000000076f8df50 5 bytes JMP 00000000770f03b0
.text    C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                    0000000076f8df70 5 bytes JMP 00000000770f0390
.text    C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                          0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text    C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                        0000000076f8e030 5 bytes JMP 00000000770f02d0
.text    C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                      0000000076f8e050 5 bytes JMP 00000000770f0310
.text    C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                       0000000076f8e090 5 bytes JMP 00000000770f03c0
.text    C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                    0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text    C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                       0000000076f8e240 5 bytes JMP 00000000770f0230
.text    C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                            0000000076f8e400 5 bytes JMP 00000000770f0480
.text    C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                           0000000076f8e430 5 bytes JMP 00000000770f03a0
.text    C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                    0000000076f8e510 5 bytes JMP 00000000770f02f0
.text    C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                 0000000076f8e520 5 bytes JMP 00000000770f0350
.text    C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                       0000000076f8e580 5 bytes JMP 00000000770f0290
.text    C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                    0000000076f8e610 5 bytes JMP 00000000770f02b0
.text    C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                     0000000076f8e630 5 bytes JMP 00000000770f03d0
.text    C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                        0000000076f8e640 5 bytes JMP 00000000770f0330
.text    C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                 0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text    C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                    0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text    C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                         0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text    C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                    0000000076f8ea60 5 bytes JMP 00000000770f0250
.text    C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                    0000000076f8ea90 5 bytes JMP 00000000770f0490
.text    C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                           0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text    C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                      0000000076f8ead0 5 bytes JMP 00000000770f0300
.text    C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                   0000000076f8eae0 5 bytes JMP 00000000770f0360
.text    C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                         0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text    C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                      0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text    C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                         0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text    C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                          0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text    C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                   0000000076f8eec0 5 bytes JMP 00000000770f0440
.text    C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                  0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text    C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                     0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text    C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                   0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text    C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                               0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text    C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text    C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                     0000000076f8f320 5 bytes JMP 00000000770f0200
.text    C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                     0000000076f8f380 5 bytes JMP 00000000770f0420
.text    C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                      0000000076f8f390 5 bytes JMP 00000000770f0430
.text    C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                 0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text    C:\Windows\system32\svchost.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                         0000000076f8f480 5 bytes JMP 00000000770f0280
.text    C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                               0000000076f8dc60 5 bytes JMP 00000000770f0460
.text    C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                        0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text    C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                        0000000076f8de10 5 bytes JMP 00000000770f0370
.text    C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                             0000000076f8de60 5 bytes JMP 00000000770f0470
.text    C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                   0000000076f8de70 5 bytes JMP 00000000770f03e0
.text    C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                        0000000076f8df20 5 bytes JMP 00000000770f0320
.text    C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                 0000000076f8df50 5 bytes JMP 00000000770f03b0
.text    C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                    0000000076f8df70 5 bytes JMP 00000000770f0390
.text    C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                          0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text    C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                        0000000076f8e030 5 bytes JMP 00000000770f02d0
.text    C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                      0000000076f8e050 5 bytes JMP 00000000770f0310
.text    C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                       0000000076f8e090 5 bytes JMP 00000000770f03c0
.text    C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                    0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text    C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                       0000000076f8e240 5 bytes JMP 00000000770f0230
.text    C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                            0000000076f8e400 5 bytes JMP 00000000770f0480
.text    C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                           0000000076f8e430 5 bytes JMP 00000000770f03a0
.text    C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                    0000000076f8e510 5 bytes JMP 00000000770f02f0
.text    C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                 0000000076f8e520 5 bytes JMP 00000000770f0350
.text    C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                       0000000076f8e580 5 bytes JMP 00000000770f0290
.text    C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                    0000000076f8e610 5 bytes JMP 00000000770f02b0
.text    C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                     0000000076f8e630 5 bytes JMP 00000000770f03d0
.text    C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                        0000000076f8e640 5 bytes JMP 00000000770f0330
.text    C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                 0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text    C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                    0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text    C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                         0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text    C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                    0000000076f8ea60 5 bytes JMP 00000000770f0250
.text    C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                    0000000076f8ea90 5 bytes JMP 00000000770f0490
.text    C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                           0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text    C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                      0000000076f8ead0 5 bytes JMP 00000000770f0300
.text    C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                   0000000076f8eae0 5 bytes JMP 00000000770f0360
.text    C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                         0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text    C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                      0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text    C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                         0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text    C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                          0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text    C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                   0000000076f8eec0 5 bytes JMP 00000000770f0440
.text    C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                  0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text    C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                     0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text    C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                   0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text    C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                               0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text    C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text    C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                     0000000076f8f320 5 bytes JMP 00000000770f0200
.text    C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                     0000000076f8f380 5 bytes JMP 00000000770f0420
.text    C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                      0000000076f8f390 5 bytes JMP 00000000770f0430
.text    C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                 0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text    C:\Windows\system32\svchost.exe[864] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                         0000000076f8f480 5 bytes JMP 00000000770f0280
.text    C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                               0000000076f8dc60 5 bytes JMP 00000000770f0460
.text    C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                        0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text    C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                        0000000076f8de10 5 bytes JMP 00000000770f0370
.text    C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                             0000000076f8de60 5 bytes JMP 00000000770f0470
.text    C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                   0000000076f8de70 5 bytes JMP 00000000770f03e0
.text    C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                        0000000076f8df20 5 bytes JMP 00000000770f0320
.text    C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                 0000000076f8df50 5 bytes JMP 00000000770f03b0
.text    C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                    0000000076f8df70 5 bytes JMP 00000000770f0390
.text    C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                          0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text    C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                        0000000076f8e030 5 bytes JMP 00000000770f02d0
.text    C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                      0000000076f8e050 5 bytes JMP 00000000770f0310
.text    C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                       0000000076f8e090 5 bytes JMP 00000000770f03c0
.text    C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                    0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text    C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                       0000000076f8e240 5 bytes JMP 00000000770f0230
.text    C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                            0000000076f8e400 5 bytes JMP 00000000770f0480
.text    C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                           0000000076f8e430 5 bytes JMP 00000000770f03a0
.text    C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                    0000000076f8e510 5 bytes JMP 00000000770f02f0
.text    C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                 0000000076f8e520 5 bytes JMP 00000000770f0350
.text    C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                       0000000076f8e580 5 bytes JMP 00000000770f0290
.text    C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                    0000000076f8e610 5 bytes JMP 00000000770f02b0
.text    C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                     0000000076f8e630 5 bytes JMP 00000000770f03d0
.text    C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                        0000000076f8e640 5 bytes JMP 00000000770f0330
.text    C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                 0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text    C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                    0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text    C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                         0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text    C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                    0000000076f8ea60 5 bytes JMP 00000000770f0250
.text    C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                    0000000076f8ea90 5 bytes JMP 00000000770f0490
.text    C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                           0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text    C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                      0000000076f8ead0 5 bytes JMP 00000000770f0300
.text    C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                   0000000076f8eae0 5 bytes JMP 00000000770f0360
.text    C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                         0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text    C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                      0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text    C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                         0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text    C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                          0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text    C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                   0000000076f8eec0 5 bytes JMP 00000000770f0440
.text    C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                  0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text    C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                     0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text    C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                   0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text    C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                               0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text    C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text    C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                     0000000076f8f320 5 bytes JMP 00000000770f0200
.text    C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                     0000000076f8f380 5 bytes JMP 00000000770f0420
.text    C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                      0000000076f8f390 5 bytes JMP 00000000770f0430
.text    C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                 0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text    C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                         0000000076f8f480 5 bytes JMP 00000000770f0280
         

Alt 02.07.2015, 23:49   #5
ingoxxl
 
Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal" - Standard

Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal"



GMER.log Teil 2

Code:
ATTFilter
.text    C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                              0000000076f8dc60 5 bytes JMP 00000000770f0460
.text    C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                       0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text    C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                       0000000076f8de10 5 bytes JMP 00000000770f0370
.text    C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                            0000000076f8de60 5 bytes JMP 00000000770f0470
.text    C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                  0000000076f8de70 5 bytes JMP 00000000770f03e0
.text    C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                       0000000076f8df20 5 bytes JMP 00000000770f0320
.text    C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                0000000076f8df50 5 bytes JMP 00000000770f03b0
.text    C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                   0000000076f8df70 5 bytes JMP 00000000770f0390
.text    C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                         0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text    C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                       0000000076f8e030 5 bytes JMP 00000000770f02d0
.text    C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                     0000000076f8e050 5 bytes JMP 00000000770f0310
.text    C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                      0000000076f8e090 5 bytes JMP 00000000770f03c0
.text    C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                   0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text    C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                      0000000076f8e240 5 bytes JMP 00000000770f0230
.text    C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                           0000000076f8e400 5 bytes JMP 00000000770f0480
.text    C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                          0000000076f8e430 5 bytes JMP 00000000770f03a0
.text    C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                   0000000076f8e510 5 bytes JMP 00000000770f02f0
.text    C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                0000000076f8e520 5 bytes JMP 00000000770f0350
.text    C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                      0000000076f8e580 5 bytes JMP 00000000770f0290
.text    C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                   0000000076f8e610 5 bytes JMP 00000000770f02b0
.text    C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                    0000000076f8e630 5 bytes JMP 00000000770f03d0
.text    C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                       0000000076f8e640 5 bytes JMP 00000000770f0330
.text    C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text    C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                   0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text    C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                        0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text    C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                   0000000076f8ea60 5 bytes JMP 00000000770f0250
.text    C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                   0000000076f8ea90 5 bytes JMP 00000000770f0490
.text    C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                          0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text    C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                     0000000076f8ead0 5 bytes JMP 00000000770f0300
.text    C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                  0000000076f8eae0 5 bytes JMP 00000000770f0360
.text    C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                        0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text    C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                     0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text    C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                        0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text    C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                         0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text    C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                  0000000076f8eec0 5 bytes JMP 00000000770f0440
.text    C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                 0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text    C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                    0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text    C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                  0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text    C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                              0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text    C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                               0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text    C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                    0000000076f8f320 5 bytes JMP 00000000770f0200
.text    C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                    0000000076f8f380 5 bytes JMP 00000000770f0420
.text    C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                     0000000076f8f390 5 bytes JMP 00000000770f0430
.text    C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text    C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                        0000000076f8f480 5 bytes JMP 00000000770f0280
.text    C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                               0000000076f8dc60 5 bytes JMP 00000000770f0460
.text    C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                        0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text    C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                        0000000076f8de10 5 bytes JMP 00000000770f0370
.text    C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                             0000000076f8de60 5 bytes JMP 00000000770f0470
.text    C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                   0000000076f8de70 5 bytes JMP 00000000770f03e0
.text    C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                        0000000076f8df20 5 bytes JMP 00000000770f0320
.text    C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                 0000000076f8df50 5 bytes JMP 00000000770f03b0
.text    C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                    0000000076f8df70 5 bytes JMP 00000000770f0390
.text    C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                          0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text    C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                        0000000076f8e030 5 bytes JMP 00000000770f02d0
.text    C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                      0000000076f8e050 5 bytes JMP 00000000770f0310
.text    C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                       0000000076f8e090 5 bytes JMP 00000000770f03c0
.text    C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                    0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text    C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                       0000000076f8e240 5 bytes JMP 00000000770f0230
.text    C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                            0000000076f8e400 5 bytes JMP 00000000770f0480
.text    C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                           0000000076f8e430 5 bytes JMP 00000000770f03a0
.text    C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                    0000000076f8e510 5 bytes JMP 00000000770f02f0
.text    C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                 0000000076f8e520 5 bytes JMP 00000000770f0350
.text    C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                       0000000076f8e580 5 bytes JMP 00000000770f0290
.text    C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                    0000000076f8e610 5 bytes JMP 00000000770f02b0
.text    C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                     0000000076f8e630 5 bytes JMP 00000000770f03d0
.text    C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                        0000000076f8e640 5 bytes JMP 00000000770f0330
.text    C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                 0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text    C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                    0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text    C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                         0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text    C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                    0000000076f8ea60 5 bytes JMP 00000000770f0250
.text    C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                    0000000076f8ea90 5 bytes JMP 00000000770f0490
.text    C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                           0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text    C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                      0000000076f8ead0 5 bytes JMP 00000000770f0300
.text    C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                   0000000076f8eae0 5 bytes JMP 00000000770f0360
.text    C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                         0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text    C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                      0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text    C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                         0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text    C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                          0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text    C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                   0000000076f8eec0 5 bytes JMP 00000000770f0440
.text    C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                  0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text    C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                     0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text    C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                   0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text    C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                               0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text    C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text    C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                     0000000076f8f320 5 bytes JMP 00000000770f0200
.text    C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                     0000000076f8f380 5 bytes JMP 00000000770f0420
.text    C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                      0000000076f8f390 5 bytes JMP 00000000770f0430
.text    C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                 0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text    C:\Windows\system32\svchost.exe[440] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                         0000000076f8f480 5 bytes JMP 00000000770f0280
.text    C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                               0000000076f8dc60 5 bytes JMP 00000000770f0460
.text    C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                        0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text    C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                        0000000076f8de10 5 bytes JMP 00000000770f0370
.text    C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                             0000000076f8de60 5 bytes JMP 00000000770f0470
.text    C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                   0000000076f8de70 5 bytes JMP 00000000770f03e0
.text    C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                        0000000076f8df20 5 bytes JMP 00000000770f0320
.text    C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                 0000000076f8df50 5 bytes JMP 00000000770f03b0
.text    C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                    0000000076f8df70 5 bytes JMP 00000000770f0390
.text    C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                          0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text    C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                        0000000076f8e030 5 bytes JMP 00000000770f02d0
.text    C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                      0000000076f8e050 5 bytes JMP 00000000770f0310
.text    C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                       0000000076f8e090 5 bytes JMP 00000000770f03c0
.text    C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                    0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text    C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                       0000000076f8e240 5 bytes JMP 00000000770f0230
.text    C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                            0000000076f8e400 5 bytes JMP 00000000770f0480
.text    C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                           0000000076f8e430 5 bytes JMP 00000000770f03a0
.text    C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                    0000000076f8e510 5 bytes JMP 00000000770f02f0
.text    C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                 0000000076f8e520 5 bytes JMP 00000000770f0350
.text    C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                       0000000076f8e580 5 bytes JMP 00000000770f0290
.text    C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                    0000000076f8e610 5 bytes JMP 00000000770f02b0
.text    C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                     0000000076f8e630 5 bytes JMP 00000000770f03d0
.text    C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                        0000000076f8e640 5 bytes JMP 00000000770f0330
.text    C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                 0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text    C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                    0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text    C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                         0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text    C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                    0000000076f8ea60 5 bytes JMP 00000000770f0250
.text    C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                    0000000076f8ea90 5 bytes JMP 00000000770f0490
.text    C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                           0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text    C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                      0000000076f8ead0 5 bytes JMP 00000000770f0300
.text    C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                   0000000076f8eae0 5 bytes JMP 00000000770f0360
.text    C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                         0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text    C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                      0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text    C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                         0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text    C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                          0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text    C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                   0000000076f8eec0 5 bytes JMP 00000000770f0440
.text    C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                  0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text    C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                     0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text    C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                   0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text    C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                               0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text    C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text    C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                     0000000076f8f320 5 bytes JMP 00000000770f0200
.text    C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                     0000000076f8f380 5 bytes JMP 00000000770f0420
.text    C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                      0000000076f8f390 5 bytes JMP 00000000770f0430
.text    C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                 0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text    C:\Windows\system32\svchost.exe[416] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                         0000000076f8f480 5 bytes JMP 00000000770f0280
.text    C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                              0000000076f8dc60 5 bytes JMP 00000000770f0460
.text    C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                       0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text    C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                       0000000076f8de10 5 bytes JMP 00000000770f0370
.text    C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                            0000000076f8de60 5 bytes JMP 00000000770f0470
.text    C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                  0000000076f8de70 5 bytes JMP 00000000770f03e0
.text    C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                       0000000076f8df20 5 bytes JMP 00000000770f0320
.text    C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                0000000076f8df50 5 bytes JMP 00000000770f03b0
.text    C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                   0000000076f8df70 5 bytes JMP 00000000770f0390
.text    C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                         0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text    C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                       0000000076f8e030 5 bytes JMP 00000000770f02d0
.text    C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                     0000000076f8e050 5 bytes JMP 00000000770f0310
.text    C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                      0000000076f8e090 5 bytes JMP 00000000770f03c0
.text    C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                   0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text    C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                      0000000076f8e240 5 bytes JMP 00000000770f0230
.text    C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                           0000000076f8e400 5 bytes JMP 00000000770f0480
.text    C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                          0000000076f8e430 5 bytes JMP 00000000770f03a0
.text    C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                   0000000076f8e510 5 bytes JMP 00000000770f02f0
.text    C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                0000000076f8e520 5 bytes JMP 00000000770f0350
.text    C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                      0000000076f8e580 5 bytes JMP 00000000770f0290
.text    C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                   0000000076f8e610 5 bytes JMP 00000000770f02b0
.text    C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                    0000000076f8e630 5 bytes JMP 00000000770f03d0
.text    C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                       0000000076f8e640 5 bytes JMP 00000000770f0330
.text    C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text    C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                   0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text    C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                        0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text    C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                   0000000076f8ea60 5 bytes JMP 00000000770f0250
.text    C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                   0000000076f8ea90 5 bytes JMP 00000000770f0490
.text    C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                          0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text    C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                     0000000076f8ead0 5 bytes JMP 00000000770f0300
.text    C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                  0000000076f8eae0 5 bytes JMP 00000000770f0360
.text    C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                        0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text    C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                     0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text    C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                        0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text    C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                         0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text    C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                  0000000076f8eec0 5 bytes JMP 00000000770f0440
.text    C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                 0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text    C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                    0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text    C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                  0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text    C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                              0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text    C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                               0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text    C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                    0000000076f8f320 5 bytes JMP 00000000770f0200
.text    C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                    0000000076f8f380 5 bytes JMP 00000000770f0420
.text    C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                     0000000076f8f390 5 bytes JMP 00000000770f0430
.text    C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text    C:\Windows\system32\AUDIODG.EXE[1028] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                        0000000076f8f480 5 bytes JMP 00000000770f0280
.text    C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                              0000000076f8dc60 5 bytes JMP 00000000770f0460
.text    C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                       0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text    C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                       0000000076f8de10 5 bytes JMP 00000000770f0370
.text    C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                            0000000076f8de60 5 bytes JMP 00000000770f0470
.text    C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                  0000000076f8de70 5 bytes JMP 00000000770f03e0
.text    C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                       0000000076f8df20 5 bytes JMP 00000000770f0320
.text    C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                0000000076f8df50 5 bytes JMP 00000000770f03b0
.text    C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                   0000000076f8df70 5 bytes JMP 00000000770f0390
.text    C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                         0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text    C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                       0000000076f8e030 5 bytes JMP 00000000770f02d0
.text    C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                     0000000076f8e050 5 bytes JMP 00000000770f0310
.text    C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                      0000000076f8e090 5 bytes JMP 00000000770f03c0
.text    C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                   0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text    C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                      0000000076f8e240 5 bytes JMP 00000000770f0230
.text    C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                           0000000076f8e400 5 bytes JMP 00000000770f0480
.text    C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                          0000000076f8e430 5 bytes JMP 00000000770f03a0
.text    C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                   0000000076f8e510 5 bytes JMP 00000000770f02f0
.text    C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                0000000076f8e520 5 bytes JMP 00000000770f0350
.text    C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                      0000000076f8e580 5 bytes JMP 00000000770f0290
.text    C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                   0000000076f8e610 5 bytes JMP 00000000770f02b0
.text    C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                    0000000076f8e630 5 bytes JMP 00000000770f03d0
.text    C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                       0000000076f8e640 5 bytes JMP 00000000770f0330
.text    C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text    C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                   0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text    C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                        0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text    C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                   0000000076f8ea60 5 bytes JMP 00000000770f0250
.text    C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                   0000000076f8ea90 5 bytes JMP 00000000770f0490
.text    C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                          0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text    C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                     0000000076f8ead0 5 bytes JMP 00000000770f0300
.text    C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                  0000000076f8eae0 5 bytes JMP 00000000770f0360
.text    C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                        0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text    C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                     0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text    C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                        0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text    C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                         0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text    C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                  0000000076f8eec0 5 bytes JMP 00000000770f0440
.text    C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                 0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text    C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                    0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text    C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                  0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text    C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                              0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text    C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                               0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text    C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                    0000000076f8f320 5 bytes JMP 00000000770f0200
.text    C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                    0000000076f8f380 5 bytes JMP 00000000770f0420
.text    C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                     0000000076f8f390 5 bytes JMP 00000000770f0430
.text    C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text    C:\Windows\system32\svchost.exe[1220] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                        0000000076f8f480 5 bytes JMP 00000000770f0280
.text    C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                              0000000076f8dc60 5 bytes JMP 00000000770f0460
.text    C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                       0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text    C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                       0000000076f8de10 5 bytes JMP 00000000770f0370
.text    C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                            0000000076f8de60 5 bytes JMP 00000000770f0470
.text    C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                  0000000076f8de70 5 bytes JMP 00000000770f03e0
.text    C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                       0000000076f8df20 5 bytes JMP 00000000770f0320
.text    C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                0000000076f8df50 5 bytes JMP 00000000770f03b0
.text    C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                   0000000076f8df70 5 bytes JMP 00000000770f0390
.text    C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                         0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text    C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                       0000000076f8e030 5 bytes JMP 00000000770f02d0
.text    C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                     0000000076f8e050 5 bytes JMP 00000000770f0310
.text    C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                      0000000076f8e090 5 bytes JMP 00000000770f03c0
.text    C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                   0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text    C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                      0000000076f8e240 5 bytes JMP 00000000770f0230
.text    C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                           0000000076f8e400 5 bytes JMP 00000000770f0480
.text    C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                          0000000076f8e430 5 bytes JMP 00000000770f03a0
.text    C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                   0000000076f8e510 5 bytes JMP 00000000770f02f0
.text    C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                0000000076f8e520 5 bytes JMP 00000000770f0350
.text    C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                      0000000076f8e580 5 bytes JMP 00000000770f0290
.text    C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                   0000000076f8e610 5 bytes JMP 00000000770f02b0
.text    C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                    0000000076f8e630 5 bytes JMP 00000000770f03d0
.text    C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                       0000000076f8e640 5 bytes JMP 00000000770f0330
.text    C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text    C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                   0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text    C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                        0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text    C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                   0000000076f8ea60 5 bytes JMP 00000000770f0250
.text    C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                   0000000076f8ea90 5 bytes JMP 00000000770f0490
.text    C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                          0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text    C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                     0000000076f8ead0 5 bytes JMP 00000000770f0300
.text    C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                  0000000076f8eae0 5 bytes JMP 00000000770f0360
.text    C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                        0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text    C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                     0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text    C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                        0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text    C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                         0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text    C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                  0000000076f8eec0 5 bytes JMP 00000000770f0440
.text    C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                 0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text    C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                    0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text    C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                  0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text    C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                              0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text    C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                               0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text    C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                    0000000076f8f320 5 bytes JMP 00000000770f0200
.text    C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                    0000000076f8f380 5 bytes JMP 00000000770f0420
.text    C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                     0000000076f8f390 5 bytes JMP 00000000770f0430
.text    C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text    C:\Windows\System32\spoolsv.exe[1500] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                        0000000076f8f480 5 bytes JMP 00000000770f0280
.text    C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                              0000000076f8dc60 5 bytes JMP 00000000770f0460
.text    C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                       0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text    C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                       0000000076f8de10 5 bytes JMP 00000000770f0370
.text    C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                            0000000076f8de60 5 bytes JMP 00000000770f0470
.text    C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                  0000000076f8de70 5 bytes JMP 00000000770f03e0
.text    C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                       0000000076f8df20 5 bytes JMP 00000000770f0320
.text    C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                0000000076f8df50 5 bytes JMP 00000000770f03b0
.text    C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                   0000000076f8df70 5 bytes JMP 00000000770f0390
.text    C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                         0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text    C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                       0000000076f8e030 5 bytes JMP 00000000770f02d0
.text    C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                     0000000076f8e050 5 bytes JMP 00000000770f0310
.text    C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                      0000000076f8e090 5 bytes JMP 00000000770f03c0
.text    C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                   0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text    C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                      0000000076f8e240 5 bytes JMP 00000000770f0230
.text    C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                           0000000076f8e400 5 bytes JMP 00000000770f0480
.text    C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                          0000000076f8e430 5 bytes JMP 00000000770f03a0
.text    C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                   0000000076f8e510 5 bytes JMP 00000000770f02f0
.text    C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                0000000076f8e520 5 bytes JMP 00000000770f0350
.text    C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                      0000000076f8e580 5 bytes JMP 00000000770f0290
.text    C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                   0000000076f8e610 5 bytes JMP 00000000770f02b0
.text    C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                    0000000076f8e630 5 bytes JMP 00000000770f03d0
.text    C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                       0000000076f8e640 5 bytes JMP 00000000770f0330
.text    C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text    C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                   0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text    C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                        0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text    C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                   0000000076f8ea60 5 bytes JMP 00000000770f0250
.text    C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                   0000000076f8ea90 5 bytes JMP 00000000770f0490
.text    C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                          0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text    C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                     0000000076f8ead0 5 bytes JMP 00000000770f0300
.text    C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                  0000000076f8eae0 5 bytes JMP 00000000770f0360
.text    C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                        0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text    C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                     0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text    C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                        0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text    C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                         0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text    C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                  0000000076f8eec0 5 bytes JMP 00000000770f0440
.text    C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                 0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text    C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                    0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text    C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                  0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text    C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                              0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text    C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                               0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text    C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                    0000000076f8f320 5 bytes JMP 00000000770f0200
.text    C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                    0000000076f8f380 5 bytes JMP 00000000770f0420
.text    C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                     0000000076f8f390 5 bytes JMP 00000000770f0430
.text    C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text    C:\Windows\system32\svchost.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                        0000000076f8f480 5 bytes JMP 00000000770f0280
.text    C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                              0000000076f8dc60 5 bytes JMP 0000000100070460
.text    C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                       0000000076f8dcb0 5 bytes JMP 0000000100070450
.text    C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                       0000000076f8de10 5 bytes JMP 0000000100070370
.text    C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                            0000000076f8de60 5 bytes JMP 0000000100070470
.text    C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                  0000000076f8de70 5 bytes JMP 00000001000703e0
.text    C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                       0000000076f8df20 5 bytes JMP 0000000100070320
.text    C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                0000000076f8df50 5 bytes JMP 00000001000703b0
.text    C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                   0000000076f8df70 5 bytes JMP 0000000100070390
.text    C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                         0000000076f8dfb0 5 bytes JMP 00000001000702e0
.text    C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                       0000000076f8e030 5 bytes JMP 00000001000702d0
.text    C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                     0000000076f8e050 5 bytes JMP 0000000100070310
.text    C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                      0000000076f8e090 5 bytes JMP 00000001000703c0
.text    C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                   0000000076f8e0e0 5 bytes JMP 00000001000703f0
.text    C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                      0000000076f8e240 5 bytes JMP 0000000100070230
.text    C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                           0000000076f8e400 5 bytes JMP 0000000100070480
.text    C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                          0000000076f8e430 5 bytes JMP 00000001000703a0
.text    C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                   0000000076f8e510 5 bytes JMP 00000001000702f0
.text    C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                0000000076f8e520 5 bytes JMP 0000000100070350
.text    C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                      0000000076f8e580 5 bytes JMP 0000000100070290
.text    C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                   0000000076f8e610 5 bytes JMP 00000001000702b0
.text    C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                    0000000076f8e630 5 bytes JMP 00000001000703d0
.text    C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                       0000000076f8e640 5 bytes JMP 0000000100070330
.text    C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                0000000076f8e6b0 5 bytes JMP 0000000100070410
.text    C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                   0000000076f8e6e0 5 bytes JMP 0000000100070240
.text    C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                        0000000076f8e9a0 5 bytes JMP 00000001000701e0
.text    C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                   0000000076f8ea60 5 bytes JMP 0000000100070250
.text    C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                   0000000076f8ea90 5 bytes JMP 0000000100070490
.text    C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                          0000000076f8eaa0 5 bytes JMP 00000001000704a0
.text    C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                     0000000076f8ead0 5 bytes JMP 0000000100070300
.text    C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                  0000000076f8eae0 5 bytes JMP 0000000100070360
.text    C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                        0000000076f8eb40 5 bytes JMP 00000001000702a0
.text    C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                     0000000076f8eb90 5 bytes JMP 00000001000702c0
.text    C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                        0000000076f8ebc0 5 bytes JMP 0000000100070380
.text    C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                         0000000076f8ebd0 5 bytes JMP 0000000100070340
.text    C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                  0000000076f8eec0 5 bytes JMP 0000000100070440
.text    C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                 0000000076f8f0c0 5 bytes JMP 0000000100070260
.text    C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                    0000000076f8f0d0 5 bytes JMP 0000000100070270
.text    C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                  0000000076f8f0e0 5 bytes JMP 0000000100070400
.text    C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                              0000000076f8f2a0 5 bytes JMP 00000001000701f0
.text    C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                               0000000076f8f2b0 5 bytes JMP 0000000100070210
.text    C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                    0000000076f8f320 5 bytes JMP 0000000100070200
.text    C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                    0000000076f8f380 5 bytes JMP 0000000100070420
.text    C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                     0000000076f8f390 5 bytes JMP 0000000100070430
.text    C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                0000000076f8f3a0 5 bytes JMP 0000000100070220
.text    C:\Windows\System32\svchost.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                        0000000076f8f480 5 bytes JMP 0000000100070280
.text    C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                              0000000076f8dc60 5 bytes JMP 00000000770f0460
.text    C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                       0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text    C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                       0000000076f8de10 5 bytes JMP 00000000770f0370
.text    C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                            0000000076f8de60 5 bytes JMP 00000000770f0470
.text    C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                  0000000076f8de70 5 bytes JMP 00000000770f03e0
.text    C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                       0000000076f8df20 5 bytes JMP 00000000770f0320
.text    C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                0000000076f8df50 5 bytes JMP 00000000770f03b0
.text    C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                   0000000076f8df70 5 bytes JMP 00000000770f0390
.text    C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                         0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text    C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                       0000000076f8e030 5 bytes JMP 00000000770f02d0
.text    C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                     0000000076f8e050 5 bytes JMP 00000000770f0310
.text    C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                      0000000076f8e090 5 bytes JMP 00000000770f03c0
.text    C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                   0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text    C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                      0000000076f8e240 5 bytes JMP 00000000770f0230
.text    C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                           0000000076f8e400 5 bytes JMP 00000000770f0480
.text    C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                          0000000076f8e430 5 bytes JMP 00000000770f03a0
.text    C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                   0000000076f8e510 5 bytes JMP 00000000770f02f0
.text    C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                0000000076f8e520 5 bytes JMP 00000000770f0350
.text    C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                      0000000076f8e580 5 bytes JMP 00000000770f0290
.text    C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                   0000000076f8e610 5 bytes JMP 00000000770f02b0
.text    C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                    0000000076f8e630 5 bytes JMP 00000000770f03d0
.text    C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                       0000000076f8e640 5 bytes JMP 00000000770f0330
.text    C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text    C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                   0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text    C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                        0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text    C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                   0000000076f8ea60 5 bytes JMP 00000000770f0250
.text    C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                   0000000076f8ea90 5 bytes JMP 00000000770f0490
.text    C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                          0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text    C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                     0000000076f8ead0 5 bytes JMP 00000000770f0300
.text    C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                  0000000076f8eae0 5 bytes JMP 00000000770f0360
.text    C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                        0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text    C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                     0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text    C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                        0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text    C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                         0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text    C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                  0000000076f8eec0 5 bytes JMP 00000000770f0440
.text    C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                 0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text    C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                    0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text    C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                  0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text    C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                              0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text    C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                               0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text    C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                    0000000076f8f320 5 bytes JMP 00000000770f0200
.text    C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                    0000000076f8f380 5 bytes JMP 00000000770f0420
.text    C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                     0000000076f8f390 5 bytes JMP 00000000770f0430
.text    C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text    C:\Windows\system32\svchost.exe[1724] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                        0000000076f8f480 5 bytes JMP 00000000770f0280
.text    C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                          0000000076f8dc60 5 bytes JMP 00000000770f0460
.text    C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                   0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text    C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                   0000000076f8de10 5 bytes JMP 00000000770f0370
.text    C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                        0000000076f8de60 5 bytes JMP 00000000770f0470
.text    C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                              0000000076f8de70 5 bytes JMP 00000000770f03e0
.text    C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                   0000000076f8df20 5 bytes JMP 00000000770f0320
.text    C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                            0000000076f8df50 5 bytes JMP 00000000770f03b0
.text    C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                               0000000076f8df70 5 bytes JMP 00000000770f0390
.text    C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                     0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text    C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                   0000000076f8e030 5 bytes JMP 00000000770f02d0
.text    C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                 0000000076f8e050 5 bytes JMP 00000000770f0310
.text    C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                  0000000076f8e090 5 bytes JMP 00000000770f03c0
.text    C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                               0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text    C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                  0000000076f8e240 5 bytes JMP 00000000770f0230
.text    C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                       0000000076f8e400 5 bytes JMP 00000000770f0480
.text    C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                      0000000076f8e430 5 bytes JMP 00000000770f03a0
.text    C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                               0000000076f8e510 5 bytes JMP 00000000770f02f0
.text    C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                            0000000076f8e520 5 bytes JMP 00000000770f0350
.text    C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                  0000000076f8e580 5 bytes JMP 00000000770f0290
.text    C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                               0000000076f8e610 5 bytes JMP 00000000770f02b0
.text    C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                0000000076f8e630 5 bytes JMP 00000000770f03d0
.text    C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                   0000000076f8e640 5 bytes JMP 00000000770f0330
.text    C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                            0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text    C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                               0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text    C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                    0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text    C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                               0000000076f8ea60 5 bytes JMP 00000000770f0250
.text    C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                               0000000076f8ea90 5 bytes JMP 00000000770f0490
.text    C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                      0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text    C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                 0000000076f8ead0 5 bytes JMP 00000000770f0300
.text    C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                              0000000076f8eae0 5 bytes JMP 00000000770f0360
.text    C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                    0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text    C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                 0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text    C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                    0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text    C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                     0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text    C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                              0000000076f8eec0 5 bytes JMP 00000000770f0440
.text    C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                             0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text    C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text    C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                              0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text    C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                          0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text    C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                           0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text    C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                0000000076f8f320 5 bytes JMP 00000000770f0200
.text    C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                0000000076f8f380 5 bytes JMP 00000000770f0420
.text    C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                 0000000076f8f390 5 bytes JMP 00000000770f0430
.text    C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                            0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text    C:\Program Files\Macrium\Reflect\ReflectService.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                    0000000076f8f480 5 bytes JMP 00000000770f0280
         


Alt 02.07.2015, 23:51   #6
ingoxxl
 
Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal" - Standard

Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal"



GMER.log Teil 3

Code:
ATTFilter
.text    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                         0000000076f8dc60 5 bytes JMP 00000000770f0460
.text    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                  0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                  0000000076f8de10 5 bytes JMP 00000000770f0370
.text    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                       0000000076f8de60 5 bytes JMP 00000000770f0470
.text    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                             0000000076f8de70 5 bytes JMP 00000000770f03e0
.text    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                  0000000076f8df20 5 bytes JMP 00000000770f0320
.text    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                           0000000076f8df50 5 bytes JMP 00000000770f03b0
.text    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                              0000000076f8df70 5 bytes JMP 00000000770f0390
.text    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                    0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                  0000000076f8e030 5 bytes JMP 00000000770f02d0
.text    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                0000000076f8e050 5 bytes JMP 00000000770f0310
.text    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                 0000000076f8e090 5 bytes JMP 00000000770f03c0
.text    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                              0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                 0000000076f8e240 5 bytes JMP 00000000770f0230
.text    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                      0000000076f8e400 5 bytes JMP 00000000770f0480
.text    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                     0000000076f8e430 5 bytes JMP 00000000770f03a0
.text    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                              0000000076f8e510 5 bytes JMP 00000000770f02f0
.text    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                           0000000076f8e520 5 bytes JMP 00000000770f0350
.text    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                 0000000076f8e580 5 bytes JMP 00000000770f0290
.text    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                              0000000076f8e610 5 bytes JMP 00000000770f02b0
.text    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                               0000000076f8e630 5 bytes JMP 00000000770f03d0
.text    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                  0000000076f8e640 5 bytes JMP 00000000770f0330
.text    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                           0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                              0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                   0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                              0000000076f8ea60 5 bytes JMP 00000000770f0250
.text    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                              0000000076f8ea90 5 bytes JMP 00000000770f0490
.text    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                     0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                0000000076f8ead0 5 bytes JMP 00000000770f0300
.text    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                             0000000076f8eae0 5 bytes JMP 00000000770f0360
.text    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                   0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                   0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                    0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                             0000000076f8eec0 5 bytes JMP 00000000770f0440
.text    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                            0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                               0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                             0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                         0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                          0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                               0000000076f8f320 5 bytes JMP 00000000770f0200
.text    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                               0000000076f8f380 5 bytes JMP 00000000770f0420
.text    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                0000000076f8f390 5 bytes JMP 00000000770f0430
.text    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                           0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                   0000000076f8f480 5 bytes JMP 00000000770f0280
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                    0000000076f8dc60 5 bytes JMP 00000000770f0460
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                             0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                             0000000076f8de10 5 bytes JMP 00000000770f0370
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                  0000000076f8de60 5 bytes JMP 00000000770f0470
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                        0000000076f8de70 5 bytes JMP 00000000770f03e0
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                             0000000076f8df20 5 bytes JMP 00000000770f0320
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                      0000000076f8df50 5 bytes JMP 00000000770f03b0
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                         0000000076f8df70 5 bytes JMP 00000000770f0390
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                               0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                             0000000076f8e030 5 bytes JMP 00000000770f02d0
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                           0000000076f8e050 5 bytes JMP 00000000770f0310
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                            0000000076f8e090 5 bytes JMP 00000000770f03c0
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                         0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                            0000000076f8e240 5 bytes JMP 00000000770f0230
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                 0000000076f8e400 5 bytes JMP 00000000770f0480
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                0000000076f8e430 5 bytes JMP 00000000770f03a0
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                         0000000076f8e510 5 bytes JMP 00000000770f02f0
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                      0000000076f8e520 5 bytes JMP 00000000770f0350
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                            0000000076f8e580 5 bytes JMP 00000000770f0290
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                         0000000076f8e610 5 bytes JMP 00000000770f02b0
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                          0000000076f8e630 5 bytes JMP 00000000770f03d0
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                             0000000076f8e640 5 bytes JMP 00000000770f0330
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                      0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                         0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                              0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                         0000000076f8ea60 5 bytes JMP 00000000770f0250
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                         0000000076f8ea90 5 bytes JMP 00000000770f0490
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                           0000000076f8ead0 5 bytes JMP 00000000770f0300
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                        0000000076f8eae0 5 bytes JMP 00000000770f0360
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                              0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                           0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                              0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                               0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                        0000000076f8eec0 5 bytes JMP 00000000770f0440
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                       0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                          0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                        0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                    0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                     0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                          0000000076f8f320 5 bytes JMP 00000000770f0200
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                          0000000076f8f380 5 bytes JMP 00000000770f0420
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                           0000000076f8f390 5 bytes JMP 00000000770f0430
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                      0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                              0000000076f8f480 5 bytes JMP 00000000770f0280
.text    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                               0000000076f8dc60 5 bytes JMP 00000000770f0460
.text    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                        0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                        0000000076f8de10 5 bytes JMP 00000000770f0370
.text    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                             0000000076f8de60 5 bytes JMP 00000000770f0470
.text    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                   0000000076f8de70 5 bytes JMP 00000000770f03e0
.text    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                        0000000076f8df20 5 bytes JMP 00000000770f0320
.text    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                 0000000076f8df50 5 bytes JMP 00000000770f03b0
.text    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                    0000000076f8df70 5 bytes JMP 00000000770f0390
.text    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                          0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                        0000000076f8e030 5 bytes JMP 00000000770f02d0
.text    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                      0000000076f8e050 5 bytes JMP 00000000770f0310
.text    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                       0000000076f8e090 5 bytes JMP 00000000770f03c0
.text    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                    0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                       0000000076f8e240 5 bytes JMP 00000000770f0230
.text    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                            0000000076f8e400 5 bytes JMP 00000000770f0480
.text    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                           0000000076f8e430 5 bytes JMP 00000000770f03a0
.text    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                    0000000076f8e510 5 bytes JMP 00000000770f02f0
.text    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                 0000000076f8e520 5 bytes JMP 00000000770f0350
.text    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                       0000000076f8e580 5 bytes JMP 00000000770f0290
.text    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                    0000000076f8e610 5 bytes JMP 00000000770f02b0
.text    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                     0000000076f8e630 5 bytes JMP 00000000770f03d0
.text    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                        0000000076f8e640 5 bytes JMP 00000000770f0330
.text    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                 0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                    0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                         0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                    0000000076f8ea60 5 bytes JMP 00000000770f0250
.text    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                    0000000076f8ea90 5 bytes JMP 00000000770f0490
.text    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                           0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                      0000000076f8ead0 5 bytes JMP 00000000770f0300
.text    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                   0000000076f8eae0 5 bytes JMP 00000000770f0360
.text    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                         0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                      0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                         0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                          0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                   0000000076f8eec0 5 bytes JMP 00000000770f0440
.text    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                  0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                     0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                   0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                               0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                     0000000076f8f320 5 bytes JMP 00000000770f0200
.text    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                     0000000076f8f380 5 bytes JMP 00000000770f0420
.text    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                      0000000076f8f390 5 bytes JMP 00000000770f0430
.text    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                 0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[2612] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                         0000000076f8f480 5 bytes JMP 00000000770f0280
.text    C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                             0000000076f8dc60 5 bytes JMP 0000000100060460
.text    C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                      0000000076f8dcb0 5 bytes JMP 0000000100060450
.text    C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                      0000000076f8de10 5 bytes JMP 0000000100060370
.text    C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                           0000000076f8de60 5 bytes JMP 0000000100060470
.text    C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                 0000000076f8de70 5 bytes JMP 00000001000603e0
.text    C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                      0000000076f8df20 5 bytes JMP 0000000100060320
.text    C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                               0000000076f8df50 5 bytes JMP 00000001000603b0
.text    C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                  0000000076f8df70 5 bytes JMP 0000000100060390
.text    C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                        0000000076f8dfb0 5 bytes JMP 00000001000602e0
.text    C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                      0000000076f8e030 5 bytes JMP 00000001000602d0
.text    C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                    0000000076f8e050 5 bytes JMP 0000000100060310
.text    C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                     0000000076f8e090 5 bytes JMP 00000001000603c0
.text    C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                  0000000076f8e0e0 5 bytes JMP 00000001000603f0
.text    C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                     0000000076f8e240 5 bytes JMP 0000000100060230
.text    C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                          0000000076f8e400 5 bytes JMP 0000000100060480
.text    C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                         0000000076f8e430 5 bytes JMP 00000001000603a0
.text    C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                  0000000076f8e510 5 bytes JMP 00000001000602f0
.text    C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                               0000000076f8e520 5 bytes JMP 0000000100060350
.text    C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                     0000000076f8e580 5 bytes JMP 0000000100060290
.text    C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                  0000000076f8e610 5 bytes JMP 00000001000602b0
.text    C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                   0000000076f8e630 5 bytes JMP 00000001000603d0
.text    C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                      0000000076f8e640 5 bytes JMP 0000000100060330
.text    C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                               0000000076f8e6b0 5 bytes JMP 0000000100060410
.text    C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                  0000000076f8e6e0 5 bytes JMP 0000000100060240
.text    C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                       0000000076f8e9a0 5 bytes JMP 00000001000601e0
.text    C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                  0000000076f8ea60 5 bytes JMP 0000000100060250
.text    C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                  0000000076f8ea90 5 bytes JMP 0000000100060490
.text    C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                         0000000076f8eaa0 5 bytes JMP 00000001000604a0
.text    C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                    0000000076f8ead0 5 bytes JMP 0000000100060300
.text    C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                 0000000076f8eae0 5 bytes JMP 0000000100060360
.text    C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                       0000000076f8eb40 5 bytes JMP 00000001000602a0
.text    C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                    0000000076f8eb90 5 bytes JMP 00000001000602c0
.text    C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                       0000000076f8ebc0 5 bytes JMP 0000000100060380
.text    C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                        0000000076f8ebd0 5 bytes JMP 0000000100060340
.text    C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                 0000000076f8eec0 5 bytes JMP 0000000100060440
.text    C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                0000000076f8f0c0 5 bytes JMP 0000000100060260
.text    C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                   0000000076f8f0d0 5 bytes JMP 0000000100060270
.text    C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                 0000000076f8f0e0 5 bytes JMP 0000000100060400
.text    C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                             0000000076f8f2a0 5 bytes JMP 00000001000601f0
.text    C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                              0000000076f8f2b0 5 bytes JMP 0000000100060210
.text    C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                   0000000076f8f320 5 bytes JMP 0000000100060200
.text    C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                   0000000076f8f380 5 bytes JMP 0000000100060420
.text    C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                    0000000076f8f390 5 bytes JMP 0000000100060430
.text    C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                               0000000076f8f3a0 5 bytes JMP 0000000100060220
.text    C:\Windows\system32\taskhost.exe[3708] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                       0000000076f8f480 5 bytes JMP 0000000100060280
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                        0000000076f8dc60 5 bytes JMP 00000000770f0460
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                 0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                 0000000076f8de10 5 bytes JMP 00000000770f0370
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                      0000000076f8de60 5 bytes JMP 00000000770f0470
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                            0000000076f8de70 5 bytes JMP 00000000770f03e0
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                 0000000076f8df20 5 bytes JMP 00000000770f0320
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                          0000000076f8df50 5 bytes JMP 00000000770f03b0
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                             0000000076f8df70 5 bytes JMP 00000000770f0390
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                   0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                 0000000076f8e030 5 bytes JMP 00000000770f02d0
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                               0000000076f8e050 5 bytes JMP 00000000770f0310
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                0000000076f8e090 5 bytes JMP 00000000770f03c0
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                             0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                0000000076f8e240 5 bytes JMP 00000000770f0230
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                     0000000076f8e400 5 bytes JMP 00000000770f0480
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                    0000000076f8e430 5 bytes JMP 00000000770f03a0
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                             0000000076f8e510 5 bytes JMP 00000000770f02f0
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                          0000000076f8e520 5 bytes JMP 00000000770f0350
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                0000000076f8e580 5 bytes JMP 00000000770f0290
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                             0000000076f8e610 5 bytes JMP 00000000770f02b0
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                              0000000076f8e630 5 bytes JMP 00000000770f03d0
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                 0000000076f8e640 5 bytes JMP 00000000770f0330
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                          0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                             0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                  0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                             0000000076f8ea60 5 bytes JMP 00000000770f0250
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                             0000000076f8ea90 5 bytes JMP 00000000770f0490
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                    0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                               0000000076f8ead0 5 bytes JMP 00000000770f0300
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                            0000000076f8eae0 5 bytes JMP 00000000770f0360
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                  0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                               0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                  0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                   0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                            0000000076f8eec0 5 bytes JMP 00000000770f0440
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                           0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                              0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                            0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                        0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                         0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                              0000000076f8f320 5 bytes JMP 00000000770f0200
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                              0000000076f8f380 5 bytes JMP 00000000770f0420
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                               0000000076f8f390 5 bytes JMP 00000000770f0430
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                          0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                  0000000076f8f480 5 bytes JMP 00000000770f0280
.text    C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                  0000000076f8dc60 5 bytes JMP 00000000770f0460
.text    C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                           0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text    C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                           0000000076f8de10 5 bytes JMP 00000000770f0370
.text    C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                0000000076f8de60 5 bytes JMP 00000000770f0470
.text    C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                      0000000076f8de70 5 bytes JMP 00000000770f03e0
.text    C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                           0000000076f8df20 5 bytes JMP 00000000770f0320
.text    C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                    0000000076f8df50 5 bytes JMP 00000000770f03b0
.text    C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                       0000000076f8df70 5 bytes JMP 00000000770f0390
.text    C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                             0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text    C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                           0000000076f8e030 5 bytes JMP 00000000770f02d0
.text    C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                         0000000076f8e050 5 bytes JMP 00000000770f0310
.text    C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                          0000000076f8e090 5 bytes JMP 00000000770f03c0
.text    C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                       0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text    C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                          0000000076f8e240 5 bytes JMP 00000000770f0230
.text    C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                               0000000076f8e400 5 bytes JMP 00000000770f0480
.text    C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                              0000000076f8e430 5 bytes JMP 00000000770f03a0
.text    C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                       0000000076f8e510 5 bytes JMP 00000000770f02f0
.text    C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                    0000000076f8e520 5 bytes JMP 00000000770f0350
.text    C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                          0000000076f8e580 5 bytes JMP 00000000770f0290
.text    C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                       0000000076f8e610 5 bytes JMP 00000000770f02b0
.text    C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                        0000000076f8e630 5 bytes JMP 00000000770f03d0
.text    C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                           0000000076f8e640 5 bytes JMP 00000000770f0330
.text    C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                    0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text    C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                       0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text    C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                            0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text    C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                       0000000076f8ea60 5 bytes JMP 00000000770f0250
.text    C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                       0000000076f8ea90 5 bytes JMP 00000000770f0490
.text    C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                              0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text    C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                         0000000076f8ead0 5 bytes JMP 00000000770f0300
.text    C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                      0000000076f8eae0 5 bytes JMP 00000000770f0360
.text    C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                            0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text    C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                         0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text    C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                            0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text    C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                             0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text    C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                      0000000076f8eec0 5 bytes JMP 00000000770f0440
.text    C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                     0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text    C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                        0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text    C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                      0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text    C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                  0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text    C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                   0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text    C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                        0000000076f8f320 5 bytes JMP 00000000770f0200
.text    C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                        0000000076f8f380 5 bytes JMP 00000000770f0420
.text    C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                         0000000076f8f390 5 bytes JMP 00000000770f0430
.text    C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                    0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text    C:\Windows\system32\Dwm.exe[3788] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                            0000000076f8f480 5 bytes JMP 00000000770f0280
.text    C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                                      0000000076f8dc60 5 bytes JMP 0000000100070460
.text    C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                               0000000076f8dcb0 5 bytes JMP 0000000100070450
.text    C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                               0000000076f8de10 5 bytes JMP 0000000100070370
.text    C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                                    0000000076f8de60 5 bytes JMP 0000000100070470
.text    C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                          0000000076f8de70 5 bytes JMP 00000001000703e0
.text    C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                               0000000076f8df20 5 bytes JMP 0000000100070320
.text    C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                        0000000076f8df50 5 bytes JMP 00000001000703b0
.text    C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                           0000000076f8df70 5 bytes JMP 0000000100070390
.text    C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                                 0000000076f8dfb0 5 bytes JMP 00000001000702e0
.text    C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                               0000000076f8e030 5 bytes JMP 00000001000702d0
.text    C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                             0000000076f8e050 5 bytes JMP 0000000100070310
.text    C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                              0000000076f8e090 5 bytes JMP 00000001000703c0
.text    C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                           0000000076f8e0e0 5 bytes JMP 00000001000703f0
.text    C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                              0000000076f8e240 5 bytes JMP 0000000100070230
.text    C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                                   0000000076f8e400 5 bytes JMP 0000000100070480
.text    C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                                  0000000076f8e430 5 bytes JMP 00000001000703a0
.text    C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                           0000000076f8e510 5 bytes JMP 00000001000702f0
.text    C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                        0000000076f8e520 5 bytes JMP 0000000100070350
.text    C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                              0000000076f8e580 5 bytes JMP 0000000100070290
.text    C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                           0000000076f8e610 5 bytes JMP 00000001000702b0
.text    C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                            0000000076f8e630 5 bytes JMP 00000001000703d0
.text    C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                               0000000076f8e640 5 bytes JMP 0000000100070330
.text    C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                        0000000076f8e6b0 5 bytes JMP 0000000100070410
.text    C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                           0000000076f8e6e0 5 bytes JMP 0000000100070240
.text    C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                                0000000076f8e9a0 5 bytes JMP 00000001000701e0
.text    C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                           0000000076f8ea60 5 bytes JMP 0000000100070250
.text    C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                           0000000076f8ea90 5 bytes JMP 0000000100070490
.text    C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                  0000000076f8eaa0 5 bytes JMP 00000001000704a0
.text    C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                             0000000076f8ead0 5 bytes JMP 0000000100070300
.text    C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                          0000000076f8eae0 5 bytes JMP 0000000100070360
.text    C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                                0000000076f8eb40 5 bytes JMP 00000001000702a0
.text    C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                             0000000076f8eb90 5 bytes JMP 00000001000702c0
.text    C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                                0000000076f8ebc0 5 bytes JMP 0000000100070380
.text    C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                                 0000000076f8ebd0 5 bytes JMP 0000000100070340
.text    C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                          0000000076f8eec0 5 bytes JMP 0000000100070440
.text    C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                         0000000076f8f0c0 5 bytes JMP 0000000100070260
.text    C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                            0000000076f8f0d0 5 bytes JMP 0000000100070270
.text    C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                          0000000076f8f0e0 5 bytes JMP 0000000100070400
.text    C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                                      0000000076f8f2a0 5 bytes JMP 00000001000701f0
.text    C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                                       0000000076f8f2b0 5 bytes JMP 0000000100070210
.text    C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                            0000000076f8f320 5 bytes JMP 0000000100070200
.text    C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                            0000000076f8f380 5 bytes JMP 0000000100070420
.text    C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                             0000000076f8f390 5 bytes JMP 0000000100070430
.text    C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                        0000000076f8f3a0 5 bytes JMP 0000000100070220
.text    C:\Windows\Explorer.EXE[3820] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                                0000000076f8f480 5 bytes JMP 0000000100070280
.text    C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                               0000000076f8dc60 5 bytes JMP 0000000100070460
.text    C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                        0000000076f8dcb0 5 bytes JMP 0000000100070450
.text    C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                        0000000076f8de10 5 bytes JMP 0000000100070370
.text    C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                             0000000076f8de60 5 bytes JMP 0000000100070470
.text    C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                   0000000076f8de70 5 bytes JMP 00000001000703e0
.text    C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                        0000000076f8df20 5 bytes JMP 0000000100070320
.text    C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                 0000000076f8df50 5 bytes JMP 00000001000703b0
.text    C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                    0000000076f8df70 5 bytes JMP 0000000100070390
.text    C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                          0000000076f8dfb0 5 bytes JMP 00000001000702e0
.text    C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                        0000000076f8e030 5 bytes JMP 00000001000702d0
.text    C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                      0000000076f8e050 5 bytes JMP 0000000100070310
.text    C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                       0000000076f8e090 5 bytes JMP 00000001000703c0
.text    C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                    0000000076f8e0e0 5 bytes JMP 00000001000703f0
.text    C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                       0000000076f8e240 5 bytes JMP 0000000100070230
.text    C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                            0000000076f8e400 5 bytes JMP 0000000100070480
.text    C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                           0000000076f8e430 5 bytes JMP 00000001000703a0
.text    C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                    0000000076f8e510 5 bytes JMP 00000001000702f0
.text    C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                 0000000076f8e520 5 bytes JMP 0000000100070350
.text    C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                       0000000076f8e580 5 bytes JMP 0000000100070290
.text    C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                    0000000076f8e610 5 bytes JMP 00000001000702b0
.text    C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                     0000000076f8e630 5 bytes JMP 00000001000703d0
.text    C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                        0000000076f8e640 5 bytes JMP 0000000100070330
.text    C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                 0000000076f8e6b0 5 bytes JMP 0000000100070410
.text    C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                    0000000076f8e6e0 5 bytes JMP 0000000100070240
.text    C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                         0000000076f8e9a0 5 bytes JMP 00000001000701e0
.text    C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                    0000000076f8ea60 5 bytes JMP 0000000100070250
.text    C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                    0000000076f8ea90 5 bytes JMP 0000000100070490
.text    C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                           0000000076f8eaa0 5 bytes JMP 00000001000704a0
.text    C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                      0000000076f8ead0 5 bytes JMP 0000000100070300
.text    C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                   0000000076f8eae0 5 bytes JMP 0000000100070360
.text    C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                         0000000076f8eb40 5 bytes JMP 00000001000702a0
.text    C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                      0000000076f8eb90 5 bytes JMP 00000001000702c0
.text    C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                         0000000076f8ebc0 5 bytes JMP 0000000100070380
.text    C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                          0000000076f8ebd0 5 bytes JMP 0000000100070340
.text    C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                   0000000076f8eec0 5 bytes JMP 0000000100070440
.text    C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                  0000000076f8f0c0 5 bytes JMP 0000000100070260
.text    C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                     0000000076f8f0d0 5 bytes JMP 0000000100070270
.text    C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                   0000000076f8f0e0 5 bytes JMP 0000000100070400
.text    C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                               0000000076f8f2a0 5 bytes JMP 00000001000701f0
.text    C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                0000000076f8f2b0 5 bytes JMP 0000000100070210
.text    C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                     0000000076f8f320 5 bytes JMP 0000000100070200
.text    C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                     0000000076f8f380 5 bytes JMP 0000000100070420
.text    C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                      0000000076f8f390 5 bytes JMP 0000000100070430
.text    C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                 0000000076f8f3a0 5 bytes JMP 0000000100070220
.text    C:\Program Files\Spamihilator\spamihilator.exe[3096] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                         0000000076f8f480 5 bytes JMP 0000000100070280
         

Alt 02.07.2015, 23:52   #7
ingoxxl
 
Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal" - Standard

Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal"



GMER.log Teil 4

Code:
ATTFilter
.text    C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                              0000000076f8dc60 5 bytes JMP 00000000770f0460
.text    C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                       0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text    C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                       0000000076f8de10 5 bytes JMP 00000000770f0370
.text    C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                            0000000076f8de60 5 bytes JMP 00000000770f0470
.text    C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                  0000000076f8de70 5 bytes JMP 00000000770f03e0
.text    C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                       0000000076f8df20 5 bytes JMP 00000000770f0320
.text    C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                0000000076f8df50 5 bytes JMP 00000000770f03b0
.text    C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                   0000000076f8df70 5 bytes JMP 00000000770f0390
.text    C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                         0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text    C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                       0000000076f8e030 5 bytes JMP 00000000770f02d0
.text    C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                     0000000076f8e050 5 bytes JMP 00000000770f0310
.text    C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                      0000000076f8e090 5 bytes JMP 00000000770f03c0
.text    C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                   0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text    C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                      0000000076f8e240 5 bytes JMP 00000000770f0230
.text    C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                           0000000076f8e400 5 bytes JMP 00000000770f0480
.text    C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                          0000000076f8e430 5 bytes JMP 00000000770f03a0
.text    C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                   0000000076f8e510 5 bytes JMP 00000000770f02f0
.text    C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                0000000076f8e520 5 bytes JMP 00000000770f0350
.text    C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                      0000000076f8e580 5 bytes JMP 00000000770f0290
.text    C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                   0000000076f8e610 5 bytes JMP 00000000770f02b0
.text    C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                    0000000076f8e630 5 bytes JMP 00000000770f03d0
.text    C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                       0000000076f8e640 5 bytes JMP 00000000770f0330
.text    C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text    C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                   0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text    C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                        0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text    C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                   0000000076f8ea60 5 bytes JMP 00000000770f0250
.text    C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                   0000000076f8ea90 5 bytes JMP 00000000770f0490
.text    C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                          0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text    C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                     0000000076f8ead0 5 bytes JMP 00000000770f0300
.text    C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                  0000000076f8eae0 5 bytes JMP 00000000770f0360
.text    C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                        0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text    C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                     0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text    C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                        0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text    C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                         0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text    C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                  0000000076f8eec0 5 bytes JMP 00000000770f0440
.text    C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                 0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text    C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                    0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text    C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                  0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text    C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                              0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text    C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                               0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text    C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                    0000000076f8f320 5 bytes JMP 00000000770f0200
.text    C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                    0000000076f8f380 5 bytes JMP 00000000770f0420
.text    C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                     0000000076f8f390 5 bytes JMP 00000000770f0430
.text    C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text    C:\Windows\System32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                        0000000076f8f480 5 bytes JMP 00000000770f0280
.text    C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                              0000000076f8dc60 5 bytes JMP 0000000100070460
.text    C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                       0000000076f8dcb0 5 bytes JMP 0000000100070450
.text    C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                       0000000076f8de10 5 bytes JMP 0000000100070370
.text    C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                            0000000076f8de60 5 bytes JMP 0000000100070470
.text    C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                  0000000076f8de70 5 bytes JMP 00000001000703e0
.text    C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                       0000000076f8df20 5 bytes JMP 0000000100070320
.text    C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                0000000076f8df50 5 bytes JMP 00000001000703b0
.text    C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                   0000000076f8df70 5 bytes JMP 0000000100070390
.text    C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                         0000000076f8dfb0 5 bytes JMP 00000001000702e0
.text    C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                       0000000076f8e030 5 bytes JMP 00000001000702d0
.text    C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                     0000000076f8e050 5 bytes JMP 0000000100070310
.text    C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                      0000000076f8e090 5 bytes JMP 00000001000703c0
.text    C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                   0000000076f8e0e0 5 bytes JMP 00000001000703f0
.text    C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                      0000000076f8e240 5 bytes JMP 0000000100070230
.text    C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                           0000000076f8e400 5 bytes JMP 0000000100070480
.text    C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                          0000000076f8e430 5 bytes JMP 00000001000703a0
.text    C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                   0000000076f8e510 5 bytes JMP 00000001000702f0
.text    C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                                0000000076f8e520 5 bytes JMP 0000000100070350
.text    C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                      0000000076f8e580 5 bytes JMP 0000000100070290
.text    C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                   0000000076f8e610 5 bytes JMP 00000001000702b0
.text    C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                    0000000076f8e630 5 bytes JMP 00000001000703d0
.text    C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                       0000000076f8e640 5 bytes JMP 0000000100070330
.text    C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                                0000000076f8e6b0 5 bytes JMP 0000000100070410
.text    C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                   0000000076f8e6e0 5 bytes JMP 0000000100070240
.text    C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                        0000000076f8e9a0 5 bytes JMP 00000001000701e0
.text    C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                   0000000076f8ea60 5 bytes JMP 0000000100070250
.text    C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                   0000000076f8ea90 5 bytes JMP 0000000100070490
.text    C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                          0000000076f8eaa0 5 bytes JMP 00000001000704a0
.text    C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                     0000000076f8ead0 5 bytes JMP 0000000100070300
.text    C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                  0000000076f8eae0 5 bytes JMP 0000000100070360
.text    C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                        0000000076f8eb40 5 bytes JMP 00000001000702a0
.text    C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                     0000000076f8eb90 5 bytes JMP 00000001000702c0
.text    C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                        0000000076f8ebc0 5 bytes JMP 0000000100070380
.text    C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                         0000000076f8ebd0 5 bytes JMP 0000000100070340
.text    C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                  0000000076f8eec0 5 bytes JMP 0000000100070440
.text    C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                 0000000076f8f0c0 5 bytes JMP 0000000100070260
.text    C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                    0000000076f8f0d0 5 bytes JMP 0000000100070270
.text    C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                  0000000076f8f0e0 5 bytes JMP 0000000100070400
.text    C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                              0000000076f8f2a0 5 bytes JMP 00000001000701f0
.text    C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                               0000000076f8f2b0 5 bytes JMP 0000000100070210
.text    C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                    0000000076f8f320 5 bytes JMP 0000000100070200
.text    C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                    0000000076f8f380 5 bytes JMP 0000000100070420
.text    C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                     0000000076f8f390 5 bytes JMP 0000000100070430
.text    C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                                0000000076f8f3a0 5 bytes JMP 0000000100070220
.text    C:\Windows\System32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                        0000000076f8f480 5 bytes JMP 0000000100070280
.text    C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                                                             0000000076f8dc60 5 bytes JMP 00000000770f0460
.text    C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                                                      0000000076f8dcb0 5 bytes JMP 00000000770f0450
.text    C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                      0000000076f8de10 5 bytes JMP 00000000770f0370
.text    C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                                                           0000000076f8de60 5 bytes JMP 00000000770f0470
.text    C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                                 0000000076f8de70 5 bytes JMP 00000000770f03e0
.text    C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                      0000000076f8df20 5 bytes JMP 00000000770f0320
.text    C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                               0000000076f8df50 5 bytes JMP 00000000770f03b0
.text    C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                                  0000000076f8df70 5 bytes JMP 00000000770f0390
.text    C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                                                        0000000076f8dfb0 5 bytes JMP 00000000770f02e0
.text    C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                                                      0000000076f8e030 5 bytes JMP 00000000770f02d0
.text    C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                    0000000076f8e050 5 bytes JMP 00000000770f0310
.text    C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                     0000000076f8e090 5 bytes JMP 00000000770f03c0
.text    C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                                                  0000000076f8e0e0 5 bytes JMP 00000000770f03f0
.text    C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                                                     0000000076f8e240 5 bytes JMP 00000000770f0230
.text    C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                                          0000000076f8e400 5 bytes JMP 00000000770f0480
.text    C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                                                         0000000076f8e430 5 bytes JMP 00000000770f03a0
.text    C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                                                  0000000076f8e510 5 bytes JMP 00000000770f02f0
.text    C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                                               0000000076f8e520 5 bytes JMP 00000000770f0350
.text    C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                     0000000076f8e580 5 bytes JMP 00000000770f0290
.text    C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                                                  0000000076f8e610 5 bytes JMP 00000000770f02b0
.text    C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                   0000000076f8e630 5 bytes JMP 00000000770f03d0
.text    C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                                                      0000000076f8e640 5 bytes JMP 00000000770f0330
.text    C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                                               0000000076f8e6b0 5 bytes JMP 00000000770f0410
.text    C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                                                  0000000076f8e6e0 5 bytes JMP 00000000770f0240
.text    C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                       0000000076f8e9a0 5 bytes JMP 00000000770f01e0
.text    C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                                                  0000000076f8ea60 5 bytes JMP 00000000770f0250
.text    C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                                                  0000000076f8ea90 5 bytes JMP 00000000770f0490
.text    C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                         0000000076f8eaa0 5 bytes JMP 00000000770f04a0
.text    C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                                                    0000000076f8ead0 5 bytes JMP 00000000770f0300
.text    C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                                                 0000000076f8eae0 5 bytes JMP 00000000770f0360
.text    C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                                                       0000000076f8eb40 5 bytes JMP 00000000770f02a0
.text    C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                                                    0000000076f8eb90 5 bytes JMP 00000000770f02c0
.text    C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                                                       0000000076f8ebc0 5 bytes JMP 00000000770f0380
.text    C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                                                        0000000076f8ebd0 5 bytes JMP 00000000770f0340
.text    C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                                                 0000000076f8eec0 5 bytes JMP 00000000770f0440
.text    C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                                                0000000076f8f0c0 5 bytes JMP 00000000770f0260
.text    C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                                                   0000000076f8f0d0 5 bytes JMP 00000000770f0270
.text    C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                 0000000076f8f0e0 5 bytes JMP 00000000770f0400
.text    C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                             0000000076f8f2a0 5 bytes JMP 00000000770f01f0
.text    C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                                                              0000000076f8f2b0 5 bytes JMP 00000000770f0210
.text    C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                                                   0000000076f8f320 5 bytes JMP 00000000770f0200
.text    C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                   0000000076f8f380 5 bytes JMP 00000000770f0420
.text    C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                    0000000076f8f390 5 bytes JMP 00000000770f0430
.text    C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                               0000000076f8f3a0 5 bytes JMP 00000000770f0220
.text    C:\Windows\system32\taskhost.exe[4756] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                       0000000076f8f480 5 bytes JMP 00000000770f0280
---- Processes - GMER 2.1 ----

Library  C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8B07EE4E-CB47-46C3-B4D0-BDE647116748}\offreg.4516.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [4516](2015-07-02 19:59:27)  000007feef800000

---- Registry - GMER 2.1 ----

Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer@CleanShutdown                                                                                                                                   1
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\LocalMOF@C:\Program Files (x86)\LowPerfSysDrvEnhance\                                                                          

---- EOF - GMER 2.1 ----
         
So, ich hoffe jetzt passt es!

Viele Grüße
Ingo

Alt 03.07.2015, 09:03   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal" - Standard

Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal"



perfekt

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.07.2015, 20:16   #9
ingoxxl
 
Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal" - Standard

Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal"



Hi,

ich habe beide Prüfungen ohne Ergebnisse durchgeführt. Hier die logs:

MBAR

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.07.03.05
  rootkit: v2015.07.03.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17843
Ingo :: HOME-PC [administrator]

03.07.2015 20:55:59
mbar-log-2015-07-03 (20-55-59).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 467562
Time elapsed: 9 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
TDSSKILLER

Code:
ATTFilter
21:07:48.0399 0x0c70  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
21:08:04.0623 0x0c70  ============================================================
21:08:04.0623 0x0c70  Current date / time: 2015/07/03 21:08:04.0623
21:08:04.0623 0x0c70  SystemInfo:
21:08:04.0623 0x0c70  
21:08:04.0623 0x0c70  OS Version: 6.1.7601 ServicePack: 1.0
21:08:04.0623 0x0c70  Product type: Workstation
21:08:04.0623 0x0c70  ComputerName: HOME-PC
21:08:04.0623 0x0c70  UserName: Ingo
21:08:04.0623 0x0c70  Windows directory: C:\Windows
21:08:04.0623 0x0c70  System windows directory: C:\Windows
21:08:04.0623 0x0c70  Running under WOW64
21:08:04.0623 0x0c70  Processor architecture: Intel x64
21:08:04.0623 0x0c70  Number of processors: 4
21:08:04.0623 0x0c70  Page size: 0x1000
21:08:04.0623 0x0c70  Boot type: Normal boot
21:08:04.0623 0x0c70  ============================================================
21:08:04.0779 0x0c70  KLMD registered as C:\Windows\system32\drivers\96792057.sys
21:08:04.0997 0x0c70  System UUID: {856AB1F3-C6EF-031B-D3D2-F26161CE825E}
21:08:05.0605 0x0c70  Drive \Device\Harddisk0\DR0 - Size: 0x1D5849E000 ( 117.38 Gb ), SectorSize: 0x200, Cylinders: 0x3BDA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:08:05.0637 0x0c70  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:08:05.0637 0x0c70  ============================================================
21:08:05.0637 0x0c70  \Device\Harddisk0\DR0:
21:08:05.0637 0x0c70  MBR partitions:
21:08:05.0637 0x0c70  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xEAC1000
21:08:05.0637 0x0c70  \Device\Harddisk1\DR1:
21:08:05.0637 0x0c70  MBR partitions:
21:08:05.0637 0x0c70  ============================================================
21:08:05.0637 0x0c70  C: <-> \Device\Harddisk0\DR0\Partition1
21:08:05.0637 0x0c70  ============================================================
21:08:05.0637 0x0c70  Initialize success
21:08:05.0637 0x0c70  ============================================================
21:09:20.0357 0x1378  ============================================================
21:09:20.0357 0x1378  Scan started
21:09:20.0357 0x1378  Mode: Manual; SigCheck; TDLFS; 
21:09:20.0357 0x1378  ============================================================
21:09:20.0358 0x1378  KSN ping started
21:09:22.0801 0x1378  KSN ping finished: true
21:09:23.0279 0x1378  ================ Scan system memory ========================
21:09:23.0279 0x1378  System memory - ok
21:09:23.0279 0x1378  ================ Scan services =============================
21:09:23.0335 0x1378  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
21:09:23.0403 0x1378  1394ohci - ok
21:09:23.0425 0x1378  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:09:23.0449 0x1378  ACPI - ok
21:09:23.0455 0x1378  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:09:23.0475 0x1378  AcpiPmi - ok
21:09:23.0493 0x1378  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
21:09:23.0521 0x1378  adp94xx - ok
21:09:23.0537 0x1378  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
21:09:23.0560 0x1378  adpahci - ok
21:09:23.0570 0x1378  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
21:09:23.0589 0x1378  adpu320 - ok
21:09:23.0598 0x1378  [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:09:23.0618 0x1378  AeLookupSvc - ok
21:09:23.0637 0x1378  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
21:09:23.0669 0x1378  AFD - ok
21:09:23.0677 0x1378  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
21:09:23.0692 0x1378  agp440 - ok
21:09:23.0699 0x1378  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
21:09:23.0719 0x1378  ALG - ok
21:09:23.0724 0x1378  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:09:23.0738 0x1378  aliide - ok
21:09:23.0744 0x1378  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
21:09:23.0758 0x1378  amdide - ok
21:09:23.0765 0x1378  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
21:09:23.0783 0x1378  AmdK8 - ok
21:09:23.0790 0x1378  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
21:09:23.0808 0x1378  AmdPPM - ok
21:09:23.0817 0x1378  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:09:23.0834 0x1378  amdsata - ok
21:09:23.0849 0x1378  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
21:09:23.0869 0x1378  amdsbs - ok
21:09:23.0877 0x1378  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:09:23.0891 0x1378  amdxata - ok
21:09:23.0898 0x1378  [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID           C:\Windows\system32\drivers\appid.sys
21:09:23.0916 0x1378  AppID - ok
21:09:23.0922 0x1378  [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:09:23.0939 0x1378  AppIDSvc - ok
21:09:23.0946 0x1378  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
21:09:23.0963 0x1378  Appinfo - ok
21:09:23.0980 0x1378  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
21:09:24.0001 0x1378  AppMgmt - ok
21:09:24.0010 0x1378  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
21:09:24.0026 0x1378  arc - ok
21:09:24.0033 0x1378  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
21:09:24.0049 0x1378  arcsas - ok
21:09:24.0057 0x1378  ASPI32 - ok
21:09:24.0076 0x1378  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:09:24.0093 0x1378  aspnet_state - ok
21:09:24.0099 0x1378  [ B5B4C90E9F52DA8586F1E5461AD90A5D, D1EAA34E6AEB014E942D22F8CB5FB19BF1E2EADE5B5357274C001F44FDC25F05 ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
21:09:24.0119 0x1378  aswHwid - ok
21:09:24.0127 0x1378  [ 300CB8E510855189CAD0B72FFB5590CB, EB50DC553FA8FD9DE3F60AAFED20702EAFBB1498EBD3220A39CC52A12F694246 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
21:09:24.0142 0x1378  aswMonFlt - ok
21:09:24.0150 0x1378  [ 6D37D8DB30D086739507C5F6E542656A, 746D9E32E729138EA19062F4E6B6C98B6833504020A296E3E2A9CD92E0FED0B9 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
21:09:24.0165 0x1378  aswRdr - ok
21:09:24.0171 0x1378  [ 07E32DFCA422A2920482D762D01957EC, A6502D26266D708E55EB2883897673AD3087C41D9EA0B41CD6BF6BD923EBDCB8 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
21:09:24.0186 0x1378  aswRvrt - ok
21:09:24.0221 0x1378  [ 3B4AC2DBFC86F7247C1FF1FAF2860530, A54A693D01C02AAE2B78BFE9B3900B5A6DD0C2C37C8FA58B14B5F57107032FF5 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
21:09:24.0266 0x1378  aswSnx - ok
21:09:24.0288 0x1378  [ A04F190FCD762E7BCC9BFC70563C52DB, 2BF6823F2EADBDA28DF1CCECCAC84D9FF37D3CFB66A7B402575C6B9FCFB45EB3 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
21:09:24.0314 0x1378  aswSP - ok
21:09:24.0324 0x1378  [ 6E53278ECCFFBC2ACC2A5006745ED4BB, 392170073A8933DB43CD1D64AD087F972F1971BF83BCAFE5B8FA1273C02026CE ] aswStm          C:\Windows\system32\drivers\aswStm.sys
21:09:24.0341 0x1378  aswStm - ok
21:09:24.0353 0x1378  [ 91782404718C6352C26B3242BAC3F0F1, 84B1CDD1EBC83FAEBDCC8F67B13CA405C6CF0C518FC016603889EBE48FC91AB9 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
21:09:24.0375 0x1378  aswVmm - ok
21:09:24.0381 0x1378  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:09:24.0418 0x1378  AsyncMac - ok
21:09:24.0423 0x1378  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
21:09:24.0437 0x1378  atapi - ok
21:09:24.0461 0x1378  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:09:24.0497 0x1378  AudioEndpointBuilder - ok
21:09:24.0521 0x1378  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
21:09:24.0551 0x1378  AudioSrv - ok
21:09:24.0570 0x1378  [ 54236E79A44F909612391C8A2D70D512, B0DF5BCC4F90AF087D0306F8D81F90B2CAE0176813E3AA6A7D5460F7878677CD ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:09:24.0590 0x1378  avast! Antivirus - ok
21:09:24.0704 0x1378  [ 46C430FE178028F7AD151B62EBA3EEC5, C883B7A974A629549470B28532640C1FD2166CC4F95C69E4C4A1596AF5A5A331 ] AvastVBoxSvc    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
21:09:24.0814 0x1378  AvastVBoxSvc - ok
21:09:24.0834 0x1378  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:09:24.0859 0x1378  AxInstSV - ok
21:09:24.0881 0x1378  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
21:09:24.0909 0x1378  b06bdrv - ok
21:09:24.0923 0x1378  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
21:09:24.0948 0x1378  b57nd60a - ok
21:09:24.0959 0x1378  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:09:24.0978 0x1378  BDESVC - ok
21:09:24.0983 0x1378  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:09:25.0019 0x1378  Beep - ok
21:09:25.0044 0x1378  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
21:09:25.0082 0x1378  BFE - ok
21:09:25.0111 0x1378  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
21:09:25.0175 0x1378  BITS - ok
21:09:25.0183 0x1378  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:09:25.0200 0x1378  blbdrive - ok
21:09:25.0208 0x1378  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:09:25.0225 0x1378  bowser - ok
21:09:25.0231 0x1378  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
21:09:25.0249 0x1378  BrFiltLo - ok
21:09:25.0254 0x1378  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
21:09:25.0272 0x1378  BrFiltUp - ok
21:09:25.0280 0x1378  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
21:09:25.0300 0x1378  Browser - ok
21:09:25.0313 0x1378  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:09:25.0337 0x1378  Brserid - ok
21:09:25.0344 0x1378  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:09:25.0364 0x1378  BrSerWdm - ok
21:09:25.0369 0x1378  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:09:25.0387 0x1378  BrUsbMdm - ok
21:09:25.0392 0x1378  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:09:25.0408 0x1378  BrUsbSer - ok
21:09:25.0417 0x1378  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
21:09:25.0436 0x1378  BTHMODEM - ok
21:09:25.0445 0x1378  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
21:09:25.0484 0x1378  bthserv - ok
21:09:25.0494 0x1378  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:09:25.0535 0x1378  cdfs - ok
21:09:25.0544 0x1378  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:09:25.0563 0x1378  cdrom - ok
21:09:25.0571 0x1378  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
21:09:25.0609 0x1378  CertPropSvc - ok
21:09:25.0616 0x1378  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
21:09:25.0635 0x1378  circlass - ok
21:09:25.0651 0x1378  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
21:09:25.0676 0x1378  CLFS - ok
21:09:25.0687 0x1378  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:09:25.0703 0x1378  clr_optimization_v2.0.50727_32 - ok
21:09:25.0713 0x1378  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:09:25.0730 0x1378  clr_optimization_v2.0.50727_64 - ok
21:09:25.0748 0x1378  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:09:25.0766 0x1378  clr_optimization_v4.0.30319_32 - ok
21:09:25.0774 0x1378  [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:09:25.0792 0x1378  clr_optimization_v4.0.30319_64 - ok
21:09:25.0798 0x1378  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
21:09:25.0815 0x1378  CmBatt - ok
21:09:25.0820 0x1378  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:09:25.0834 0x1378  cmdide - ok
21:09:25.0853 0x1378  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\Windows\system32\Drivers\cng.sys
21:09:25.0888 0x1378  CNG - ok
21:09:25.0895 0x1378  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
21:09:25.0909 0x1378  Compbatt - ok
21:09:25.0916 0x1378  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
21:09:25.0935 0x1378  CompositeBus - ok
21:09:25.0940 0x1378  COMSysApp - ok
21:09:25.0947 0x1378  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
21:09:25.0962 0x1378  crcdisk - ok
21:09:25.0965 0x1378  Crypkey License - ok
21:09:25.0978 0x1378  [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:09:26.0000 0x1378  CryptSvc - ok
21:09:26.0021 0x1378  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
21:09:26.0050 0x1378  CSC - ok
21:09:26.0075 0x1378  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
21:09:26.0111 0x1378  CscService - ok
21:09:26.0134 0x1378  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:09:26.0182 0x1378  DcomLaunch - ok
21:09:26.0197 0x1378  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
21:09:26.0243 0x1378  defragsvc - ok
21:09:26.0251 0x1378  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:09:26.0289 0x1378  DfsC - ok
21:09:26.0303 0x1378  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:09:26.0328 0x1378  Dhcp - ok
21:09:26.0368 0x1378  [ AA5319FA8602676B5D3A2B4A1355896D, 57532E16FF0DDE3D62B6B6DC35E2598DD453140E9277247965A1E835645E588A ] DiagTrack       C:\Windows\system32\diagtrack.dll
21:09:26.0416 0x1378  DiagTrack - ok
21:09:26.0426 0x1378  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
21:09:26.0466 0x1378  discache - ok
21:09:26.0473 0x1378  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
21:09:26.0490 0x1378  Disk - ok
21:09:26.0498 0x1378  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
21:09:26.0515 0x1378  dmvsc - ok
21:09:26.0526 0x1378  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:09:26.0548 0x1378  Dnscache - ok
21:09:26.0563 0x1378  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:09:26.0607 0x1378  dot3svc - ok
21:09:26.0616 0x1378  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
21:09:26.0659 0x1378  DPS - ok
21:09:26.0665 0x1378  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:09:26.0681 0x1378  drmkaud - ok
21:09:26.0713 0x1378  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:09:26.0756 0x1378  DXGKrnl - ok
21:09:26.0766 0x1378  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
21:09:26.0807 0x1378  EapHost - ok
21:09:26.0899 0x1378  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
21:09:27.0013 0x1378  ebdrv - ok
21:09:27.0028 0x1378  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] EFS             C:\Windows\System32\lsass.exe
21:09:27.0046 0x1378  EFS - ok
21:09:27.0071 0x1378  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:09:27.0108 0x1378  ehRecvr - ok
21:09:27.0118 0x1378  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
21:09:27.0138 0x1378  ehSched - ok
21:09:27.0159 0x1378  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
21:09:27.0188 0x1378  elxstor - ok
21:09:27.0195 0x1378  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:09:27.0212 0x1378  ErrDev - ok
21:09:27.0233 0x1378  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
21:09:27.0282 0x1378  EventSystem - ok
21:09:27.0292 0x1378  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
21:09:27.0334 0x1378  exfat - ok
21:09:27.0345 0x1378  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:09:27.0389 0x1378  fastfat - ok
21:09:27.0413 0x1378  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
21:09:27.0450 0x1378  Fax - ok
21:09:27.0457 0x1378  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
21:09:27.0474 0x1378  fdc - ok
21:09:27.0479 0x1378  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
21:09:27.0517 0x1378  fdPHost - ok
21:09:27.0523 0x1378  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:09:27.0561 0x1378  FDResPub - ok
21:09:27.0569 0x1378  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:09:27.0584 0x1378  FileInfo - ok
21:09:27.0590 0x1378  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:09:27.0626 0x1378  Filetrace - ok
21:09:27.0632 0x1378  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
21:09:27.0648 0x1378  flpydisk - ok
21:09:27.0661 0x1378  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:09:27.0682 0x1378  FltMgr - ok
21:09:27.0720 0x1378  [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache       C:\Windows\system32\FntCache.dll
21:09:27.0776 0x1378  FontCache - ok
21:09:27.0786 0x1378  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:09:27.0800 0x1378  FontCache3.0.0.0 - ok
21:09:27.0807 0x1378  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:09:27.0822 0x1378  FsDepends - ok
21:09:27.0827 0x1378  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:09:27.0842 0x1378  Fs_Rec - ok
21:09:27.0857 0x1378  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:09:27.0880 0x1378  fvevol - ok
21:09:27.0887 0x1378  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
21:09:27.0903 0x1378  gagp30kx - ok
21:09:27.0933 0x1378  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
21:09:27.0993 0x1378  gpsvc - ok
21:09:28.0000 0x1378  [ B9893A68032A6D9ADDB5B98287C630F7, F0280764D7B31F1EA634E91397229B1C064A7C1B3A77A6BBD123CEA74180789F ] grmnusb         C:\Windows\system32\drivers\grmnusb.sys
21:09:28.0014 0x1378  grmnusb - ok
21:09:28.0024 0x1378  [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:09:28.0040 0x1378  gusvc - ok
21:09:28.0046 0x1378  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:09:28.0062 0x1378  hcw85cir - ok
21:09:28.0078 0x1378  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:09:28.0106 0x1378  HdAudAddService - ok
21:09:28.0114 0x1378  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
21:09:28.0136 0x1378  HDAudBus - ok
21:09:28.0142 0x1378  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
21:09:28.0159 0x1378  HidBatt - ok
21:09:28.0167 0x1378  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
21:09:28.0188 0x1378  HidBth - ok
21:09:28.0195 0x1378  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
21:09:28.0214 0x1378  HidIr - ok
21:09:28.0220 0x1378  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
21:09:28.0259 0x1378  hidserv - ok
21:09:28.0265 0x1378  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:09:28.0281 0x1378  HidUsb - ok
21:09:28.0288 0x1378  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:09:28.0326 0x1378  hkmsvc - ok
21:09:28.0337 0x1378  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:09:28.0361 0x1378  HomeGroupListener - ok
21:09:28.0373 0x1378  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:09:28.0396 0x1378  HomeGroupProvider - ok
21:09:28.0404 0x1378  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:09:28.0419 0x1378  HpSAMD - ok
21:09:28.0445 0x1378  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:09:28.0482 0x1378  HTTP - ok
21:09:28.0489 0x1378  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:09:28.0503 0x1378  hwpolicy - ok
21:09:28.0512 0x1378  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
21:09:28.0530 0x1378  i8042prt - ok
21:09:28.0548 0x1378  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:09:28.0573 0x1378  iaStorV - ok
21:09:28.0602 0x1378  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:09:28.0641 0x1378  idsvc - ok
21:09:28.0648 0x1378  IEEtwCollectorService - ok
21:09:28.0654 0x1378  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
21:09:28.0669 0x1378  iirsp - ok
21:09:28.0696 0x1378  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
21:09:28.0739 0x1378  IKEEXT - ok
21:09:28.0867 0x1378  [ D63E2B47D1BCB63CCCEF8F591CEDAEE5, AB1E3054D61C10AC565371C6A3FC0CF7433FE2C379C0BFEACF43143C441A56FC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:09:29.0013 0x1378  IntcAzAudAddService - ok
21:09:29.0030 0x1378  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
21:09:29.0044 0x1378  intelide - ok
21:09:29.0051 0x1378  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:09:29.0068 0x1378  intelppm - ok
21:09:29.0076 0x1378  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:09:29.0117 0x1378  IPBusEnum - ok
21:09:29.0239 0x1378  [ 4E9285AEE754564CF6192CD61469CCC5, 2E5DFF1A37A1C4383CFD5353422DB1E78EF5332DC8818CFA588CDF4F9DB9048C ] IperiusSvc      C:\Program Files (x86)\Iperius Backup\IperiusService.exe
21:09:29.0351 0x1378  IperiusSvc - ok
21:09:29.0374 0x1378  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:09:29.0411 0x1378  IpFilterDriver - ok
21:09:29.0432 0x1378  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:09:29.0465 0x1378  iphlpsvc - ok
21:09:29.0474 0x1378  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:09:29.0492 0x1378  IPMIDRV - ok
21:09:29.0500 0x1378  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:09:29.0540 0x1378  IPNAT - ok
21:09:29.0546 0x1378  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:09:29.0566 0x1378  IRENUM - ok
21:09:29.0572 0x1378  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:09:29.0586 0x1378  isapnp - ok
21:09:29.0599 0x1378  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:09:29.0621 0x1378  iScsiPrt - ok
21:09:29.0629 0x1378  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:09:29.0643 0x1378  kbdclass - ok
21:09:29.0649 0x1378  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
21:09:29.0667 0x1378  kbdhid - ok
21:09:29.0673 0x1378  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] KeyIso          C:\Windows\system32\lsass.exe
21:09:29.0691 0x1378  KeyIso - ok
21:09:29.0699 0x1378  [ BF69D973523D539A35807946C6DA7E16, 38F2C59B0857131961DBEA48C4A5DFA9BE7B564941935086B8DC8DBEF896F3EC ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:09:29.0716 0x1378  KSecDD - ok
21:09:29.0726 0x1378  [ 272C27711C8AA6E7815EE33F8ACA9C66, 0A5A10A7A3E87DB92E06395A6676B94FE8B7AD6704864075D443CDC9BABDB4DF ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:09:29.0744 0x1378  KSecPkg - ok
21:09:29.0751 0x1378  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
21:09:29.0787 0x1378  ksthunk - ok
21:09:29.0802 0x1378  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:09:29.0853 0x1378  KtmRm - ok
21:09:29.0865 0x1378  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:09:29.0909 0x1378  LanmanServer - ok
21:09:29.0918 0x1378  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:09:29.0958 0x1378  LanmanWorkstation - ok
21:09:29.0968 0x1378  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:09:30.0006 0x1378  lltdio - ok
21:09:30.0020 0x1378  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:09:30.0067 0x1378  lltdsvc - ok
21:09:30.0074 0x1378  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:09:30.0113 0x1378  lmhosts - ok
21:09:30.0125 0x1378  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
21:09:30.0142 0x1378  LSI_FC - ok
21:09:30.0151 0x1378  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
21:09:30.0167 0x1378  LSI_SAS - ok
21:09:30.0175 0x1378  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
21:09:30.0190 0x1378  LSI_SAS2 - ok
21:09:30.0198 0x1378  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
21:09:30.0214 0x1378  LSI_SCSI - ok
21:09:30.0223 0x1378  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
21:09:30.0262 0x1378  luafv - ok
21:09:30.0270 0x1378  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:09:30.0289 0x1378  Mcx2Svc - ok
21:09:30.0295 0x1378  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
21:09:30.0310 0x1378  megasas - ok
21:09:30.0322 0x1378  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
21:09:30.0344 0x1378  MegaSR - ok
21:09:30.0352 0x1378  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
21:09:30.0391 0x1378  MMCSS - ok
21:09:30.0399 0x1378  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
21:09:30.0434 0x1378  Modem - ok
21:09:30.0440 0x1378  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:09:30.0458 0x1378  monitor - ok
21:09:30.0465 0x1378  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:09:30.0480 0x1378  mouclass - ok
21:09:30.0487 0x1378  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:09:30.0504 0x1378  mouhid - ok
21:09:30.0512 0x1378  [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:09:30.0528 0x1378  mountmgr - ok
21:09:30.0538 0x1378  [ 9FC679D10A7377BB04ECC3D0E2E26B53, 24ACD4EC1618A052C29E4463138B28F62C8B78D442DB82F4925E64FC5849A096 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:09:30.0555 0x1378  MozillaMaintenance - ok
21:09:30.0565 0x1378  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:09:30.0583 0x1378  mpio - ok
21:09:30.0591 0x1378  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:09:30.0630 0x1378  mpsdrv - ok
21:09:30.0658 0x1378  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:09:30.0720 0x1378  MpsSvc - ok
21:09:30.0731 0x1378  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:09:30.0751 0x1378  MRxDAV - ok
21:09:30.0761 0x1378  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:09:30.0781 0x1378  mrxsmb - ok
21:09:30.0795 0x1378  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:09:30.0819 0x1378  mrxsmb10 - ok
21:09:30.0829 0x1378  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:09:30.0847 0x1378  mrxsmb20 - ok
21:09:30.0853 0x1378  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:09:30.0869 0x1378  msahci - ok
21:09:30.0879 0x1378  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:09:30.0896 0x1378  msdsm - ok
21:09:30.0906 0x1378  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
21:09:30.0928 0x1378  MSDTC - ok
21:09:30.0938 0x1378  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:09:30.0975 0x1378  Msfs - ok
21:09:30.0981 0x1378  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:09:31.0017 0x1378  mshidkmdf - ok
21:09:31.0023 0x1378  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:09:31.0037 0x1378  msisadrv - ok
21:09:31.0046 0x1378  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:09:31.0089 0x1378  MSiSCSI - ok
21:09:31.0094 0x1378  msiserver - ok
21:09:31.0101 0x1378  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:09:31.0139 0x1378  MSKSSRV - ok
21:09:31.0145 0x1378  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:09:31.0181 0x1378  MSPCLOCK - ok
21:09:31.0187 0x1378  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:09:31.0223 0x1378  MSPQM - ok
21:09:31.0239 0x1378  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:09:31.0263 0x1378  MsRPC - ok
21:09:31.0271 0x1378  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
21:09:31.0285 0x1378  mssmbios - ok
21:09:31.0291 0x1378  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:09:31.0329 0x1378  MSTEE - ok
21:09:31.0334 0x1378  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
21:09:31.0349 0x1378  MTConfig - ok
21:09:31.0354 0x1378  [ 03B7145C889603537E9FFEABB1AD1089, B3CD93B893D4A2370CBF382366C6F596372857F8711EF6FFF83BFE2B449F424E ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
21:09:31.0369 0x1378  MTsensor - ok
21:09:31.0376 0x1378  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
21:09:31.0392 0x1378  Mup - ok
21:09:31.0411 0x1378  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
21:09:31.0461 0x1378  napagent - ok
21:09:31.0477 0x1378  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:09:31.0507 0x1378  NativeWifiP - ok
21:09:31.0538 0x1378  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:09:31.0580 0x1378  NDIS - ok
21:09:31.0588 0x1378  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:09:31.0626 0x1378  NdisCap - ok
21:09:31.0631 0x1378  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:09:31.0668 0x1378  NdisTapi - ok
21:09:31.0675 0x1378  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:09:31.0711 0x1378  Ndisuio - ok
21:09:31.0721 0x1378  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:09:31.0761 0x1378  NdisWan - ok
21:09:31.0768 0x1378  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:09:31.0804 0x1378  NDProxy - ok
21:09:31.0810 0x1378  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:09:31.0849 0x1378  NetBIOS - ok
21:09:31.0862 0x1378  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:09:31.0904 0x1378  NetBT - ok
21:09:31.0910 0x1378  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] Netlogon        C:\Windows\system32\lsass.exe
21:09:31.0926 0x1378  Netlogon - ok
21:09:31.0940 0x1378  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
21:09:31.0989 0x1378  Netman - ok
21:09:31.0998 0x1378  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:09:32.0017 0x1378  NetMsmqActivator - ok
21:09:32.0025 0x1378  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:09:32.0043 0x1378  NetPipeActivator - ok
21:09:32.0061 0x1378  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
21:09:32.0112 0x1378  netprofm - ok
21:09:32.0122 0x1378  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:09:32.0140 0x1378  NetTcpActivator - ok
21:09:32.0148 0x1378  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:09:32.0166 0x1378  NetTcpPortSharing - ok
21:09:32.0173 0x1378  [ 2263727032E9B19231A706046B8C82D3, AAAE23FF8164BC03F9C331C324F4C4AC7298535CC0BBBB14E9319D009D92D9E1 ] NetworkX        C:\Windows\system32\ckldrv.sys
21:09:32.0186 0x1378  NetworkX - ok
21:09:32.0193 0x1378  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
21:09:32.0208 0x1378  nfrd960 - ok
21:09:32.0223 0x1378  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:09:32.0249 0x1378  NlaSvc - ok
21:09:32.0256 0x1378  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:09:32.0293 0x1378  Npfs - ok
21:09:32.0299 0x1378  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
21:09:32.0338 0x1378  nsi - ok
21:09:32.0343 0x1378  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:09:32.0380 0x1378  nsiproxy - ok
21:09:32.0432 0x1378  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:09:32.0490 0x1378  Ntfs - ok
21:09:32.0499 0x1378  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
21:09:32.0536 0x1378  Null - ok
21:09:32.0553 0x1378  [ A85B4F2EF3A7304A5399EF0526423040, E45854691BA6AE36E53C2922CC93FF13DC2D84CBE7FE13A2F0B1CE1C16D1D158 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
21:09:32.0581 0x1378  NVENETFD - ok
21:09:32.0934 0x1378  [ 5D89C0070BC2643117CF33D0367AFABA, C245E0C0DB6665B6226B4D188F620272C175F0FEA63617ECA45B4FA86273E20C ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:09:33.0344 0x1378  nvlddmkm - ok
21:09:33.0390 0x1378  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:09:33.0408 0x1378  nvraid - ok
21:09:33.0420 0x1378  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:09:33.0437 0x1378  nvstor - ok
21:09:33.0467 0x1378  [ C5647FB500C2A1F946B77C953528042D, E0A53D158B2141EBBE6762165154B4DE9524E6BD3AD7247B6D25AC96E0A34AA0 ] nvsvc           C:\Windows\system32\nvvsvc.exe
21:09:33.0509 0x1378  nvsvc - ok
21:09:33.0520 0x1378  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:09:33.0537 0x1378  nv_agp - ok
21:09:33.0544 0x1378  [ E6A949D80E05859E87E248A78953FB50, 0354DB9015C7F2DDE372AEFC5896C6E041A41E8416901F77E874A2B303047263 ] NxDrv           C:\Windows\system32\DRIVERS\NxDrv.sys
21:09:33.0557 0x1378  NxDrv - ok
21:09:33.0576 0x1378  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:09:33.0600 0x1378  odserv - ok
21:09:33.0608 0x1378  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:09:33.0626 0x1378  ohci1394 - ok
21:09:33.0635 0x1378  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:09:33.0651 0x1378  ose - ok
21:09:33.0667 0x1378  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:09:33.0695 0x1378  p2pimsvc - ok
21:09:33.0713 0x1378  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
21:09:33.0744 0x1378  p2psvc - ok
21:09:33.0753 0x1378  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
21:09:33.0772 0x1378  Parport - ok
21:09:33.0779 0x1378  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:09:33.0795 0x1378  partmgr - ok
21:09:33.0805 0x1378  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:09:33.0828 0x1378  PcaSvc - ok
21:09:33.0838 0x1378  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
21:09:33.0859 0x1378  pci - ok
21:09:33.0864 0x1378  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
21:09:33.0878 0x1378  pciide - ok
21:09:33.0889 0x1378  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
21:09:33.0909 0x1378  pcmcia - ok
21:09:33.0916 0x1378  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
21:09:33.0931 0x1378  pcw - ok
21:09:33.0954 0x1378  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:09:33.0990 0x1378  PEAUTH - ok
21:09:34.0035 0x1378  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
21:09:34.0093 0x1378  PeerDistSvc - ok
21:09:34.0126 0x1378  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
21:09:34.0146 0x1378  PerfHost - ok
21:09:34.0195 0x1378  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
21:09:34.0274 0x1378  pla - ok
21:09:34.0295 0x1378  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:09:34.0325 0x1378  PlugPlay - ok
21:09:34.0331 0x1378  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:09:34.0349 0x1378  PNRPAutoReg - ok
21:09:34.0362 0x1378  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:09:34.0387 0x1378  PNRPsvc - ok
21:09:34.0406 0x1378  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:09:34.0458 0x1378  PolicyAgent - ok
21:09:34.0472 0x1378  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
21:09:34.0516 0x1378  Power - ok
21:09:34.0524 0x1378  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:09:34.0562 0x1378  PptpMiniport - ok
21:09:34.0569 0x1378  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
21:09:34.0587 0x1378  Processor - ok
21:09:34.0598 0x1378  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:09:34.0622 0x1378  ProfSvc - ok
21:09:34.0628 0x1378  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] ProtectedStorage C:\Windows\system32\lsass.exe
21:09:34.0644 0x1378  ProtectedStorage - ok
21:09:34.0653 0x1378  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:09:34.0693 0x1378  Psched - ok
21:09:34.0741 0x1378  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
21:09:34.0802 0x1378  ql2300 - ok
21:09:34.0815 0x1378  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
21:09:34.0832 0x1378  ql40xx - ok
21:09:34.0845 0x1378  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
21:09:34.0879 0x1378  QWAVE - ok
21:09:34.0887 0x1378  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:09:34.0912 0x1378  QWAVEdrv - ok
21:09:34.0917 0x1378  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:09:34.0955 0x1378  RasAcd - ok
21:09:34.0963 0x1378  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:09:35.0002 0x1378  RasAgileVpn - ok
21:09:35.0009 0x1378  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
21:09:35.0052 0x1378  RasAuto - ok
21:09:35.0062 0x1378  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:09:35.0100 0x1378  Rasl2tp - ok
21:09:35.0115 0x1378  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
21:09:35.0164 0x1378  RasMan - ok
21:09:35.0173 0x1378  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:09:35.0213 0x1378  RasPppoe - ok
21:09:35.0221 0x1378  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:09:35.0262 0x1378  RasSstp - ok
21:09:35.0275 0x1378  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:09:35.0321 0x1378  rdbss - ok
21:09:35.0327 0x1378  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
21:09:35.0347 0x1378  rdpbus - ok
21:09:35.0352 0x1378  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:09:35.0390 0x1378  RDPCDD - ok
21:09:35.0402 0x1378  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
21:09:35.0421 0x1378  RDPDR - ok
21:09:35.0426 0x1378  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:09:35.0463 0x1378  RDPENCDD - ok
21:09:35.0471 0x1378  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:09:35.0507 0x1378  RDPREFMP - ok
21:09:35.0516 0x1378  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:09:35.0531 0x1378  RdpVideoMiniport - ok
21:09:35.0541 0x1378  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:09:35.0563 0x1378  RDPWD - ok
21:09:35.0574 0x1378  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:09:35.0594 0x1378  rdyboost - ok
21:09:35.0698 0x1378  [ F51E6123B1897B3F1641259F5E354887, AE0E4E04C64E3FA063D311EFF1476D844ACEF0A41CF70BA33C16F1E61EE00402 ] ReflectService.exe C:\Program Files\Macrium\Reflect\ReflectService.exe
21:09:35.0785 0x1378  ReflectService.exe - ok
21:09:35.0802 0x1378  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:09:35.0843 0x1378  RemoteAccess - ok
21:09:35.0856 0x1378  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:09:35.0900 0x1378  RemoteRegistry - ok
21:09:35.0908 0x1378  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:09:35.0948 0x1378  RpcEptMapper - ok
21:09:35.0954 0x1378  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
21:09:35.0971 0x1378  RpcLocator - ok
21:09:35.0990 0x1378  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
21:09:36.0037 0x1378  RpcSs - ok
21:09:36.0046 0x1378  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:09:36.0084 0x1378  rspndr - ok
21:09:36.0095 0x1378  [ 31DB11C9B2ED9ABAAC8D07FD591820B4, D2FD3A514EB75184432C4C84CCE1689DCCF5F4072EFDAF47F3FCE64C95EFD12A ] RT2500          C:\Windows\system32\DRIVERS\RT2500.sys
21:09:36.0116 0x1378  RT2500 - ok
21:09:36.0121 0x1378  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
21:09:36.0136 0x1378  s3cap - ok
21:09:36.0142 0x1378  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] SamSs           C:\Windows\system32\lsass.exe
21:09:36.0159 0x1378  SamSs - ok
21:09:36.0166 0x1378  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:09:36.0182 0x1378  sbp2port - ok
21:09:36.0193 0x1378  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:09:36.0237 0x1378  SCardSvr - ok
21:09:36.0243 0x1378  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:09:36.0278 0x1378  scfilter - ok
21:09:36.0312 0x1378  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
21:09:36.0384 0x1378  Schedule - ok
21:09:36.0394 0x1378  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:09:36.0430 0x1378  SCPolicySvc - ok
21:09:36.0440 0x1378  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:09:36.0462 0x1378  SDRSVC - ok
21:09:36.0468 0x1378  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:09:36.0505 0x1378  secdrv - ok
21:09:36.0511 0x1378  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
21:09:36.0549 0x1378  seclogon - ok
21:09:36.0556 0x1378  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
21:09:36.0596 0x1378  SENS - ok
21:09:36.0602 0x1378  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:09:36.0622 0x1378  SensrSvc - ok
21:09:36.0627 0x1378  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
21:09:36.0644 0x1378  Serenum - ok
21:09:36.0651 0x1378  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
21:09:36.0669 0x1378  Serial - ok
21:09:36.0674 0x1378  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
21:09:36.0690 0x1378  sermouse - ok
21:09:36.0705 0x1378  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
21:09:36.0745 0x1378  SessionEnv - ok
21:09:36.0751 0x1378  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:09:36.0769 0x1378  sffdisk - ok
21:09:36.0774 0x1378  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:09:36.0792 0x1378  sffp_mmc - ok
21:09:36.0797 0x1378  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:09:36.0815 0x1378  sffp_sd - ok
21:09:36.0820 0x1378  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
21:09:36.0836 0x1378  sfloppy - ok
21:09:36.0851 0x1378  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:09:36.0898 0x1378  SharedAccess - ok
21:09:36.0915 0x1378  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:09:36.0963 0x1378  ShellHWDetection - ok
21:09:36.0970 0x1378  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
21:09:36.0984 0x1378  SiSRaid2 - ok
21:09:36.0991 0x1378  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
21:09:37.0007 0x1378  SiSRaid4 - ok
21:09:37.0020 0x1378  [ 704B4F81729F676BBF034529FC334D82, 1E50DAF97836807A500284385D99272780A8B69CA88761250451060B207824F8 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
21:09:37.0045 0x1378  SkypeUpdate - ok
21:09:37.0054 0x1378  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:09:37.0092 0x1378  Smb - ok
21:09:37.0101 0x1378  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:09:37.0120 0x1378  SNMPTRAP - ok
21:09:37.0148 0x1378  [ 0A94C3E99BEFC82E7A95D5FA0C7B25ED, 97D68F5394C0D0AC2669E888569283330A9DCDDC0926ABFA5286E2301E8529FD ] SONICWALL_NetExtender C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe
21:09:37.0174 0x1378  SONICWALL_NetExtender - ok
21:09:37.0180 0x1378  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:09:37.0195 0x1378  spldr - ok
21:09:37.0216 0x1378  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
21:09:37.0251 0x1378  Spooler - ok
21:09:37.0358 0x1378  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
21:09:37.0478 0x1378  sppsvc - ok
21:09:37.0493 0x1378  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:09:37.0533 0x1378  sppuinotify - ok
21:09:37.0538 0x1378  sptd - ok
21:09:37.0557 0x1378  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:09:37.0586 0x1378  srv - ok
21:09:37.0603 0x1378  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:09:37.0631 0x1378  srv2 - ok
21:09:37.0641 0x1378  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:09:37.0662 0x1378  srvnet - ok
21:09:37.0673 0x1378  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:09:37.0717 0x1378  SSDPSRV - ok
21:09:37.0725 0x1378  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:09:37.0766 0x1378  SstpSvc - ok
21:09:37.0775 0x1378  [ B1800F5DA5114148E405F21292EDF77A, F0CCE39AA15A7E8EBB8EBA72C053F6489E10601294ACD6E12DCDC6E2BE76403B ] StarPortLite    C:\Windows\system32\DRIVERS\StarPortLite.sys
21:09:37.0791 0x1378  StarPortLite - ok
21:09:37.0808 0x1378  [ 32B37DD6E7D423DF3CF3B196C8005F85, 5989DD72AB03009625D5A49CC05D7955D07E3A933AEB292882F22928C5D60565 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:09:37.0832 0x1378  Stereo Service - ok
21:09:37.0839 0x1378  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
21:09:37.0854 0x1378  stexstor - ok
21:09:37.0876 0x1378  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
21:09:37.0918 0x1378  stisvc - ok
21:09:37.0928 0x1378  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
21:09:37.0943 0x1378  storflt - ok
21:09:37.0949 0x1378  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
21:09:37.0968 0x1378  StorSvc - ok
21:09:37.0974 0x1378  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
21:09:37.0988 0x1378  storvsc - ok
21:09:37.0994 0x1378  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
21:09:38.0008 0x1378  swenum - ok
21:09:38.0027 0x1378  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
21:09:38.0081 0x1378  swprv - ok
21:09:38.0138 0x1378  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
21:09:38.0214 0x1378  SysMain - ok
21:09:38.0227 0x1378  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:09:38.0252 0x1378  TabletInputService - ok
21:09:38.0266 0x1378  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:09:38.0313 0x1378  TapiSrv - ok
21:09:38.0320 0x1378  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
21:09:38.0362 0x1378  TBS - ok
21:09:38.0420 0x1378  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:09:38.0491 0x1378  Tcpip - ok
21:09:38.0553 0x1378  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:09:38.0611 0x1378  TCPIP6 - ok
21:09:38.0624 0x1378  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:09:38.0642 0x1378  tcpipreg - ok
21:09:38.0650 0x1378  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:09:38.0665 0x1378  TDPIPE - ok
21:09:38.0671 0x1378  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:09:38.0686 0x1378  TDTCP - ok
21:09:38.0694 0x1378  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:09:38.0712 0x1378  tdx - ok
21:09:38.0868 0x1378  [ 6CA83C69643E7BF144A428B7BDC7D630, DB015BA4428509E1D5BE74FEFB446A29D316564617EB15A379424B3FCE3B74A9 ] TeamViewer      C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
21:09:39.0042 0x1378  TeamViewer - ok
21:09:39.0063 0x1378  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
21:09:39.0079 0x1378  TermDD - ok
21:09:39.0103 0x1378  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
21:09:39.0136 0x1378  TermService - ok
21:09:39.0145 0x1378  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
21:09:39.0169 0x1378  Themes - ok
21:09:39.0176 0x1378  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
21:09:39.0213 0x1378  THREADORDER - ok
21:09:39.0222 0x1378  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
21:09:39.0265 0x1378  TrkWks - ok
21:09:39.0275 0x1378  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:09:39.0314 0x1378  TrustedInstaller - ok
21:09:39.0322 0x1378  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:09:39.0339 0x1378  tssecsrv - ok
21:09:39.0345 0x1378  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:09:39.0363 0x1378  TsUsbFlt - ok
21:09:39.0371 0x1378  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
21:09:39.0386 0x1378  TsUsbGD - ok
21:09:39.0450 0x1378  [ 53C9D93D159EE9FF3E23A7BFAFA9CF9E, 62E20F9B1CC2BC1299EFD76831A41206169EA906F15039E37BDD0E579A4CD5EF ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
21:09:39.0508 0x1378  TuneUp.UtilitiesSvc - ok
21:09:39.0518 0x1378  [ DCC94C51D27C7EC0DADECA8F64C94FCF, 90C978C2284C9BDE3EFA1124616D824E0C361C388293FA22DBC8C3B70C920574 ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys
21:09:39.0531 0x1378  TuneUpUtilitiesDrv - ok
21:09:39.0540 0x1378  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:09:39.0578 0x1378  tunnel - ok
21:09:39.0584 0x1378  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
21:09:39.0600 0x1378  uagp35 - ok
21:09:39.0614 0x1378  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:09:39.0659 0x1378  udfs - ok
21:09:39.0669 0x1378  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:09:39.0690 0x1378  UI0Detect - ok
21:09:39.0697 0x1378  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:09:39.0713 0x1378  uliagpkx - ok
21:09:39.0720 0x1378  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
21:09:39.0737 0x1378  umbus - ok
21:09:39.0742 0x1378  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
21:09:39.0760 0x1378  UmPass - ok
21:09:39.0771 0x1378  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
21:09:39.0796 0x1378  UmRdpService - ok
21:09:39.0812 0x1378  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
21:09:39.0863 0x1378  upnphost - ok
21:09:39.0872 0x1378  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:09:39.0890 0x1378  usbccgp - ok
21:09:39.0898 0x1378  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:09:39.0916 0x1378  usbcir - ok
21:09:39.0922 0x1378  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
21:09:39.0939 0x1378  usbehci - ok
21:09:39.0953 0x1378  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:09:39.0979 0x1378  usbhub - ok
21:09:39.0986 0x1378  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
21:09:40.0002 0x1378  usbohci - ok
21:09:40.0010 0x1378  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
21:09:40.0028 0x1378  usbprint - ok
21:09:40.0035 0x1378  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
21:09:40.0052 0x1378  usbscan - ok
21:09:40.0059 0x1378  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:09:40.0078 0x1378  USBSTOR - ok
21:09:40.0085 0x1378  [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
21:09:40.0102 0x1378  usbuhci - ok
21:09:40.0108 0x1378  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
21:09:40.0149 0x1378  UxSms - ok
21:09:40.0156 0x1378  [ 951A30E6EFB1A2A2D3BB842807661863, AE85011E85655BB65ABDAB37E3CE264290A389AA0A90B046CF9B62766F38E0E6 ] UxTuneUp        C:\Windows\System32\uxtuneup.dll
21:09:40.0170 0x1378  UxTuneUp - ok
21:09:40.0176 0x1378  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] VaultSvc        C:\Windows\system32\lsass.exe
21:09:40.0192 0x1378  VaultSvc - ok
21:09:40.0207 0x1378  [ EB2461E88E1E9F2243FAA3F167BFB94E, 1A7E51BC964CC42A2839FE6DB20A7E2E695E827B62851B0B25CCDB091A144D24 ] VBoxAswDrv      C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
21:09:40.0228 0x1378  VBoxAswDrv - ok
21:09:40.0260 0x1378  [ 774E0B5708EC5F8FE3FAE063AD741D1E, 2392DF6EA79634F842B6B1E96988D58ECCE456361C03BB691D4002D5370D57F0 ] VBoxDrv         C:\Windows\system32\DRIVERS\VBoxDrv.sys
21:09:40.0301 0x1378  VBoxDrv - ok
21:09:40.0313 0x1378  [ 348A3A2F65CFF137440127A98C307102, 4152AAE06F4A992FBD57F7BB86D5ACFF3FA0A41AB0E68B0A457ECAAF83088D3E ] VBoxNetAdp      C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
21:09:40.0330 0x1378  VBoxNetAdp - ok
21:09:40.0340 0x1378  [ C9232E8BC7DE065C88586A6A8089C94E, DC1C7812F4D014B1106ED8E2FDBAC0D12622C75365B22E0D770F412265F52C77 ] VBoxNetFlt      C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
21:09:40.0357 0x1378  VBoxNetFlt - ok
21:09:40.0366 0x1378  [ 79B223A37527EF773621F656310CE525, 8E0252CEC55F4D06849C13EBFA931D40C22BC3EB3D5092764F057C4DE77935E1 ] VBoxUSBMon      C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
21:09:40.0383 0x1378  VBoxUSBMon - ok
21:09:40.0389 0x1378  [ 3C8E2C591345F38149C69FE8E5DF8C90, 9F4BB9BDA09CB2E99A6A888B288F322AE5C460B5D124CD714C6F00FF5029144B ] VClone          C:\Windows\system32\DRIVERS\VClone.sys
21:09:40.0404 0x1378  VClone - ok
21:09:40.0411 0x1378  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:09:40.0425 0x1378  vdrvroot - ok
21:09:40.0445 0x1378  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
21:09:40.0500 0x1378  vds - ok
21:09:40.0508 0x1378  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:09:40.0526 0x1378  vga - ok
21:09:40.0532 0x1378  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:09:40.0569 0x1378  VgaSave - ok
21:09:40.0580 0x1378  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
21:09:40.0600 0x1378  vhdmp - ok
21:09:40.0606 0x1378  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
21:09:40.0621 0x1378  viaide - ok
21:09:40.0632 0x1378  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
21:09:40.0653 0x1378  vmbus - ok
21:09:40.0659 0x1378  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
21:09:40.0675 0x1378  VMBusHID - ok
21:09:40.0682 0x1378  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:09:40.0699 0x1378  volmgr - ok
21:09:40.0714 0x1378  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:09:40.0738 0x1378  volmgrx - ok
21:09:40.0752 0x1378  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:09:40.0775 0x1378  volsnap - ok
21:09:40.0785 0x1378  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
21:09:40.0804 0x1378  vsmraid - ok
21:09:40.0853 0x1378  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
21:09:40.0932 0x1378  VSS - ok
21:09:40.0942 0x1378  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
21:09:40.0962 0x1378  vwifibus - ok
21:09:40.0978 0x1378  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
21:09:41.0028 0x1378  W32Time - ok
21:09:41.0036 0x1378  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
21:09:41.0053 0x1378  WacomPen - ok
21:09:41.0061 0x1378  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:09:41.0099 0x1378  WANARP - ok
21:09:41.0105 0x1378  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:09:41.0141 0x1378  Wanarpv6 - ok
21:09:41.0187 0x1378  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
21:09:41.0252 0x1378  wbengine - ok
21:09:41.0271 0x1378  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:09:41.0300 0x1378  WbioSrvc - ok
21:09:41.0315 0x1378  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:09:41.0349 0x1378  wcncsvc - ok
21:09:41.0356 0x1378  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:09:41.0377 0x1378  WcsPlugInService - ok
21:09:41.0383 0x1378  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
21:09:41.0397 0x1378  Wd - ok
21:09:41.0425 0x1378  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:09:41.0464 0x1378  Wdf01000 - ok
21:09:41.0474 0x1378  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:09:41.0495 0x1378  WdiServiceHost - ok
21:09:41.0501 0x1378  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:09:41.0520 0x1378  WdiSystemHost - ok
21:09:41.0533 0x1378  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
21:09:41.0560 0x1378  WebClient - ok
21:09:41.0572 0x1378  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:09:41.0621 0x1378  Wecsvc - ok
21:09:41.0630 0x1378  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:09:41.0671 0x1378  wercplsupport - ok
21:09:41.0678 0x1378  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:09:41.0719 0x1378  WerSvc - ok
21:09:41.0726 0x1378  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:09:41.0763 0x1378  WfpLwf - ok
21:09:41.0768 0x1378  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:09:41.0782 0x1378  WIMMount - ok
21:09:41.0786 0x1378  WinDefend - ok
21:09:41.0793 0x1378  WinHttpAutoProxySvc - ok
21:09:41.0811 0x1378  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:09:41.0856 0x1378  Winmgmt - ok
21:09:41.0919 0x1378  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
21:09:42.0000 0x1378  WinRM - ok
21:09:42.0016 0x1378  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
21:09:42.0035 0x1378  WinUsb - ok
21:09:42.0063 0x1378  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:09:42.0114 0x1378  Wlansvc - ok
21:09:42.0122 0x1378  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:09:42.0138 0x1378  WmiAcpi - ok
21:09:42.0151 0x1378  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:09:42.0173 0x1378  wmiApSrv - ok
21:09:42.0177 0x1378  WMPNetworkSvc - ok
21:09:42.0184 0x1378  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:09:42.0203 0x1378  WPCSvc - ok
21:09:42.0211 0x1378  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:09:42.0234 0x1378  WPDBusEnum - ok
21:09:42.0240 0x1378  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:09:42.0276 0x1378  ws2ifsl - ok
21:09:42.0283 0x1378  [ ADD2FE1A9F4EE41A6D724819550D4E1F, EE8320496D611F6D264AC21684EACB5DC6F9DD82E055726073C7782D0993AFB3 ] WsAudio_Device(1) C:\Windows\system32\drivers\VirtualAudio1.sys
21:09:42.0297 0x1378  WsAudio_Device(1) - ok
21:09:42.0304 0x1378  [ ADD2FE1A9F4EE41A6D724819550D4E1F, EE8320496D611F6D264AC21684EACB5DC6F9DD82E055726073C7782D0993AFB3 ] WsAudio_Device(2) C:\Windows\system32\drivers\VirtualAudio2.sys
21:09:42.0317 0x1378  WsAudio_Device(2) - ok
21:09:42.0324 0x1378  [ ADD2FE1A9F4EE41A6D724819550D4E1F, EE8320496D611F6D264AC21684EACB5DC6F9DD82E055726073C7782D0993AFB3 ] WsAudio_Device(3) C:\Windows\system32\drivers\VirtualAudio3.sys
21:09:42.0337 0x1378  WsAudio_Device(3) - ok
21:09:42.0343 0x1378  [ ADD2FE1A9F4EE41A6D724819550D4E1F, EE8320496D611F6D264AC21684EACB5DC6F9DD82E055726073C7782D0993AFB3 ] WsAudio_Device(4) C:\Windows\system32\drivers\VirtualAudio4.sys
21:09:42.0357 0x1378  WsAudio_Device(4) - ok
21:09:42.0366 0x1378  [ ADD2FE1A9F4EE41A6D724819550D4E1F, EE8320496D611F6D264AC21684EACB5DC6F9DD82E055726073C7782D0993AFB3 ] WsAudio_Device(5) C:\Windows\system32\drivers\VirtualAudio5.sys
21:09:42.0379 0x1378  WsAudio_Device(5) - ok
21:09:42.0387 0x1378  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
21:09:42.0412 0x1378  wscsvc - ok
21:09:42.0417 0x1378  WSearch - ok
21:09:42.0498 0x1378  [ 14882A15F5CE7B8EADC8E7F54FD5B53B, 75CE9845C6EE66B070EA3D11F5B49935B9D0A607DCC93D3105130F3987E39443 ] wuauserv        C:\Windows\system32\wuaueng.dll
21:09:42.0579 0x1378  wuauserv - ok
21:09:42.0594 0x1378  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:09:42.0612 0x1378  WudfPf - ok
21:09:42.0625 0x1378  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:09:42.0645 0x1378  WUDFRd - ok
21:09:42.0653 0x1378  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:09:42.0675 0x1378  wudfsvc - ok
21:09:42.0686 0x1378  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:09:42.0712 0x1378  WwanSvc - ok
21:09:42.0721 0x1378  ================ Scan global ===============================
21:09:42.0727 0x1378  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
21:09:42.0738 0x1378  [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\Windows\system32\winsrv.dll
21:09:42.0756 0x1378  [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\Windows\system32\winsrv.dll
21:09:42.0768 0x1378  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
21:09:42.0784 0x1378  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
21:09:42.0796 0x1378  [ Global ] - ok
21:09:42.0796 0x1378  ================ Scan MBR ==================================
21:09:42.0799 0x1378  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:09:42.0948 0x1378  \Device\Harddisk0\DR0 - ok
21:09:42.0971 0x1378  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
21:09:43.0043 0x1378  \Device\Harddisk1\DR1 - ok
21:09:43.0043 0x1378  ================ Scan VBR ==================================
21:09:43.0046 0x1378  [ 2A093BC7381C7822D6BE74044DD98790 ] \Device\Harddisk0\DR0\Partition1
21:09:43.0048 0x1378  \Device\Harddisk0\DR0\Partition1 - ok
21:09:43.0048 0x1378  ================ Scan generic autorun ======================
21:09:43.0206 0x1378  [ 65C6AA484AD2287D20541C7735989437, 1842787640391F4A4CD9ED0A531298A61F4B2FB09BEC98FEE256313AFB458EDB ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
21:09:43.0346 0x1378  AvastUI.exe - ok
21:09:43.0395 0x1378  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
21:09:43.0446 0x1378  Sidebar - ok
21:09:43.0455 0x1378  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
21:09:43.0479 0x1378  mctadmin - ok
21:09:43.0516 0x1378  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
21:09:43.0560 0x1378  Sidebar - ok
21:09:43.0569 0x1378  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
21:09:43.0592 0x1378  mctadmin - ok
21:09:43.0595 0x1378  Iperius Backup - ok
21:09:44.0013 0x1378  [ 15D6EFED817CE145FF05A9829050D547, 8ABE7E22C146F2EEE3F3F3713C92BC1D6734477E488872D22ABE2188D2077A39 ] C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
21:09:44.0484 0x1378  ANT Agent - detected UnsignedFile.Multi.Generic ( 1 )
21:09:46.0897 0x1378  Detect skipped due to KSN trusted
21:09:46.0897 0x1378  ANT Agent - ok
21:09:46.0897 0x1378  Waiting for KSN requests completion. In queue: 39
21:09:47.0902 0x1378  Waiting for KSN requests completion. In queue: 39
21:09:48.0916 0x1378  Waiting for KSN requests completion. In queue: 39
21:09:49.0946 0x1378  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.2.2218.942 ), 0x41000 ( enabled : updated )
21:09:49.0946 0x1378  Win FW state via NFP2: enabled
21:09:52.0457 0x1378  ============================================================
21:09:52.0457 0x1378  Scan finished
21:09:52.0457 0x1378  ============================================================
21:09:52.0457 0x1398  Detected object count: 0
21:09:52.0457 0x1398  Actual detected object count: 0
         
Viele Grüße
Ingo

Alt 04.07.2015, 15:33   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal" - Standard

Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal"



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.07.2015, 22:20   #11
ingoxxl
 
Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal" - Standard

Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal"



Hallo,

anbei das Log von Combofix...
COMBOFIX

Code:
ATTFilter
Combofix Logfile:
Code:
ATTFilter
ComboFix 15-07-05.01 - Ingo 05.07.2015  23:05:51.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.6143.4468 [GMT 2:00]
ausgeführt von:: d:\users\Ingo\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-06-05 bis 2015-07-05  ))))))))))))))))))))))))))))))
.
.
2015-07-04 11:59 . 2015-07-04 11:59	--------	d-----w-	c:\program files (x86)\PicGrab
2015-07-04 11:59 . 2003-07-11 23:07	438272	----a-w-	c:\windows\SysWow64\PaintX.dll
2015-07-03 18:55 . 2015-07-03 18:55	--------	d-----w-	c:\programdata\Malwarebytes
2015-07-03 18:55 . 2015-07-03 19:06	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-07-03 18:55 . 2015-07-03 18:55	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-03 18:54 . 2015-07-03 18:54	107736	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-07-03 06:37 . 2015-06-12 07:50	12221144	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{8A1BC8DB-10E0-43C0-A86A-E877773ED2A7}\mpengine.dll
2015-07-02 19:39 . 2015-07-02 19:40	--------	d-----w-	C:\FRST
2015-06-18 17:47 . 2015-06-18 17:47	--------	d-----w-	d:\users\Ingo\VirtualBox VMs
2015-06-15 23:07 . 2015-06-15 23:07	--------	d-----w-	d:\users\Ingo\AppData\Local\calibre-cache
2015-06-15 23:06 . 2015-06-15 23:09	--------	d-----w-	d:\users\Ingo\AppData\Roaming\calibre
2015-06-10 01:07 . 2015-05-22 19:22	950784	----a-w-	c:\program files\Internet Explorer\iedvtool.dll
2015-06-10 01:07 . 2015-05-22 18:52	6026240	----a-w-	c:\windows\system32\jscript9.dll
2015-06-10 01:07 . 2015-05-22 18:47	816640	----a-w-	c:\windows\system32\jscript.dll
2015-06-10 01:07 . 2015-05-22 18:47	814080	----a-w-	c:\windows\system32\jscript9diag.dll
2015-06-10 01:07 . 2015-05-22 17:50	2426880	----a-w-	c:\windows\system32\wininet.dll
2015-06-10 01:07 . 2015-06-01 19:16	293072	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2015-06-10 01:07 . 2015-05-22 19:00	417792	----a-w-	c:\windows\system32\html.iec
2015-06-10 01:07 . 2015-05-22 18:59	88064	----a-w-	c:\windows\system32\MshtmlDac.dll
2015-06-10 01:07 . 2015-05-22 18:25	199680	----a-w-	c:\windows\system32\msrating.dll
2015-06-10 01:07 . 2015-05-22 18:24	1016832	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2015-06-10 01:07 . 2015-05-22 17:31	382976	----a-w-	c:\program files\Internet Explorer\IEShims.dll
2015-06-10 01:07 . 2015-05-27 14:35	24917504	----a-w-	c:\windows\system32\mshtml.dll
2015-06-10 01:07 . 2015-05-22 19:12	10949120	----a-w-	c:\program files\Internet Explorer\F12Resources.dll
2015-06-08 19:35 . 2015-06-08 19:35	--------	d-----w-	d:\users\Julia\AppData\Local\FreeOCR
2015-06-07 08:45 . 2015-06-16 00:26	--------	d-----w-	d:\users\Public\Hörbücher
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-27 18:22 . 2015-05-13 19:39	442264	----a-w-	c:\windows\system32\drivers\aswsp.sys
2015-06-10 20:11 . 2015-05-13 23:03	140135120	----a-w-	c:\windows\system32\MRT.exe
2015-06-03 19:14 . 2015-06-03 19:14	255352	----a-w-	c:\windows\SysWow64\awrdscdc.ax
2015-05-25 18:24 . 2015-06-03 21:05	5569984	----a-w-	c:\windows\system32\ntoskrnl.exe
2015-05-25 18:23 . 2015-06-03 21:05	155584	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2015-05-25 18:23 . 2015-06-03 21:05	95680	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2015-05-25 18:21 . 2015-06-03 21:05	1728960	----a-w-	c:\windows\system32\ntdll.dll
2015-05-25 18:19 . 2015-06-03 21:05	243712	----a-w-	c:\windows\system32\wow64.dll
2015-05-25 18:19 . 2015-06-03 21:05	362496	----a-w-	c:\windows\system32\wow64win.dll
2015-05-25 18:19 . 2015-06-03 21:05	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2015-05-25 18:19 . 2015-06-03 21:05	215040	----a-w-	c:\windows\system32\winsrv.dll
2015-05-25 18:19 . 2015-06-03 21:05	1255424	----a-w-	c:\windows\system32\diagtrack.dll
2015-05-25 18:19 . 2015-06-03 21:05	210944	----a-w-	c:\windows\system32\wdigest.dll
2015-05-25 18:19 . 2015-06-03 21:05	879104	----a-w-	c:\windows\system32\tdh.dll
2015-05-25 18:19 . 2015-06-03 21:05	86528	----a-w-	c:\windows\system32\TSpkg.dll
2015-05-25 18:19 . 2015-06-03 21:05	29184	----a-w-	c:\windows\system32\sspisrv.dll
2015-05-25 18:19 . 2015-06-03 21:05	136192	----a-w-	c:\windows\system32\sspicli.dll
2015-05-25 18:19 . 2015-06-03 21:05	503808	----a-w-	c:\windows\system32\srcore.dll
2015-05-25 18:19 . 2015-06-03 21:05	50176	----a-w-	c:\windows\system32\srclient.dll
2015-05-25 18:19 . 2015-06-03 21:05	28160	----a-w-	c:\windows\system32\secur32.dll
2015-05-25 18:19 . 2015-06-03 21:05	113664	----a-w-	c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-06-03 21:05	342016	----a-w-	c:\windows\system32\schannel.dll
2015-05-25 18:19 . 2015-06-03 21:05	314880	----a-w-	c:\windows\system32\msv1_0.dll
2015-05-25 18:19 . 2015-06-03 21:05	309760	----a-w-	c:\windows\system32\ncrypt.dll
2015-05-25 18:19 . 2015-06-03 21:05	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2015-05-25 18:19 . 2015-06-03 21:05	728576	----a-w-	c:\windows\system32\kerberos.dll
2015-05-25 18:19 . 2015-06-03 21:05	424960	----a-w-	c:\windows\system32\KernelBase.dll
2015-05-25 18:19 . 2015-06-03 21:05	1461760	----a-w-	c:\windows\system32\lsasrv.dll
2015-05-25 18:19 . 2015-06-03 21:05	1162752	----a-w-	c:\windows\system32\kernel32.dll
2015-05-25 18:18 . 2015-06-03 21:05	43520	----a-w-	c:\windows\system32\csrsrv.dll
2015-05-25 18:18 . 2015-06-03 21:05	22016	----a-w-	c:\windows\system32\credssp.dll
2015-05-25 18:18 . 2015-06-03 21:05	879104	----a-w-	c:\windows\system32\advapi32.dll
2015-05-25 18:18 . 2015-06-03 21:05	47104	----a-w-	c:\windows\system32\typeperf.exe
2015-05-25 18:18 . 2015-06-03 21:05	404992	----a-w-	c:\windows\system32\tracerpt.exe
2015-05-25 18:18 . 2015-06-03 21:05	112640	----a-w-	c:\windows\system32\smss.exe
2015-05-25 18:18 . 2015-06-03 21:05	296960	----a-w-	c:\windows\system32\rstrui.exe
2015-05-25 18:18 . 2015-06-03 21:05	43008	----a-w-	c:\windows\system32\relog.exe
2015-05-25 18:18 . 2015-06-03 21:05	31232	----a-w-	c:\windows\system32\lsass.exe
2015-05-25 18:18 . 2015-06-03 21:05	104448	----a-w-	c:\windows\system32\logman.exe
2015-05-25 18:18 . 2015-06-03 21:05	19456	----a-w-	c:\windows\system32\diskperf.exe
2015-05-25 18:18 . 2015-06-03 21:05	338432	----a-w-	c:\windows\system32\conhost.exe
2015-05-25 18:18 . 2015-06-03 21:05	64000	----a-w-	c:\windows\system32\auditpol.exe
2015-05-25 18:14 . 2015-06-03 21:05	60416	----a-w-	c:\windows\system32\msobjs.dll
2015-05-25 18:14 . 2015-06-03 21:05	146432	----a-w-	c:\windows\system32\msaudite.dll
2015-05-25 18:11 . 2015-06-03 21:05	6656	----a-w-	c:\windows\system32\apisetschema.dll
2015-05-25 18:11 . 2015-06-03 21:05	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-25 18:11 . 2015-06-03 21:05	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-25 18:11 . 2015-06-03 21:05	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 18:11 . 2015-06-03 21:05	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 18:11 . 2015-06-03 21:05	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 18:11 . 2015-06-03 21:05	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 18:11 . 2015-06-03 21:05	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-25 18:11 . 2015-06-03 21:05	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-25 18:11 . 2015-06-03 21:05	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-25 18:11 . 2015-06-03 21:05	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 18:11 . 2015-06-03 21:05	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 18:11 . 2015-06-03 21:05	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 18:11 . 2015-06-03 21:05	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 18:11 . 2015-06-03 21:05	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-25 18:11 . 2015-06-03 21:05	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-25 18:11 . 2015-06-03 21:05	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-25 18:11 . 2015-06-03 21:05	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-25 18:11 . 2015-06-03 21:05	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-25 18:11 . 2015-06-03 21:05	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-25 18:11 . 2015-06-03 21:05	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-25 18:11 . 2015-06-03 21:05	3072	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 18:11 . 2015-06-03 21:05	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-25 18:11 . 2015-06-03 21:05	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-25 18:11 . 2015-06-03 21:05	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-25 18:11 . 2015-06-03 21:05	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-25 18:11 . 2015-06-03 21:05	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-25 18:11 . 2015-06-03 21:05	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-25 18:11 . 2015-06-03 21:05	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-25 18:11 . 2015-06-03 21:05	686080	----a-w-	c:\windows\system32\adtschema.dll
2015-05-25 18:07 . 2015-06-03 21:05	3989440	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2015-05-25 18:07 . 2015-06-03 21:05	3934144	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2015-05-25 18:04 . 2015-06-03 21:05	1310744	----a-w-	c:\windows\SysWow64\ntdll.dll
2015-05-25 18:01 . 2015-06-03 21:05	172032	----a-w-	c:\windows\SysWow64\wdigest.dll
2015-05-25 18:01 . 2015-06-03 21:05	65536	----a-w-	c:\windows\SysWow64\TSpkg.dll
2015-05-25 18:01 . 2015-06-03 21:05	635392	----a-w-	c:\windows\SysWow64\tdh.dll
2015-05-25 18:01 . 2015-06-03 21:05	43008	----a-w-	c:\windows\SysWow64\srclient.dll
2015-05-25 18:01 . 2015-06-03 21:05	92160	----a-w-	c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-06-03 21:05	248832	----a-w-	c:\windows\SysWow64\schannel.dll
2015-05-25 18:01 . 2015-06-03 21:05	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2015-05-25 18:01 . 2015-06-03 21:05	221184	----a-w-	c:\windows\SysWow64\ncrypt.dll
2015-05-25 18:01 . 2015-06-03 21:05	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2015-05-25 18:01 . 2015-06-03 21:05	259584	----a-w-	c:\windows\SysWow64\msv1_0.dll
2015-05-25 18:01 . 2015-06-03 21:05	551424	----a-w-	c:\windows\SysWow64\kerberos.dll
2015-05-25 18:01 . 2015-06-03 21:05	17408	----a-w-	c:\windows\SysWow64\credssp.dll
2015-05-25 18:01 . 2015-06-03 21:05	641536	----a-w-	c:\windows\SysWow64\advapi32.dll
2015-05-25 18:01 . 2015-06-03 21:05	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2015-05-25 18:00 . 2015-06-03 21:05	40448	----a-w-	c:\windows\SysWow64\typeperf.exe
2015-05-25 18:00 . 2015-06-03 21:05	364544	----a-w-	c:\windows\SysWow64\tracerpt.exe
2015-05-25 18:00 . 2015-06-03 21:05	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2015-05-25 18:00 . 2015-06-03 21:05	37888	----a-w-	c:\windows\SysWow64\relog.exe
2015-05-25 18:00 . 2015-06-03 21:05	82944	----a-w-	c:\windows\SysWow64\logman.exe
2015-05-25 18:00 . 2015-06-03 21:05	17408	----a-w-	c:\windows\SysWow64\diskperf.exe
2015-05-25 18:00 . 2015-06-03 21:05	50176	----a-w-	c:\windows\SysWow64\auditpol.exe
2015-05-25 17:59 . 2015-06-03 21:05	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2015-05-25 17:59 . 2015-06-03 21:05	5120	----a-w-	c:\windows\SysWow64\wow32.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Iperius Backup"="c:\program files (x86)\Iperius Backup\Iperius.exe" [2015-05-08 23611280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-05-13 5515496]
.
d:\users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Spamihilator.lnk - c:\program files\Spamihilator\spamihilator.exe [2015-5-21 2513408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WsAudio_Device(1);WsAudio_Device(1);c:\windows\system32\drivers\VirtualAudio1.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio1.sys [x]
R3 WsAudio_Device(2);WsAudio_Device(2);c:\windows\system32\drivers\VirtualAudio2.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio2.sys [x]
R3 WsAudio_Device(3);WsAudio_Device(3);c:\windows\system32\drivers\VirtualAudio3.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio3.sys [x]
R3 WsAudio_Device(4);WsAudio_Device(4);c:\windows\system32\drivers\VirtualAudio4.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio4.sys [x]
R3 WsAudio_Device(5);WsAudio_Device(5);c:\windows\system32\drivers\VirtualAudio5.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio5.sys [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys;c:\windows\SYSNATIVE\DRIVERS\StarPortLite.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 IperiusSvc;Iperius Backup Service;c:\program files (x86)\Iperius Backup\IperiusService.exe;c:\program files (x86)\Iperius Backup\IperiusService.exe [x]
S2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe;c:\program files\Macrium\Reflect\ReflectService.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 NxDrv;SonicWALL NetExtender Adapter;c:\windows\system32\DRIVERS\NxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\NxDrv.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-05-13 19:39	722400	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
uDefault_Search_URL = www.google.com
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.177.1
FF - ProfilePath - d:\users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n89clb7s.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-FRITZ! 2.0 - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-07-05  23:12:16
ComboFix-quarantined-files.txt  2015-07-05 21:12
.
Vor Suchlauf: 6 Verzeichnis(se), 101.621.915.648 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 101.449.379.840 Bytes frei
.
- - End Of File - - 55C24FEC0FF1C52E5273E9AE50924EE8
         
--- --- --- A36C5E4F47E84449FF07ED3517B43A31
Viele Grüße
Ingo

Alt 06.07.2015, 05:52   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal" - Standard

Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal"



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.07.2015, 22:21   #13
ingoxxl
 
Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal" - Standard

Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal"



Hi,

hier nun die neuen Logs:

MBAM

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 06.07.2015
Suchlaufzeit: 22:42
Protokolldatei: mbam_log.txt
Administrator: Ja

Version: 2.1.8.1057
Malware-Datenbank: v2015.07.06.07
Rootkit-Datenbank: v2015.07.05.03
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Ingo

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 481126
Abgelaufene Zeit: 9 Min., 30 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         
ADWARE CLEANER

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v4.207 - Bericht erstellt 06/07/2015 um 23:00:42
# Aktualisiert 21/06/2015 von Xplode
# Datenbank : 2015-07-05.2 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : Ingo - HOME-PC
# Gestarted von : D:\Users\Ingo\Desktop\AdwCleaner_4.207.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v38.0.5 (x86 de)


*************************

AdwCleaner[R1].txt - [789 Bytes] - [06/07/2015 22:59:25]
AdwCleaner[S1].txt - [710 Bytes] - [06/07/2015 23:00:42]

########## EOF - D:\AdwCleaner\AdwCleaner[S1].txt - [768  Bytes] ##########
         
--- --- ---


JRT

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.3.3 (07.06.2015:2)
OS: Windows 7 Professional x64
Ran by Ingo on 06.07.2015 at 23:04:44,32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\TuneUpUtilities_Task_BkGndMaintenance2011



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\TuneUp Undelete
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\TuneUp Shredder Shell Extension
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\TuneUp Disk Space Explorer Shell Extension
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\TuneUp Shredder Shell Extension



~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\REN600A.tmp



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\tuneup software
Successfully deleted: [Folder] D:\Users\Ingo\appdata\local\crashrpt
Successfully deleted: [Folder] D:\Users\Ingo\AppData\Roaming\tuneup software
Successfully deleted: [Folder] D:\Users\Ingo\AppData\Roaming\2761
Successfully deleted: [Folder] D:\Users\Ingo\AppData\Roaming\6755
Successfully deleted: [Folder] D:\Users\Ingo\AppData\Roaming\9756



~~~ FireFox

Emptied folder: D:\Users\Ingo\AppData\Roaming\mozilla\firefox\profiles\n89clb7s.default\minidumps [51 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.07.2015 at 23:08:16,96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by Ingo (administrator) on HOME-PC on 06-07-2015 23:10:28
Running from D:\Users\Ingo\Desktop
Loaded Profiles: Ingo (Available Profiles: Ingo & Julia & Klara)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-13] (Avast Software s.r.o.)
HKU\S-1-5-21-2484450973-2070416738-4278609927-1005\...\Run: [Iperius Backup] => C:\Program Files (x86)\Iperius Backup\Iperius.exe [23611280 2015-05-08] (Enter Srl)
HKU\S-1-5-21-2484450973-2070416738-4278609927-1005\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2484450973-2070416738-4278609927-1005\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2484450973-2070416738-4278609927-1005\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
Startup: D:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk [2015-05-28]
ShortcutTarget: Spamihilator.lnk -> C:\Program Files\Spamihilator\spamihilator.exe (Michel Krämer)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-13] (Avast Software s.r.o.)
GroupPolicyUsers\S-1-5-21-2484450973-2070416738-4278609927-1007\User: Group Policy Restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2484450973-2070416738-4278609927-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2484450973-2070416738-4278609927-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2484450973-2070416738-4278609927-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2484450973-2070416738-4278609927-1005 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = https://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-13] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-13] (Avast Software s.r.o.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-13] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-13] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-13] (Avast Software s.r.o.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-13] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.177.1
Tcpip\..\Interfaces\{1FB36190-A6F5-4787-A58D-E71835657744}: [DhcpNameServer] 192.168.177.1

FireFox:
========
FF ProfilePath: D:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n89clb7s.default
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-13] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-13] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Extension: MinimizeToTray revived (MinTrayR) - D:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n89clb7s.default\Extensions\mintrayr@tn123.ath.cx [2015-05-29]
FF Extension: IE Tab - D:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n89clb7s.default\Extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2015-05-29]
FF Extension: Save Text To File - D:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n89clb7s.default\Extensions\HighlightedTextToFile@bobbyrne01.org.xpi [2015-05-22]
FF Extension: Adblock Plus - D:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n89clb7s.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-22]
FF Extension: DownThemAll! - D:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n89clb7s.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-05-22]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-13]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-13]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-13] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-05-13] (Avast Software)
S2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed]
S2 IperiusSvc; C:\Program Files (x86)\Iperius Backup\IperiusService.exe [4364192 2015-05-08] (Enter Srl)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)
S2 SONICWALL_NetExtender; C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe [614416 2014-10-21] (Dell Inc.)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2028864 2011-12-13] (TuneUp Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 ASPI32; No ImagePath
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-13] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-13] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-13] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-13] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-27] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-13] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-13] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
R3 NxDrv; C:\Windows\System32\DRIVERS\NxDrv.sys [25536 2014-10-21] (SonicWALL Inc.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2015-05-21] (Duplex Secure Ltd.)
R1 StarPortLite; C:\Windows\System32\DRIVERS\StarPortLite.sys [120704 2013-02-04] (StarWind Software)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [11856 2011-07-07] (TuneUp Software)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-05-13] (Avast Software)
S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2013-01-25] (Wondershare)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-06 23:10 - 2015-07-06 23:10 - 00012290 _____ D:\Users\Ingo\Desktop\FRST.txt
2015-07-06 23:10 - 2015-07-02 21:15 - 02112512 _____ (Farbar) D:\Users\Ingo\Desktop\FRST64.exe
2015-07-06 23:04 - 2015-07-06 23:04 - 00000207 _____ C:\Windows\tweaking.com-regbackup-HOME-PC-Windows-7-Professional-(64-bit).dat
2015-07-06 23:04 - 2015-07-06 23:04 - 00000000 ____D C:\RegBackup
2015-07-06 22:45 - 2015-07-06 23:10 - 00000000 ____D D:\Users\Ingo\Downloads\Trojaner Board Stuff
2015-07-06 22:39 - 2015-07-06 22:47 - 00000000 ____D D:\Users\Ingo\AppData\Roaming\Adobe
2015-07-06 22:38 - 2015-07-06 22:38 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-06 22:37 - 2015-07-06 22:40 - 00000000 ____D C:\ProgramData\Adobe
2015-07-06 22:37 - 2015-07-06 22:37 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-07-06 22:37 - 2015-07-06 22:37 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-06 22:35 - 2015-07-06 22:40 - 00000000 ____D D:\Users\Ingo\AppData\Local\Adobe
2015-07-06 22:28 - 2015-07-06 22:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-07-06 22:28 - 2015-07-06 22:30 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-07-06 22:28 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-06 22:28 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-05 23:04 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-05 23:04 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-05 23:04 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-05 23:04 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-05 23:04 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-05 23:04 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-05 23:04 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-05 23:04 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-05 23:02 - 2015-07-05 23:12 - 00000000 ____D C:\Qoobox
2015-07-05 23:02 - 2015-07-05 23:11 - 00000000 ____D C:\Windows\erdnt
2015-07-04 13:59 - 2015-07-04 13:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PicGrab
2015-07-04 13:59 - 2015-07-04 13:59 - 00000000 ____D C:\Program Files (x86)\PicGrab
2015-07-04 13:59 - 2003-07-12 01:07 - 00438272 _____ () C:\Windows\SysWOW64\PaintX.dll
2015-07-04 13:58 - 2015-07-04 13:58 - 01198368 _____ D:\Users\Julia\Downloads\PicGrab - CHIP-Installer.exe
2015-07-03 20:55 - 2015-07-06 22:41 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-03 20:55 - 2015-07-06 22:28 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-03 20:55 - 2015-07-03 21:06 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-07-03 20:54 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-02 21:39 - 2015-07-06 23:10 - 00000000 ____D C:\FRST
2015-07-02 21:36 - 2015-07-02 21:36 - 00000020 _____ D:\Users\Ingo\defogger_reenable
2015-06-30 21:11 - 2015-06-30 21:12 - 44135827 _____ D:\Users\Julia\Downloads\downloads(1).zip
2015-06-30 21:03 - 2015-06-30 21:05 - 74260937 _____ D:\Users\Julia\Downloads\downloads.zip
2015-06-27 21:43 - 2015-06-27 21:57 - 00003584 _____ D:\Users\Julia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-18 23:06 - 2015-06-18 23:06 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-06-18 19:47 - 2015-06-18 19:47 - 00000000 ____D D:\Users\Ingo\VirtualBox VMs
2015-06-16 01:07 - 2015-06-16 01:07 - 00000000 ____D D:\Users\Ingo\AppData\Local\calibre-cache
2015-06-16 01:06 - 2015-06-18 00:35 - 00000000 ____D D:\Users\Ingo\Documents\Calibre-Bibliothek
2015-06-16 01:06 - 2015-06-16 01:09 - 00000000 ____D D:\Users\Ingo\AppData\Roaming\calibre
2015-06-12 14:12 - 2015-06-12 14:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell SonicWALL NetExtender
2015-06-12 13:59 - 2015-06-12 13:59 - 01536632 _____ D:\Users\Julia\Downloads\NXSetupU.exe
2015-06-10 03:08 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 03:08 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 03:08 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 03:08 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 03:08 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 03:08 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 03:08 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 03:08 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 03:08 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 03:08 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 03:08 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 03:08 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 03:08 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 03:08 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 03:08 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 03:08 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 03:08 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 03:08 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 03:08 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 03:08 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 03:08 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 03:08 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 03:08 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 03:08 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 03:08 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 03:08 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 03:08 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 03:08 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 03:08 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 03:08 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 03:08 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 03:08 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 03:08 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 03:08 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 03:08 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 03:08 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 03:08 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 03:08 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 03:08 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 03:08 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 03:08 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 03:08 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 03:08 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 03:08 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 03:08 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 03:08 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 03:08 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 03:08 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 03:08 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 03:08 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 03:08 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 03:08 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 03:08 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 03:08 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 03:08 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 03:08 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 03:08 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 03:08 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 03:08 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 03:08 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 03:08 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 03:08 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 03:08 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 03:08 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 03:08 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 03:07 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 03:07 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 03:07 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 03:07 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 03:07 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 03:07 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 03:07 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 03:07 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-08 21:35 - 2015-06-08 21:35 - 00000000 ____D D:\Users\Julia\AppData\Local\FreeOCR
2015-06-07 10:46 - 2015-06-07 10:46 - 00001147 _____ D:\Users\Klara\Desktop\Hörbücher.lnk
2015-06-07 10:45 - 2015-06-16 02:26 - 00000000 ____D D:\Users\Public\Hörbücher

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-06 23:08 - 2011-04-12 09:43 - 00702198 _____ C:\Windows\system32\perfh007.dat
2015-07-06 23:08 - 2011-04-12 09:43 - 00149838 _____ C:\Windows\system32\perfc007.dat
2015-07-06 23:08 - 2009-07-14 07:13 - 01626984 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-06 23:05 - 2015-05-13 20:33 - 01183837 _____ C:\Windows\WindowsUpdate.log
2015-07-06 23:05 - 2009-07-14 06:45 - 00020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-06 23:05 - 2009-07-14 06:45 - 00020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-06 23:03 - 2015-05-21 00:03 - 00000000 ____D D:\Users\Ingo\AppData\Roaming\Spamihilator
2015-07-06 23:01 - 2015-05-26 08:29 - 00038780 _____ C:\Windows\PFRO.log
2015-07-06 23:01 - 2015-05-24 14:23 - 00033976 _____ C:\Windows\errord.log
2015-07-06 23:01 - 2015-05-24 14:23 - 00018228 _____ C:\Windows\error.log
2015-07-06 23:01 - 2015-05-21 00:48 - 00016639 _____ C:\Windows\setupact.log
2015-07-06 23:01 - 2015-05-13 21:39 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-07-06 23:01 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-06 21:14 - 2015-05-15 00:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-05 23:10 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-07-04 13:39 - 2015-05-23 00:28 - 00084984 _____ D:\Users\Julia\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-04 11:59 - 2015-05-23 00:45 - 00001087 _____ D:\Users\Klara\Desktop\Caillou - Skivergnügen und mehr.lnk
2015-07-03 00:28 - 2015-05-21 00:01 - 00000000 ____D D:\Users\Ingo\AppData\Roaming\Notepad++
2015-07-02 21:55 - 2015-05-15 00:00 - 00084984 _____ D:\Users\Ingo\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-02 21:36 - 2015-05-14 23:16 - 00000000 ____D D:\Users\Ingo
2015-07-02 21:32 - 2009-07-14 06:45 - 04900304 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-02 21:26 - 2015-05-21 00:02 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2015-07-01 00:02 - 2015-05-29 03:58 - 00000000 ____D D:\Users\Ingo\AppData\Local\CrashDumps
2015-06-28 18:22 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-28 17:41 - 2015-05-23 00:35 - 00000000 ____D D:\Users\Julia\AppData\Roaming\Skype
2015-06-28 12:40 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-27 20:22 - 2015-05-13 21:39 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
2015-06-18 22:51 - 2015-05-21 21:26 - 00000000 ____D D:\Users\Ingo\.VirtualBox
2015-06-18 00:33 - 2015-05-23 23:05 - 00000000 ____D D:\Users\Ingo\Documents\decrypted ebooks
2015-06-15 22:24 - 2015-05-22 23:19 - 00000000 ____D D:\Users\Julia\AppData\Roaming\.purple
2015-06-15 02:58 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-14 16:13 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-13 13:13 - 2015-06-03 21:14 - 00000000 ____D D:\Users\Ingo\AppData\Local\Audible
2015-06-12 21:50 - 2015-05-21 20:44 - 00000000 ____D D:\Users\Ingo\AppData\Roaming\KeePass
2015-06-12 20:56 - 2015-05-21 21:10 - 00000000 ____D D:\Users\Ingo\Documents\My Digital Editions
2015-06-12 14:11 - 2015-05-25 20:58 - 00000000 ____D C:\Windows\system32\appmgmt
2015-06-10 23:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-10 22:15 - 2015-05-14 01:03 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 22:15 - 2015-05-13 21:00 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-10 22:11 - 2015-05-14 01:03 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-08 23:49 - 2015-05-25 22:36 - 00015779 _____ D:\Users\Julia\Desktop\Wohnungsfinanzierung_1411.xlsx
2015-06-08 21:35 - 2015-05-15 00:00 - 00000000 ____D C:\Program Files (x86)\FreeOCR
2015-06-08 20:03 - 2015-05-24 14:09 - 00000000 ____D D:\Users\Julia\AppData\Roaming\KeePass
2015-06-08 20:02 - 2015-05-13 21:10 - 00000000 ____D C:\ProgramData\Skype

==================== Files in the root of some directories =======

2015-05-25 23:24 - 2015-05-25 23:28 - 0000026 _____ () D:\Users\Ingo\AppData\Local\isoworkshop.ini
2015-06-02 08:25 - 2015-06-02 08:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-06 21:55

==================== End of log ============================
         
--- --- ---


Viele Grüße
Ingo

Alt 07.07.2015, 06:29   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal" - Standard

Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal"




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.07.2015, 21:45   #15
ingoxxl
 
Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal" - Standard

Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal"



Hallo,

hier jetzt die Ergebnisse meiner heutigen Prüfungen. Im Übrigen ist die Fehlermeldung seitdem nicht mehr aufgetaucht...

ESET

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=06858316fedb39429593d5a75da8976c
# end=init
# utc_time=2015-07-08 06:01:40
# local_time=2015-07-08 08:01:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24704
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=06858316fedb39429593d5a75da8976c
# end=updated
# utc_time=2015-07-08 06:40:12
# local_time=2015-07-08 08:40:12 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=06858316fedb39429593d5a75da8976c
# engine=24704
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-07-08 07:17:14
# local_time=2015-07-08 09:17:14 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 84 872317 4837754 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 96256 188012884 0 0
# scanned=202964
# found=4
# cleaned=0
# scan_time=2221
sh=DF46C418CC40985B1452145D68EC00EE4FB92CDB ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.AH Trojaner" ac=I fn="D:\Users\Ingo\Documents\LG PC Suite IV\LG-P970\Backup\PhoneData_2012_1024_230902\Photo\E\download\assets\gingerbreak.png"
sh=F1BA86B62E8C56C59C3A850C016E9F3AB15FC82D ft=1 fh=77b67014c21a5d01 vn="Variante von Win32/DownloadSponsor.B evtl. unerwünschte Anwendung" ac=I fn="D:\Users\Julia\Downloads\FileNameChange.exe"
sh=0E45B93734E8125DF09E9A3D0FCB5DCE93441534 ft=1 fh=f92dbd4c744344fd vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="D:\Users\Julia\Downloads\Image Resizer - CHIP-Installer.exe"
sh=E2BADB0A8A4BF524E47B066CD9A143FC0274337F ft=1 fh=8c5ee5e5f03b383b vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="D:\Users\Julia\Downloads\PicGrab - CHIP-Installer.exe"
         
SecurityCheck

Code:
ATTFilter
 Results of screen317's Security Check version 1.004  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 TuneUp Utilities 2011   
 TuneUp Utilities Language Pack (de-DE) 
 Java 8 Update 45  
 Java SE Development Kit 8 Update 45 
 Mozilla Firefox (39.0) 
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe 
 AVAST Software Avast ng ngservice.exe 
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
FRST


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by Ingo (administrator) on HOME-PC on 08-07-2015 21:35:06
Running from D:\Users\Ingo\Desktop
Loaded Profiles: Ingo (Available Profiles: Ingo & Julia & Klara)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Enter Srl) C:\Program Files (x86)\Iperius Backup\IperiusService.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Dell Inc.) C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
(Enter Srl) C:\Program Files (x86)\Iperius Backup\Iperius.exe
(Michel Krämer) C:\Program Files\Spamihilator\spamihilator.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-13] (Avast Software s.r.o.)
HKU\S-1-5-21-2484450973-2070416738-4278609927-1005\...\Run: [Iperius Backup] => C:\Program Files (x86)\Iperius Backup\Iperius.exe [23611280 2015-05-08] (Enter Srl)
HKU\S-1-5-21-2484450973-2070416738-4278609927-1005\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2484450973-2070416738-4278609927-1005\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2484450973-2070416738-4278609927-1005\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
Startup: D:\Users\Ingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk [2015-05-28]
ShortcutTarget: Spamihilator.lnk -> C:\Program Files\Spamihilator\spamihilator.exe (Michel Krämer)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-13] (Avast Software s.r.o.)
GroupPolicyUsers\S-1-5-21-2484450973-2070416738-4278609927-1007\User: Group Policy Restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2484450973-2070416738-4278609927-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2484450973-2070416738-4278609927-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2484450973-2070416738-4278609927-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2484450973-2070416738-4278609927-1005 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = https://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-13] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-13] (Avast Software s.r.o.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-13] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-13] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-13] (Avast Software s.r.o.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-13] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.177.1
Tcpip\..\Interfaces\{1FB36190-A6F5-4787-A58D-E71835657744}: [DhcpNameServer] 192.168.177.1

FireFox:
========
FF ProfilePath: D:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n89clb7s.default
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-13] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-13] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Extension: MinimizeToTray revived (MinTrayR) - D:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n89clb7s.default\Extensions\mintrayr@tn123.ath.cx [2015-05-29]
FF Extension: IE Tab - D:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n89clb7s.default\Extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2015-05-29]
FF Extension: Save Text To File - D:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n89clb7s.default\Extensions\HighlightedTextToFile@bobbyrne01.org.xpi [2015-05-22]
FF Extension: Adblock Plus - D:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n89clb7s.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-22]
FF Extension: DownThemAll! - D:\Users\Ingo\AppData\Roaming\Mozilla\Firefox\Profiles\n89clb7s.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-05-22]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-13]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-13]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-13] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-05-13] (Avast Software)
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed]
R2 IperiusSvc; C:\Program Files (x86)\Iperius Backup\IperiusService.exe [4364192 2015-05-08] (Enter Srl)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)
R2 SONICWALL_NetExtender; C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe [614416 2014-10-21] (Dell Inc.)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2028864 2011-12-13] (TuneUp Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 ASPI32; No ImagePath
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-13] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-13] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-13] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-13] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-27] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-13] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-13] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
R3 NxDrv; C:\Windows\System32\DRIVERS\NxDrv.sys [25536 2014-10-21] (SonicWALL Inc.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2015-05-21] (Duplex Secure Ltd.)
R1 StarPortLite; C:\Windows\System32\DRIVERS\StarPortLite.sys [120704 2013-02-04] (StarWind Software)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [11856 2011-07-07] (TuneUp Software)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-05-13] (Avast Software)
S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2013-01-25] (Wondershare)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-08 21:35 - 2015-07-08 21:35 - 00012891 _____ D:\Users\Ingo\Desktop\FRST.txt
2015-07-08 21:03 - 2015-07-02 21:15 - 02112512 _____ (Farbar) D:\Users\Ingo\Desktop\FRST64.exe
2015-07-08 20:01 - 2015-07-08 20:01 - 00000000 ____D C:\Program Files (x86)\ESET
2015-07-07 22:11 - 2015-07-07 22:14 - 00004894 _____ C:\Windows\SM_25_W300.id1
2015-07-07 22:11 - 2015-07-07 22:14 - 00004894 _____ C:\Windows\SM_25_D300.id1
2015-07-07 22:10 - 2015-07-07 22:10 - 00003822 _____ C:\Windows\SM_25_W75.id14
2015-07-07 22:10 - 2015-07-07 22:10 - 00003822 _____ C:\Windows\SM_25_D75.id14
2015-07-07 22:10 - 2015-07-07 22:10 - 00000035 _____ C:\Windows\Ulead32.INI
2015-07-06 23:51 - 2015-07-07 18:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-06 23:43 - 2015-07-06 23:43 - 00000000 ____D D:\Users\Ingo\AppData\Roaming\TuneUp Software
2015-07-06 23:25 - 2015-07-07 21:20 - 00000000 ____D C:\ProgramData\TuneUp Software
2015-07-06 23:04 - 2015-07-06 23:04 - 00000207 _____ C:\Windows\tweaking.com-regbackup-HOME-PC-Windows-7-Professional-(64-bit).dat
2015-07-06 23:04 - 2015-07-06 23:04 - 00000000 ____D C:\RegBackup
2015-07-06 22:45 - 2015-07-08 21:33 - 00000000 ____D D:\Users\Ingo\Downloads\Trojaner Board Stuff
2015-07-06 22:39 - 2015-07-06 22:47 - 00000000 ____D D:\Users\Ingo\AppData\Roaming\Adobe
2015-07-06 22:38 - 2015-07-07 18:25 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-06 22:37 - 2015-07-06 22:40 - 00000000 ____D C:\ProgramData\Adobe
2015-07-06 22:37 - 2015-07-06 22:37 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-07-06 22:37 - 2015-07-06 22:37 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-06 22:35 - 2015-07-06 22:40 - 00000000 ____D D:\Users\Ingo\AppData\Local\Adobe
2015-07-06 22:28 - 2015-07-06 22:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-07-06 22:28 - 2015-07-06 22:30 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-07-06 22:28 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-06 22:28 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-05 23:04 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-05 23:04 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-05 23:04 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-05 23:04 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-05 23:04 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-05 23:04 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-05 23:04 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-05 23:04 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-05 23:02 - 2015-07-05 23:12 - 00000000 ____D C:\Qoobox
2015-07-05 23:02 - 2015-07-05 23:11 - 00000000 ____D C:\Windows\erdnt
2015-07-04 13:59 - 2015-07-04 13:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PicGrab
2015-07-04 13:59 - 2015-07-04 13:59 - 00000000 ____D C:\Program Files (x86)\PicGrab
2015-07-04 13:59 - 2003-07-12 01:07 - 00438272 _____ () C:\Windows\SysWOW64\PaintX.dll
2015-07-04 13:58 - 2015-07-04 13:58 - 01198368 _____ D:\Users\Julia\Downloads\PicGrab - CHIP-Installer.exe
2015-07-03 20:55 - 2015-07-06 22:41 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-03 20:55 - 2015-07-06 22:28 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-03 20:55 - 2015-07-03 21:06 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-07-03 20:54 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-02 21:39 - 2015-07-08 21:35 - 00000000 ____D C:\FRST
2015-07-02 21:36 - 2015-07-02 21:36 - 00000020 _____ D:\Users\Ingo\defogger_reenable
2015-06-30 21:11 - 2015-06-30 21:12 - 44135827 _____ D:\Users\Julia\Downloads\downloads(1).zip
2015-06-30 21:03 - 2015-06-30 21:05 - 74260937 _____ D:\Users\Julia\Downloads\downloads.zip
2015-06-27 21:43 - 2015-06-27 21:57 - 00003584 _____ D:\Users\Julia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-18 23:06 - 2015-06-18 23:06 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-06-18 19:47 - 2015-06-18 19:47 - 00000000 ____D D:\Users\Ingo\VirtualBox VMs
2015-06-16 01:07 - 2015-06-16 01:07 - 00000000 ____D D:\Users\Ingo\AppData\Local\calibre-cache
2015-06-16 01:06 - 2015-06-18 00:35 - 00000000 ____D D:\Users\Ingo\Documents\Calibre-Bibliothek
2015-06-16 01:06 - 2015-06-16 01:09 - 00000000 ____D D:\Users\Ingo\AppData\Roaming\calibre
2015-06-12 14:12 - 2015-06-12 14:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell SonicWALL NetExtender
2015-06-12 13:59 - 2015-06-12 13:59 - 01536632 _____ D:\Users\Julia\Downloads\NXSetupU.exe
2015-06-10 03:08 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 03:08 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 03:08 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 03:08 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 03:08 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 03:08 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 03:08 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 03:08 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 03:08 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 03:08 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 03:08 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 03:08 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 03:08 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 03:08 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 03:08 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 03:08 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 03:08 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 03:08 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 03:08 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 03:08 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 03:08 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 03:08 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 03:08 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 03:08 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 03:08 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 03:08 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 03:08 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 03:08 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 03:08 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 03:08 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 03:08 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 03:08 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 03:08 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 03:08 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 03:08 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 03:08 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 03:08 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 03:08 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 03:08 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 03:08 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 03:08 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 03:08 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 03:08 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 03:08 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 03:08 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 03:08 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 03:08 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 03:08 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 03:08 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 03:08 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 03:08 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 03:08 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 03:08 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 03:08 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 03:08 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 03:08 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 03:08 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 03:08 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 03:08 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 03:08 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 03:08 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 03:08 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 03:08 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 03:08 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 03:08 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 03:07 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 03:07 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 03:07 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 03:07 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 03:07 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 03:07 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 03:07 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 03:07 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-08 21:35 - 2015-06-08 21:35 - 00000000 ____D D:\Users\Julia\AppData\Local\FreeOCR

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-08 20:04 - 2009-07-14 06:45 - 00020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-08 20:04 - 2009-07-14 06:45 - 00020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-08 20:03 - 2015-05-21 00:03 - 00000000 ____D D:\Users\Ingo\AppData\Roaming\Spamihilator
2015-07-08 20:01 - 2011-04-12 09:43 - 00702198 _____ C:\Windows\system32\perfh007.dat
2015-07-08 20:01 - 2011-04-12 09:43 - 00149838 _____ C:\Windows\system32\perfc007.dat
2015-07-08 20:01 - 2009-07-14 07:13 - 01626984 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-08 19:59 - 2015-05-13 20:33 - 01260507 _____ C:\Windows\WindowsUpdate.log
2015-07-08 19:56 - 2015-05-24 14:23 - 00034200 _____ C:\Windows\errord.log
2015-07-08 19:56 - 2015-05-24 14:23 - 00019220 _____ C:\Windows\error.log
2015-07-08 19:56 - 2015-05-21 00:48 - 00017087 _____ C:\Windows\setupact.log
2015-07-08 19:56 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-08 19:47 - 2015-05-22 23:19 - 00000000 ____D D:\Users\Julia\AppData\Roaming\.purple
2015-07-08 02:58 - 2015-05-26 08:29 - 00039144 _____ C:\Windows\PFRO.log
2015-07-08 02:58 - 2015-05-13 21:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-08 02:06 - 2015-05-23 23:16 - 00000000 ____D D:\Users\Ingo\Documents\WHG NeueAnlageStr
2015-07-07 22:37 - 2015-05-23 00:35 - 00000000 ____D D:\Users\Julia\AppData\Roaming\Skype
2015-07-07 22:12 - 2015-05-24 12:39 - 00000000 ____D D:\Users\Julia\AppData\Local\Adobe
2015-07-07 22:12 - 2015-05-22 23:05 - 00000000 ____D D:\Users\Julia\AppData\Roaming\Adobe
2015-07-07 22:10 - 2009-07-14 04:34 - 00000581 _____ C:\Windows\win.ini
2015-07-06 23:01 - 2015-05-13 21:39 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-07-05 23:10 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-07-04 13:39 - 2015-05-23 00:28 - 00084984 _____ D:\Users\Julia\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-04 11:59 - 2015-05-23 00:45 - 00001087 _____ D:\Users\Klara\Desktop\Caillou - Skivergnügen und mehr.lnk
2015-07-03 00:28 - 2015-05-21 00:01 - 00000000 ____D D:\Users\Ingo\AppData\Roaming\Notepad++
2015-07-02 21:55 - 2015-05-15 00:00 - 00084984 _____ D:\Users\Ingo\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-02 21:36 - 2015-05-14 23:16 - 00000000 ____D D:\Users\Ingo
2015-07-02 21:32 - 2009-07-14 06:45 - 04900304 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-02 21:26 - 2015-05-21 00:02 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2015-07-01 00:02 - 2015-05-29 03:58 - 00000000 ____D D:\Users\Ingo\AppData\Local\CrashDumps
2015-06-28 18:22 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-28 12:40 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-27 20:22 - 2015-05-13 21:39 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
2015-06-23 13:30 - 2010-11-21 05:27 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-06-18 22:51 - 2015-05-21 21:26 - 00000000 ____D D:\Users\Ingo\.VirtualBox
2015-06-18 00:33 - 2015-05-23 23:05 - 00000000 ____D D:\Users\Ingo\Documents\decrypted ebooks
2015-06-16 02:26 - 2015-06-07 10:45 - 00000000 ____D D:\Users\Public\Hörbücher
2015-06-15 02:58 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-14 16:13 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-13 13:13 - 2015-06-03 21:14 - 00000000 ____D D:\Users\Ingo\AppData\Local\Audible
2015-06-12 21:50 - 2015-05-21 20:44 - 00000000 ____D D:\Users\Ingo\AppData\Roaming\KeePass
2015-06-12 20:56 - 2015-05-21 21:10 - 00000000 ____D D:\Users\Ingo\Documents\My Digital Editions
2015-06-12 14:11 - 2015-05-25 20:58 - 00000000 ____D C:\Windows\system32\appmgmt
2015-06-10 23:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-10 22:15 - 2015-05-14 01:03 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 22:15 - 2015-05-13 21:00 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-10 22:11 - 2015-05-14 01:03 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-08 23:49 - 2015-05-25 22:36 - 00015779 _____ D:\Users\Julia\Desktop\Wohnungsfinanzierung_1411.xlsx
2015-06-08 21:35 - 2015-05-15 00:00 - 00000000 ____D C:\Program Files (x86)\FreeOCR
2015-06-08 20:03 - 2015-05-24 14:09 - 00000000 ____D D:\Users\Julia\AppData\Roaming\KeePass
2015-06-08 20:02 - 2015-05-13 21:10 - 00000000 ____D C:\ProgramData\Skype

==================== Files in the root of some directories =======

2015-05-25 23:24 - 2015-05-25 23:28 - 0000026 _____ () D:\Users\Ingo\AppData\Local\isoworkshop.ini
2015-06-02 08:25 - 2015-06-02 08:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-06 21:55

==================== End of log ============================
         
--- --- ---


Viele Grüße
Ingo

Antwort

Themen zu Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal"
.dll, .exe, avast, blockiert, c:\windows, firefox, infektionen, infiziert, informationen, melde, meldet, meldung, prozess, rechner, sauber, scan, scanner, start, svchost.exe, system, system32, virenscan, virenscanner, windows, woche



Ähnliche Themen: Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal"


  1. Avast meldet "schädliche Webseite blockiert " - svchost
    Plagegeister aller Art und deren Bekämpfung - 19.06.2015 (22)
  2. Avast meldet "Eine Bedrohung wurde gefunden" - svchost.exe beteiligt
    Plagegeister aller Art und deren Bekämpfung - 18.06.2015 (33)
  3. Avast meldet mehrfach blockierte Infektion
    Log-Analyse und Auswertung - 15.06.2015 (13)
  4. Avast meldet "schädliche Webseite blockiert " - svchost
    Plagegeister aller Art und deren Bekämpfung - 13.06.2015 (18)
  5. Trojaner "c:\windows\system32\svchost.exe "Avast - Infektion geblockt"
    Log-Analyse und Auswertung - 07.06.2015 (16)
  6. Avast meldet ständig bösartige Website blockiert (URL:Mal) - Prozess "svchost.exe"
    Plagegeister aller Art und deren Bekämpfung - 07.04.2015 (9)
  7. c:\windows\system32\svchost.exe "Avast - Infektion geblockt"
    Log-Analyse und Auswertung - 07.03.2015 (11)
  8. Avast meldet dauernd "blockierte Infektion" URL:Mal
    Plagegeister aller Art und deren Bekämpfung - 02.03.2015 (9)
  9. Windows 8.1: Avast meldet Fund "Win32:Dropper-gen[Drp]"
    Log-Analyse und Auswertung - 26.07.2014 (19)
  10. Winows 7: Avast meldet ständig "Bösartige Website blockiert"
    Log-Analyse und Auswertung - 21.10.2013 (25)
  11. Win 8 (64bit): Avast meldet "FileRepMalware" & "Win32:evo-gen [Susp]"
    Plagegeister aller Art und deren Bekämpfung - 11.09.2013 (20)
  12. Avast meldet bösartige Website blockiert (URL:Mal) - Prozess: "svchost.exe
    Log-Analyse und Auswertung - 14.11.2012 (5)
  13. Avast meldet Bedrohung "JS:lframe-FG (Trj)" nach Start von Firefox
    Plagegeister aller Art und deren Bekämpfung - 01.07.2012 (3)
  14. URL:MAL avast meldet blockierte seite
    Log-Analyse und Auswertung - 18.06.2012 (12)
  15. Avast meldet blockierte Webseite, Infektion URL:MAL
    Plagegeister aller Art und deren Bekämpfung - 08.06.2012 (9)
  16. Editor! als Prozess "Svchost" angezeigt
    Plagegeister aller Art und deren Bekämpfung - 16.09.2010 (1)

Zum Thema Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal" - Hallo, seit etwa einer Woche meldet mein AVAST Virenscanner immer beim Start von Firefox, dass Infektionen blockiert wurden. Dies sind die Informationen, die AVAST preisgibt: URL: "hxxp://alwaysisobar.com/4242/SoftwareForce_142669433517349.dll" bzw. URL: "hxxp://simplesitescan.net/4242/StepOne_142667180564410.dll" - Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal"...
Archiv
Du betrachtest: Avast meldet blockierte Infektionen in Prozess svchost.exe vom Typ "URL:Mal" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.