Częste rozłączanie internetu oraz spowolniona praca komputer

**Posty:** 3 · przez **ks225** 16 Maj 2016, 20:39

Od kilku dni mój internet zaczął strasznie chodzić. Co chwilę tracę połączenie z internetem. Z ruterem oraz wszystkimi kablami jest wszystko w porządku. (Nie używam sieci Wi-Fi). Zauważyłem również w grach spadek fps i ogólne spowolnienie komputera. Przeskanowałem komputer pod kątem wirusów i coś tam wykryło ale od razu to usunąłem. Mam nadzieję, że ktoś mi pomoże

gmer:

Kod: Zaznacz wszystko: GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-05-16 20:37:10 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000061 WDC_WD10 rev.01.0 931,51GB Running: swiwfn67.exe; Driver: C:\Users\Erik\AppData\Local\Temp\aftcyaog.sys ---- User code sections - GMER 2.2 ---- .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d413c0 5 bytes JMP 0000000049aa0480 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d41410 5 bytes JMP 0000000049aa0470 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41570 5 bytes JMP 0000000049aa0360 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d415c0 5 bytes JMP 0000000049aa0490 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d415d0 5 bytes JMP 0000000049aa03d0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41680 1 byte JMP 0000000049aa0310 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 2 0000000076d41682 3 bytes {JMP 0xffffffffd2d5ec90} .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d416b0 5 bytes JMP 0000000049aa03a0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d416d0 5 bytes JMP 0000000049aa0380 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d41710 5 bytes JMP 0000000049aa02d0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41790 5 bytes JMP 0000000049aa02c0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d417b0 5 bytes JMP 0000000049aa0300 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d417f0 5 bytes JMP 0000000049aa03b0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d41830 5 bytes JMP 0000000049aa0440 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d41840 5 bytes JMP 0000000049aa03e0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d419a0 5 bytes JMP 0000000049aa0220 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b60 5 bytes JMP 0000000049aa04a0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b90 5 bytes JMP 0000000049aa0390 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c70 5 bytes JMP 0000000049aa02e0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c80 5 bytes JMP 0000000049aa0340 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41ce0 5 bytes JMP 0000000049aa0280 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d70 5 bytes JMP 0000000049aa02a0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d90 5 bytes JMP 0000000049aa03c0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41da0 5 bytes JMP 0000000049aa0320 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41e10 5 bytes JMP 0000000049aa0410 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41e40 5 bytes JMP 0000000049aa0230 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d41fe0 5 bytes JMP 0000000049aa03f0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d42100 5 bytes JMP 0000000049aa01d0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d421c0 5 bytes JMP 0000000049aa0240 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d421f0 5 bytes JMP 0000000049aa04b0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d42200 5 bytes JMP 0000000049aa04c0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d42230 5 bytes JMP 0000000049aa02f0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d42240 5 bytes JMP 0000000049aa0350 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d422a0 5 bytes JMP 0000000049aa0290 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d422f0 5 bytes JMP 0000000049aa02b0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d42320 5 bytes JMP 0000000049aa0370 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d42330 5 bytes JMP 0000000049aa0330 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d42620 5 bytes JMP 0000000049aa0460 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d42780 5 bytes JMP 0000000049aa0420 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d42820 5 bytes JMP 0000000049aa0250 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d42830 5 bytes JMP 0000000049aa0260 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d42840 5 bytes JMP 0000000049aa0400 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d42a00 5 bytes JMP 0000000049aa01e0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d42a10 5 bytes JMP 0000000049aa0200 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a80 5 bytes JMP 0000000049aa01f0 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42ae0 5 bytes JMP 0000000049aa0430 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42af0 5 bytes JMP 0000000049aa0450 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42b00 5 bytes JMP 0000000049aa0210 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42be0 1 byte JMP 0000000049aa0270 .text C:\Windows\system32\csrss.exe[588] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 2 0000000076d42be2 3 bytes {JMP 0xffffffffd2d5d690} .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d413c0 5 bytes JMP 0000000076ea0480 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d41410 5 bytes JMP 0000000076ea0470 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41570 5 bytes JMP 0000000076ea0360 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d415c0 5 bytes JMP 0000000076ea0490 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d415d0 5 bytes JMP 0000000076ea03d0 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41680 1 byte JMP 0000000076ea0310 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 2 0000000076d41682 3 bytes {JMP 0x15ec90} .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d416b0 5 bytes JMP 0000000076ea03a0 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d416d0 5 bytes JMP 0000000076ea0380 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d41710 5 bytes JMP 0000000076ea02d0 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41790 5 bytes JMP 0000000076ea02c0 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d417b0 5 bytes JMP 0000000076ea0300 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d417f0 5 bytes JMP 0000000076ea03b0 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d41830 5 bytes JMP 0000000076ea0440 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d41840 5 bytes JMP 0000000076ea03e0 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d419a0 5 bytes JMP 0000000076ea0220 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b60 5 bytes JMP 0000000076ea04a0 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b90 5 bytes JMP 0000000076ea0390 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c70 5 bytes JMP 0000000076ea02e0 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c80 5 bytes JMP 0000000076ea0340 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41ce0 5 bytes JMP 0000000076ea0280 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d70 5 bytes JMP 0000000076ea02a0 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d90 5 bytes JMP 0000000076ea03c0 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41da0 5 bytes JMP 0000000076ea0320 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41e10 5 bytes JMP 0000000076ea0410 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41e40 5 bytes JMP 0000000076ea0230 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d41fe0 5 bytes JMP 0000000076ea03f0 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d42100 5 bytes JMP 0000000076ea01d0 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d421c0 5 bytes JMP 0000000076ea0240 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d421f0 5 bytes JMP 0000000076ea04b0 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d42200 5 bytes JMP 0000000076ea04c0 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d42230 5 bytes JMP 0000000076ea02f0 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d42240 5 bytes JMP 0000000076ea0350 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d422a0 5 bytes JMP 0000000076ea0290 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d422f0 5 bytes JMP 0000000076ea02b0 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d42320 5 bytes JMP 0000000076ea0370 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d42330 5 bytes JMP 0000000076ea0330 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d42620 5 bytes JMP 0000000076ea0460 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d42780 5 bytes JMP 0000000076ea0420 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d42820 5 bytes JMP 0000000076ea0250 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d42830 5 bytes JMP 0000000076ea0260 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d42840 5 bytes JMP 0000000076ea0400 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d42a00 5 bytes JMP 0000000076ea01e0 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d42a10 5 bytes JMP 0000000076ea0200 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a80 5 bytes JMP 0000000076ea01f0 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42ae0 5 bytes JMP 0000000076ea0430 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42af0 5 bytes JMP 0000000076ea0450 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42b00 5 bytes JMP 0000000076ea0210 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42be0 1 byte JMP 0000000076ea0270 .text C:\Windows\system32\wininit.exe[680] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 2 0000000076d42be2 3 bytes {JMP 0x15d690} .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d413c0 5 bytes JMP 0000000049aa0480 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d41410 5 bytes JMP 0000000049aa0470 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41570 5 bytes JMP 0000000049aa0360 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d415c0 5 bytes JMP 0000000049aa0490 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d415d0 5 bytes JMP 0000000049aa03d0 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41680 1 byte JMP 0000000049aa0310 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 2 0000000076d41682 3 bytes {JMP 0xffffffffd2d5ec90} .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d416b0 5 bytes JMP 0000000049aa03a0 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d416d0 5 bytes JMP 0000000049aa0380 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d41710 5 bytes JMP 0000000049aa02d0 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41790 5 bytes JMP 0000000049aa02c0 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d417b0 5 bytes JMP 0000000049aa0300 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d417f0 5 bytes JMP 0000000049aa03b0 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d41830 5 bytes JMP 0000000049aa0440 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d41840 5 bytes JMP 0000000049aa03e0 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d419a0 5 bytes JMP 0000000049aa0220 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b60 5 bytes JMP 0000000049aa04a0 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b90 5 bytes JMP 0000000049aa0390 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c70 5 bytes JMP 0000000049aa02e0 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c80 5 bytes JMP 0000000049aa0340 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41ce0 5 bytes JMP 0000000049aa0280 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d70 5 bytes JMP 0000000049aa02a0 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d90 5 bytes JMP 0000000049aa03c0 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41da0 5 bytes JMP 0000000049aa0320 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41e10 5 bytes JMP 0000000049aa0410 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41e40 5 bytes JMP 0000000049aa0230 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d41fe0 5 bytes JMP 0000000049aa03f0 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d42100 5 bytes JMP 0000000049aa01d0 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d421c0 5 bytes JMP 0000000049aa0240 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d421f0 5 bytes JMP 0000000049aa04b0 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d42200 5 bytes JMP 0000000049aa04c0 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d42230 5 bytes JMP 0000000049aa02f0 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d42240 5 bytes JMP 0000000049aa0350 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d422a0 5 bytes JMP 0000000049aa0290 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d422f0 5 bytes JMP 0000000049aa02b0 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d42320 5 bytes JMP 0000000049aa0370 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d42330 5 bytes JMP 0000000049aa0330 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d42620 5 bytes JMP 0000000049aa0460 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d42780 5 bytes JMP 0000000049aa0420 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d42820 5 bytes JMP 0000000049aa0250 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d42830 5 bytes JMP 0000000049aa0260 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d42840 5 bytes JMP 0000000049aa0400 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d42a00 5 bytes JMP 0000000049aa01e0 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d42a10 5 bytes JMP 0000000049aa0200 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a80 5 bytes JMP 0000000049aa01f0 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42ae0 5 bytes JMP 0000000049aa0430 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42af0 5 bytes JMP 0000000049aa0450 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42b00 5 bytes JMP 0000000049aa0210 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42be0 1 byte JMP 0000000049aa0270 .text C:\Windows\system32\csrss.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 2 0000000076d42be2 3 bytes {JMP 0xffffffffd2d5d690} .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d413c0 5 bytes JMP 0000000076ea0480 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d41410 5 bytes JMP 0000000076ea0470 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41570 5 bytes JMP 0000000076ea0360 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d415c0 5 bytes JMP 0000000076ea0490 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d415d0 5 bytes JMP 0000000076ea03d0 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41680 1 byte JMP 0000000076ea0310 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 2 0000000076d41682 3 bytes {JMP 0x15ec90} .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d416b0 5 bytes JMP 0000000076ea03a0 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d416d0 5 bytes JMP 0000000076ea0380 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d41710 5 bytes JMP 0000000076ea02d0 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41790 5 bytes JMP 0000000076ea02c0 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d417b0 5 bytes JMP 0000000076ea0300 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d417f0 5 bytes JMP 0000000076ea03b0 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d41830 5 bytes JMP 0000000076ea0440 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d41840 5 bytes JMP 0000000076ea03e0 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d419a0 5 bytes JMP 0000000076ea0220 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b60 5 bytes JMP 0000000076ea04a0 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b90 5 bytes JMP 0000000076ea0390 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c70 5 bytes JMP 0000000076ea02e0 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c80 5 bytes JMP 0000000076ea0340 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41ce0 5 bytes JMP 0000000076ea0280 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d70 5 bytes JMP 0000000076ea02a0 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d90 5 bytes JMP 0000000076ea03c0 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41da0 5 bytes JMP 0000000076ea0320 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41e10 5 bytes JMP 0000000076ea0410 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41e40 5 bytes JMP 0000000076ea0230 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d41fe0 5 bytes JMP 0000000076ea03f0 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d42100 5 bytes JMP 0000000076ea01d0 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d421c0 5 bytes JMP 0000000076ea0240 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d421f0 5 bytes JMP 0000000076ea04b0 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d42200 5 bytes JMP 0000000076ea04c0 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d42230 5 bytes JMP 0000000076ea02f0 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d42240 5 bytes JMP 0000000076ea0350 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d422a0 5 bytes JMP 0000000076ea0290 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d422f0 5 bytes JMP 0000000076ea02b0 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d42320 5 bytes JMP 0000000076ea0370 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d42330 5 bytes JMP 0000000076ea0330 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d42620 5 bytes JMP 0000000076ea0460 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d42780 5 bytes JMP 0000000076ea0420 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d42820 5 bytes JMP 0000000076ea0250 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d42830 5 bytes JMP 0000000076ea0260 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d42840 5 bytes JMP 0000000076ea0400 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d42a00 5 bytes JMP 0000000076ea01e0 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d42a10 5 bytes JMP 0000000076ea0200 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a80 5 bytes JMP 0000000076ea01f0 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42ae0 5 bytes JMP 0000000076ea0430 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42af0 5 bytes JMP 0000000076ea0450 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42b00 5 bytes JMP 0000000076ea0210 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42be0 1 byte JMP 0000000076ea0270 .text C:\Windows\system32\services.exe[744] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 2 0000000076d42be2 3 bytes {JMP 0x15d690} .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d413c0 5 bytes JMP 0000000000070480 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d41410 5 bytes JMP 0000000000070470 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41570 5 bytes JMP 0000000000070360 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d415c0 5 bytes JMP 0000000000070490 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d415d0 5 bytes JMP 00000000000703d0 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41680 1 byte JMP 0000000000070310 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 2 0000000076d41682 3 bytes {JMP 0xffffffff8932ec90} .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d416b0 5 bytes JMP 00000000000703a0 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d416d0 5 bytes JMP 0000000000070380 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d41710 5 bytes JMP 00000000000702d0 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41790 5 bytes JMP 00000000000702c0 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d417b0 5 bytes JMP 0000000000070300 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d417f0 5 bytes JMP 00000000000703b0 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d41830 5 bytes JMP 0000000000070440 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d41840 5 bytes JMP 00000000000703e0 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d419a0 5 bytes JMP 0000000000070220 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b60 5 bytes JMP 00000000000704a0 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b90 5 bytes JMP 0000000000070390 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c70 5 bytes JMP 00000000000702e0 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c80 5 bytes JMP 0000000000070340 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41ce0 5 bytes JMP 0000000000070280 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d70 5 bytes JMP 00000000000702a0 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d90 5 bytes JMP 00000000000703c0 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41da0 5 bytes JMP 0000000000070320 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41e10 5 bytes JMP 0000000000070410 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41e40 5 bytes JMP 0000000000070230 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d41fe0 5 bytes JMP 00000000000703f0 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d42100 5 bytes JMP 00000000000701d0 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d421c0 5 bytes JMP 0000000000070240 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d421f0 5 bytes JMP 00000000000704b0 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d42200 5 bytes JMP 00000000000704c0 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d42230 5 bytes JMP 00000000000702f0 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d42240 5 bytes JMP 0000000000070350 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d422a0 5 bytes JMP 0000000000070290 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d422f0 5 bytes JMP 00000000000702b0 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d42320 5 bytes JMP 0000000000070370 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d42330 5 bytes JMP 0000000000070330 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d42620 5 bytes JMP 0000000000070460 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d42780 5 bytes JMP 0000000000070420 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d42820 5 bytes JMP 0000000000070250 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d42830 5 bytes JMP 0000000000070260 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d42840 5 bytes JMP 0000000000070400 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d42a00 5 bytes JMP 00000000000701e0 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d42a10 5 bytes JMP 0000000000070200 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a80 5 bytes JMP 00000000000701f0 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42ae0 5 bytes JMP 0000000000070430 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42af0 5 bytes JMP 0000000000070450 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42b00 5 bytes JMP 0000000000070210 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42be0 1 byte JMP 0000000000070270 .text C:\Windows\system32\lsass.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 2 0000000076d42be2 3 bytes {JMP 0xffffffff8932d690} .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d413c0 5 bytes JMP 0000000076ea0480 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d41410 5 bytes JMP 0000000076ea0470 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41570 5 bytes JMP 0000000076ea0360 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d415c0 5 bytes JMP 0000000076ea0490 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d415d0 5 bytes JMP 0000000076ea03d0 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41680 1 byte JMP 0000000076ea0310 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 2 0000000076d41682 3 bytes {JMP 0x15ec90} .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d416b0 5 bytes JMP 0000000076ea03a0 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d416d0 5 bytes JMP 0000000076ea0380 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d41710 5 bytes JMP 0000000076ea02d0 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41790 5 bytes JMP 0000000076ea02c0 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d417b0 5 bytes JMP 0000000076ea0300 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d417f0 5 bytes JMP 0000000076ea03b0 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d41830 5 bytes JMP 0000000076ea0440 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d41840 5 bytes JMP 0000000076ea03e0 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d419a0 5 bytes JMP 0000000076ea0220 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b60 5 bytes JMP 0000000076ea04a0 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b90 5 bytes JMP 0000000076ea0390 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c70 5 bytes JMP 0000000076ea02e0 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c80 5 bytes JMP 0000000076ea0340 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41ce0 5 bytes JMP 0000000076ea0280 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d70 5 bytes JMP 0000000076ea02a0 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d90 5 bytes JMP 0000000076ea03c0 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41da0 5 bytes JMP 0000000076ea0320 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41e10 5 bytes JMP 0000000076ea0410 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41e40 5 bytes JMP 0000000076ea0230 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d41fe0 5 bytes JMP 0000000076ea03f0 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d42100 5 bytes JMP 0000000076ea01d0 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d421c0 5 bytes JMP 0000000076ea0240 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d421f0 5 bytes JMP 0000000076ea04b0 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d42200 5 bytes JMP 0000000076ea04c0 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d42230 5 bytes JMP 0000000076ea02f0 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d42240 5 bytes JMP 0000000076ea0350 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d422a0 5 bytes JMP 0000000076ea0290 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d422f0 5 bytes JMP 0000000076ea02b0 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d42320 5 bytes JMP 0000000076ea0370 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d42330 5 bytes JMP 0000000076ea0330 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d42620 5 bytes JMP 0000000076ea0460 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d42780 5 bytes JMP 0000000076ea0420 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d42820 5 bytes JMP 0000000076ea0250 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d42830 5 bytes JMP 0000000076ea0260 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d42840 5 bytes JMP 0000000076ea0400 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d42a00 5 bytes JMP 0000000076ea01e0 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d42a10 5 bytes JMP 0000000076ea0200 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a80 5 bytes JMP 0000000076ea01f0 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42ae0 5 bytes JMP 0000000076ea0430 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42af0 5 bytes JMP 0000000076ea0450 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42b00 5 bytes JMP 0000000076ea0210 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42be0 1 byte JMP 0000000076ea0270 .text C:\Windows\system32\lsm.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 2 0000000076d42be2 3 bytes {JMP 0x15d690} .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d413c0 5 bytes JMP 0000000076ea0480 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d41410 5 bytes JMP 0000000076ea0470 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41570 5 bytes JMP 0000000076ea0360 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d415c0 5 bytes JMP 0000000076ea0490 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d415d0 5 bytes JMP 0000000076ea03d0 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41680 1 byte JMP 0000000076ea0310 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 2 0000000076d41682 3 bytes {JMP 0x15ec90} .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d416b0 5 bytes JMP 0000000076ea03a0 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d416d0 5 bytes JMP 0000000076ea0380 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d41710 5 bytes JMP 0000000076ea02d0 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41790 5 bytes JMP 0000000076ea02c0 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d417b0 5 bytes JMP 0000000076ea0300 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d417f0 5 bytes JMP 0000000076ea03b0 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d41830 5 bytes JMP 0000000076ea0440 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d41840 5 bytes JMP 0000000076ea03e0 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d419a0 5 bytes JMP 0000000076ea0220 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b60 5 bytes JMP 0000000076ea04a0 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b90 5 bytes JMP 0000000076ea0390 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c70 5 bytes JMP 0000000076ea02e0 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c80 5 bytes JMP 0000000076ea0340 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41ce0 5 bytes JMP 0000000076ea0280 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d70 5 bytes JMP 0000000076ea02a0 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d90 5 bytes JMP 0000000076ea03c0 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41da0 5 bytes JMP 0000000076ea0320 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41e10 5 bytes JMP 0000000076ea0410 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41e40 5 bytes JMP 0000000076ea0230 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d41fe0 5 bytes JMP 0000000076ea03f0 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d42100 5 bytes JMP 0000000076ea01d0 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d421c0 5 bytes JMP 0000000076ea0240 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d421f0 5 bytes JMP 0000000076ea04b0 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d42200 5 bytes JMP 0000000076ea04c0 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d42230 5 bytes JMP 0000000076ea02f0 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d42240 5 bytes JMP 0000000076ea0350 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d422a0 5 bytes JMP 0000000076ea0290 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d422f0 5 bytes JMP 0000000076ea02b0 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d42320 5 bytes JMP 0000000076ea0370 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d42330 5 bytes JMP 0000000076ea0330 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d42620 5 bytes JMP 0000000076ea0460 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d42780 5 bytes JMP 0000000076ea0420 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d42820 5 bytes JMP 0000000076ea0250 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d42830 5 bytes JMP 0000000076ea0260 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d42840 5 bytes JMP 0000000076ea0400 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d42a00 5 bytes JMP 0000000076ea01e0 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d42a10 5 bytes JMP 0000000076ea0200 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a80 5 bytes JMP 0000000076ea01f0 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42ae0 5 bytes JMP 0000000076ea0430 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42af0 5 bytes JMP 0000000076ea0450 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42b00 5 bytes JMP 0000000076ea0210 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42be0 1 byte JMP 0000000076ea0270 .text C:\Windows\system32\winlogon.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 2 0000000076d42be2 3 bytes {JMP 0x15d690} .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d413c0 5 bytes JMP 0000000076ea0480 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d41410 5 bytes JMP 0000000076ea0470 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41570 5 bytes JMP 0000000076ea0360 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d415c0 5 bytes JMP 0000000076ea0490 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d415d0 5 bytes JMP 0000000076ea03d0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41680 1 byte JMP 0000000076ea0310 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 2 0000000076d41682 3 bytes {JMP 0x15ec90} .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d416b0 5 bytes JMP 0000000076ea03a0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d416d0 5 bytes JMP 0000000076ea0380 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d41710 5 bytes JMP 0000000076ea02d0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41790 5 bytes JMP 0000000076ea02c0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d417b0 5 bytes JMP 0000000076ea0300 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d417f0 5 bytes JMP 0000000076ea03b0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d41830 5 bytes JMP 0000000076ea0440 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d41840 5 bytes JMP 0000000076ea03e0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d419a0 5 bytes JMP 0000000076ea0220 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b60 5 bytes JMP 0000000076ea04a0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b90 5 bytes JMP 0000000076ea0390 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c70 5 bytes JMP 0000000076ea02e0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c80 5 bytes JMP 0000000076ea0340 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41ce0 5 bytes JMP 0000000076ea0280 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d70 5 bytes JMP 0000000076ea02a0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d90 5 bytes JMP 0000000076ea03c0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41da0 5 bytes JMP 0000000076ea0320 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41e10 5 bytes JMP 0000000076ea0410 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41e40 5 bytes JMP 0000000076ea0230 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d41fe0 5 bytes JMP 0000000076ea03f0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d42100 5 bytes JMP 0000000076ea01d0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d421c0 5 bytes JMP 0000000076ea0240 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d421f0 5 bytes JMP 0000000076ea04b0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d42200 5 bytes JMP 0000000076ea04c0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d42230 5 bytes JMP 0000000076ea02f0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d42240 5 bytes JMP 0000000076ea0350 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d422a0 5 bytes JMP 0000000076ea0290 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d422f0 5 bytes JMP 0000000076ea02b0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d42320 5 bytes JMP 0000000076ea0370 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d42330 5 bytes JMP 0000000076ea0330 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d42620 5 bytes JMP 0000000076ea0460 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d42780 5 bytes JMP 0000000076ea0420 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d42820 5 bytes JMP 0000000076ea0250 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d42830 5 bytes JMP 0000000076ea0260 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d42840 5 bytes JMP 0000000076ea0400 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d42a00 5 bytes JMP 0000000076ea01e0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d42a10 5 bytes JMP 0000000076ea0200 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a80 5 bytes JMP 0000000076ea01f0 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42ae0 5 bytes JMP 0000000076ea0430 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42af0 5 bytes JMP 0000000076ea0450 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42b00 5 bytes JMP 0000000076ea0210 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42be0 1 byte JMP 0000000076ea0270 .text C:\Windows\system32\svchost.exe[920] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 2 0000000076d42be2 3 bytes {JMP 0x15d690} .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d413c0 5 bytes JMP 0000000000070480 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d41410 5 bytes JMP 0000000000070470 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41570 5 bytes JMP 0000000000070360 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d415c0 5 bytes JMP 0000000000070490 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d415d0 5 bytes JMP 00000000000703d0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41680 1 byte JMP 0000000000070310 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 2 0000000076d41682 3 bytes {JMP 0xffffffff8932ec90} .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d416b0 5 bytes JMP 00000000000703a0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d416d0 5 bytes JMP 0000000000070380 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d41710 5 bytes JMP 00000000000702d0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41790 5 bytes JMP 00000000000702c0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d417b0 5 bytes JMP 0000000000070300 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d417f0 5 bytes JMP 00000000000703b0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d41830 5 bytes JMP 0000000000070440 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d41840 5 bytes JMP 00000000000703e0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d419a0 5 bytes JMP 0000000000070220 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b60 5 bytes JMP 00000000000704a0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b90 5 bytes JMP 0000000000070390 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c70 5 bytes JMP 00000000000702e0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c80 5 bytes JMP 0000000000070340 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41ce0 5 bytes JMP 0000000000070280 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d70 5 bytes JMP 00000000000702a0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d90 5 bytes JMP 00000000000703c0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41da0 5 bytes JMP 0000000000070320 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41e10 5 bytes JMP 0000000000070410 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41e40 5 bytes JMP 0000000000070230 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d41fe0 5 bytes JMP 00000000000703f0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d42100 5 bytes JMP 00000000000701d0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d421c0 5 bytes JMP 0000000000070240 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d421f0 5 bytes JMP 00000000000704b0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d42200 5 bytes JMP 00000000000704c0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d42230 5 bytes JMP 00000000000702f0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d42240 5 bytes JMP 0000000000070350 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d422a0 5 bytes JMP 0000000000070290 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d422f0 5 bytes JMP 00000000000702b0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d42320 5 bytes JMP 0000000000070370 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d42330 5 bytes JMP 0000000000070330 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d42620 5 bytes JMP 0000000000070460 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d42780 5 bytes JMP 0000000000070420 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d42820 5 bytes JMP 0000000000070250 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d42830 5 bytes JMP 0000000000070260 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d42840 5 bytes JMP 0000000000070400 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d42a00 5 bytes JMP 00000000000701e0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d42a10 5 bytes JMP 0000000000070200 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a80 5 bytes JMP 00000000000701f0 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42ae0 5 bytes JMP 0000000000070430 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42af0 5 bytes JMP 0000000000070450 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42b00 5 bytes JMP 0000000000070210 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42be0 1 byte JMP 0000000000070270 .text C:\Windows\system32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 2 0000000076d42be2 3 bytes {JMP 0xffffffff8932d690} .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d413c0 5 bytes JMP 0000000076ea0480 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d41410 5 bytes JMP 0000000076ea0470 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41570 5 bytes JMP 0000000076ea0360 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d415c0 5 bytes JMP 0000000076ea0490 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d415d0 5 bytes JMP 0000000076ea03d0 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41680 1 byte JMP 0000000076ea0310 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 2 0000000076d41682 3 bytes {JMP 0x15ec90} .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d416b0 5 bytes JMP 0000000076ea03a0 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d416d0 5 bytes JMP 0000000076ea0380 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d41710 5 bytes JMP 0000000076ea02d0 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41790 5 bytes JMP 0000000076ea02c0 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d417b0 5 bytes JMP 0000000076ea0300 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d417f0 5 bytes JMP 0000000076ea03b0 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d41830 5 bytes JMP 0000000076ea0440 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d41840 5 bytes JMP 0000000076ea03e0 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d419a0 5 bytes JMP 0000000076ea0220 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b60 5 bytes JMP 0000000076ea04a0 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b90 5 bytes JMP 0000000076ea0390 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c70 5 bytes JMP 0000000076ea02e0 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c80 5 bytes JMP 0000000076ea0340 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41ce0 5 bytes JMP 0000000076ea0280 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d70 5 bytes JMP 0000000076ea02a0 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d90 5 bytes JMP 0000000076ea03c0 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41da0 5 bytes JMP 0000000076ea0320 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41e10 5 bytes JMP 0000000076ea0410 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41e40 5 bytes JMP 0000000076ea0230 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d41fe0 5 bytes JMP 0000000076ea03f0 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d42100 5 bytes JMP 0000000076ea01d0 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d421c0 5 bytes JMP 0000000076ea0240 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d421f0 5 bytes JMP 0000000076ea04b0 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d42200 5 bytes JMP 0000000076ea04c0 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d42230 5 bytes JMP 0000000076ea02f0 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d42240 5 bytes JMP 0000000076ea0350 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d422a0 5 bytes JMP 0000000076ea0290 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d422f0 5 bytes JMP 0000000076ea02b0 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d42320 5 bytes JMP 0000000076ea0370 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d42330 5 bytes JMP 0000000076ea0330 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d42620 5 bytes JMP 0000000076ea0460 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d42780 5 bytes JMP 0000000076ea0420 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d42820 5 bytes JMP 0000000076ea0250 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d42830 5 bytes JMP 0000000076ea0260 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d42840 5 bytes JMP 0000000076ea0400 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d42a00 5 bytes JMP 0000000076ea01e0 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d42a10 5 bytes JMP 0000000076ea0200 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a80 5 bytes JMP 0000000076ea01f0 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42ae0 5 bytes JMP 0000000076ea0430 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42af0 5 bytes JMP 0000000076ea0450 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42b00 5 bytes JMP 0000000076ea0210 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42be0 1 byte JMP 0000000076ea0270 .text C:\Windows\System32\svchost.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 2 0000000076d42be2 3 bytes {JMP 0x15d690} .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d413c0 5 bytes JMP 0000000000070480 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d41410 5 bytes JMP 0000000000070470 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41570 5 bytes JMP 0000000000070360 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d415c0 5 bytes JMP 0000000000070490 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d415d0 5 bytes JMP 00000000000703d0 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41680 1 byte JMP 0000000000070310 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 2 0000000076d41682 3 bytes {JMP 0xffffffff8932ec90} .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d416b0 5 bytes JMP 00000000000703a0 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d416d0 5 bytes JMP 0000000000070380 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d41710 5 bytes JMP 00000000000702d0 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41790 5 bytes JMP 00000000000702c0 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d417b0 5 bytes JMP 0000000000070300 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d417f0 5 bytes JMP 00000000000703b0 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d41830 5 bytes JMP 0000000000070440 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d41840 5 bytes JMP 00000000000703e0 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d419a0 5 bytes JMP 0000000000070220 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b60 5 bytes JMP 00000000000704a0 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b90 5 bytes JMP 0000000000070390 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c70 5 bytes JMP 00000000000702e0 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c80 5 bytes JMP 0000000000070340 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41ce0 5 bytes JMP 0000000000070280 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d70 5 bytes JMP 00000000000702a0 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d90 5 bytes JMP 00000000000703c0 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41da0 5 bytes JMP 0000000000070320 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41e10 5 bytes JMP 0000000000070410 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41e40 5 bytes JMP 0000000000070230 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d41fe0 5 bytes JMP 00000000000703f0 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d42100 5 bytes JMP 00000000000701d0 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d421c0 5 bytes JMP 0000000000070240 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d421f0 5 bytes JMP 00000000000704b0 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d42200 5 bytes JMP 00000000000704c0 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d42230 5 bytes JMP 00000000000702f0 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d42240 5 bytes JMP 0000000000070350 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d422a0 5 bytes JMP 0000000000070290 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d422f0 5 bytes JMP 00000000000702b0 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d42320 5 bytes JMP 0000000000070370 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d42330 5 bytes JMP 0000000000070330 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d42620 5 bytes JMP 0000000000070460 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d42780 5 bytes JMP 0000000000070420 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d42820 5 bytes JMP 0000000000070250 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d42830 5 bytes JMP 0000000000070260 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d42840 5 bytes JMP 0000000000070400 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d42a00 5 bytes JMP 00000000000701e0 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d42a10 5 bytes JMP 0000000000070200 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a80 5 bytes JMP 00000000000701f0 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42ae0 5 bytes JMP 0000000000070430 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42af0 5 bytes JMP 0000000000070450 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42b00 5 bytes JMP 0000000000070210 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42be0 1 byte JMP 0000000000070270 .text C:\Windows\System32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 2 0000000076d42be2 3 bytes {JMP 0xffffffff8932d690} .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d413c0 5 bytes JMP 0000000000070480 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d41410 5 bytes JMP 0000000000070470 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41570 5 bytes JMP 0000000000070360 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d415c0 5 bytes JMP 0000000000070490 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d415d0 5 bytes JMP 00000000000703d0 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41680 1 byte JMP 0000000000070310 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 2 0000000076d41682 3 bytes {JMP 0xffffffff8932ec90} .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d416b0 5 bytes JMP 00000000000703a0 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d416d0 5 bytes JMP 0000000000070380 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d41710 5 bytes JMP 00000000000702d0 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41790 5 bytes JMP 00000000000702c0 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d417b0 5 bytes JMP 0000000000070300 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d417f0 5 bytes JMP 00000000000703b0 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d41830 5 bytes JMP 0000000000070440 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d41840 5 bytes JMP 00000000000703e0 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d419a0 5 bytes JMP 0000000000070220 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b60 5 bytes JMP 00000000000704a0 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b90 5 bytes JMP 0000000000070390 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c70 5 bytes JMP 00000000000702e0 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c80 5 bytes JMP 0000000000070340 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41ce0 5 bytes JMP 0000000000070280 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d70 5 bytes JMP 00000000000702a0 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d90 5 bytes JMP 00000000000703c0 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41da0 5 bytes JMP 0000000000070320 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41e10 5 bytes JMP 0000000000070410 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41e40 5 bytes JMP 0000000000070230 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d41fe0 5 bytes JMP 00000000000703f0 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d42100 5 bytes JMP 00000000000701d0 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d421c0 5 bytes JMP 0000000000070240 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d421f0 5 bytes JMP 00000000000704b0 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d42200 5 bytes JMP 00000000000704c0 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d42230 5 bytes JMP 00000000000702f0 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d42240 5 bytes JMP 0000000000070350 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d422a0 5 bytes JMP 0000000000070290 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d422f0 5 bytes JMP 00000000000702b0 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d42320 5 bytes JMP 0000000000070370 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d42330 5 bytes JMP 0000000000070330 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d42620 5 bytes JMP 0000000000070460 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d42780 5 bytes JMP 0000000000070420 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d42820 5 bytes JMP 0000000000070250 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d42830 5 bytes JMP 0000000000070260 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d42840 5 bytes JMP 0000000000070400 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d42a00 5 bytes JMP 00000000000701e0 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d42a10 5 bytes JMP 0000000000070200 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a80 5 bytes JMP 00000000000701f0 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42ae0 5 bytes JMP 0000000000070430 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42af0 5 bytes JMP 0000000000070450 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42b00 5 bytes JMP 0000000000070210 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42be0 1 byte JMP 0000000000070270 .text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 2 0000000076d42be2 3 bytes {JMP 0xffffffff8932d690} .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d413c0 5 bytes JMP 0000000076ea0480 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d41410 5 bytes JMP 0000000076ea0470 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41570 5 bytes JMP 0000000076ea0360 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d415c0 5 bytes JMP 0000000076ea0490 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d415d0 5 bytes JMP 0000000076ea03d0 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41680 1 byte JMP 0000000076ea0310 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 2 0000000076d41682 3 bytes {JMP 0x15ec90} .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d416b0 5 bytes JMP 0000000076ea03a0 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d416d0 5 bytes JMP 0000000076ea0380 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d41710 5 bytes JMP 0000000076ea02d0 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41790 5 bytes JMP 0000000076ea02c0 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d417b0 5 bytes JMP 0000000076ea0300 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d417f0 5 bytes JMP 0000000076ea03b0 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d41830 5 bytes JMP 0000000076ea0440 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d41840 5 bytes JMP 0000000076ea03e0 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d419a0 5 bytes JMP 0000000076ea0220 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b60 5 bytes JMP 0000000076ea04a0 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b90 5 bytes JMP 0000000076ea0390 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c70 5 bytes JMP 0000000076ea02e0 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c80 5 bytes JMP 0000000076ea0340 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41ce0 5 bytes JMP 0000000076ea0280 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d70 5 bytes JMP 0000000076ea02a0 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d90 5 bytes JMP 0000000076ea03c0 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41da0 5 bytes JMP 0000000076ea0320 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41e10 5 bytes JMP 0000000076ea0410 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41e40 5 bytes JMP 0000000076ea0230 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d41fe0 5 bytes JMP 0000000076ea03f0 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d42100 5 bytes JMP 0000000076ea01d0 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d421c0 5 bytes JMP 0000000076ea0240 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d421f0 5 bytes JMP 0000000076ea04b0 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d42200 5 bytes JMP 0000000076ea04c0 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d42230 5 bytes JMP 0000000076ea02f0 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d42240 5 bytes JMP 0000000076ea0350 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d422a0 5 bytes JMP 0000000076ea0290 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d422f0 5 bytes JMP 0000000076ea02b0 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d42320 5 bytes JMP 0000000076ea0370 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d42330 5 bytes JMP 0000000076ea0330 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d42620 5 bytes JMP 0000000076ea0460 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d42780 5 bytes JMP 0000000076ea0420 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d42820 5 bytes JMP 0000000076ea0250 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d42830 5 bytes JMP 0000000076ea0260 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d42840 5 bytes JMP 0000000076ea0400 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d42a00 5 bytes JMP 0000000076ea01e0 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d42a10 5 bytes JMP 0000000076ea0200 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a80 5 bytes JMP 0000000076ea01f0 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42ae0 5 bytes JMP 0000000076ea0430 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42af0 5 bytes JMP 0000000076ea0450 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42b00 5 bytes JMP 0000000076ea0210 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42be0 1 byte JMP 0000000076ea0270 .text C:\Windows\system32\AUDIODG.EXE[1200] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 2 0000000076d42be2 3 bytes {JMP 0x15d690} .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d413c0 5 bytes JMP 0000000076ea0480 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d41410 5 bytes JMP 0000000076ea0470 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41570 5 bytes JMP 0000000076ea0360 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d415c0 5 bytes JMP 0000000076ea0490 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d415d0 5 bytes JMP 0000000076ea03d0 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41680 1 byte JMP 0000000076ea0310 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 2 0000000076d41682 3 bytes {JMP 0x15ec90} .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d416b0 5 bytes JMP 0000000076ea03a0 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d416d0 5 bytes JMP 0000000076ea0380 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d41710 5 bytes JMP 0000000076ea02d0 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41790 5 bytes JMP 0000000076ea02c0 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d417b0 5 bytes JMP 0000000076ea0300 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d417f0 5 bytes JMP 0000000076ea03b0 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d41830 5 bytes JMP 0000000076ea0440 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d41840 5 bytes JMP 0000000076ea03e0 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d419a0 5 bytes JMP 0000000076ea0220 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b60 5 bytes JMP 0000000076ea04a0 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b90 5 bytes JMP 0000000076ea0390 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c70 5 bytes JMP 0000000076ea02e0 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c80 5 bytes JMP 0000000076ea0340 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41ce0 5 bytes JMP 0000000076ea0280 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d70 5 bytes JMP 0000000076ea02a0 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d90 5 bytes JMP 0000000076ea03c0 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41da0 5 bytes JMP 0000000076ea0320 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41e10 5 bytes JMP 0000000076ea0410 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41e40 5 bytes JMP 0000000076ea0230 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d41fe0 5 bytes JMP 0000000076ea03f0 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d42100 5 bytes JMP 0000000076ea01d0 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d421c0 5 bytes JMP 0000000076ea0240 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d421f0 5 bytes JMP 0000000076ea04b0 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d42200 5 bytes JMP 0000000076ea04c0 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d42230 5 bytes JMP 0000000076ea02f0 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d42240 5 bytes JMP 0000000076ea0350 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d422a0 5 bytes JMP 0000000076ea0290 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d422f0 5 bytes JMP 0000000076ea02b0 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d42320 5 bytes JMP 0000000076ea0370 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d42330 5 bytes JMP 0000000076ea0330 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d42620 5 bytes JMP 0000000076ea0460 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d42780 5 bytes JMP 0000000076ea0420 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d42820 5 bytes JMP 0000000076ea0250 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d42830 5 bytes JMP 0000000076ea0260 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d42840 5 bytes JMP 0000000076ea0400 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d42a00 5 bytes JMP 0000000076ea01e0 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d42a10 5 bytes JMP 0000000076ea0200 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a80 5 bytes JMP 0000000076ea01f0 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42ae0 5 bytes JMP 0000000076ea0430 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42af0 5 bytes JMP 0000000076ea0450 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42b00 5 bytes JMP 0000000076ea0210 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42be0 1 byte JMP 0000000076ea0270 .text C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 2 0000000076d42be2 3 bytes {JMP 0x15d690} .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d413c0 5 bytes JMP 0000000076ea0480 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d41410 5 bytes JMP 0000000076ea0470 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41570 5 bytes JMP 0000000076ea0360 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d415c0 5 bytes JMP 0000000076ea0490 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d415d0 5 bytes JMP 0000000076ea03d0 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41680 1 byte JMP 0000000076ea0310 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 2 0000000076d41682 3 bytes {JMP 0x15ec90} .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d416b0 5 bytes JMP 0000000076ea03a0 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d416d0 5 bytes JMP 0000000076ea0380 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d41710 5 bytes JMP 0000000076ea02d0 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41790 5 bytes JMP 0000000076ea02c0 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d417b0 5 bytes JMP 0000000076ea0300 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d417f0 5 bytes JMP 0000000076ea03b0 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d41830 5 bytes JMP 0000000076ea0440 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d41840 5 bytes JMP 0000000076ea03e0 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d419a0 5 bytes JMP 0000000076ea0220 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b60 5 bytes JMP 0000000076ea04a0 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b90 5 bytes JMP 0000000076ea0390 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c70 5 bytes JMP 0000000076ea02e0 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c80 5 bytes JMP 0000000076ea0340 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41ce0 5 bytes JMP 0000000076ea0280 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d70 5 bytes JMP 0000000076ea02a0 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d90 5 bytes JMP 0000000076ea03c0 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41da0 5 bytes JMP 0000000076ea0320 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41e10 5 bytes JMP 0000000076ea0410 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41e40 5 bytes JMP 0000000076ea0230 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d41fe0 5 bytes JMP 0000000076ea03f0 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d42100 5 bytes JMP 0000000076ea01d0 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d421c0 5 bytes JMP 0000000076ea0240 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d421f0 5 bytes JMP 0000000076ea04b0 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d42200 5 bytes JMP 0000000076ea04c0 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d42230 5 bytes JMP 0000000076ea02f0 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d42240 5 bytes JMP 0000000076ea0350 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d422a0 5 bytes JMP 0000000076ea0290 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d422f0 5 bytes JMP 0000000076ea02b0 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d42320 5 bytes JMP 0000000076ea0370 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d42330 5 bytes JMP 0000000076ea0330 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d42620 5 bytes JMP 0000000076ea0460 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d42780 5 bytes JMP 0000000076ea0420 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d42820 5 bytes JMP 0000000076ea0250 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d42830 5 bytes JMP 0000000076ea0260 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d42840 5 bytes JMP 0000000076ea0400 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d42a00 5 bytes JMP 0000000076ea01e0 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d42a10 5 bytes JMP 0000000076ea0200 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a80 5 bytes JMP 0000000076ea01f0 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42ae0 5 bytes JMP 0000000076ea0430 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42af0 5 bytes JMP 0000000076ea0450 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42b00 5 bytes JMP 0000000076ea0210 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42be0 1 byte JMP 0000000076ea0270 .text C:\Windows\system32\atieclxx.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 2 0000000076d42be2 3 bytes {JMP 0x15d690} .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d413c0 5 bytes JMP 0000000000070480 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d41410 5 bytes JMP 0000000000070470 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41570 5 bytes JMP 0000000000070360 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d415c0 5 bytes JMP 0000000000070490 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d415d0 5 bytes JMP 00000000000703d0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41680 1 byte JMP 0000000000070310 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 2 0000000076d41682 3 bytes {JMP 0xffffffff8932ec90} .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d416b0 5 bytes JMP 00000000000703a0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d416d0 5 bytes JMP 0000000000070380 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d41710 5 bytes JMP 00000000000702d0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41790 5 bytes JMP 00000000000702c0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d417b0 5 bytes JMP 0000000000070300 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d417f0 5 bytes JMP 00000000000703b0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d41830 5 bytes JMP 0000000000070440 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d41840 5 bytes JMP 00000000000703e0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d419a0 5 bytes JMP 0000000000070220 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b60 5 bytes JMP 00000000000704a0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b90 5 bytes JMP 0000000000070390 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c70 5 bytes JMP 00000000000702e0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c80 5 bytes JMP 0000000000070340 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41ce0 5 bytes JMP 0000000000070280 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d70 5 bytes JMP 00000000000702a0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d90 5 bytes JMP 00000000000703c0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41da0 5 bytes JMP 0000000000070320 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41e10 5 bytes JMP 0000000000070410 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41e40 5 bytes JMP 0000000000070230 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d41fe0 5 bytes JMP 00000000000703f0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d42100 5 bytes JMP 00000000000701d0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d421c0 5 bytes JMP 0000000000070240 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d421f0 5 bytes JMP 00000000000704b0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d42200 5 bytes JMP 00000000000704c0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d42230 5 bytes JMP 00000000000702f0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d42240 5 bytes JMP 0000000000070350 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d422a0 5 bytes JMP 0000000000070290 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d422f0 5 bytes JMP 00000000000702b0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d42320 5 bytes JMP 0000000000070370 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d42330 5 bytes JMP 0000000000070330 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d42620 5 bytes JMP 0000000000070460 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d42780 5 bytes JMP 0000000000070420 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d42820 5 bytes JMP 0000000000070250 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d42830 5 bytes JMP 0000000000070260 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d42840 5 bytes JMP 0000000000070400 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d42a00 5 bytes JMP 00000000000701e0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d42a10 5 bytes JMP 0000000000070200 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a80 5 bytes JMP 00000000000701f0 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42ae0 5 bytes JMP 0000000000070430 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42af0 5 bytes JMP 0000000000070450 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42b00 5 bytes JMP 0000000000070210 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42be0 1 byte JMP 0000000000070270 .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 2 0000000076d42be2 3 bytes {JMP 0xffffffff8932d690} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d413c0 5 bytes JMP 0000000000070480 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d41410 5 bytes JMP 0000000000070470 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41570 5 bytes JMP 0000000000070360 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d415c0 5 bytes JMP 0000000000070490 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d415d0 5 bytes JMP 00000000000703d0 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41680 1 byte JMP 0000000000070310 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 2 0000000076d41682 3 bytes {JMP 0xffffffff8932ec90} .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d416b0 5 bytes JMP 00000000000703a0 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d416d0 5 bytes JMP 0000000000070380 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d41710 5 bytes JMP 00000000000702d0 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41790 5 bytes JMP 00000000000702c0 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d417b0 5 bytes JMP 0000000000070300 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d417f0 5 bytes JMP 00000000000703b0 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d41830 5 bytes JMP 0000000000070440 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d41840 5 bytes JMP 00000000000703e0 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d419a0 5 bytes JMP 0000000000070220 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b60 5 bytes JMP 00000000000704a0 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b90 5 bytes JMP 0000000000070390 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c70 5 bytes JMP 00000000000702e0 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c80 5 bytes JMP 0000000000070340 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41ce0 5 bytes JMP 0000000000070280 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d70 5 bytes JMP 00000000000702a0 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d90 5 bytes JMP 00000000000703c0 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41da0 5 bytes JMP 0000000000070320 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41e10 5 bytes JMP 0000000000070410 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41e40 5 bytes JMP 0000000000070230 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d41fe0 5 bytes JMP 00000000000703f0 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d42100 5 bytes JMP 00000000000701d0 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d421c0 5 bytes JMP 0000000000070240 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d421f0 5 bytes JMP 00000000000704b0 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d42200 5 bytes JMP 00000000000704c0 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d42230 5 bytes JMP 00000000000702f0 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d42240 5 bytes JMP 0000000000070350 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d422a0 5 bytes JMP 0000000000070290 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d422f0 5 bytes JMP 00000000000702b0 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d42320 5 bytes JMP 0000000000070370 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d42330 5 bytes JMP 0000000000070330 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d42620 5 bytes JMP 0000000000070460 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d42780 5 bytes JMP 0000000000070420 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d42820 5 bytes JMP 0000000000070250 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d42830 5 bytes JMP 0000000000070260 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d42840 5 bytes JMP 0000000000070400 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d42a00 5 bytes JMP 00000000000701e0 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d42a10 5 bytes JMP 0000000000070200 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a80 5 bytes JMP 00000000000701f0 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42ae0 5 bytes JMP 0000000000070430 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42af0 5 bytes JMP 0000000000070450 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42b00 5 bytes JMP 0000000000070210 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42be0 1 byte JMP 0000000000070270 .text C:\Windows\System32\spoolsv.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 2 0000000076d42be2 3 bytes {JMP 0xffffffff8932d690} .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d413c0 5 bytes JMP 0000000076ea0480 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d41410 5 bytes JMP 0000000076ea0470 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41570 5 bytes JMP 0000000076ea0360 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d415c0 5 bytes JMP 0000000076ea0490 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d415d0 5 bytes JMP 0000000076ea03d0 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41680 1 byte JMP 0000000076ea0310 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 2 0000000076d41682 3 bytes {JMP 0x15ec90} .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d416b0 5 bytes JMP 0000000076ea03a0 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d416d0 5 bytes JMP 0000000076ea0380 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d41710 5 bytes JMP 0000000076ea02d0 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41790 5 bytes JMP 0000000076ea02c0 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d417b0 5 bytes JMP 0000000076ea0300 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d417f0 5 bytes JMP 0000000076ea03b0 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d41830 5 bytes JMP 0000000076ea0440 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d41840 5 bytes JMP 0000000076ea03e0 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d419a0 5 bytes JMP 0000000076ea0220 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b60 5 bytes JMP 0000000076ea04a0 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b90 5 bytes JMP 0000000076ea0390 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c70 5 bytes JMP 0000000076ea02e0 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c80 5 bytes JMP 0000000076ea0340 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41ce0 5 bytes JMP 0000000076ea0280 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d70 5 bytes JMP 0000000076ea02a0 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d90 5 bytes JMP 0000000076ea03c0 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41da0 5 bytes JMP 0000000076ea0320 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41e10 5 bytes JMP 0000000076ea0410 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41e40 5 bytes JMP 0000000076ea0230 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d41fe0 5 bytes JMP 0000000076ea03f0 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d42100 5 bytes JMP 0000000076ea01d0 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d421c0 5 bytes JMP 0000000076ea0240 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d421f0 5 bytes JMP 0000000076ea04b0 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d42200 5 bytes JMP 0000000076ea04c0 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d42230 5 bytes JMP 0000000076ea02f0 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d42240 5 bytes JMP 0000000076ea0350 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d422a0 5 bytes JMP 0000000076ea0290 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d422f0 5 bytes JMP 0000000076ea02b0 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d42320 5 bytes JMP 0000000076ea0370 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d42330 5 bytes JMP 0000000076ea0330 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d42620 5 bytes JMP 0000000076ea0460 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d42780 5 bytes JMP 0000000076ea0420 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d42820 5 bytes JMP 0000000076ea0250 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d42830 5 bytes JMP 0000000076ea0260 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d42840 5 bytes JMP 0000000076ea0400 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d42a00 5 bytes JMP 0000000076ea01e0 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d42a10 5 bytes JMP 0000000076ea0200 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a80 5 bytes JMP 0000000076ea01f0 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42ae0 5 bytes JMP 0000000076ea0430 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42af0 5 bytes JMP 0000000076ea0450 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42b00 5 bytes JMP 0000000076ea0210 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42be0 1 byte JMP 0000000076ea0270 .text C:\Windows\system32\svchost.exe[1700] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 2 0000000076d42be2 3 bytes {JMP 0x15d690} .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d413c0 5 bytes JMP 0000000076ea0480 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d41410 5 bytes JMP 0000000076ea0470 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41570 5 bytes JMP 0000000076ea0360 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d415c0 5 bytes JMP 0000000076ea0490 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d415d0 5 bytes JMP 0000000076ea03d0 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41680 1 byte JMP 0000000076ea0310 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 2 0000000076d41682 3 bytes {JMP 0x15ec90} .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d416b0 5 bytes JMP 0000000076ea03a0 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d416d0 5 bytes JMP 0000000076ea0380 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d41710 5 bytes JMP 0000000076ea02d0 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41790 5 bytes JMP 0000000076ea02c0 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d417b0 5 bytes JMP 0000000076ea0300 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d417f0 5 bytes JMP 0000000076ea03b0 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d41830 5 bytes JMP 0000000076ea0440 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d41840 5 bytes JMP 0000000076ea03e0 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d419a0 5 bytes JMP 0000000076ea0220 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b60 5 bytes JMP 0000000076ea04a0 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b90 5 bytes JMP 0000000076ea0390 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c70 5 bytes JMP 0000000076ea02e0 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c80 5 bytes JMP 0000000076ea0340 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41ce0 5 bytes JMP 0000000076ea0280 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d70 5 bytes JMP 0000000076ea02a0 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d90 5 bytes JMP 0000000076ea03c0 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41da0 5 bytes JMP 0000000076ea0320 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41e10 5 bytes JMP 0000000076ea0410 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41e40 5 bytes JMP 0000000076ea0230 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d41fe0 5 bytes JMP 0000000076ea03f0 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d42100 5 bytes JMP 0000000076ea01d0 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d421c0 5 bytes JMP 0000000076ea0240 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d421f0 5 bytes JMP 0000000076ea04b0 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d42200 5 bytes JMP 0000000076ea04c0 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d42230 5 bytes JMP 0000000076ea02f0 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d42240 5 bytes JMP 0000000076ea0350 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d422a0 5 bytes JMP 0000000076ea0290 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d422f0 5 bytes JMP 0000000076ea02b0 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d42320 5 bytes JMP 0000000076ea0370 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d42330 5 bytes JMP 0000000076ea0330 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d42620 5 bytes JMP 0000000076ea0460 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d42780 5 bytes JMP 0000000076ea0420 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d42820 5 bytes JMP 0000000076ea0250 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d42830 5 bytes JMP 0000000076ea0260 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d42840 5 bytes JMP 0000000076ea0400 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d42a00 5 bytes JMP 0000000076ea01e0 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d42a10 5 bytes JMP 0000000076ea0200 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a80 5 bytes JMP 0000000076ea01f0 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42ae0 5 bytes JMP 0000000076ea0430 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42af0 5 bytes JMP 0000000076ea0450 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42b00 5 bytes JMP 0000000076ea0210 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42be0 1 byte JMP 0000000076ea0270 .text C:\Windows\system32\taskhost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 2 0000000076d42be2 3 bytes {JMP 0x15d690} .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d413c0 5 bytes JMP 0000000076ea0480 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d41410 5 bytes JMP 0000000076ea0470 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41570 5 bytes JMP 0000000076ea0360 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d415c0 5 bytes JMP 0000000076ea0490 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d415d0 5 bytes JMP 0000000076ea03d0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41680 1 byte JMP 0000000076ea0310 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 2 0000000076d41682 3 bytes {JMP 0x15ec90} .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d416b0 5 bytes JMP 0000000076ea03a0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d416d0 5 bytes JMP 0000000076ea0380 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d41710 5 bytes JMP 0000000076ea02d0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41790 5 bytes JMP 0000000076ea02c0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d417b0 5 bytes JMP 0000000076ea0300 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d417f0 5 bytes JMP 0000000076ea03b0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d41830 5 bytes JMP 0000000076ea0440 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d41840 5 bytes JMP 0000000076ea03e0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d419a0 5 bytes JMP 0000000076ea0220 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b60 5 bytes JMP 0000000076ea04a0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b90 5 bytes JMP 0000000076ea0390 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c70 5 bytes JMP 0000000076ea02e0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c80 5 bytes JMP 0000000076ea0340 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41ce0 5 bytes JMP 0000000076ea0280 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d70 5 bytes JMP 0000000076ea02a0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d90 5 bytes JMP 0000000076ea03c0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41da0 5 bytes JMP 0000000076ea0320 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41e10 5 bytes JMP 0000000076ea0410 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41e40 5 bytes JMP 0000000076ea0230 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d41fe0 5 bytes JMP 0000000076ea03f0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d42100 5 bytes JMP 0000000076ea01d0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d421c0 5 bytes JMP 0000000076ea0240 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d421f0 5 bytes JMP 0000000076ea04b0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d42200 5 bytes JMP 0000000076ea04c0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d42230 5 bytes JMP 0000000076ea02f0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d42240 5 bytes JMP 0000000076ea0350 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d422a0 5 bytes JMP 0000000076ea0290 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d422f0 5 bytes JMP 0000000076ea02b0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d42320 5 bytes JMP 0000000076ea0370 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d42330 5 bytes JMP 0000000076ea0330 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d42620 5 bytes JMP 0000000076ea0460 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d42780 5 bytes JMP 0000000076ea0420 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d42820 5 bytes JMP 0000000076ea0250 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d42830 5 bytes JMP 0000000076ea0260 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d42840 5 bytes JMP 0000000076ea0400 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d42a00 5 bytes JMP 0000000076ea01e0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d42a10 5 bytes JMP 0000000076ea0200 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a80 5 bytes JMP 0000000076ea01f0 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42ae0 5 bytes JMP 0000000076ea0430 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42af0 5 bytes JMP 0000000076ea0450 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42b00 5 bytes JMP 0000000076ea0210 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42be0 1 byte JMP 0000000076ea0270 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2632] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 2 0000000076d42be2 3 bytes {JMP 0x15d690} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d413c0 5 bytes JMP 0000000076ea0480 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d41410 5 bytes JMP 0000000076ea0470 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41570 5 bytes JMP 0000000076ea0360 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d415c0 5 bytes JMP 0000000076ea0490 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d415d0 5 bytes JMP 0000000076ea03d0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41680 1 byte JMP 0000000076ea0310 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 2 0000000076d41682 3 bytes {JMP 0x15ec90} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d416b0 5 bytes JMP 0000000076ea03a0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d416d0 5 bytes JMP 0000000076ea0380 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d41710 5 bytes JMP 0000000076ea02d0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41790 5 bytes JMP 0000000076ea02c0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d417b0 5 bytes JMP 0000000076ea0300 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d417f0 5 bytes JMP 0000000076ea03b0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d41830 5 bytes JMP 0000000076ea0440 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d41840 5 bytes JMP 0000000076ea03e0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d419a0 5 bytes JMP 0000000076ea0220 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b60 5 bytes JMP 0000000076ea04a0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b90 5 bytes JMP 0000000076ea0390 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c70 5 bytes JMP 0000000076ea02e0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c80 5 bytes JMP 0000000076ea0340 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41ce0 5 bytes JMP 0000000076ea0280 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d70 5 bytes JMP 0000000076ea02a0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d90 5 bytes JMP 0000000076ea03c0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41da0 5 bytes JMP 0000000076ea0320 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41e10 5 bytes JMP 0000000076ea0410 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41e40 5 bytes JMP 0000000076ea0230 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d41fe0 5 bytes JMP 0000000076ea03f0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d42100 5 bytes JMP 0000000076ea01d0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d421c0 5 bytes JMP 0000000076ea0240 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d421f0 5 bytes JMP 0000000076ea04b0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d42200 5 bytes JMP 0000000076ea04c0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d42230 5 bytes JMP 0000000076ea02f0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d42240 5 bytes JMP 0000000076ea0350 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d422a0 5 bytes JMP 0000000076ea0290 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d422f0 5 bytes JMP 0000000076ea02b0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d42320 5 bytes JMP 0000000076ea0370 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d42330 5 bytes JMP 0000000076ea0330 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d42620 5 bytes JMP 0000000076ea0460 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d42780 5 bytes JMP 0000000076ea0420 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d42820 5 bytes JMP 0000000076ea0250 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d42830 5 bytes JMP 0000000076ea0260 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d42840 5 bytes JMP 0000000076ea0400 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d42a00 5 bytes JMP 0000000076ea01e0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d42a10 5 bytes JMP 0000000076ea0200 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a80 5 bytes JMP 0000000076ea01f0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42ae0 5 bytes JMP 0000000076ea0430 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42af0 5 bytes JMP 0000000076ea0450 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42b00 5 bytes JMP 0000000076ea0210 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42be0 1 byte JMP 0000000076ea0270 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 2 0000000076d42be2 3 bytes {JMP 0x15d690} .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d413c0 5 bytes JMP 0000000076ea0480 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d41410 5 bytes JMP 0000000076ea0470 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41570 5 bytes JMP 0000000076ea0360 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d415c0 5 bytes JMP 0000000076ea0490 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d415d0 5 bytes JMP 0000000076ea03d0 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41680 1 byte JMP 0000000076ea0310 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 2 0000000076d41682 3 bytes {JMP 0x15ec90} .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d416b0 5 bytes JMP 0000000076ea03a0 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d416d0 5 bytes JMP 0000000076ea0380 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d41710 5 bytes JMP 0000000076ea02d0 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41790 5 bytes JMP 0000000076ea02c0 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d417b0 5 bytes JMP 0000000076ea0300 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d417f0 5 bytes JMP 0000000076ea03b0 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d41830 5 bytes JMP 0000000076ea0440 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d41840 5 bytes JMP 0000000076ea03e0 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d419a0 5 bytes JMP 0000000076ea0220 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b60 5 bytes JMP 0000000076ea04a0 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b90 5 bytes JMP 0000000076ea0390 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c70 5 bytes JMP 0000000076ea02e0 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c80 5 bytes JMP 0000000076ea0340 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41ce0 5 bytes JMP 0000000076ea0280 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d70 5 bytes JMP 0000000076ea02a0 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d90 5 bytes JMP 0000000076ea03c0 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41da0 5 bytes JMP 0000000076ea0320 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41e10 5 bytes JMP 0000000076ea0410 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41e40 5 bytes JMP 0000000076ea0230 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d41fe0 5 bytes JMP 0000000076ea03f0 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d42100 5 bytes JMP 0000000076ea01d0 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d421c0 5 bytes JMP 0000000076ea0240 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d421f0 5 bytes JMP 0000000076ea04b0 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d42200 5 bytes JMP 0000000076ea04c0 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d42230 5 bytes JMP 0000000076ea02f0 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d42240 5 bytes JMP 0000000076ea0350 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d422a0 5 bytes JMP 0000000076ea0290 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d422f0 5 bytes JMP 0000000076ea02b0 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d42320 5 bytes JMP 0000000076ea0370 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d42330 5 bytes JMP 0000000076ea0330 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d42620 5 bytes JMP 0000000076ea0460 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d42780 5 bytes JMP 0000000076ea0420 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d42820 5 bytes JMP 0000000076ea0250 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d42830 5 bytes JMP 0000000076ea0260 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d42840 5 bytes JMP 0000000076ea0400 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d42a00 5 bytes JMP 0000000076ea01e0 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d42a10 5 bytes JMP 0000000076ea0200 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a80 5 bytes JMP 0000000076ea01f0 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42ae0 5 bytes JMP 0000000076ea0430 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42af0 5 bytes JMP 0000000076ea0450 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42b00 5 bytes JMP 0000000076ea0210 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42be0 1 byte JMP 0000000076ea0270 .text C:\Windows\system32\Dwm.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 2 0000000076d42be2 3 bytes {JMP 0x15d690} .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d413c0 5 bytes JMP 0000000076ea0480 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d41410 5 bytes JMP 0000000076ea0470 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41570 5 bytes JMP 0000000076ea0360 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d415c0 5 bytes JMP 0000000076ea0490 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d415d0 5 bytes JMP 0000000076ea03d0 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41680 1 byte JMP 0000000076ea0310 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 2 0000000076d41682 3 bytes {JMP 0x15ec90} .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d416b0 5 bytes JMP 0000000076ea03a0 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d416d0 5 bytes JMP 0000000076ea0380 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d41710 5 bytes JMP 0000000076ea02d0 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41790 5 bytes JMP 0000000076ea02c0 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d417b0 5 bytes JMP 0000000076ea0300 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d417f0 5 bytes JMP 0000000076ea03b0 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d41830 5 bytes JMP 0000000076ea0440 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d41840 5 bytes JMP 0000000076ea03e0 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d419a0 5 bytes JMP 0000000076ea0220 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b60 5 bytes JMP 0000000076ea04a0 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b90 5 bytes JMP 0000000076ea0390 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c70 5 bytes JMP 0000000076ea02e0 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c80 5 bytes JMP 0000000076ea0340 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41ce0 5 bytes JMP 0000000076ea0280 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d70 5 bytes JMP 0000000076ea02a0 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d90 5 bytes JMP 0000000076ea03c0 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41da0 5 bytes JMP 0000000076ea0320 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41e10 5 bytes JMP 0000000076ea0410 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41e40 5 bytes JMP 0000000076ea0230 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d41fe0 5 bytes JMP 0000000076ea03f0 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d42100 5 bytes JMP 0000000076ea01d0 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d421c0 5 bytes JMP 0000000076ea0240 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d421f0 5 bytes JMP 0000000076ea04b0 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d42200 5 bytes JMP 0000000076ea04c0 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d42230 5 bytes JMP 0000000076ea02f0 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d42240 5 bytes JMP 0000000076ea0350 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d422a0 5 bytes JMP 0000000076ea0290 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d422f0 5 bytes JMP 0000000076ea02b0 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d42320 5 bytes JMP 0000000076ea0370 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d42330 5 bytes JMP 0000000076ea0330 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d42620 5 bytes JMP 0000000076ea0460 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d42780 5 bytes JMP 0000000076ea0420 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d42820 5 bytes JMP 0000000076ea0250 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d42830 5 bytes JMP 0000000076ea0260 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d42840 5 bytes JMP 0000000076ea0400 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d42a00 5 bytes JMP 0000000076ea01e0 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d42a10 5 bytes JMP 0000000076ea0200 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a80 5 bytes JMP 0000000076ea01f0 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42ae0 5 bytes JMP 0000000076ea0430 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42af0 5 bytes JMP 0000000076ea0450 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42b00 5 bytes JMP 0000000076ea0210 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42be0 1 byte JMP 0000000076ea0270 .text C:\Windows\Explorer.EXE[2812] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 2 0000000076d42be2 3 bytes {JMP 0x15d690} .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d413c0 5 bytes JMP 0000000076ea0480 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d41410 5 bytes JMP 0000000076ea0470 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41570 5 bytes JMP 0000000076ea0360 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d415c0 5 bytes JMP 0000000076ea0490 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d415d0 5 bytes JMP 0000000076ea03d0 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41680 1 byte JMP 0000000076ea0310 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 2 0000000076d41682 3 bytes {JMP 0x15ec90} .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d416b0 5 bytes JMP 0000000076ea03a0 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d416d0 5 bytes JMP 0000000076ea0380 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d41710 5 bytes JMP 0000000076ea02d0 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41790 5 bytes JMP 0000000076ea02c0 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d417b0 5 bytes JMP 0000000076ea0300 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d417f0 5 bytes JMP 0000000076ea03b0 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d41830 5 bytes JMP 0000000076ea0440 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d41840 5 bytes JMP 0000000076ea03e0 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d419a0 5 bytes JMP 0000000076ea0220 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b60 5 bytes JMP 0000000076ea04a0 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b90 5 bytes JMP 0000000076ea0390 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c70 5 bytes JMP 0000000076ea02e0 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c80 5 bytes JMP 0000000076ea0340 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41ce0 5 bytes JMP 0000000076ea0280 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d70 5 bytes JMP 0000000076ea02a0 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d90 5 bytes JMP 0000000076ea03c0 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41da0 5 bytes JMP 0000000076ea0320 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41e10 5 bytes JMP 0000000076ea0410 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41e40 5 bytes JMP 0000000076ea0230 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d41fe0 5 bytes JMP 0000000076ea03f0 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d42100 5 bytes JMP 0000000076ea01d0 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d421c0 5 bytes JMP 0000000076ea0240 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d421f0 5 bytes JMP 0000000076ea04b0 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d42200 5 bytes JMP 0000000076ea04c0 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d42230 5 bytes JMP 0000000076ea02f0 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d42240 5 bytes JMP 0000000076ea0350 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d422a0 5 bytes JMP 0000000076ea0290 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d422f0 5 bytes JMP 0000000076ea02b0 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d42320 5 bytes JMP 0000000076ea0370 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d42330 5 bytes JMP 0000000076ea0330 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d42620 5 bytes JMP 0000000076ea0460 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d42780 5 bytes JMP 0000000076ea0420 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d42820 5 bytes JMP 0000000076ea0250 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d42830 5 bytes JMP 0000000076ea0260 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d42840 5 bytes JMP 0000000076ea0400 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d42a00 5 bytes JMP 0000000076ea01e0 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d42a10 5 bytes JMP 0000000076ea0200 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a80 5 bytes JMP 0000000076ea01f0 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42ae0 5 bytes JMP 0000000076ea0430 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42af0 5 bytes JMP 0000000076ea0450 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42b00 5 bytes JMP 0000000076ea0210 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42be0 1 byte JMP 0000000076ea0270 .text C:\Windows\system32\svchost.exe[2560] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 2 0000000076d42be2 3 bytes {JMP 0x15d690} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d413c0 5 bytes JMP 0000000076ea0480 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d41410 5 bytes JMP 0000000076ea0470 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41570 5 bytes JMP 0000000076ea0360 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d415c0 5 bytes JMP 0000000076ea0490 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d415d0 5 bytes JMP 0000000076ea03d0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41680 1 byte JMP 0000000076ea0310 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 2 0000000076d41682 3 bytes {JMP 0x15ec90} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d416b0 5 bytes JMP 0000000076ea03a0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d416d0 5 bytes JMP 0000000076ea0380 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d41710 5 bytes JMP 0000000076ea02d0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41790 5 bytes JMP 0000000076ea02c0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d417b0 5 bytes JMP 0000000076ea0300 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d417f0 5 bytes JMP 0000000076ea03b0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d41830 5 bytes JMP 0000000076ea0440 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d41840 5 bytes JMP 0000000076ea03e0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d419a0 5 bytes JMP 0000000076ea0220 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b60 5 bytes JMP 0000000076ea04a0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b90 5 bytes JMP 0000000076ea0390 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c70 5 bytes JMP 0000000076ea02e0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c80 5 bytes JMP 0000000076ea0340 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41ce0 5 bytes JMP 0000000076ea0280 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d70 5 bytes JMP 0000000076ea02a0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d90 5 bytes JMP 0000000076ea03c0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41da0 5 bytes JMP 0000000076ea0320 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41e10 5 bytes JMP 0000000076ea0410 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41e40 5 bytes JMP 0000000076ea0230 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d41fe0 5 bytes JMP 0000000076ea03f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d42100 5 bytes JMP 0000000076ea01d0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d421c0 5 bytes JMP 0000000076ea0240 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d421f0 5 bytes JMP 0000000076ea04b0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d42200 5 bytes JMP 0000000076ea04c0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d42230 5 bytes JMP 0000000076ea02f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d42240 5 bytes JMP 0000000076ea0350 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d422a0 5 bytes JMP 0000000076ea0290 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d422f0 5 bytes JMP 0000000076ea02b0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d42320 5 bytes JMP 0000000076ea0370 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d42330 5 bytes JMP 0000000076ea0330 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d42620 5 bytes JMP 0000000076ea0460 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d42780 5 bytes JMP 0000000076ea0420 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d42820 5 bytes JMP 0000000076ea0250 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d42830 5 bytes JMP 0000000076ea0260 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d42840 5 bytes JMP 0000000076ea0400 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d42a00 5 bytes JMP 0000000076ea01e0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d42a10 5 bytes JMP 0000000076ea0200 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a80 5 bytes JMP 0000000076ea01f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42ae0 5 bytes JMP 0000000076ea0430 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42af0 5 bytes JMP 0000000076ea0450 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42b00 5 bytes JMP 0000000076ea0210 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42be0 1 byte JMP 0000000076ea0270 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3588] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 2 0000000076d42be2 3 bytes {JMP 0x15d690} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d413c0 5 bytes JMP 0000000076ea0480 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d41410 5 bytes JMP 0000000076ea0470 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41570 5 bytes JMP 0000000076ea0360 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d415c0 5 bytes JMP 0000000076ea0490 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d415d0 5 bytes JMP 0000000076ea03d0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41680 1 byte JMP 0000000076ea0310 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 2 0000000076d41682 3 bytes {JMP 0x15ec90} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d416b0 5 bytes JMP 0000000076ea03a0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d416d0 5 bytes JMP 0000000076ea0380 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d41710 5 bytes JMP 0000000076ea02d0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41790 5 bytes JMP 0000000076ea02c0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d417b0 5 bytes JMP 0000000076ea0300 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d417f0 5 bytes JMP 0000000076ea03b0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d41830 5 bytes JMP 0000000076ea0440 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d41840 5 bytes JMP 0000000076ea03e0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d419a0 5 bytes JMP 0000000076ea0220 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b60 5 bytes JMP 0000000076ea04a0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b90 5 bytes JMP 0000000076ea0390 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c70 5 bytes JMP 0000000076ea02e0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c80 5 bytes JMP 0000000076ea0340 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41ce0 5 bytes JMP 0000000076ea0280 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d70 5 bytes JMP 0000000076ea02a0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d90 5 bytes JMP 0000000076ea03c0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41da0 5 bytes JMP 0000000076ea0320 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41e10 5 bytes JMP 0000000076ea0410 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41e40 5 bytes JMP 0000000076ea0230 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d41fe0 5 bytes JMP 0000000076ea03f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d42100 5 bytes JMP 0000000076ea01d0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d421c0 5 bytes JMP 0000000076ea0240 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d421f0 5 bytes JMP 0000000076ea04b0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d42200 5 bytes JMP 0000000076ea04c0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d42230 5 bytes JMP 0000000076ea02f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d42240 5 bytes JMP 0000000076ea0350 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d422a0 5 bytes JMP 0000000076ea0290 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d422f0 5 bytes JMP 0000000076ea02b0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d42320 5 bytes JMP 0000000076ea0370 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d42330 5 bytes JMP 0000000076ea0330 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d42620 5 bytes JMP 0000000076ea0460 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d42780 5 bytes JMP 0000000076ea0420 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d42820 5 bytes JMP 0000000076ea0250 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d42830 5 bytes JMP 0000000076ea0260 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d42840 5 bytes JMP 0000000076ea0400 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d42a00 5 bytes JMP 0000000076ea01e0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d42a10 5 bytes JMP 0000000076ea0200 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a80 5 bytes JMP 0000000076ea01f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42ae0 5 bytes JMP 0000000076ea0430 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42af0 5 bytes JMP 0000000076ea0450 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42b00 5 bytes JMP 0000000076ea0210 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42be0 1 byte JMP 0000000076ea0270 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 2 0000000076d42be2 3 bytes {JMP 0x15d690} .text C:\Program Files\AVAST Software\Avast\avastui.exe[3828] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000761187c9 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d413c0 5 bytes JMP 0000000076ea0480 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d41410 5 bytes JMP 0000000076ea0470 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41570 5 bytes JMP 0000000076ea0360 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d415c0 5 bytes JMP 0000000076ea0490 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d415d0 5 bytes JMP 0000000076ea03d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41680 1 byte JMP 0000000076ea0310 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 2 0000000076d41682 3 bytes {JMP 0x15ec90} .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d416b0 5 bytes JMP 0000000076ea03a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d416d0 5 bytes JMP 0000000076ea0380 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d41710 5 bytes JMP 0000000076ea02d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41790 5 bytes JMP 0000000076ea02c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d417b0 5 bytes JMP 0000000076ea0300 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d417f0 5 bytes JMP 0000000076ea03b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d41830 5 bytes JMP 0000000076ea0440 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d41840 5 bytes JMP 0000000076ea03e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d419a0 5 bytes JMP 0000000076ea0220 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b60 5 bytes JMP 0000000076ea04a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b90 5 bytes JMP 0000000076ea0390 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c70 5 bytes JMP 0000000076ea02e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c80 5 bytes JMP 0000000076ea0340 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41ce0 5 bytes JMP 0000000076ea0280 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d70 5 bytes JMP 0000000076ea02a0 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d90 5 bytes JMP 0000000076ea03c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41da0 5 bytes JMP 0000000076ea0320 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41e10 5 bytes JMP 0000000076ea0410 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41e40 5 bytes JMP 0000000076ea0230 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d41fe0 5 bytes JMP 0000000076ea03f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d42100 5 bytes JMP 0000000076ea01d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d421c0 5 bytes JMP 0000000076ea0240 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d421f0 5 bytes JMP 0000000076ea04b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d42200 5 bytes JMP 0000000076ea04c0 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d42230 5 bytes JMP 0000000076ea02f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d42240 5 bytes JMP 0000000076ea0350 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d422a0 5 bytes JMP 0000000076ea0290 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d422f0 5 bytes JMP 0000000076ea02b0 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d42320 5 bytes JMP 0000000076ea0370 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d42330 5 bytes JMP 0000000076ea0330 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d42620 5 bytes JMP 0000000076ea0460 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d42780 5 bytes JMP 0000000076ea0420 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d42820 5 bytes JMP 0000000076ea0250 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d42830 5 bytes JMP 0000000076ea0260 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d42840 5 bytes JMP 0000000076ea0400 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d42a00 5 bytes JMP 0000000076ea01e0 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d42a10 5 bytes JMP 0000000076ea0200 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a80 5 bytes JMP 0000000076ea01f0 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42ae0 5 bytes JMP 0000000076ea0430 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42af0 5 bytes JMP 0000000076ea0450 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42b00 5 bytes JMP 0000000076ea0210 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42be0 1 byte JMP 0000000076ea0270 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 2 0000000076d42be2 3 bytes {JMP 0x15d690} .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d413c0 5 bytes JMP 0000000076ea0480 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d41410 5 bytes JMP 0000000076ea0470 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41570 5 bytes JMP 0000000076ea0360 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d415c0 5 bytes JMP 0000000076ea0490 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d415d0 5 bytes JMP 0000000076ea03d0 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41680 1 byte JMP 0000000076ea0310 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 2 0000000076d41682 3 bytes {JMP 0x15ec90} .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d416b0 5 bytes JMP 0000000076ea03a0 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d416d0 5 bytes JMP 0000000076ea0380 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d41710 5 bytes JMP 0000000076ea02d0 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41790 5 bytes JMP 0000000076ea02c0 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d417b0 5 bytes JMP 0000000076ea0300 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d417f0 5 bytes JMP 0000000076ea03b0 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d41830 5 bytes JMP 0000000076ea0440 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d41840 5 bytes JMP 0000000076ea03e0 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d419a0 5 bytes JMP 0000000076ea0220 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b60 5 bytes JMP 0000000076ea04a0 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b90 5 bytes JMP 0000000076ea0390 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c70 5 bytes JMP 0000000076ea02e0 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c80 5 bytes JMP 0000000076ea0340 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41ce0 5 bytes JMP 0000000076ea0280 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d70 5 bytes JMP 0000000076ea02a0 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d90 5 bytes JMP 0000000076ea03c0 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41da0 5 bytes JMP 0000000076ea0320 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41e10 5 bytes JMP 0000000076ea0410 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41e40 5 bytes JMP 0000000076ea0230 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d41fe0 5 bytes JMP 0000000076ea03f0 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d42100 5 bytes JMP 0000000076ea01d0 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d421c0 5 bytes JMP 0000000076ea0240 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d421f0 5 bytes JMP 0000000076ea04b0 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d42200 5 bytes JMP 0000000076ea04c0 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d42230 5 bytes JMP 0000000076ea02f0 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d42240 5 bytes JMP 0000000076ea0350 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d422a0 5 bytes JMP 0000000076ea0290 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d422f0 5 bytes JMP 0000000076ea02b0 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d42320 5 bytes JMP 0000000076ea0370 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d42330 5 bytes JMP 0000000076ea0330 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d42620 5 bytes JMP 0000000076ea0460 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d42780 5 bytes JMP 0000000076ea0420 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d42820 5 bytes JMP 0000000076ea0250 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d42830 5 bytes JMP 0000000076ea0260 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d42840 5 bytes JMP 0000000076ea0400 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d42a00 5 bytes JMP 0000000076ea01e0 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d42a10 5 bytes JMP 0000000076ea0200 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a80 5 bytes JMP 0000000076ea01f0 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42ae0 5 bytes JMP 0000000076ea0430 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42af0 5 bytes JMP 0000000076ea0450 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42b00 5 bytes JMP 0000000076ea0210 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42be0 1 byte JMP 0000000076ea0270 .text C:\Windows\system32\svchost.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 2 0000000076d42be2 3 bytes {JMP 0x15d690} .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076d413c0 5 bytes JMP 0000000076ea0480 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076d41410 5 bytes JMP 0000000076ea0470 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d41570 5 bytes JMP 0000000076ea0360 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076d415c0 5 bytes JMP 0000000076ea0490 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d415d0 5 bytes JMP 0000000076ea03d0 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d41680 1 byte JMP 0000000076ea0310 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 2 0000000076d41682 3 bytes {JMP 0x15ec90} .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d416b0 5 bytes JMP 0000000076ea03a0 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d416d0 5 bytes JMP 0000000076ea0380 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076d41710 5 bytes JMP 0000000076ea02d0 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076d41790 5 bytes JMP 0000000076ea02c0 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d417b0 5 bytes JMP 0000000076ea0300 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d417f0 5 bytes JMP 0000000076ea03b0 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000076d41830 5 bytes JMP 0000000076ea0440 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076d41840 5 bytes JMP 0000000076ea03e0 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076d419a0 5 bytes JMP 0000000076ea0220 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076d41b60 5 bytes JMP 0000000076ea04a0 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076d41b90 5 bytes JMP 0000000076ea0390 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076d41c70 5 bytes JMP 0000000076ea02e0 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076d41c80 5 bytes JMP 0000000076ea0340 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d41ce0 5 bytes JMP 0000000076ea0280 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076d41d70 5 bytes JMP 0000000076ea02a0 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d41d90 5 bytes JMP 0000000076ea03c0 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076d41da0 5 bytes JMP 0000000076ea0320 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076d41e10 5 bytes JMP 0000000076ea0410 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076d41e40 5 bytes JMP 0000000076ea0230 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000076d41fe0 5 bytes JMP 0000000076ea03f0 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d42100 5 bytes JMP 0000000076ea01d0 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076d421c0 5 bytes JMP 0000000076ea0240 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076d421f0 5 bytes JMP 0000000076ea04b0 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076d42200 5 bytes JMP 0000000076ea04c0 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076d42230 5 bytes JMP 0000000076ea02f0 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076d42240 5 bytes JMP 0000000076ea0350 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076d422a0 5 bytes JMP 0000000076ea0290 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076d422f0 5 bytes JMP 0000000076ea02b0 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076d42320 5 bytes JMP 0000000076ea0370 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076d42330 5 bytes JMP 0000000076ea0330 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076d42620 5 bytes JMP 0000000076ea0460 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtResumeProcess 0000000076d42780 5 bytes JMP 0000000076ea0420 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076d42820 5 bytes JMP 0000000076ea0250 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076d42830 5 bytes JMP 0000000076ea0260 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d42840 5 bytes JMP 0000000076ea0400 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d42a00 5 bytes JMP 0000000076ea01e0 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076d42a10 5 bytes JMP 0000000076ea0200 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076d42a80 5 bytes JMP 0000000076ea01f0 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d42ae0 5 bytes JMP 0000000076ea0430 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d42af0 5 bytes JMP 0000000076ea0450 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d42b00 5 bytes JMP 0000000076ea0210 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d42be0 1 byte JMP 0000000076ea0270 .text C:\Windows\System32\svchost.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 2 0000000076d42be2 3 bytes {JMP 0x15d690} ---- Threads - GMER 2.2 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1164:4384] 000007fefb332ab8 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\24fd52f1c069 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\24fd52f1c069 (not active ControlSet) ---- EOF - GMER 2.2 ----

shortcut:

Kod: Zaznacz wszystko: Rezultat skanowania skrótów użytkowników (x64) Wersja:16-05-2016 Uruchomiony przez Erik (2016-05-16 20:15:21) Uruchomiony z C:\Users\Erik\Downloads Tryb startu: Normal ==================== Skróty ============================= (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}\SC_Reader.ico (Flexera Software LLC) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk -> C:\Program Files\AVAST Software\SZBrowser\launcher.exe (Avast Software) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk -> C:\Program Files (x86)\Glary Utilities 5\Integrator.exe (Glarysoft Ltd) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk -> C:\Windows\Installer\{90850415-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader\Uninstall.lnk -> C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\Uninstall.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader\YTD Video Downloader.lnk -> C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\ytd.exe (GreenTree Applications SRL) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia\Tibia Website.lnk -> D:\Tibia\Tibia.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia\Tibia.lnk -> D:\Tibia\Tibia.exe (CipSoft GmbH) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia\Uninstall Tibia.lnk -> D:\Tibia\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client\TeamSpeak 3 Client.lnk -> C:\Program Files\ts3client_win64.exe (TeamSpeak Systems GmbH) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client\Uninstall.lnk -> C:\Program Files\Uninstall.exe (TeamSpeak Systems GmbH) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files\Steam\Steam.exe (Valve Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Deinstalacja programu Malwarebytes Anti-Malware.lnk -> C:\Program Files\Malwarebytes Anti-Malware\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo\Podręcznik użytkownika.lnk -> C:\Program Files (x86)\Lenovo\UserGuide\UserGuide.exe (Lenovo) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends\League of Legends.lnk -> D:\Gry\lol.launcher.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5\Glary Utilities 5.lnk -> C:\Program Files (x86)\Glary Utilities 5\Integrator.exe (Glarysoft Ltd) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Genesis GX57 Gaming Mouse\GenesisGX57.exe.lnk -> C:\Program Files\Genesis GX57\GenesisGX57.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Genesis GX57 Gaming Mouse\Uninstall.lnk -> C:\Program Files (x86)\Genesis GX57\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamersFirst\LIVE!\GamersFirst LIVE!.lnk -> C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamersFirst\LIVE!\Uninstall.lnk -> C:\Program Files (x86)\GamersFirst\LIVE!\uninstall.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON\EPSON Scan\EPSON Scan.lnk -> C:\Windows\twain_32\escndv\escndv.exe (SEIKO EPSON CORP.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON\EPSON Scan\Ustawienia programu EPSON Scan.lnk -> C:\Windows\twain_32\escndv\escfg.exe (SEIKO EPSON CORP.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby\Dolby Demo.lnk -> C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4d.exe (Dolby Laboratories Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby\Dolby Profile.lnk -> C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4e.exe (Dolby Laboratories Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III\Diablo III.lnk -> D:\Diablo 3\Diablo III\Diablo III Launcher.exe (Blizzard Entertainment) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net\Battle.net.lnk -> D:\Diablo 3\Battle.net\Battle.net Launcher.exe (Blizzard Entertainment) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software\Avast Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\avastui.exe (AVAST Software) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo\Ashampoo WinOptimizer 12\Ashampoo WinOptimizer 12 .lnk -> C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 12\WO12.exe (Ashampoo Development GmbH & Co. KG) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo\Ashampoo WinOptimizer 12\Czytaj.lnk -> C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 12\readme_pl_pl.htm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo\Ashampoo WinOptimizer 12\Deinstalacja programu Ashampoo WinOptimizer 12.lnk -> C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 12\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo\Ashampoo WinOptimizer 12\Pomoc.lnk -> C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 12\Translation\help.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center\AMD VISION Engine Control Center.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Bluetooth File Transfer Wizard.lnk -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk -> C:\Windows\System32\NetProj.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\Erik\Links\Desktop.lnk -> C:\Users\Erik\Desktop () Shortcut: C:\Users\Erik\Links\Downloads.lnk -> C:\Users\Erik\Downloads () Shortcut: C:\Users\Erik\Documents\Euro Truck Simulator 2\readme.rtf.lnk -> D:\Gry\Steam\steamapps\common\Euro Truck Simulator 2\readme.rtf (Brak pliku) Shortcut: C:\Users\Erik\Desktop\DragonAge2 — skrót.lnk -> D:\Gry\DA2\Dragon Age 2\bin_ship\DragonAge2.exe (BioWare) Shortcut: C:\Users\Erik\Desktop\Muzyka.lnk -> D:\Muzyka\Nowy folder\Nowy folder () Shortcut: C:\Users\Erik\Desktop\Open Broadcaster Software.lnk -> C:\Program Files (x86)\OBS\OBS.exe () Shortcut: C:\Users\Erik\Desktop\OpenFM.lnk -> C:\Users\Erik\AppData\Local\OpenFM\Application\openfm.exe () Shortcut: C:\Users\Erik\Desktop\Steam.lnk -> C:\Program Files\Steam\Steam.exe (Valve Corporation) Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenFM.lnk -> C:\Users\Erik\AppData\Local\OpenFM\Application\openfm.exe () Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XenoBot\XenoSuite.lnk -> C:\Program Files (x86)\XenoBot\XenoSuite.exe () Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt () Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt () Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm () Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal) Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files\Steam\Steam.exe (Valve Corporation) Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XenoSuite.lnk -> C:\Program Files (x86)\XenoBot\XenoSuite.exe () Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software\Open Broadcaster Software (32bit).lnk -> C:\Program Files (x86)\OBS\OBS.exe () Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software\Open Broadcaster Software (64bit).lnk -> C:\Program Files\OBS\OBS.exe () Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software\Uninstall.lnk -> C:\Program Files (x86)\OBS\uninstall.exe () Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation) Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Office\Niedawny\10210.LNK -> C:\Users\Erik\Downloads\10210.doc (Brak pliku) Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Office\Niedawny\1700 (1).LNK -> C:\Users\Erik\Downloads\1700 (1).doc (Brak pliku) Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Office\Niedawny\1700.LNK -> C:\Users\Erik\Desktop\Sebastian Szkoła\1700.doc (Brak pliku) Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Office\Niedawny\1701.LNK -> C:\Users\Erik\Desktop\Sebastian Szkoła\1701.doc (Brak pliku) Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Office\Niedawny\1770.LNK -> C:\Users\Erik\Desktop\Sebastian Szkoła\1770.doc (Brak pliku) Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Office\Niedawny\2416035826e2c159de7484c4ee160883.LNK -> C:\Users\Erik\Downloads\2416035826e2c159de7484c4ee160883.doc () Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Office\Niedawny\Angielski.LNK -> C:\Users\Erik\Desktop\Sebastian Szkoła\Angielski.doc () Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Office\Niedawny\Cv Grzegorz.LNK -> G:\Cv Grzegorz.rtf (Brak pliku) Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Office\Niedawny\Dysk lokalny (D).LNK -> D:\ () Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Office\Niedawny\historia.LNK -> C:\Users\Erik\Desktop\Sebastian Szkoła\historia.doc () Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Office\Niedawny\KINGSTON (G).LNK -> G:\ (Brak pliku) Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Office\Niedawny\License.LNK -> D:\License.rtf (Brak pliku) Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Office\Niedawny\Nowy folder (5).LNK -> C:\Users\Erik\Desktop\Nowy folder (5) (Brak pliku) Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Office\Niedawny\PATRIOT (G).LNK -> G:\ (Brak pliku) Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Office\Niedawny\Pobrane.LNK -> C:\Users\Erik\Downloads () Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Office\Niedawny\Projekt edu.LNK -> C:\Users\Erik\Desktop\Projekt edu.docx () Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Office\Niedawny\Pulpit.LNK -> C:\Users\Erik\Desktop () Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Office\Niedawny\Sebastian Szkoła.LNK -> C:\Users\Erik\Desktop\Sebastian Szkoła () Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Office\Niedawny\Szkolenie-przeciwpowodziowe-i-ratownictwo-wodne-dla-OSP-1 (1).LNK -> C:\Users\Erik\Downloads\Szkolenie-przeciwpowodziowe-i-ratownictwo-wodne-dla-OSP-1 (1).docx (Brak pliku) Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Office\Niedawny\Szkolenie-przeciwpowodziowe-i-ratownictwo-wodne-dla-OSP-1.LNK -> C:\Users\Erik\Downloads\Szkolenie-przeciwpowodziowe-i-ratownictwo-wodne-dla-OSP-1.docx (Brak pliku) Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Office\Niedawny\Terminy zjazdów.LNK -> C:\Users\Erik\Desktop\Sebastian Szkoła\Terminy zjazdów.doc () Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Office\Niedawny\wos.LNK -> C:\Users\Erik\Desktop\Sebastian Szkoła\wos.doc () Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\OpenFM.lnk -> C:\Users\Erik\AppData\Local\OpenFM\Application\openfm.exe () Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Erik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b15f30ab853b7d31\Diablo III.lnk -> D:\Diablo 3\Diablo III\Diablo III Launcher.exe (Blizzard Entertainment) Shortcut: C:\Users\Erik\AppData\Roaming\GlarySoft\Glary Utilities 5\Startup\StartupDir\.exeMcAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe (Brak pliku) Shortcut: C:\Users\Erik\AppData\Local\OpenFM\Application\openfm.lnk -> C:\Users\Erik\AppData\Local\OpenFM\Application\openfm.exe () Shortcut: C:\Users\Public\Desktop\Acrobat Reader DC.lnk -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe (Adobe Systems Incorporated) Shortcut: C:\Users\Public\Desktop\Ashampoo WinOptimizer 12.lnk -> C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 12\WO12.exe (Ashampoo Development GmbH & Co. KG) Shortcut: C:\Users\Public\Desktop\Avast Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\avastui.exe (AVAST Software) Shortcut: C:\Users\Public\Desktop\Avast SafeZone Browser.lnk -> C:\Program Files\AVAST Software\SZBrowser\launcher.exe (Avast Software) Shortcut: C:\Users\Public\Desktop\Battle.net.lnk -> D:\Diablo 3\Battle.net\Battle.net Launcher.exe (Blizzard Entertainment) Shortcut: C:\Users\Public\Desktop\Diablo III.lnk -> D:\Diablo 3\Diablo III\Diablo III Launcher.exe (Blizzard Entertainment) Shortcut: C:\Users\Public\Desktop\EPSON Scan.lnk -> C:\Windows\twain_32\escndv\escndv.exe (SEIKO EPSON CORP.) Shortcut: C:\Users\Public\Desktop\GamersFirst LIVE!.lnk -> C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe () Shortcut: C:\Users\Public\Desktop\GenesisGX57.exe.lnk -> C:\Program Files\Genesis GX57\GenesisGX57.exe () Shortcut: C:\Users\Public\Desktop\Glary Utilities 5.lnk -> C:\Program Files (x86)\Glary Utilities 5\Integrator.exe (Glarysoft Ltd) Shortcut: C:\Users\Public\Desktop\League of Legends.lnk -> D:\Gry\lol.launcher.exe () Shortcut: C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes) Shortcut: C:\Users\Public\Desktop\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) Shortcut: C:\Users\Public\Desktop\Podręcznik użytkownika.lnk -> C:\Program Files (x86)\Lenovo\UserGuide\UserGuide.exe (Lenovo) Shortcut: C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk -> C:\Program Files\ts3client_win64.exe (TeamSpeak Systems GmbH) Shortcut: C:\Users\Public\Desktop\Tibia.lnk -> D:\Tibia\Tibia.exe (CipSoft GmbH) Shortcut: C:\Users\Public\Desktop\YTD Video Downloader.lnk -> C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\ytd.exe (GreenTree Applications SRL) ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk -> C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe () -> /silent ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON\EPSON Stylus SX200 Series\Aktualizacja sterownika.lnk -> C:\Windows\System32\spool\drivers\x64\3\E_GUPA30.EXE (SEIKO EPSON CORPORATION) -> /P "EPSON Stylus SX200 Series" /D C:\Windows\system32\spool\DRIVERS\x64\3\E_IVIFEFE.VIF ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON\EPSON Stylus SX200 Series\Dezinstalacja oprogramowania drukarki EPSON.lnk -> C:\Windows\System32\spool\drivers\x64\3\E_IINSEFE.EXE (SEIKO EPSON CORPORATION) -> /R /APD /P:"EPSON Stylus SX200 Series" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON\EPSON Stylus SX200 Series\Obsługa techniczna.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\Windows\system32\spool\DRIVERS\x64\3\E_IGEPEFE.DLL,GE_OpenELINK "Stylus SX200" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center\Pomoc.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe (ATI Technologies Inc.) -> Start Help -help ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -extoff ShortcutWithArgument: C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter ShortcutWithArgument: C:\Users\Erik\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\Erik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\allegro.pl (2).lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> C:\Users\Erik\AppData\Local\CombingFrazzled\allegro.pl.smenu.URL ShortcutWithArgument: C:\Users\Erik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\allegro.pl .lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> C:\Users\Erik\AppData\Local\RulingAvoided\allegro.pl.smenu.URL ShortcutWithArgument: C:\Users\Erik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Booking (2).lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> C:\Users\Erik\AppData\Local\CombingFrazzled\Booking.smenu.URL ShortcutWithArgument: C:\Users\Erik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Booking .lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> C:\Users\Erik\AppData\Local\RulingAvoided\Booking.smenu.URL ShortcutWithArgument: C:\Users\Public\Desktop\1-Click-Optimizer (WO12).lnk -> C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 12\WO12.exe (Ashampoo Development GmbH & Co. KG) -> -OCO InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam Support Center.url -> hxxp://support.steampowered.com/ InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5\Website.url -> hxxp://www.glarysoft.com/ InternetURL: C:\Users\Erik\Favorites\Windows Live\Galeria gadżetów Windows Live.url -> hxxp://go.microsoft.com/fwlink/?LinkID=70742 InternetURL: C:\Users\Erik\Favorites\Windows Live\Poczta usługi Windows Live.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72681 InternetURL: C:\Users\Erik\Favorites\Windows Live\Programy usługi Windows Live.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72700 InternetURL: C:\Users\Erik\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72682 InternetURL: C:\Users\Erik\Favorites\MSN — witryny sieci Web\MSN Gospodarka.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68923 InternetURL: C:\Users\Erik\Favorites\MSN — witryny sieci Web\MSN Rozrywka.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68924 InternetURL: C:\Users\Erik\Favorites\MSN — witryny sieci Web\MSN Sport.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68921 InternetURL: C:\Users\Erik\Favorites\MSN — witryny sieci Web\MSN Technologie.url -> hxxp://go.microsoft.com/fwlink/?LinkId=55143 InternetURL: C:\Users\Erik\Favorites\MSN — witryny sieci Web\MSN Wideo.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68922 InternetURL: C:\Users\Erik\Favorites\MSN — witryny sieci Web\Portal MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=54729 InternetURL: C:\Users\Erik\Favorites\Microsoft — witryny sieci Web\Centrum bezpieczeństwa Microsoft.url -> hxxp://go.microsoft.com/fwlink/?LinkID=72887 InternetURL: C:\Users\Erik\Favorites\Microsoft — witryny sieci Web\Dodatki programu Internet Explorer.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893 InternetURL: C:\Users\Erik\Favorites\Microsoft — witryny sieci Web\Microsoft Office Online.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72885 InternetURL: C:\Users\Erik\Favorites\Microsoft — witryny sieci Web\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813 InternetURL: C:\Users\Erik\Favorites\Microsoft — witryny sieci Web\Microsoft Technet.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72886 InternetURL: C:\Users\Erik\Favorites\Microsoft — witryny sieci Web\Microsoft w Polsce.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72520 InternetURL: C:\Users\Erik\Favorites\Microsoft — witryny sieci Web\Oryginalne oprogramowanie firmy Microsoft.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72900 InternetURL: C:\Users\Erik\Favorites\Microsoft — witryny sieci Web\Strona główna programu Internet Explorer.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72186 InternetURL: C:\Users\Erik\Favorites\Microsoft — witryny sieci Web\Strona główna systemu Windows.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72629 InternetURL: C:\Users\Erik\Favorites\Microsoft — witryny sieci Web\Technologia RSS.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72889 InternetURL: C:\Users\Erik\Favorites\Microsoft — witryny sieci Web\W domu.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72406 InternetURL: C:\Users\Erik\Favorites\Microsoft — witryny sieci Web\W pracy.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72407 InternetURL: C:\Users\Erik\Favorites\Links for Polska\Bezpieczeństwo w trybie online.url -> hxxp://go.microsoft.com/fwlink/?LinkId=142211 InternetURL: C:\Users\Erik\Favorites\Links for Polska\Bezpieczny Internet.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129626 InternetURL: C:\Users\Erik\Favorites\Links for Polska\Kultura.pl.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129625 InternetURL: C:\Users\Erik\Favorites\Links for Polska\Pogodynka.pl — oficjalny serwis pogodowy IMGW.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129624 InternetURL: C:\Users\Erik\Favorites\Links for Polska\Polska.pl.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129622 InternetURL: C:\Users\Erik\Favorites\Links\Galeria obiektów Web Slice.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315 InternetURL: C:\Users\Erik\Favorites\Links\Sugerowane witryny.url -> hxxps://ieonline.microsoft.com/#ieslice InternetURL: C:\Users\Erik\Desktop\Counter-Strike Global Offensive.url -> steam://rungameid/730 ==================== Koniec Shortcut.txt =============================

Addition:

Kod: Zaznacz wszystko: Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja:16-05-2016 Uruchomiony przez Erik (2016-05-16 20:14:45) Uruchomiony z C:\Users\Erik\Downloads Windows 7 Ultimate Service Pack 1 (X64) (2015-09-24 18:38:08) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-2592474708-3107799792-3842106623-500 - Administrator - Disabled) Erik (S-1-5-21-2592474708-3107799792-3842106623-1000 - Administrator - Enabled) => C:\Users\Erik Gość (S-1-5-21-2592474708-3107799792-3842106623-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2592474708-3107799792-3842106623-1003 - Limited - Enabled) ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated) Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated) Adobe Flash Player 21 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{FA5043AF-EAC4-C06E-18B0-A184923DC7CC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.) AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.0 - AppEx Networks) Ashampoo WinOptimizer 12 v.12.00.32 (HKLM-x32\...\{4209F371-15B6-1CE4-15F7-A7BA46F431E3}_is1) (Version: 12.00.32 - Ashampoo GmbH & Co. KG) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.2.2262 - AVAST Software) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.64.49.0 - Conexant) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc) Dragon Age II (HKLM-x32\...\{F2E23139-3404-4E3C-9855-7724415D62A5}) (Version: 1.00 - Electronic Arts, Inc.) Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo) Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - ) GamersFirst LIVE! (HKLM-x32\...\GamersFirst LIVE!) (Version: - GamersFirst) Genesis GX57 Gaming Mouse 1.0 (HKLM-x32\...\{DA917403-6397-4320-881B-9E3F7EB22EEF}_is1) (Version: 1.0 - ) Glary Utilities PRO 5.38 (HKLM-x32\...\Glary Utilities 5) (Version: 5.38.0.58 - Glarysoft Ltd) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.) Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games) League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden Malwarebytes Anti-Malware wersja 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850415-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Odinstaluj drukarkę EPSON Stylus SX200 Series (HKLM\...\EPSON Stylus SX200 Series) (Version: - SEIKO EPSON Corporation) OEM Application Profile (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) OpenFM (HKU\S-1-5-21-2592474708-3107799792-3842106623-1000\...\OpenFM) (Version: 2 - GG Network S.A.) Opera Stable 36.0.2130.46 (HKLM-x32\...\Opera 36.0.2130.46) (Version: 36.0.2130.46 - Opera Software) Pakiet sterowników systemu Windows - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo) Pakiet sterowników systemu Windows - Lenovo LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo) Pakiet zgodności dla systemu Office 2007 (HKLM-x32\...\{90120000-0020-0415-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation) Podręcznik użytkownika (x32 Version: 1.0.0.6 - Lenovo) Hidden Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile PLK Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended PLK Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications) Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.15 - Qualcomm Atheros Communications Inc.) Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.39042 - Realtek Semiconductor Corp.) SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH) Tibia (HKLM-x32\...\Tibia_is1) (Version: 10.91 - CipSoft GmbH) Unity Web Player (HKU\S-1-5-21-2592474708-3107799792-3842106623-1000\...\UnityWebPlayer) (Version: 5.3.1f1 - Unity Technologies ApS) UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo) WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) XenoBot Binary (HKLM-x32\...\{82F4416B-8461-4817-A09D-BBBD7FC00DE6}) (Version: 15.11.28 - XenoBot) YTD Video Downloader 5.1.1 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 5.1.1 - GreenTree Applications SRL) <==== UWAGA ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {042F7A3E-E65B-41BB-B78E-1383D187C7A7} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-11-09] (Glarysoft Ltd) Task: {23835B42-091F-4DE9-A6BA-210BFAF3ECC0} - System32\Tasks\Opera scheduled Autoupdate 1443608659 => C:\Program Files (x86)\Opera\launcher.exe [2016-03-24] (Opera Software) Task: {26B539B1-DFA4-4F2E-8E5B-C2E2F9829285} - System32\Tasks\ErikCombingFrazzledV2 => Rundll32.exe AnnotativeMamma.dll,main 7 1 <==== UWAGA Task: {34FADCE8-DBD6-4637-89B8-7D9E266CDC13} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-05-16] (AVAST Software) Task: {400D3A17-A7AD-4DEE-BF63-E9D8D1AEFA66} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-18] (Google Inc.) Task: {5E581B14-B651-431A-953F-CADABB4B5CB3} - System32\Tasks\SafeZone scheduled Autoupdate 1463405403 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software) Task: {6D1986C6-012A-4433-BA12-04AF9404CF31} - System32\Tasks\One-Click Optimizer WO12 => C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 12\WO12.exe [2015-08-07] (Ashampoo Development GmbH & Co. KG) Task: {7724488F-FDB1-469F-A276-0A3B08930B2A} - System32\Tasks\{16EE11CE-6C91-F908-D14D-1A6DED748472} => C:\Users\Erik\AppData\Roaming\PRICEF~1\Updater.exe Task: {7F2EB577-C562-446B-A056-5364D23BCA0F} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-11-09] (Glarysoft Ltd) Task: {94B9A4BC-7746-4686-A387-5AD3A5D48D56} - System32\Tasks\{E892095A-E09E-4285-896A-9D941751BF20} => pcalua.exe -a F:\programy\GData\setup_tp.exe -d F:\programy\GData Task: {B3193F07-2C85-4B1C-844E-9F022A80325B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-16] (AVAST Software) Task: {B727066B-5AA9-4152-9243-C457EF14445A} - System32\Tasks\GlaryUpdate 5 => C:\Program Files (x86)\Glary Utilities 5\CheckUpdate.exe [2015-11-09] (Glarysoft Ltd) Task: {B8C1C710-2F2B-4743-B125-94A2DD577691} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-18] (Adobe Systems Incorporated) Task: {CB7101F7-59C5-4BF6-936A-84E38A1A6165} - System32\Tasks\XinGuanDianT3-GmTaskPlan => C:\Program Files\Genesis GX57\GenesisGX57.exe [2014-11-11] () Task: {D8CD4A63-852E-455E-A48C-DDF2AE14F382} - System32\Tasks\{7B3F4B12-0345-4A6F-A075-D54D39361BB4} => pcalua.exe -a F:\Win8\Touchpad\Setup.exe -d F:\Win8\Touchpad Task: {DC6FC8DC-1DE9-47A9-80E6-B74A9D245EB7} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_182_pepper.exe [2016-03-18] (Adobe Systems Incorporated) Task: {E3B06228-8398-41FF-AE21-F84E0DA17538} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-18] (Google Inc.) Task: {F55967A5-02A4-46C0-8FF0-044981D6F9D8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_182_pepper.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\One-Click Optimizer WO12.job => C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 12\WO12.exe Task: C:\Windows\Tasks\{16EE11CE-6C91-F908-D14D-1A6DED748472}.job => C:\Users\Erik\AppData\Roaming\PRICEF~1\Updater.exe ==================== Skróty ============================= (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) ==================== Załadowane moduły (filtrowane) ============== 2013-04-24 17:10 - 2013-04-24 17:10 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2015-11-20 18:30 - 2015-08-07 15:03 - 00223600 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 12\LiveTunerService.exe 2016-05-16 20:06 - 2016-05-16 20:06 - 00380928 _____ () C:\Users\Erik\Downloads\swiwfn67.exe 2016-05-16 14:58 - 2016-05-16 14:58 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2016-05-16 14:58 - 2016-05-16 14:58 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-05-16 19:56 - 2016-05-16 19:56 - 02906624 _____ () C:\Program Files\AVAST Software\Avast\defs\16051602\algo.dll 2016-05-16 14:58 - 2016-05-16 14:58 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll 2016-05-16 14:58 - 2016-05-16 14:58 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2016-05-16 14:58 - 2016-05-16 14:58 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2015-11-09 08:19 - 2015-11-09 08:19 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll 2016-03-31 12:43 - 2016-03-31 12:43 - 63828520 _____ () C:\Program Files (x86)\Opera\36.0.2130.46\opera.dll 2016-03-31 12:43 - 2016-03-31 12:43 - 02134568 _____ () C:\Program Files (x86)\Opera\36.0.2130.46\libglesv2.dll 2016-03-31 12:43 - 2016-03-31 12:43 - 00082472 _____ () C:\Program Files (x86)\Opera\36.0.2130.46\libegl.dll 2016-03-18 12:33 - 2016-03-18 12:33 - 17541312 _____ () C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_21_0_0_182.dll ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) ==================== Powiązania plików (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) ==================== Hosts - zawartość: =============================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2009-07-14 04:34 - 2016-03-14 10:11 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-2592474708-3107799792-3842106623-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Zapora systemu Windows [funkcja wyłączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == (Obecnie brak automatycznej naprawy dla tej sekcji.) MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files\Glary Utilities 5\StartupManager.exe" -delayrun ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [{87E66D9A-4C01-4D4B-87FE-415A1F0CE356}] => (Allow) C:\Program Files\Steam\Steam.exe FirewallRules: [{1EB46943-4216-4248-B1A0-FD5AB1445928}] => (Allow) C:\Program Files\Steam\Steam.exe FirewallRules: [{96064597-5D99-457A-95F8-985A08EE280D}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe FirewallRules: [{124E5A6E-A579-43C0-AFB9-79FC0EC71D97}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe FirewallRules: [{07573AAF-7EFD-467F-9C3E-F1C44FC2F42C}] => (Allow) D:\Gry\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{850B66E5-C5F5-41B7-BDD6-0FA3A252DF10}] => (Allow) D:\Gry\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{D58B32B6-ED25-4F8D-A955-04E2306115A2}] => (Allow) C:\Program Files (x86)\DNA\btdna.exe FirewallRules: [{22B14B40-3927-44A0-9CA2-16A1E6824A45}] => (Allow) C:\Program Files (x86)\DNA\btdna.exe FirewallRules: [{A01848FD-0814-4498-9C57-798024FA72E0}] => (Allow) D:\Gry\DA2\Dragon Age 2\bin_ship\DragonAge2.exe FirewallRules: [{DCEC9C4D-9FD9-4A56-B4B5-0A5BE8507F51}] => (Allow) D:\Gry\DA2\Dragon Age 2\bin_ship\DragonAge2.exe FirewallRules: [{C70133FA-6519-4884-9BCD-E6AE97AB8CE9}] => (Allow) D:\Gry\DA2\Dragon Age 2\DragonAge2Launcher.exe FirewallRules: [{C6FF87E6-C81A-438D-8EAB-363BA67132F8}] => (Allow) D:\Gry\DA2\Dragon Age 2\DragonAge2Launcher.exe FirewallRules: [{7BB32F78-A46B-4A7F-99E1-BB5C4C1BB3C9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Punkty Przywracania systemu ========================= 29-04-2016 00:03:52 Installed XenoBot Binary 07-05-2016 09:17:38 Zaplanowany punkt kontrolny 13-05-2016 23:22:47 ComboFix created restore point 15-05-2016 21:06:55 ComboFix created restore point 16-05-2016 12:49:57 Operacja przywracania 16-05-2016 14:45:53 Removed InstallShieldHiRezCurrent 16-05-2016 19:54:10 SPTD setup V1.89 ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Error: (05/16/2016 07:58:41 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x00000000. Error: (05/16/2016 07:58:39 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Wystąpił błąd aktywacji licencji (slui.exe), kod błędu: 0x800401F9 Error: (05/16/2016 07:56:06 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x00000000. Error: (05/16/2016 07:56:05 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Wystąpił błąd aktywacji licencji (slui.exe), kod błędu: 0x800401F9 Error: (05/16/2016 07:54:10 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas badania interfejsu IVssWriterCallback. hr = 0x80070005, Odmowa dostępu. . To jest często spowodowane przez niepoprawne ustawienia zabezpieczeń w procesie zapisującym lub żądającym. Operacja: Zbieranie danych modułu zapisującego Kontekst: Identyfikator klasy modułu zapisującego: {e8132975-6f93-4464-a53e-1050253ae220} Nazwa modułu zapisującego: System Writer Identyfikator wystąpienia modułu zapisującego: {41961b71-3a89-4c2c-bb6c-264f162a1983} Error: (05/16/2016 03:55:49 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x00000000. Error: (05/16/2016 03:55:49 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Wystąpił błąd aktywacji licencji (slui.exe), kod błędu: 0x800401F9 Error: (05/16/2016 02:45:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Przetwarzanie wywołania OnIdentity() w obiekcie System Writer przez Usługi kryptograficzne nie powiodło się. Details: AddLegacyDriverFiles: Unable to back up image of binary PSKMAD. System Error: Nie można odnaleźć określonego pliku. . Error: (05/16/2016 12:54:03 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x00000000. Error: (05/16/2016 12:54:03 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Wystąpił błąd aktywacji licencji (slui.exe), kod błędu: 0x800401F9 Dziennik System: ============= Error: (05/16/2016 07:54:54 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (05/15/2016 09:23:03 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie. Error: (05/15/2016 09:12:31 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie. Error: (05/15/2016 09:04:07 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (05/15/2016 06:04:17 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (05/15/2016 02:04:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Ashampoo LiveTuner 2 Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (05/15/2016 02:04:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Ochrona oprogramowania niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 120000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (05/15/2016 02:04:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Usługa udostępniania w sieci programu Windows Media Player niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (05/15/2016 02:04:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Conexant SmartAudio service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (05/15/2016 02:04:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa panda_url_filtering Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. CodeIntegrity: =================================== Date: 2016-05-16 19:58:12.944 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-16 19:55:36.772 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-16 19:54:05.240 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-16 19:46:52.349 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-16 18:37:25.580 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-16 18:28:18.836 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-16 16:56:47.571 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-16 15:55:48.180 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-16 15:41:24.164 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-16 13:02:50.801 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system. ==================== Statystyki pamięci =========================== Procesor: AMD A8-5550M APU with Radeon(tm) HD Graphics Procent pamięci w użyciu: 41% Całkowita pamięć fizyczna: 7383.36 MB Dostępna pamięć fizyczna: 4303.61 MB Całkowita pamięć wirtualna: 14764.92 MB Dostępna pamięć wirtualna: 11411.9 MB ==================== Dyski ================================ Drive c: () (Fixed) (Total:247.82 GB) (Free:191.99 GB) NTFS Drive d: () (Fixed) (Total:439.45 GB) (Free:365.9 GB) NTFS ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D9FA2484) Partition 1: (Active) - (Size=100 MB) - (Type=0B) Partition 2: (Not Active) - (Size=247.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=439.5 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=244.1 GB) - (Type=06) ==================== Koniec Addition.txt ============================

Frst

Kod: Zaznacz wszystko: Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:16-05-2016 Uruchomiony przez Erik (administrator) ERIK-KOMPUTER (16-05-2016 20:13:52) Uruchomiony z C:\Users\Erik\Downloads Załadowane profile: Erik (Dostępne profile: Erik) Platform: Windows 7 Ultimate Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 8 (Domyślna przeglądarka: Opera) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\CheckUpdate.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Ashampoo Development GmbH & Co. KG) C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 12\LiveTuner2.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe (Opera Software) C:\Program Files (x86)\Opera\36.0.2130.46\opera.exe (Opera Software) C:\Program Files (x86)\Opera\36.0.2130.46\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\36.0.2130.46\opera.exe (Opera Software) C:\Program Files (x86)\Opera\36.0.2130.46\opera.exe (Opera Software) C:\Program Files (x86)\Opera\36.0.2130.46\opera.exe (Opera Software) C:\Program Files (x86)\Opera\36.0.2130.46\opera.exe (Opera Software) C:\Program Files (x86)\Opera\36.0.2130.46\opera.exe (Opera Software) C:\Program Files (x86)\Opera\36.0.2130.46\opera.exe (Opera Software) C:\Program Files (x86)\Opera\36.0.2130.46\opera.exe (Opera Software) C:\Program Files (x86)\Opera\36.0.2130.46\opera.exe () C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 12\LiveTunerService.exe (Opera Software) C:\Program Files (x86)\Opera\36.0.2130.46\opera.exe (Opera Software) C:\Program Files (x86)\Opera\36.0.2130.46\opera.exe (Opera Software) C:\Program Files (x86)\Opera\36.0.2130.46\opera.exe () C:\Users\Erik\Downloads\swiwfn67.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [899680 2013-02-04] (Conexant Systems, Inc.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2015-09-24] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2015-09-24] (Lenovo(beijing) Limited) HKLM\...\Run: [Ashampoo WinOptimizer Live-Tuner2] => C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 12\LiveTuner2.exe [3814768 2015-08-07] (Ashampoo Development GmbH & Co. KG) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7400576 2016-05-16] (AVAST Software) HKU\S-1-5-21-2592474708-3107799792-3842106623-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [3077712 2016-04-30] (Valve Corporation) HKU\S-1-5-21-2592474708-3107799792-3842106623-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-11-09] (Glarysoft Ltd) HKU\S-1-5-21-2592474708-3107799792-3842106623-1000\...\Run: [uTorrent] => "C:\Users\Erik\AppData\Roaming\uTorrent\updates\3.4.6_42094.exe" /MINIMIZED HKU\S-1-5-21-2592474708-3107799792-3842106623-1000\...\Run: [] => C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe [1169224 2010-11-05] (Microsoft Corporation) HKU\S-1-5-21-2592474708-3107799792-3842106623-1000\...\Winlogon: [Shell] "C:\Users\Erik\AppData\Roaming\sh4X1EdCL83qy73L\w48tcyfJxzOD.exe" "C:\Users\Erik\AppData\Roaming\sh4X1EdCL83qy73L\ACcWPcJXdRi7.exe" "C:\Users\Erik\AppData\Roaming\sh4X1EdCL83qy73L\jtFwBl1T1upp.exe" "C:\Users\Erik\AppData\Roaming\sh4X1EdCL83qy73L\iwMWapy6eY6k.exe" "C:\Users\Erik\AppData\Roaming\sh4X1EdCL83qy73L\6INKFSKR0hck.exe" "C:\Users\Erik\AppData\Roaming\sh4X1EdCL83qy73L\y2wBEeUBghyF.exe" "C:\Users\Erik\AppData\Roaming\sh4X1EdCL83qy73L\KPG1A00ip18H.exe" "C:\Users\Erik\AppData\Roaming\sh4X1EdCL83qy73L\qlD0xX1aOVbO.exe",explorer.exe <==== UWAGA HKU\S-1-5-21-2592474708-3107799792-3842106623-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-16] (AVAST Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk [2016-03-15] ShortcutTarget: GamersFirst LIVE!.lnk -> C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe () Startup: C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XenoSuite.lnk [2016-04-29] ShortcutTarget: XenoSuite.lnk -> C:\Program Files (x86)\XenoBot\XenoSuite.exe () BootExecute: autocheck autochk * ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{D819913B-BA55-4E88-A4DD-EDC52748D33E}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA HKU\S-1-5-21-2592474708-3107799792-3842106623-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2592474708-3107799792-3842106623-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2592474708-3107799792-3842106623-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-05-16] (AVAST Software) BHO: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> Brak pliku BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-05-16] (AVAST Software) BHO-x32: Brak nazwy -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> Brak pliku Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - Brak pliku Toolbar: HKLM-x32 - Brak nazwy - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - Brak pliku Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) FireFox: ======== FF ProfilePath: C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\qniul15r.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-17] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-17] () FF Plugin-x32: @bittorrent.com/BitTorrentDNA -> C:\Program Files (x86)\DNA\plugins\npbtdna.dll [2016-01-10] (BitTorrent, Inc.) FF Plugin-x32: @gamersfirst.com/LiveLauncher -> C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll [Brak pliku] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-16] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2592474708-3107799792-3842106623-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Erik\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-17] (Unity Technologies ApS) FF Extension: Avira Browser Safety - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\qniul15r.default\Extensions\abs@avira.com [2016-03-23] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-16] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Dokumenty Google) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-02] CHR Extension: (Dysk Google) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-19] CHR Extension: (YouTube) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-02] CHR Extension: (Google Search) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-02] CHR Extension: (Dokumenty Google offline) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-30] CHR Extension: (Gmail) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-02] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-05-16] ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-24] (Advanced Micro Devices, Inc.) [Brak podpisu cyfrowego] R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227456 2013-01-25] (Qualcomm Atheros Commnucations) [Brak podpisu cyfrowego] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-16] (AVAST Software) S3 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 12\DfsdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany) [Brak podpisu cyfrowego] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) R2 WO_LiveService2; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 12\LiveTunerService.exe [223600 2015-08-07] () R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-01-24] (Atheros) [Brak podpisu cyfrowego] ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [37472 2013-02-14] (Advanced Micro Devices, Inc.) R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-16] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-16] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-16] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-16] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-16] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-16] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-16] (AVAST Software) U2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-16] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-05-16] (AVAST Software) R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-01-24] (Qualcomm Atheros) S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-04-10] (Disc Soft Ltd) S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-04-10] (Disc Soft Ltd) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-11-20] (Glarysoft Ltd) R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [127568 2013-03-04] (Qualcomm Atheros Co., Ltd.) R2 LiveTuner2PM; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 12\LiveTuner64.sys [14320 2014-03-20] () R2 WtfEngineDrv; C:\Windows\System32\DRIVERS\WtfEngineDrv.sys [27392 2016-02-01] (AAA Internet Publishing, Inc.) S3 HidNt; system32\DRIVERS\HIDNt.sys [X] S3 Mac606; system32\DRIVERS\Mac606.sys [X] S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] U3 aftcyaog; \??\C:\Users\Erik\AppData\Local\Temp\aftcyaog.sys [X] ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-05-16 20:13 - 2016-05-16 20:14 - 00016710 _____ C:\Users\Erik\Downloads\FRST.txt 2016-05-16 20:13 - 2016-05-16 20:13 - 00000000 ____D C:\FRST 2016-05-16 20:11 - 2016-05-16 20:11 - 02382336 _____ (Farbar) C:\Users\Erik\Downloads\FRST64.exe 2016-05-16 20:06 - 2016-05-16 20:06 - 00380928 _____ C:\Users\Erik\Downloads\swiwfn67.exe 2016-05-16 19:53 - 2016-05-16 19:53 - 00593952 _____ (Duplex Secure Ltd) C:\Users\Erik\Downloads\SPTDinst-v189-x64.exe 2016-05-16 15:55 - 2016-05-16 15:55 - 00275536 _____ C:\Windows\system32\FNTCACHE.DAT 2016-05-16 15:30 - 2016-05-16 15:30 - 00003968 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1463405403 2016-05-16 15:30 - 2016-05-16 15:30 - 00001037 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk 2016-05-16 15:30 - 2016-05-16 15:30 - 00001037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk 2016-05-16 15:29 - 2016-05-16 15:29 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2016-05-16 14:59 - 2016-05-16 14:59 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2016-05-16 14:59 - 2016-05-16 14:59 - 00000000 ____D C:\Users\Erik\AppData\Roaming\AVAST Software 2016-05-16 14:59 - 2016-05-16 14:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2016-05-16 14:58 - 2016-05-16 14:58 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2016-05-16 14:58 - 2016-05-16 14:58 - 00465792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2016-05-16 14:58 - 2016-05-16 14:58 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2016-05-16 14:58 - 2016-05-16 14:58 - 00287528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2016-05-16 14:58 - 2016-05-16 14:58 - 00166432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2016-05-16 14:58 - 2016-05-16 14:58 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2016-05-16 14:58 - 2016-05-16 14:58 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2016-05-16 14:58 - 2016-05-16 14:58 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2016-05-16 14:58 - 2016-05-16 14:58 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr 2016-05-16 14:58 - 2016-05-16 14:58 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2016-05-16 14:58 - 2016-05-16 14:58 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2016-05-16 14:58 - 2016-05-16 14:58 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software 2016-05-16 14:58 - 2016-05-16 14:58 - 00000000 ____D C:\Program Files\Common Files\AV 2016-05-16 14:40 - 2016-05-16 15:29 - 00000000 ____D C:\Program Files\AVAST Software 2016-05-16 14:36 - 2016-05-16 14:37 - 05066104 _____ (AVAST Software) C:\Users\Erik\Downloads\avast_free_antivirus_setup_online.exe 2016-05-16 13:18 - 2016-05-16 13:18 - 00000040 _____ C:\Users\Erik\AppData\Roaming\WB.CFG 2016-05-15 21:06 - 2016-05-16 12:52 - 00000000 ____D C:\ComboFix 2016-05-15 13:47 - 2016-05-16 12:52 - 00000000 ____D C:\AdwCleaner 2016-05-15 00:10 - 2016-05-15 00:10 - 00006576 ____N C:\bootsqm.dat 2016-05-14 15:10 - 2016-05-14 15:11 - 00007604 _____ C:\Users\Erik\AppData\Local\Resmon.ResmonCfg 2016-05-14 14:57 - 2016-05-14 14:58 - 00000192 _____ C:\Users\Erik\Downloads\downloads.rar 2016-05-10 15:48 - 2016-05-10 15:48 - 00635311 _____ C:\Users\Erik\Downloads\Prezentacja bez tytułu.pdf 2016-05-03 15:01 - 2016-05-03 15:01 - 00636134 _____ C:\Users\Erik\Downloads\Prezentacja edukacyjna.pdf 2016-05-03 15:00 - 2016-05-03 15:00 - 01499648 _____ C:\Users\Erik\Downloads\Projekt edukayjny.ppt 2016-05-03 14:58 - 2016-05-03 14:59 - 01374858 _____ C:\Users\Erik\Downloads\Prezentacja bez tytułu.pptx 2016-05-02 14:23 - 2016-05-02 14:23 - 00000000 ____D C:\ProgramData\NortonInstaller 2016-05-02 14:18 - 2016-05-16 14:24 - 00000268 _____ C:\Windows\Tasks\{16EE11CE-6C91-F908-D14D-1A6DED748472}.job 2016-05-02 14:18 - 2016-05-02 14:18 - 00003432 _____ C:\Windows\System32\Tasks\ErikCombingFrazzledV2 2016-05-02 14:18 - 2016-05-02 14:18 - 00003216 _____ C:\Windows\System32\Tasks\{16EE11CE-6C91-F908-D14D-1A6DED748472} 2016-05-02 08:06 - 2016-05-02 09:12 - 00000000 ____D C:\Users\Erik\AppData\Roaming\OBS 2016-05-02 08:06 - 2016-05-02 08:06 - 00000939 _____ C:\Users\Erik\Desktop\Open Broadcaster Software.lnk 2016-05-02 08:06 - 2016-05-02 08:06 - 00000000 ____D C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software 2016-05-02 08:06 - 2016-05-02 08:06 - 00000000 ____D C:\Program Files\OBS 2016-05-02 08:05 - 2016-05-02 08:06 - 00000000 ____D C:\Program Files (x86)\OBS 2016-04-29 00:13 - 2016-04-29 00:13 - 00000000 ____D C:\Users\Erik\Desktop\Nowy folder 2016-04-29 00:06 - 2016-04-29 00:11 - 00000000 ____D C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XenoBot 2016-04-20 19:36 - 2016-04-20 19:36 - 00000000 ____D C:\ProgramData\VS Revo Group 2016-04-20 19:19 - 2016-04-20 19:19 - 48082944 _____ C:\Windows\system32\config\software.gu 2016-04-20 19:19 - 2016-04-20 19:19 - 00147456 _____ C:\Windows\system32\config\default.gu ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-05-16 20:03 - 2015-09-27 09:39 - 00000000 ____D C:\Program Files (x86)\Opera 2016-05-16 20:00 - 2015-09-25 13:58 - 00000000 ____D C:\Program Files\Steam 2016-05-16 19:58 - 2016-03-18 12:33 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-05-16 19:58 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-05-16 19:56 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf 2016-05-16 19:54 - 2009-07-14 06:45 - 00015136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-05-16 19:54 - 2009-07-14 06:45 - 00015136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-05-16 19:36 - 2016-03-18 12:33 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-05-16 19:35 - 2016-03-18 12:33 - 00002201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-05-16 16:33 - 2015-10-30 22:59 - 00000000 ____D C:\Users\Erik\AppData\Roaming\TS3Client 2016-05-16 16:03 - 2015-10-20 19:30 - 00000000 ____D C:\Users\Erik\AppData\LocalLow\SKS 2016-05-16 15:29 - 2015-10-02 16:57 - 00000000 ____D C:\ProgramData\AVAST Software 2016-05-16 14:46 - 2015-10-21 02:48 - 00000000 ____D C:\ProgramData\Hi-Rez Studios 2016-05-16 14:46 - 2015-10-21 02:48 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios 2016-05-16 14:46 - 2015-09-24 21:00 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-05-16 14:42 - 2015-12-07 20:41 - 00000000 ____D C:\Program Files (x86)\Panda Security 2016-05-16 14:42 - 2015-12-07 20:37 - 00000000 ____D C:\ProgramData\Panda Security 2016-05-16 14:41 - 2015-12-07 20:42 - 00000000 ____D C:\Users\Erik\AppData\Roaming\Panda Security 2016-05-16 14:27 - 2009-07-14 19:55 - 00737796 _____ C:\Windows\system32\perfh015.dat 2016-05-16 14:27 - 2009-07-14 19:55 - 00154452 _____ C:\Windows\system32\perfc015.dat 2016-05-16 14:27 - 2009-07-14 07:13 - 01661784 _____ C:\Windows\system32\PerfStringBackup.INI 2016-05-16 14:25 - 2016-03-18 12:33 - 00004044 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-05-16 14:25 - 2016-03-18 12:33 - 00003792 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-05-16 13:15 - 2015-12-25 21:01 - 00000000 ____D C:\Users\Erik\AppData\Roaming\Notepad++ 2016-05-16 13:15 - 2015-12-25 21:01 - 00000000 ____D C:\Program Files (x86)\Notepad++ 2016-05-16 12:55 - 2015-12-07 20:42 - 00000000 ____D C:\ProgramData\panda_url_filtering 2016-05-16 12:54 - 2015-09-24 20:38 - 00000000 ____D C:\Users\Erik 2016-05-16 12:53 - 2016-04-14 09:01 - 00000000 ____D C:\Users\Erik\Documents\XenoBot 2016-05-16 12:53 - 2016-04-14 08:47 - 00000000 ___HD C:\Users\Erik\AppData\Roaming\sh4X1EdCL83qy73L 2016-05-16 12:53 - 2015-12-31 01:08 - 00000000 ____D C:\Users\Erik\AppData\Roaming\Tibia 2016-05-16 12:53 - 2015-10-09 14:31 - 00000000 ____D C:\Windows\erdnt 2016-05-16 12:53 - 2009-07-14 20:09 - 00000000 ___RD C:\Users\Public\Recorded TV 2016-05-16 12:52 - 2016-02-27 15:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader 2016-05-16 12:52 - 2016-01-19 20:30 - 00000000 ____D C:\Program Files (x86)\GreenTree Applications 2016-05-16 12:52 - 2015-12-14 16:56 - 00000000 ____D C:\Program Files (x86)\FreeCodecPack 2016-05-16 12:52 - 2015-10-09 14:32 - 00000000 ____D C:\Qoobox 2016-05-16 12:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration 2016-05-16 12:51 - 2015-12-05 21:18 - 00000000 ____D C:\Autodesk 2016-05-14 08:56 - 2015-09-24 21:35 - 00000000 ____D C:\Windows\Options 2016-05-14 01:54 - 2015-12-07 20:43 - 00000000 ___SD C:\Users\Erik\AppData\LocalLow\Temp 2016-05-08 16:10 - 2016-01-04 23:35 - 00000057 _____ C:\Users\Erik\Desktop\Nowy dokument tekstowy.txt 2016-05-06 22:17 - 2015-12-20 12:03 - 00000000 ____D C:\Users\Erik\AppData\Local\Battle.net 2016-05-06 16:00 - 2015-11-20 18:31 - 00000408 _____ C:\Windows\Tasks\One-Click Optimizer WO12.job 2016-05-03 19:52 - 2016-04-14 09:14 - 00000000 ____D C:\Program Files (x86)\XenoBot 2016-04-27 14:25 - 2015-12-14 16:20 - 00000000 ____D C:\Users\Erik\Desktop\Muzyka 2016-04-23 20:46 - 2016-04-14 08:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WTFast 2016-04-23 20:46 - 2016-03-06 05:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin 2016-04-23 20:46 - 2016-02-08 00:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TruckersMP 2016-04-20 20:30 - 2016-04-14 09:38 - 00000000 ____D C:\Users\Erik\Desktop\bot tibia 2016-04-20 20:30 - 2016-03-06 05:48 - 00000000 ____D C:\ProgramData\Origin 2016-04-20 20:30 - 2015-11-20 18:22 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5 2016-04-20 20:30 - 2015-10-30 22:59 - 00000000 ____D C:\Program Files\sqldrivers 2016-04-20 20:30 - 2015-10-30 22:59 - 00000000 ____D C:\Program Files\soundbackends 2016-04-20 20:30 - 2015-10-30 22:59 - 00000000 ____D C:\Program Files\plugins 2016-04-20 20:30 - 2015-10-30 22:59 - 00000000 ____D C:\Program Files\platforms 2016-04-20 20:30 - 2015-10-30 22:59 - 00000000 ____D C:\Program Files\news 2016-04-20 20:30 - 2015-10-30 22:59 - 00000000 ____D C:\Program Files\imageformats 2016-04-20 19:19 - 2016-02-23 23:59 - 00028672 _____ C:\Windows\system32\config\security.gu 2016-04-20 19:19 - 2016-02-23 23:59 - 00028672 _____ C:\Windows\system32\config\sam.gu 2016-04-20 19:19 - 2015-10-04 10:41 - 00032768 _____ C:\Windows\system32\config\system.gu 2016-04-20 19:19 - 2009-07-14 04:34 - 17825792 _____ C:\Windows\system32\config\system.gu.bak 2016-04-19 16:38 - 2015-10-30 22:59 - 00000000 ____D C:\Program Files\translations 2016-04-19 16:38 - 2015-10-22 13:22 - 00161220 _____ C:\Program Files\changelog.txt 2016-04-19 16:38 - 2015-10-22 11:20 - 00000313 _____ C:\Program Files\plugin_sdk.html ==================== Pliki w katalogu głównym wybranych folderów ======= 2015-10-22 13:22 - 2016-04-19 16:38 - 0161220 _____ () C:\Program Files\changelog.txt 2015-10-22 13:22 - 2015-10-22 13:22 - 0375544 _____ () C:\Program Files\createfileassoc.exe 2015-10-22 13:22 - 2015-10-22 13:22 - 0447464 _____ (TeamSpeak Systems GmbH) C:\Program Files\error_report.exe 2015-09-21 16:24 - 2015-09-21 16:24 - 1709056 _____ () C:\Program Files\libeay32.dll 2013-10-05 00:58 - 2013-10-05 00:58 - 0660128 _____ (Microsoft Corporation) C:\Program Files\msvcp120.dll 2013-10-05 00:58 - 2013-10-05 00:58 - 0963232 _____ (Microsoft Corporation) C:\Program Files\msvcr120.dll 2015-08-27 10:07 - 2015-08-27 10:07 - 1704176 _____ (Overwolf) C:\Program Files\OverwolfTeamSpeakInstaller.exe 2015-10-22 13:22 - 2015-10-22 13:22 - 0475112 _____ (TeamSpeak Systems GmbH) C:\Program Files\package_inst.exe 2015-10-22 11:20 - 2016-04-19 16:38 - 0000313 _____ () C:\Program Files\plugin_sdk.html 2015-09-21 16:47 - 2015-09-21 16:47 - 5626368 _____ (The Qt Company Ltd) C:\Program Files\Qt5Core.dll 2015-09-21 16:48 - 2015-09-21 16:48 - 3937280 _____ (The Qt Company Ltd) C:\Program Files\Qt5Gui.dll 2015-09-21 16:48 - 2015-09-21 16:48 - 1092608 _____ (The Qt Company Ltd) C:\Program Files\Qt5Network.dll 2015-09-21 16:47 - 2015-09-21 16:47 - 0216576 _____ (The Qt Company Ltd) C:\Program Files\Qt5Sql.dll 2015-09-21 16:50 - 2015-09-21 16:50 - 5424128 _____ (The Qt Company Ltd) C:\Program Files\Qt5Widgets.dll 2015-10-22 13:22 - 2015-10-22 13:22 - 0175080 _____ () C:\Program Files\quazip.dll 2015-09-21 16:24 - 2015-09-21 16:24 - 0317440 _____ () C:\Program Files\ssleay32.dll 2015-10-22 13:21 - 2015-10-22 13:21 - 11544552 _____ (TeamSpeak Systems GmbH) C:\Program Files\ts3client_win64.exe 2016-03-21 22:42 - 2016-03-21 22:42 - 3558355 _____ () C:\Program Files\ts3client_win64.rar 2015-10-30 22:59 - 2015-10-30 22:59 - 0390800 _____ (TeamSpeak Systems GmbH) C:\Program Files\Uninstall.exe 2015-10-22 13:22 - 2015-10-22 13:22 - 1514984 _____ (TeamSpeak Systems GmbH) C:\Program Files\update.exe 2015-10-22 11:20 - 2015-10-22 11:20 - 0520934 _____ () C:\Program Files\usb.ids 2016-05-16 13:18 - 2016-05-16 13:18 - 0000040 _____ () C:\Users\Erik\AppData\Roaming\WB.CFG 2016-05-14 15:10 - 2016-05-14 15:11 - 0007604 _____ () C:\Users\Erik\AppData\Local\Resmon.ResmonCfg 2015-09-24 21:04 - 2015-09-24 21:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Pliki do przeniesienia lub usunięcia: ==================== C:\Windows\Tasks\{16EE11CE-6C91-F908-D14D-1A6DED748472}.job Niektóre pliki w TEMP: ==================== C:\Users\Erik\AppData\Local\Temp\gusetup6.exe ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll [2015-09-29 20:06] - [2010-11-20 15:27] - 1008640 ____A (Microsoft Corporation) E573BD9AB55C8E333C202B9E255F972E C:\Windows\SysWOW64\User32.dll [2015-10-31 18:09] - [2015-10-31 18:10] - 0833024 ____A (Microsoft Corporation) 2C9CC9F492CA596B1B9FC1AE5E916356 C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2016-05-11 11:04 ==================== Koniec FRST.txt ============================

**Posty:** 4765 · przez **ordynat** 17 Maj 2016, 07:42

1) Otwórz Notatnik i wklej w nim:

Task: C:\Windows\Tasks\{16EE11CE-6C91-F908-D14D-1A6DED748472}.job => C:\Users\Erik\AppData\Roaming\PRICEF~1\Updater.exe
Task: {7724488F-FDB1-469F-A276-0A3B08930B2A} - System32\Tasks\{16EE11CE-6C91-F908-D14D-1A6DED748472} => C:\Users\Erik\AppData\Roaming\PRICEF~1\Updater.exe
C:\Users\Erik\AppData\Roaming\PRICEF~1
Task: {D8CD4A63-852E-455E-A48C-DDF2AE14F382} - System32\Tasks\{7B3F4B12-0345-4A6F-A075-D54D39361BB4} => pcalua.exe -a F:\Win8\Touchpad\Setup.exe -d F:\Win8\Touchpad
Task: {94B9A4BC-7746-4686-A387-5AD3A5D48D56} - System32\Tasks\{E892095A-E09E-4285-896A-9D941751BF20} => pcalua.exe -a F:\programy\GData\setup_tp.exe -d F:\programy\GData
Task: {26B539B1-DFA4-4F2E-8E5B-C2E2F9829285} - System32\Tasks\ErikCombingFrazzledV2 => Rundll32.exe AnnotativeMamma.dll,main 7 1 <==== UWAGA
HKU\S-1-5-21-2592474708-3107799792-3842106623-1000\...\Winlogon: [Shell] "C:\Users\Erik\AppData\Roaming\sh4X1EdCL83qy73L\w48tcyfJxzOD.exe" "C:\Users\Erik\AppData\Roaming\sh4X1EdCL83qy73L\ACcWPcJXdRi7.exe" "C:\Users\Erik\AppData\Roaming\sh4X1EdCL83qy73L\jtFwBl1T1upp.exe" "C:\Users\Erik\AppData\Roaming\sh4X1EdCL83qy73L\iwMWapy6eY6k.exe" "C:\Users\Erik\AppData\Roaming\sh4X1EdCL83qy73L\6INKFSKR0hck.exe" "C:\Users\Erik\AppData\Roaming\sh4X1EdCL83qy73L\y2wBEeUBghyF.exe" "C:\Users\Erik\AppData\Roaming\sh4X1EdCL83qy73L\KPG1A00ip18H.exe" "C:\Users\Erik\AppData\Roaming\sh4X1EdCL83qy73L\qlD0xX1aOVbO.exe",explorer.exe <==== UWAGA
C:\Users\Erik\AppData\Roaming\sh4X1EdCL83qy73L
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
HKU\S-1-5-21-2592474708-3107799792-3842106623-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
BHO: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> Brak pliku
BHO-x32: Brak nazwy -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> Brak pliku
Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - Brak pliku
Toolbar: HKLM-x32 - Brak nazwy - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - Brak pliku
S3 HidNt; system32\DRIVERS\HIDNt.sys [X]
S3 Mac606; system32\DRIVERS\Mac606.sys [X]
S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 aftcyaog; \??\C:\Users\Erik\AppData\Local\Temp\aftcyaog.sys [X]
C:\Users\Erik\AppData\Roaming\Microsoft\Office\Niedawny\10210.LNK
C:\Users\Erik\AppData\Roaming\Microsoft\Office\Niedawny\1700 (1).LNK
C:\Users\Erik\AppData\Roaming\Microsoft\Office\Niedawny\1700.LNK
C:\Users\Erik\AppData\Roaming\Microsoft\Office\Niedawny\1701.LNK
C:\Users\Erik\AppData\Roaming\Microsoft\Office\Niedawny\1770.LNK
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix (NAPRAW).

2) Zrób nowe logi FRST - już bez Shortcut.
.

**Posty:** 3 · przez **ks225** 17 Maj 2016, 16:25

FRST:

Kod: Zaznacz wszystko: Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:16-05-2016 Uruchomiony przez Erik (administrator) ERIK-KOMPUTER (17-05-2016 16:21:06) Uruchomiony z C:\Users\Erik\Downloads Załadowane profile: Erik (Dostępne profile: Erik) Platform: Windows 7 Ultimate Service Pack 1 (X64) Język: Polski (Polska) Internet Explorer Wersja 8 (Domyślna przeglądarka: Opera) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Initialize.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Ashampoo Development GmbH & Co. KG) C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 12\LiveTuner2.exe (Valve Corporation) C:\Program Files\Steam\Steam.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe (Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\x64\Win64ShellLink.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\CheckUpdate.exe (Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [899680 2013-02-04] (Conexant Systems, Inc.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2015-09-24] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2015-09-24] (Lenovo(beijing) Limited) HKLM\...\Run: [Ashampoo WinOptimizer Live-Tuner2] => C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 12\LiveTuner2.exe [3814768 2015-08-07] (Ashampoo Development GmbH & Co. KG) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7400576 2016-05-16] (AVAST Software) HKU\S-1-5-21-2592474708-3107799792-3842106623-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [3077712 2016-04-30] (Valve Corporation) HKU\S-1-5-21-2592474708-3107799792-3842106623-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-11-09] (Glarysoft Ltd) HKU\S-1-5-21-2592474708-3107799792-3842106623-1000\...\Run: [uTorrent] => "C:\Users\Erik\AppData\Roaming\uTorrent\updates\3.4.6_42094.exe" /MINIMIZED HKU\S-1-5-21-2592474708-3107799792-3842106623-1000\...\Run: [] => C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe [1169224 2010-11-05] (Microsoft Corporation) HKU\S-1-5-21-2592474708-3107799792-3842106623-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-16] (AVAST Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk [2016-03-15] ShortcutTarget: GamersFirst LIVE!.lnk -> C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe () Startup: C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XenoSuite.lnk [2016-04-29] ShortcutTarget: XenoSuite.lnk -> C:\Program Files (x86)\XenoBot\XenoSuite.exe () BootExecute: autocheck autochk * ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{D819913B-BA55-4E88-A4DD-EDC52748D33E}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2592474708-3107799792-3842106623-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2592474708-3107799792-3842106623-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-05-16] (AVAST Software) BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-05-16] (AVAST Software) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) FireFox: ======== FF ProfilePath: C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\qniul15r.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-17] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-17] () FF Plugin-x32: @bittorrent.com/BitTorrentDNA -> C:\Program Files (x86)\DNA\plugins\npbtdna.dll [2016-01-10] (BitTorrent, Inc.) FF Plugin-x32: @gamersfirst.com/LiveLauncher -> C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll [Brak pliku] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-16] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2592474708-3107799792-3842106623-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Erik\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-17] (Unity Technologies ApS) FF Extension: Avira Browser Safety - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\qniul15r.default\Extensions\abs@avira.com [2016-03-23] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-16] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Dokumenty Google) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-02] CHR Extension: (Dysk Google) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-19] CHR Extension: (YouTube) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-02] CHR Extension: (Google Search) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-02] CHR Extension: (Dokumenty Google offline) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-30] CHR Extension: (Gmail) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-02] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-05-16] ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-24] (Advanced Micro Devices, Inc.) [Brak podpisu cyfrowego] R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227456 2013-01-25] (Qualcomm Atheros Commnucations) [Brak podpisu cyfrowego] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-16] (AVAST Software) S3 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 12\DfsdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany) [Brak podpisu cyfrowego] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) R2 WO_LiveService2; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 12\LiveTunerService.exe [223600 2015-08-07] () R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-01-24] (Atheros) [Brak podpisu cyfrowego] ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [37472 2013-02-14] (Advanced Micro Devices, Inc.) R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-16] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-16] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-16] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-16] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-16] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-16] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-16] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-16] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-05-16] (AVAST Software) R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-01-24] (Qualcomm Atheros) S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-04-10] (Disc Soft Ltd) S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-04-10] (Disc Soft Ltd) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-11-20] (Glarysoft Ltd) R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [127568 2013-03-04] (Qualcomm Atheros Co., Ltd.) R2 LiveTuner2PM; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 12\LiveTuner64.sys [14320 2014-03-20] () R2 WtfEngineDrv; C:\Windows\System32\DRIVERS\WtfEngineDrv.sys [27392 2016-02-01] (AAA Internet Publishing, Inc.) ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-05-17 16:18 - 2016-05-17 16:18 - 00006739 _____ C:\Users\Erik\Downloads\Fixlog.txt 2016-05-16 20:40 - 2016-05-16 20:40 - 831830257 _____ C:\Windows\MEMORY.DMP 2016-05-16 20:40 - 2016-05-16 20:40 - 00276592 _____ C:\Windows\Minidump\051616-14866-01.dmp 2016-05-16 20:40 - 2016-05-16 20:40 - 00000000 ____D C:\Windows\Minidump 2016-05-16 20:37 - 2016-05-16 20:37 - 00000000 _____ C:\Users\Erik\Desktop\Nowy dokument tekstowy (2).txt 2016-05-16 20:15 - 2016-05-16 20:15 - 00036754 _____ C:\Users\Erik\Downloads\Shortcut.txt 2016-05-16 20:14 - 2016-05-17 16:13 - 00025530 _____ C:\Users\Erik\Downloads\Addition.txt 2016-05-16 20:13 - 2016-05-17 16:21 - 00014490 _____ C:\Users\Erik\Downloads\FRST.txt 2016-05-16 20:13 - 2016-05-17 16:21 - 00000000 ____D C:\FRST 2016-05-16 20:11 - 2016-05-16 20:11 - 02382336 _____ (Farbar) C:\Users\Erik\Downloads\FRST64.exe 2016-05-16 20:06 - 2016-05-16 20:06 - 00380928 _____ C:\Users\Erik\Downloads\swiwfn67.exe 2016-05-16 19:53 - 2016-05-16 19:53 - 00593952 _____ (Duplex Secure Ltd) C:\Users\Erik\Downloads\SPTDinst-v189-x64.exe 2016-05-16 15:55 - 2016-05-16 15:55 - 00275536 _____ C:\Windows\system32\FNTCACHE.DAT 2016-05-16 15:30 - 2016-05-16 15:30 - 00003968 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1463405403 2016-05-16 15:30 - 2016-05-16 15:30 - 00001037 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk 2016-05-16 15:30 - 2016-05-16 15:30 - 00001037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk 2016-05-16 15:29 - 2016-05-16 15:29 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2016-05-16 14:59 - 2016-05-16 14:59 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2016-05-16 14:59 - 2016-05-16 14:59 - 00000000 ____D C:\Users\Erik\AppData\Roaming\AVAST Software 2016-05-16 14:59 - 2016-05-16 14:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2016-05-16 14:58 - 2016-05-17 16:11 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2016-05-16 14:58 - 2016-05-16 14:58 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2016-05-16 14:58 - 2016-05-16 14:58 - 00465792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2016-05-16 14:58 - 2016-05-16 14:58 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2016-05-16 14:58 - 2016-05-16 14:58 - 00287528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2016-05-16 14:58 - 2016-05-16 14:58 - 00166432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2016-05-16 14:58 - 2016-05-16 14:58 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2016-05-16 14:58 - 2016-05-16 14:58 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2016-05-16 14:58 - 2016-05-16 14:58 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2016-05-16 14:58 - 2016-05-16 14:58 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr 2016-05-16 14:58 - 2016-05-16 14:58 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2016-05-16 14:58 - 2016-05-16 14:58 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software 2016-05-16 14:58 - 2016-05-16 14:58 - 00000000 ____D C:\Program Files\Common Files\AV 2016-05-16 14:40 - 2016-05-16 15:29 - 00000000 ____D C:\Program Files\AVAST Software 2016-05-16 13:18 - 2016-05-16 13:18 - 00000040 _____ C:\Users\Erik\AppData\Roaming\WB.CFG 2016-05-15 21:06 - 2016-05-16 12:52 - 00000000 ____D C:\ComboFix 2016-05-15 13:47 - 2016-05-16 12:52 - 00000000 ____D C:\AdwCleaner 2016-05-15 00:10 - 2016-05-15 00:10 - 00006576 ____N C:\bootsqm.dat 2016-05-14 15:10 - 2016-05-14 15:11 - 00007604 _____ C:\Users\Erik\AppData\Local\Resmon.ResmonCfg 2016-05-02 14:23 - 2016-05-02 14:23 - 00000000 ____D C:\ProgramData\NortonInstaller 2016-05-02 08:06 - 2016-05-02 09:12 - 00000000 ____D C:\Users\Erik\AppData\Roaming\OBS 2016-05-02 08:06 - 2016-05-02 08:06 - 00000939 _____ C:\Users\Erik\Desktop\Open Broadcaster Software.lnk 2016-05-02 08:06 - 2016-05-02 08:06 - 00000000 ____D C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software 2016-05-02 08:06 - 2016-05-02 08:06 - 00000000 ____D C:\Program Files\OBS 2016-05-02 08:05 - 2016-05-02 08:06 - 00000000 ____D C:\Program Files (x86)\OBS 2016-04-29 00:13 - 2016-04-29 00:13 - 00000000 ____D C:\Users\Erik\Desktop\Nowy folder 2016-04-29 00:06 - 2016-04-29 00:11 - 00000000 ____D C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XenoBot 2016-04-20 19:36 - 2016-04-20 19:36 - 00000000 ____D C:\ProgramData\VS Revo Group 2016-04-20 19:19 - 2016-04-20 19:19 - 48082944 _____ C:\Windows\system32\config\software.gu 2016-04-20 19:19 - 2016-04-20 19:19 - 00147456 _____ C:\Windows\system32\config\default.gu ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2016-05-17 16:20 - 2016-03-18 12:33 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-05-17 16:19 - 2015-09-25 13:58 - 00000000 ____D C:\Program Files\Steam 2016-05-17 16:19 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-05-17 16:18 - 2009-07-14 06:45 - 00015136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-05-17 16:18 - 2009-07-14 06:45 - 00015136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-05-17 16:15 - 2015-09-27 09:39 - 00000000 ____D C:\Program Files (x86)\Opera 2016-05-17 15:30 - 2016-03-18 12:33 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-05-16 23:02 - 2015-10-30 22:59 - 00000000 ____D C:\Users\Erik\AppData\Roaming\TS3Client 2016-05-16 19:56 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf 2016-05-16 19:35 - 2016-03-18 12:33 - 00002201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-05-16 16:03 - 2015-10-20 19:30 - 00000000 ____D C:\Users\Erik\AppData\LocalLow\SKS 2016-05-16 15:29 - 2015-10-02 16:57 - 00000000 ____D C:\ProgramData\AVAST Software 2016-05-16 14:46 - 2015-10-21 02:48 - 00000000 ____D C:\ProgramData\Hi-Rez Studios 2016-05-16 14:46 - 2015-10-21 02:48 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios 2016-05-16 14:46 - 2015-09-24 21:00 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-05-16 14:42 - 2015-12-07 20:41 - 00000000 ____D C:\Program Files (x86)\Panda Security 2016-05-16 14:42 - 2015-12-07 20:37 - 00000000 ____D C:\ProgramData\Panda Security 2016-05-16 14:41 - 2015-12-07 20:42 - 00000000 ____D C:\Users\Erik\AppData\Roaming\Panda Security 2016-05-16 14:27 - 2009-07-14 19:55 - 00737796 _____ C:\Windows\system32\perfh015.dat 2016-05-16 14:27 - 2009-07-14 19:55 - 00154452 _____ C:\Windows\system32\perfc015.dat 2016-05-16 14:27 - 2009-07-14 07:13 - 01661784 _____ C:\Windows\system32\PerfStringBackup.INI 2016-05-16 14:25 - 2016-03-18 12:33 - 00004044 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-05-16 14:25 - 2016-03-18 12:33 - 00003792 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-05-16 13:15 - 2015-12-25 21:01 - 00000000 ____D C:\Users\Erik\AppData\Roaming\Notepad++ 2016-05-16 13:15 - 2015-12-25 21:01 - 00000000 ____D C:\Program Files (x86)\Notepad++ 2016-05-16 12:55 - 2015-12-07 20:42 - 00000000 ____D C:\ProgramData\panda_url_filtering 2016-05-16 12:54 - 2015-09-24 20:38 - 00000000 ____D C:\Users\Erik 2016-05-16 12:53 - 2016-04-14 09:01 - 00000000 ____D C:\Users\Erik\Documents\XenoBot 2016-05-16 12:53 - 2015-12-31 01:08 - 00000000 ____D C:\Users\Erik\AppData\Roaming\Tibia 2016-05-16 12:53 - 2015-10-09 14:31 - 00000000 ____D C:\Windows\erdnt 2016-05-16 12:53 - 2009-07-14 20:09 - 00000000 ___RD C:\Users\Public\Recorded TV 2016-05-16 12:52 - 2016-02-27 15:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader 2016-05-16 12:52 - 2016-01-19 20:30 - 00000000 ____D C:\Program Files (x86)\GreenTree Applications 2016-05-16 12:52 - 2015-12-14 16:56 - 00000000 ____D C:\Program Files (x86)\FreeCodecPack 2016-05-16 12:52 - 2015-10-09 14:32 - 00000000 ____D C:\Qoobox 2016-05-16 12:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration 2016-05-16 12:51 - 2015-12-05 21:18 - 00000000 ____D C:\Autodesk 2016-05-14 08:56 - 2015-09-24 21:35 - 00000000 ____D C:\Windows\Options 2016-05-14 01:54 - 2015-12-07 20:43 - 00000000 ___SD C:\Users\Erik\AppData\LocalLow\Temp 2016-05-08 16:10 - 2016-01-04 23:35 - 00000057 _____ C:\Users\Erik\Desktop\Nowy dokument tekstowy.txt 2016-05-06 22:17 - 2015-12-20 12:03 - 00000000 ____D C:\Users\Erik\AppData\Local\Battle.net 2016-05-06 16:00 - 2015-11-20 18:31 - 00000408 _____ C:\Windows\Tasks\One-Click Optimizer WO12.job 2016-05-03 19:52 - 2016-04-14 09:14 - 00000000 ____D C:\Program Files (x86)\XenoBot 2016-04-27 14:25 - 2015-12-14 16:20 - 00000000 ____D C:\Users\Erik\Desktop\Muzyka 2016-04-23 20:46 - 2016-04-14 08:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WTFast 2016-04-23 20:46 - 2016-03-06 05:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin 2016-04-23 20:46 - 2016-02-08 00:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TruckersMP 2016-04-20 20:30 - 2016-04-14 09:38 - 00000000 ____D C:\Users\Erik\Desktop\bot tibia 2016-04-20 20:30 - 2016-03-06 05:48 - 00000000 ____D C:\ProgramData\Origin 2016-04-20 20:30 - 2015-11-20 18:22 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5 2016-04-20 20:30 - 2015-10-30 22:59 - 00000000 ____D C:\Program Files\sqldrivers 2016-04-20 20:30 - 2015-10-30 22:59 - 00000000 ____D C:\Program Files\soundbackends 2016-04-20 20:30 - 2015-10-30 22:59 - 00000000 ____D C:\Program Files\plugins 2016-04-20 20:30 - 2015-10-30 22:59 - 00000000 ____D C:\Program Files\platforms 2016-04-20 20:30 - 2015-10-30 22:59 - 00000000 ____D C:\Program Files\news 2016-04-20 20:30 - 2015-10-30 22:59 - 00000000 ____D C:\Program Files\imageformats 2016-04-20 19:19 - 2016-02-23 23:59 - 00028672 _____ C:\Windows\system32\config\security.gu 2016-04-20 19:19 - 2016-02-23 23:59 - 00028672 _____ C:\Windows\system32\config\sam.gu 2016-04-20 19:19 - 2015-10-04 10:41 - 00032768 _____ C:\Windows\system32\config\system.gu 2016-04-20 19:19 - 2009-07-14 04:34 - 17825792 _____ C:\Windows\system32\config\system.gu.bak 2016-04-19 16:38 - 2015-10-30 22:59 - 00000000 ____D C:\Program Files\translations 2016-04-19 16:38 - 2015-10-22 13:22 - 00161220 _____ C:\Program Files\changelog.txt 2016-04-19 16:38 - 2015-10-22 11:20 - 00000313 _____ C:\Program Files\plugin_sdk.html ==================== Pliki w katalogu głównym wybranych folderów ======= 2015-10-22 13:22 - 2016-04-19 16:38 - 0161220 _____ () C:\Program Files\changelog.txt 2015-10-22 13:22 - 2015-10-22 13:22 - 0375544 _____ () C:\Program Files\createfileassoc.exe 2015-10-22 13:22 - 2015-10-22 13:22 - 0447464 _____ (TeamSpeak Systems GmbH) C:\Program Files\error_report.exe 2015-09-21 16:24 - 2015-09-21 16:24 - 1709056 _____ () C:\Program Files\libeay32.dll 2013-10-05 00:58 - 2013-10-05 00:58 - 0660128 _____ (Microsoft Corporation) C:\Program Files\msvcp120.dll 2013-10-05 00:58 - 2013-10-05 00:58 - 0963232 _____ (Microsoft Corporation) C:\Program Files\msvcr120.dll 2015-08-27 10:07 - 2015-08-27 10:07 - 1704176 _____ (Overwolf) C:\Program Files\OverwolfTeamSpeakInstaller.exe 2015-10-22 13:22 - 2015-10-22 13:22 - 0475112 _____ (TeamSpeak Systems GmbH) C:\Program Files\package_inst.exe 2015-10-22 11:20 - 2016-04-19 16:38 - 0000313 _____ () C:\Program Files\plugin_sdk.html 2015-09-21 16:47 - 2015-09-21 16:47 - 5626368 _____ (The Qt Company Ltd) C:\Program Files\Qt5Core.dll 2015-09-21 16:48 - 2015-09-21 16:48 - 3937280 _____ (The Qt Company Ltd) C:\Program Files\Qt5Gui.dll 2015-09-21 16:48 - 2015-09-21 16:48 - 1092608 _____ (The Qt Company Ltd) C:\Program Files\Qt5Network.dll 2015-09-21 16:47 - 2015-09-21 16:47 - 0216576 _____ (The Qt Company Ltd) C:\Program Files\Qt5Sql.dll 2015-09-21 16:50 - 2015-09-21 16:50 - 5424128 _____ (The Qt Company Ltd) C:\Program Files\Qt5Widgets.dll 2015-10-22 13:22 - 2015-10-22 13:22 - 0175080 _____ () C:\Program Files\quazip.dll 2015-09-21 16:24 - 2015-09-21 16:24 - 0317440 _____ () C:\Program Files\ssleay32.dll 2015-10-22 13:21 - 2015-10-22 13:21 - 11544552 _____ (TeamSpeak Systems GmbH) C:\Program Files\ts3client_win64.exe 2016-03-21 22:42 - 2016-03-21 22:42 - 3558355 _____ () C:\Program Files\ts3client_win64.rar 2015-10-30 22:59 - 2015-10-30 22:59 - 0390800 _____ (TeamSpeak Systems GmbH) C:\Program Files\Uninstall.exe 2015-10-22 13:22 - 2015-10-22 13:22 - 1514984 _____ (TeamSpeak Systems GmbH) C:\Program Files\update.exe 2015-10-22 11:20 - 2015-10-22 11:20 - 0520934 _____ () C:\Program Files\usb.ids 2016-05-16 13:18 - 2016-05-16 13:18 - 0000040 _____ () C:\Users\Erik\AppData\Roaming\WB.CFG 2016-05-14 15:10 - 2016-05-14 15:11 - 0007604 _____ () C:\Users\Erik\AppData\Local\Resmon.ResmonCfg 2015-09-24 21:04 - 2015-09-24 21:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Niektóre pliki w TEMP: ==================== C:\Users\Erik\AppData\Local\Temp\gusetup9.exe ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo C:\Windows\explorer.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\Windows\system32\services.exe => Plik podpisany cyfrowo C:\Windows\system32\User32.dll [2015-09-29 20:06] - [2010-11-20 15:27] - 1008640 ____A (Microsoft Corporation) E573BD9AB55C8E333C202B9E255F972E C:\Windows\SysWOW64\User32.dll [2015-10-31 18:09] - [2015-10-31 18:10] - 0833024 ____A (Microsoft Corporation) 2C9CC9F492CA596B1B9FC1AE5E916356 C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\Windows\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2016-05-11 11:04 ==================== Koniec FRST.txt ============================

Addition:

Kod: Zaznacz wszystko: ezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja:16-05-2016 Uruchomiony przez Erik (2016-05-17 16:21:54) Uruchomiony z C:\Users\Erik\Downloads Windows 7 Ultimate Service Pack 1 (X64) (2015-09-24 18:38:08) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrator (S-1-5-21-2592474708-3107799792-3842106623-500 - Administrator - Disabled) Erik (S-1-5-21-2592474708-3107799792-3842106623-1000 - Administrator - Enabled) => C:\Users\Erik Gość (S-1-5-21-2592474708-3107799792-3842106623-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2592474708-3107799792-3842106623-1003 - Limited - Enabled) ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated) Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated) Adobe Flash Player 21 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{FA5043AF-EAC4-C06E-18B0-A184923DC7CC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.) AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.0 - AppEx Networks) Ashampoo WinOptimizer 12 v.12.00.32 (HKLM-x32\...\{4209F371-15B6-1CE4-15F7-A7BA46F431E3}_is1) (Version: 12.00.32 - Ashampoo GmbH & Co. KG) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.2.2262 - AVAST Software) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.64.49.0 - Conexant) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc) Dragon Age II (HKLM-x32\...\{F2E23139-3404-4E3C-9855-7724415D62A5}) (Version: 1.00 - Electronic Arts, Inc.) Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo) Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - ) GamersFirst LIVE! (HKLM-x32\...\GamersFirst LIVE!) (Version: - GamersFirst) Genesis GX57 Gaming Mouse 1.0 (HKLM-x32\...\{DA917403-6397-4320-881B-9E3F7EB22EEF}_is1) (Version: 1.0 - ) Glary Utilities PRO 5.38 (HKLM-x32\...\Glary Utilities 5) (Version: 5.38.0.58 - Glarysoft Ltd) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.) Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games) League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden Malwarebytes Anti-Malware wersja 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850415-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Odinstaluj drukarkę EPSON Stylus SX200 Series (HKLM\...\EPSON Stylus SX200 Series) (Version: - SEIKO EPSON Corporation) OEM Application Profile (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) OpenFM (HKU\S-1-5-21-2592474708-3107799792-3842106623-1000\...\OpenFM) (Version: 2 - GG Network S.A.) Opera Stable 36.0.2130.46 (HKLM-x32\...\Opera 36.0.2130.46) (Version: 36.0.2130.46 - Opera Software) Pakiet sterowników systemu Windows - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo) Pakiet sterowników systemu Windows - Lenovo LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo) Pakiet zgodności dla systemu Office 2007 (HKLM-x32\...\{90120000-0020-0415-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation) Podręcznik użytkownika (x32 Version: 1.0.0.6 - Lenovo) Hidden Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile PLK Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended PLK Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications) Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.15 - Qualcomm Atheros Communications Inc.) Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.39042 - Realtek Semiconductor Corp.) SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH) Tibia (HKLM-x32\...\Tibia_is1) (Version: 10.91 - CipSoft GmbH) Unity Web Player (HKU\S-1-5-21-2592474708-3107799792-3842106623-1000\...\UnityWebPlayer) (Version: 5.3.1f1 - Unity Technologies ApS) UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo) WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) XenoBot Binary (HKLM-x32\...\{82F4416B-8461-4817-A09D-BBBD7FC00DE6}) (Version: 15.11.28 - XenoBot) YTD Video Downloader 5.1.1 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 5.1.1 - GreenTree Applications SRL) <==== UWAGA ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {042F7A3E-E65B-41BB-B78E-1383D187C7A7} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-11-09] (Glarysoft Ltd) Task: {23835B42-091F-4DE9-A6BA-210BFAF3ECC0} - System32\Tasks\Opera scheduled Autoupdate 1443608659 => C:\Program Files (x86)\Opera\launcher.exe [2016-03-24] (Opera Software) Task: {34FADCE8-DBD6-4637-89B8-7D9E266CDC13} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-05-16] (AVAST Software) Task: {400D3A17-A7AD-4DEE-BF63-E9D8D1AEFA66} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-18] (Google Inc.) Task: {5E581B14-B651-431A-953F-CADABB4B5CB3} - System32\Tasks\SafeZone scheduled Autoupdate 1463405403 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software) Task: {6D1986C6-012A-4433-BA12-04AF9404CF31} - System32\Tasks\One-Click Optimizer WO12 => C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 12\WO12.exe [2015-08-07] (Ashampoo Development GmbH & Co. KG) Task: {7F2EB577-C562-446B-A056-5364D23BCA0F} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-11-09] (Glarysoft Ltd) Task: {B3193F07-2C85-4B1C-844E-9F022A80325B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-16] (AVAST Software) Task: {B727066B-5AA9-4152-9243-C457EF14445A} - System32\Tasks\GlaryUpdate 5 => C:\Program Files (x86)\Glary Utilities 5\CheckUpdate.exe [2015-11-09] (Glarysoft Ltd) Task: {B8C1C710-2F2B-4743-B125-94A2DD577691} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-18] (Adobe Systems Incorporated) Task: {CB7101F7-59C5-4BF6-936A-84E38A1A6165} - System32\Tasks\XinGuanDianT3-GmTaskPlan => C:\Program Files\Genesis GX57\GenesisGX57.exe [2014-11-11] () Task: {DC6FC8DC-1DE9-47A9-80E6-B74A9D245EB7} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_182_pepper.exe [2016-03-18] (Adobe Systems Incorporated) Task: {E3B06228-8398-41FF-AE21-F84E0DA17538} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-18] (Google Inc.) Task: {F55967A5-02A4-46C0-8FF0-044981D6F9D8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated) (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_182_pepper.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\One-Click Optimizer WO12.job => C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 12\WO12.exe ==================== Skróty ============================= (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) ==================== Załadowane moduły (filtrowane) ============== 2013-04-24 17:10 - 2013-04-24 17:10 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2016-05-16 14:58 - 2016-05-16 14:58 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2016-05-16 14:58 - 2016-05-16 14:58 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-05-17 14:59 - 2016-05-17 14:59 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\16051702\algo.dll 2016-05-16 14:58 - 2016-05-16 14:58 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll 2015-09-25 14:03 - 2016-04-29 22:10 - 00785920 _____ () C:\Program Files\Steam\SDL2.dll 2015-09-25 14:03 - 2015-07-03 18:12 - 04962816 _____ () C:\Program Files\Steam\v8.dll 2015-09-25 14:03 - 2015-07-03 18:12 - 01556992 _____ () C:\Program Files\Steam\icui18n.dll 2015-09-25 14:03 - 2015-07-03 18:12 - 01187840 _____ () C:\Program Files\Steam\icuuc.dll 2015-09-25 14:03 - 2016-04-30 02:10 - 02549840 _____ () C:\Program Files\Steam\video.dll 2015-09-25 14:03 - 2016-02-09 01:14 - 02549760 _____ () C:\Program Files\Steam\libavcodec-56.dll 2015-09-25 14:03 - 2016-02-09 01:14 - 00442880 _____ () C:\Program Files\Steam\libavutil-54.dll 2015-09-25 14:03 - 2016-02-09 01:14 - 00491008 _____ () C:\Program Files\Steam\libavformat-56.dll 2015-09-25 14:03 - 2016-02-09 01:14 - 00332800 _____ () C:\Program Files\Steam\libavresample-2.dll 2015-09-25 14:03 - 2016-02-09 01:14 - 00485888 _____ () C:\Program Files\Steam\libswscale-3.dll 2015-09-25 14:03 - 2016-04-30 02:10 - 00829008 _____ () C:\Program Files\Steam\bin\chromehtml.DLL 2016-05-16 14:58 - 2016-05-16 14:58 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2015-09-25 14:03 - 2016-04-28 03:00 - 49825056 _____ () C:\Program Files\Steam\bin\libcef.dll 2015-11-09 08:19 - 2015-11-09 08:19 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll 2015-11-20 18:30 - 2015-08-07 15:03 - 00223600 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 12\LiveTunerService.exe ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) ==================== Powiązania plików (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) ==================== Hosts - zawartość: =============================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2009-07-14 04:34 - 2016-03-14 10:11 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-2592474708-3107799792-3842106623-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == (Obecnie brak automatycznej naprawy dla tej sekcji.) MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files\Glary Utilities 5\StartupManager.exe" -delayrun ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [{87E66D9A-4C01-4D4B-87FE-415A1F0CE356}] => (Allow) C:\Program Files\Steam\Steam.exe FirewallRules: [{1EB46943-4216-4248-B1A0-FD5AB1445928}] => (Allow) C:\Program Files\Steam\Steam.exe FirewallRules: [{96064597-5D99-457A-95F8-985A08EE280D}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe FirewallRules: [{124E5A6E-A579-43C0-AFB9-79FC0EC71D97}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe FirewallRules: [{07573AAF-7EFD-467F-9C3E-F1C44FC2F42C}] => (Allow) D:\Gry\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{850B66E5-C5F5-41B7-BDD6-0FA3A252DF10}] => (Allow) D:\Gry\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{D58B32B6-ED25-4F8D-A955-04E2306115A2}] => (Allow) C:\Program Files (x86)\DNA\btdna.exe FirewallRules: [{22B14B40-3927-44A0-9CA2-16A1E6824A45}] => (Allow) C:\Program Files (x86)\DNA\btdna.exe FirewallRules: [{A01848FD-0814-4498-9C57-798024FA72E0}] => (Allow) D:\Gry\DA2\Dragon Age 2\bin_ship\DragonAge2.exe FirewallRules: [{DCEC9C4D-9FD9-4A56-B4B5-0A5BE8507F51}] => (Allow) D:\Gry\DA2\Dragon Age 2\bin_ship\DragonAge2.exe FirewallRules: [{C70133FA-6519-4884-9BCD-E6AE97AB8CE9}] => (Allow) D:\Gry\DA2\Dragon Age 2\DragonAge2Launcher.exe FirewallRules: [{C6FF87E6-C81A-438D-8EAB-363BA67132F8}] => (Allow) D:\Gry\DA2\Dragon Age 2\DragonAge2Launcher.exe FirewallRules: [{7BB32F78-A46B-4A7F-99E1-BB5C4C1BB3C9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Punkty Przywracania systemu ========================= 29-04-2016 00:03:52 Installed XenoBot Binary 07-05-2016 09:17:38 Zaplanowany punkt kontrolny 13-05-2016 23:22:47 ComboFix created restore point 15-05-2016 21:06:55 ComboFix created restore point 16-05-2016 12:49:57 Operacja przywracania 16-05-2016 14:45:53 Removed InstallShieldHiRezCurrent 16-05-2016 19:54:10 SPTD setup V1.89 ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Error: (05/17/2016 04:19:15 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x00000000. Error: (05/17/2016 04:19:15 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Wystąpił błąd aktywacji licencji (slui.exe), kod błędu: 0x800401F9 Error: (05/17/2016 04:10:24 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x00000000. Error: (05/17/2016 04:10:24 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Wystąpił błąd aktywacji licencji (slui.exe), kod błędu: 0x800401F9 Error: (05/17/2016 02:57:03 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x00000000. Error: (05/17/2016 02:57:03 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Wystąpił błąd aktywacji licencji (slui.exe), kod błędu: 0x800401F9 Error: (05/16/2016 08:41:02 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x00000000. Error: (05/16/2016 08:41:02 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Wystąpił błąd aktywacji licencji (slui.exe), kod błędu: 0x800401F9 Error: (05/16/2016 07:58:41 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Aktywacja licencji systemu Windows nie powiodła się. Błąd 0x00000000. Error: (05/16/2016 07:58:39 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Wystąpił błąd aktywacji licencji (slui.exe), kod błędu: 0x800401F9 Dziennik System: ============= Error: (05/17/2016 04:18:32 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (05/16/2016 08:40:57 PM) (Source: BugCheck) (EventID: 1001) (User: ) Description: 0x00000109 (0xa3a039d8b075a70e, 0xb3b7465f02f3e46c, 0xfffff88002f705c0, 0x0000000000000002)C:\Windows\MEMORY.DMP051616-14866-01 Error: (05/16/2016 08:40:51 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Poprzednie zamknięcie systemu przy 20:39:03 na ‎2016-‎05-‎16 było nieoczekiwane. Error: (05/16/2016 07:54:54 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (05/15/2016 09:23:03 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie. Error: (05/15/2016 09:12:31 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie. Error: (05/15/2016 09:04:07 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (05/15/2016 06:04:17 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (05/15/2016 02:04:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Ashampoo LiveTuner 2 Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (05/15/2016 02:04:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Ochrona oprogramowania niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 120000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. CodeIntegrity: =================================== Date: 2016-05-17 16:19:14.036 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-17 16:10:23.458 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-17 14:57:01.566 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-16 21:01:08.507 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-16 20:41:00.151 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-16 20:37:02.304 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-16 20:22:13.067 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-16 19:58:12.944 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-16 19:55:36.772 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-16 19:54:05.240 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system. ==================== Statystyki pamięci =========================== Procesor: AMD A8-5550M APU with Radeon(tm) HD Graphics Procent pamięci w użyciu: 19% Całkowita pamięć fizyczna: 7383.36 MB Dostępna pamięć fizyczna: 5921.03 MB Całkowita pamięć wirtualna: 14764.92 MB Dostępna pamięć wirtualna: 13211.96 MB ==================== Dyski ================================ Drive c: () (Fixed) (Total:247.82 GB) (Free:192.05 GB) NTFS Drive d: () (Fixed) (Total:439.45 GB) (Free:365.9 GB) NTFS ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D9FA2484) Partition 1: (Active) - (Size=100 MB) - (Type=0B) Partition 2: (Not Active) - (Size=247.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=439.5 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=244.1 GB) - (Type=06) ==================== Koniec Addition.txt ============================

**Posty:** 4765 · przez **ordynat** 17 Maj 2016, 17:33

OK, usunięte, bo w nowych logach nie ma już niczego podejrzanego.

Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix (NAPRAW).
przez SHIFT+DEL usuń pozostały folder C:\FRST.
.

**Posty:** 3 · przez **ks225** 17 Maj 2016, 19:13

Dzięki wielkie!